0000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x4, [{}, {}, {}, {}]}, 0x68) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:24 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r6, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:24 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740), &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 536.942730] FAULT_INJECTION: forcing a failure. [ 536.942730] name failslab, interval 1, probability 0, space 0, times 0 [ 536.954074] CPU: 0 PID: 4955 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 536.961354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 536.970702] Call Trace: [ 536.973319] dump_stack+0x194/0x24d [ 536.976961] ? arch_local_irq_restore+0x53/0x53 [ 536.981655] should_fail+0x8c0/0xa40 [ 536.985368] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 536.990476] ? perf_trace_run_bpf_submit+0x206/0x330 [ 536.995584] ? perf_trace_run_bpf_submit+0x206/0x330 [ 537.000676] ? perf_trace_run_bpf_submit+0x20d/0x330 [ 537.005773] ? find_held_lock+0x35/0x1d0 [ 537.009867] ? check_same_owner+0x320/0x320 [ 537.014185] ? rcu_note_context_switch+0x710/0x710 [ 537.019104] ? save_stack+0xa3/0xd0 [ 537.022726] should_failslab+0xec/0x120 [ 537.026693] kmem_cache_alloc+0x47/0x760 [ 537.030746] ? map_files_get_link+0x3a0/0x3a0 [ 537.035228] getname_flags+0xcb/0x580 [ 537.039028] user_path_at_empty+0x2d/0x50 [ 537.043181] do_mount+0x15f/0x2bb0 [ 537.046718] ? __might_fault+0x110/0x1d0 [ 537.050773] ? lock_downgrade+0x980/0x980 [ 537.054916] ? copy_mount_string+0x40/0x40 [ 537.059136] ? check_same_owner+0x320/0x320 [ 537.063451] ? __check_object_size+0x8b/0x530 [ 537.067950] ? __might_sleep+0x95/0x190 [ 537.071927] ? kasan_check_write+0x14/0x20 [ 537.076154] ? _copy_from_user+0x99/0x110 [ 537.080305] ? memdup_user+0x5e/0x90 [ 537.084006] ? copy_mount_options+0x1f7/0x2e0 [ 537.088495] SyS_mount+0xab/0x120 [ 537.091926] ? copy_mnt_ns+0xb30/0xb30 [ 537.095798] do_syscall_64+0x281/0x940 [ 537.099666] ? vmalloc_sync_all+0x30/0x30 [ 537.103802] ? _raw_spin_unlock_irq+0x27/0x70 [ 537.108285] ? finish_task_switch+0x1c1/0x7e0 [ 537.112766] ? syscall_return_slowpath+0x550/0x550 [ 537.117699] ? syscall_return_slowpath+0x2ac/0x550 [ 537.122626] ? prepare_exit_to_usermode+0x350/0x350 [ 537.127634] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 537.132993] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 537.137829] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 537.142995] RIP: 0033:0x454e79 [ 537.146175] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 537.153882] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 [ 537.161147] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 537.168410] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 537.175665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 537.182927] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000002 2018/03/31 14:23:25 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740), &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:25 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r6, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:25 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) pipe2(&(0x7f0000000240), 0x0) ioctl$VHOST_GET_VRING_BASE(r2, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r3 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r3, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:25 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x4, [{}, {}, {}, {}]}, 0x68) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:26 executing program 5 (fault-call:12 fault-nth:3): r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:26 executing program 4: sendmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x6, 0x20000) sendmsg$unix(r1, &(0x7f0000000480)={&(0x7f0000000240)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f00000003c0)=[{&(0x7f00000002c0)="90bc06759de1e547969f47355c7845894d326b8a094fa099887f6ac171eca243856301d7240d6a97ae7988213eaf8ae3b8351a8043b98eaf7014d80bf14df53cacd5807d2503a9acc16bf9e26893c9a9c49e6ac4e4ef33ae15bb920e23337b055cfea75defb810a2cdb31bd8307fc98be8372513e0207ed206c30e546b1a075a4643e110b03cf57d645951fd476877bde0e7a60f0c64b6e83c73104ac64bafc54ca812f092c61c4c6e4d0d299e5c6a19f13d1c", 0xb3}], 0x1, &(0x7f0000000400)=ANY=[@ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="20000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="eb610000"], 0x34, 0x84}, 0x40) r2 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x400, 0x0) socket$inet6(0xa, 0x0, 0x0) r3 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r3, &(0x7f00000001c0)={0xa, 0x4e30, 0xffffffffffffffff, @loopback={0x0, 0x1}, 0x8}, 0x1c) listen(r3, 0x80001003) r4 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r4, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) readv(r4, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/11, 0x37}], 0x100000000000019c) close(r4) accept(r3, 0x0, &(0x7f0000efaffc)) sendmmsg(r4, &(0x7f00000000c0)=[{{&(0x7f0000000240)=@ax25={0x3, {"aba998cfc95797"}}, 0x80, &(0x7f00000016c0), 0x0, &(0x7f0000001740)}}], 0x198, 0x0) socket$can_raw(0x1d, 0x3, 0x1) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x8, 0x200, 0x20000800}) ioctl(r2, 0x2285, &(0x7f0000007000)='S') getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f00000004c0)={{{@in=@dev, @in6=@local}}, {{@in=@remote}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000180)=0xe8) getsockname$unix(r2, &(0x7f0000000040), &(0x7f0000000100)=0x6e) ioctl$TCSBRK(r1, 0x5409, 0xffff) 2018/03/31 14:23:26 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740), &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:26 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) pipe2(&(0x7f0000000240), 0x0) ioctl$VHOST_GET_VRING_BASE(r2, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r3 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r3, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:26 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r6, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:26 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:26 executing program 2: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) socket$kcm(0x29, 0x7, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x0, 0x0, 0x0, &(0x7f0000000000)) 2018/03/31 14:23:26 executing program 7: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)={0xffffffffffffffff}) openat$cgroup_ro(r0, &(0x7f0000000080)='cgroup.stat\x00', 0x0, 0x0) [ 538.196151] FAULT_INJECTION: forcing a failure. [ 538.196151] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 538.207980] CPU: 1 PID: 5015 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 538.215244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 538.224586] Call Trace: [ 538.227175] dump_stack+0x194/0x24d [ 538.230806] ? arch_local_irq_restore+0x53/0x53 [ 538.235483] should_fail+0x8c0/0xa40 [ 538.239187] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 538.244268] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 538.249441] ? trace_event_raw_event_lock+0x340/0x340 [ 538.254616] ? print_irqtrace_events+0x270/0x270 [ 538.259356] ? trace_event_raw_event_lock+0x340/0x340 [ 538.264539] ? perf_trace_lock+0xd6/0x900 [ 538.268675] ? print_irqtrace_events+0x270/0x270 [ 538.273410] ? lock_acquire+0x1d5/0x580 [ 538.277359] ? perf_trace_lock+0xd6/0x900 [ 538.281487] ? trace_event_raw_event_lock+0x340/0x340 [ 538.286669] ? __lock_acquire+0x664/0x3e00 [ 538.290886] ? should_fail+0x23b/0xa40 [ 538.294753] __alloc_pages_nodemask+0x327/0xdd0 [ 538.299397] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 538.304391] ? find_held_lock+0x35/0x1d0 [ 538.308455] ? check_same_owner+0x320/0x320 [ 538.312775] cache_grow_begin+0x72/0x640 [ 538.316834] kmem_cache_alloc+0x400/0x760 [ 538.320964] ? map_files_get_link+0x3a0/0x3a0 [ 538.325454] getname_flags+0xcb/0x580 [ 538.329235] user_path_at_empty+0x2d/0x50 [ 538.333358] do_mount+0x15f/0x2bb0 [ 538.336875] ? __might_fault+0x110/0x1d0 [ 538.340912] ? lock_downgrade+0x980/0x980 [ 538.345041] ? copy_mount_string+0x40/0x40 [ 538.349259] ? check_same_owner+0x320/0x320 [ 538.353569] ? __check_object_size+0x8b/0x530 [ 538.358057] ? __might_sleep+0x95/0x190 [ 538.362019] ? kasan_check_write+0x14/0x20 [ 538.366242] ? _copy_from_user+0x99/0x110 [ 538.370371] ? memdup_user+0x5e/0x90 [ 538.374056] ? copy_mount_options+0x1f7/0x2e0 [ 538.378533] SyS_mount+0xab/0x120 [ 538.381965] ? copy_mnt_ns+0xb30/0xb30 [ 538.385828] do_syscall_64+0x281/0x940 [ 538.389697] ? vmalloc_sync_all+0x30/0x30 [ 538.393819] ? _raw_spin_unlock_irq+0x27/0x70 [ 538.398630] ? finish_task_switch+0x1c1/0x7e0 [ 538.403106] ? syscall_return_slowpath+0x550/0x550 [ 538.408024] ? syscall_return_slowpath+0x2ac/0x550 [ 538.412935] ? prepare_exit_to_usermode+0x350/0x350 [ 538.417926] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 538.423267] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 538.428093] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 538.433257] RIP: 0033:0x454e79 [ 538.436419] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 2018/03/31 14:23:26 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r6, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:26 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(0xffffffffffffffff, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r3 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r3, 0x0, 0xd2, &(0x7f000003affc), 0x3c) [ 538.444100] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 [ 538.451346] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 538.458599] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 538.465844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 538.473090] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000003 2018/03/31 14:23:26 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:26 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:26 executing program 5 (fault-call:12 fault-nth:4): r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:26 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(0xffffffffffffffff, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r3 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r3, 0x0, 0xd2, &(0x7f000003affc), 0x3c) [ 538.626252] FAULT_INJECTION: forcing a failure. [ 538.626252] name failslab, interval 1, probability 0, space 0, times 0 [ 538.637550] CPU: 1 PID: 5042 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 538.644819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 538.654167] Call Trace: [ 538.656753] dump_stack+0x194/0x24d [ 538.660387] ? arch_local_irq_restore+0x53/0x53 [ 538.665066] should_fail+0x8c0/0xa40 [ 538.668772] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 538.673856] ? is_bpf_text_address+0xa4/0x120 [ 538.678331] ? find_held_lock+0x35/0x1d0 [ 538.682401] ? check_same_owner+0x320/0x320 [ 538.686706] ? putname+0xee/0x130 [ 538.690136] ? filename_lookup+0x315/0x500 [ 538.694347] ? user_path_at_empty+0x40/0x50 [ 538.698652] ? rcu_note_context_switch+0x710/0x710 [ 538.703566] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 538.708908] should_failslab+0xec/0x120 [ 538.712870] kmem_cache_alloc+0x47/0x760 [ 538.716918] ? perf_trace_lock+0xd6/0x900 [ 538.721044] ? free_obj_work+0x690/0x690 [ 538.725092] alloc_vfsmnt+0xe0/0x9c0 [ 538.728792] ? path_lookupat+0x238/0xba0 [ 538.732839] ? mnt_free_id.isra.21+0x50/0x50 [ 538.737226] ? trace_hardirqs_off+0x10/0x10 [ 538.741532] ? putname+0xee/0x130 [ 538.744970] ? putname+0xee/0x130 [ 538.748397] ? rcu_read_lock_sched_held+0x108/0x120 [ 538.753390] ? find_held_lock+0x35/0x1d0 [ 538.757440] ? __get_fs_type+0x8a/0xc0 [ 538.761323] ? lock_downgrade+0x980/0x980 [ 538.765455] ? module_unload_free+0x5b0/0x5b0 [ 538.769928] ? lock_release+0xa40/0xa40 [ 538.773887] ? mpi_resize+0x200/0x200 [ 538.777677] vfs_kern_mount.part.26+0x84/0x4a0 [ 538.782250] ? may_umount+0xa0/0xa0 [ 538.785863] ? _raw_read_unlock+0x22/0x30 [ 538.789985] ? __get_fs_type+0x8a/0xc0 [ 538.793857] do_mount+0xea4/0x2bb0 [ 538.797371] ? __might_fault+0x110/0x1d0 [ 538.801410] ? copy_mount_string+0x40/0x40 [ 538.805623] ? check_same_owner+0x320/0x320 [ 538.809919] ? __check_object_size+0x8b/0x530 [ 538.814403] ? __might_sleep+0x95/0x190 [ 538.818367] ? kasan_check_write+0x14/0x20 [ 538.822576] ? _copy_from_user+0x99/0x110 [ 538.826704] ? memdup_user+0x5e/0x90 [ 538.830394] ? copy_mount_options+0x1f7/0x2e0 [ 538.834866] SyS_mount+0xab/0x120 [ 538.838303] ? copy_mnt_ns+0xb30/0xb30 [ 538.842172] do_syscall_64+0x281/0x940 [ 538.846047] ? vmalloc_sync_all+0x30/0x30 [ 538.850175] ? _raw_spin_unlock_irq+0x27/0x70 [ 538.854651] ? finish_task_switch+0x1c1/0x7e0 [ 538.859129] ? syscall_return_slowpath+0x550/0x550 [ 538.864039] ? syscall_return_slowpath+0x2ac/0x550 [ 538.868944] ? prepare_exit_to_usermode+0x350/0x350 [ 538.873937] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 538.879288] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 538.884114] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 538.889282] RIP: 0033:0x454e79 [ 538.892452] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 538.900134] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 [ 538.907375] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 538.914625] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 538.921878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 538.929130] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000004 2018/03/31 14:23:27 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r6, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:27 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:27 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(0xffffffffffffffff, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r3 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r3, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:27 executing program 5 (fault-call:12 fault-nth:5): r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:27 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:27 executing program 4: sendmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x6, 0x20000) sendmsg$unix(r1, &(0x7f0000000480)={&(0x7f0000000240)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f00000003c0)=[{&(0x7f00000002c0)="90bc06759de1e547969f47355c7845894d326b8a094fa099887f6ac171eca243856301d7240d6a97ae7988213eaf8ae3b8351a8043b98eaf7014d80bf14df53cacd5807d2503a9acc16bf9e26893c9a9c49e6ac4e4ef33ae15bb920e23337b055cfea75defb810a2cdb31bd8307fc98be8372513e0207ed206c30e546b1a075a4643e110b03cf57d645951fd476877bde0e7a60f0c64b6e83c73104ac64bafc54ca812f092c61c4c6e4d0d299e5c6a19f13d1c", 0xb3}], 0x1, &(0x7f0000000400)=ANY=[@ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="20000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="eb610000"], 0x34, 0x84}, 0x40) getsockopt$IP6T_SO_GET_ENTRIES(r1, 0x29, 0x41, &(0x7f0000000440)={'security\x00', 0x5, "ed7df51452"}, &(0x7f00000005c0)=0x29) r2 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x400, 0x0) socket$inet6(0xa, 0x0, 0x0) r3 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r3, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) listen(r3, 0x80001003) r4 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r4, &(0x7f0000000380)={0xa, 0x4e1f, 0x0, @loopback={0x0, 0x1}, 0x6}, 0x1c) readv(r4, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/11, 0x37}], 0x100000000000019c) close(r4) accept(r3, 0x0, &(0x7f0000efaffc)) sendmmsg(r4, &(0x7f00000001c0)=[{{&(0x7f0000000240)=@ax25={0x3, {"aba998cfc95797"}}, 0x80, &(0x7f00000016c0), 0x0, &(0x7f0000001740)}}], 0x1, 0x0) socket$can_raw(0x1d, 0x3, 0x1) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x8, 0x200, 0x20000800}) ioctl(r2, 0x2285, &(0x7f0000007000)='S') getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f00000004c0)={{{@in=@dev, @in6=@local}}, {{@in=@remote}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000180)=0xe8) getsockname$unix(r2, &(0x7f0000000040), &(0x7f0000000100)=0x6e) ioctl$TCSBRK(r1, 0x5409, 0xffff) 2018/03/31 14:23:27 executing program 7: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000240)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) utimes(&(0x7f0000000140)='./file0/file0\x00', &(0x7f0000000200)={{0x0, 0x2710}}) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xffffff7fff7ff030, 0x9, 0x0) r0 = open(&(0x7f0000000080)='./file0\x00', 0x24000, 0xe) ioctl$TCGETS(r0, 0x5401, &(0x7f00000000c0)) ioctl$TIOCSBRK(r0, 0x5427) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)) 2018/03/31 14:23:27 executing program 2: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) socket$kcm(0x29, 0x7, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x0, 0x0, 0x0, &(0x7f0000000000)) [ 539.441942] FAULT_INJECTION: forcing a failure. [ 539.441942] name failslab, interval 1, probability 0, space 0, times 0 [ 539.453273] CPU: 1 PID: 5068 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 539.460547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 539.469891] Call Trace: [ 539.472461] dump_stack+0x194/0x24d [ 539.476075] ? arch_local_irq_restore+0x53/0x53 [ 539.480719] ? __unwind_start+0x169/0x330 [ 539.484848] should_fail+0x8c0/0xa40 [ 539.488539] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 539.493616] ? perf_trace_lock+0xd6/0x900 [ 539.497740] ? save_stack+0xa3/0xd0 [ 539.501345] ? trace_event_raw_event_lock+0x340/0x340 [ 539.506511] ? kasan_slab_alloc+0x12/0x20 [ 539.510634] ? alloc_vfsmnt+0xe0/0x9c0 [ 539.514494] ? vfs_kern_mount.part.26+0x84/0x4a0 [ 539.519224] ? do_mount+0xea4/0x2bb0 [ 539.522915] ? find_held_lock+0x35/0x1d0 [ 539.526961] ? check_same_owner+0x320/0x320 [ 539.531266] ? rcu_note_context_switch+0x710/0x710 [ 539.536176] should_failslab+0xec/0x120 [ 539.540130] __kmalloc_track_caller+0x5f/0x760 [ 539.544688] ? do_raw_spin_trylock+0x190/0x190 [ 539.549247] ? kstrdup_const+0x39/0x50 [ 539.553114] kstrdup+0x39/0x70 [ 539.556283] kstrdup_const+0x39/0x50 [ 539.559972] alloc_vfsmnt+0x1a5/0x9c0 [ 539.563757] ? path_lookupat+0x238/0xba0 [ 539.567798] ? mnt_free_id.isra.21+0x50/0x50 [ 539.572186] ? trace_hardirqs_off+0x10/0x10 [ 539.576483] ? putname+0xee/0x130 [ 539.579912] ? putname+0xee/0x130 [ 539.583340] ? rcu_read_lock_sched_held+0x108/0x120 [ 539.588336] ? find_held_lock+0x35/0x1d0 [ 539.592378] ? __get_fs_type+0x8a/0xc0 [ 539.596243] ? lock_downgrade+0x980/0x980 [ 539.600364] ? module_unload_free+0x5b0/0x5b0 [ 539.604833] ? lock_release+0xa40/0xa40 [ 539.608784] ? mpi_resize+0x200/0x200 [ 539.612566] vfs_kern_mount.part.26+0x84/0x4a0 [ 539.617124] ? may_umount+0xa0/0xa0 [ 539.620728] ? _raw_read_unlock+0x22/0x30 [ 539.624851] ? __get_fs_type+0x8a/0xc0 [ 539.628714] do_mount+0xea4/0x2bb0 [ 539.632228] ? __might_fault+0x110/0x1d0 [ 539.636268] ? copy_mount_string+0x40/0x40 [ 539.640478] ? check_same_owner+0x320/0x320 [ 539.644775] ? __check_object_size+0x8b/0x530 [ 539.649264] ? __might_sleep+0x95/0x190 [ 539.653217] ? kasan_check_write+0x14/0x20 [ 539.657429] ? _copy_from_user+0x99/0x110 [ 539.661552] ? memdup_user+0x5e/0x90 [ 539.665241] ? copy_mount_options+0x1f7/0x2e0 [ 539.669710] SyS_mount+0xab/0x120 [ 539.673138] ? copy_mnt_ns+0xb30/0xb30 [ 539.677001] do_syscall_64+0x281/0x940 [ 539.680871] ? vmalloc_sync_all+0x30/0x30 [ 539.684995] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 539.690508] ? syscall_return_slowpath+0x550/0x550 [ 539.695412] ? syscall_return_slowpath+0x2ac/0x550 [ 539.700328] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 539.705666] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 539.710485] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 539.715646] RIP: 0033:0x454e79 [ 539.718809] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 539.726494] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 [ 539.733739] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 2018/03/31 14:23:27 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:27 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r6, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) [ 539.740981] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 539.748224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 539.755470] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000005 2018/03/31 14:23:27 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r2, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180), &(0x7f0000000200)=0x1) r3 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r3, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:27 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:27 executing program 5 (fault-call:12 fault-nth:6): r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:27 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:27 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r6, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) [ 539.939274] FAULT_INJECTION: forcing a failure. [ 539.939274] name failslab, interval 1, probability 0, space 0, times 0 [ 539.950617] CPU: 0 PID: 5104 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 539.957892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 539.967240] Call Trace: [ 539.969823] dump_stack+0x194/0x24d [ 539.973434] ? arch_local_irq_restore+0x53/0x53 [ 539.978110] should_fail+0x8c0/0xa40 [ 539.981816] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 539.986923] ? rcu_pm_notify+0xc0/0xc0 [ 539.990805] ? find_held_lock+0x35/0x1d0 [ 539.994865] ? check_same_owner+0x320/0x320 [ 539.999169] ? sget_userns+0x27d/0xe40 [ 540.003056] ? rcu_note_context_switch+0x710/0x710 [ 540.007985] should_failslab+0xec/0x120 [ 540.011941] kmem_cache_alloc_trace+0x4b/0x740 [ 540.016510] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 540.021529] ? __lockdep_init_map+0xe4/0x650 [ 540.025947] sget_userns+0x2a3/0xe40 [ 540.029656] ? get_anon_bdev+0x2a0/0x2a0 [ 540.033707] ? init_wait_entry+0x1b0/0x1b0 [ 540.037931] ? destroy_unused_super.part.6+0xd0/0xd0 [ 540.043040] ? alloc_vfsmnt+0x762/0x9c0 [ 540.047004] ? path_lookupat+0x238/0xba0 [ 540.051074] ? mnt_free_id.isra.21+0x50/0x50 [ 540.055488] ? trace_hardirqs_off+0x10/0x10 [ 540.059813] ? cap_capable+0x1b5/0x230 [ 540.063715] ? security_capable+0x8e/0xc0 [ 540.067857] ? get_anon_bdev+0x2a0/0x2a0 [ 540.071897] ? ns_capable_common+0xcf/0x160 [ 540.076216] ? get_anon_bdev+0x2a0/0x2a0 [ 540.080276] sget+0xd2/0x120 [ 540.083294] ? __get_fs_type+0x8a/0xc0 [ 540.087184] ? shmem_remount_fs+0x750/0x750 [ 540.091501] mount_nodev+0x37/0x100 [ 540.095126] shmem_mount+0x2c/0x40 [ 540.098658] mount_fs+0x66/0x2d0 [ 540.102018] vfs_kern_mount.part.26+0xc6/0x4a0 [ 540.106601] ? may_umount+0xa0/0xa0 [ 540.110219] ? _raw_read_unlock+0x22/0x30 [ 540.114358] ? __get_fs_type+0x8a/0xc0 [ 540.118250] do_mount+0xea4/0x2bb0 [ 540.121774] ? __might_fault+0x110/0x1d0 [ 540.125829] ? copy_mount_string+0x40/0x40 [ 540.130059] ? check_same_owner+0x320/0x320 [ 540.134375] ? __check_object_size+0x8b/0x530 [ 540.138861] ? __might_sleep+0x95/0x190 [ 540.142832] ? kasan_check_write+0x14/0x20 [ 540.147056] ? _copy_from_user+0x99/0x110 [ 540.151195] ? memdup_user+0x5e/0x90 [ 540.154894] ? copy_mount_options+0x1f7/0x2e0 [ 540.159376] SyS_mount+0xab/0x120 [ 540.162813] ? copy_mnt_ns+0xb30/0xb30 [ 540.166690] do_syscall_64+0x281/0x940 [ 540.170569] ? vmalloc_sync_all+0x30/0x30 [ 540.174706] ? _raw_spin_unlock_irq+0x27/0x70 [ 540.179194] ? finish_task_switch+0x1c1/0x7e0 [ 540.183683] ? syscall_return_slowpath+0x550/0x550 [ 540.188609] ? syscall_return_slowpath+0x2ac/0x550 [ 540.193528] ? prepare_exit_to_usermode+0x350/0x350 [ 540.198537] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 540.203901] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 540.208752] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 540.213935] RIP: 0033:0x454e79 [ 540.217123] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 540.224824] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 [ 540.232091] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 540.239356] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 540.246604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 540.253861] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000006 2018/03/31 14:23:28 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r6, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:28 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:28 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:28 executing program 4: sendmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x6, 0x20000) socket$can_raw(0x1d, 0x3, 0x1) sendmsg$unix(r1, &(0x7f0000000480)={&(0x7f0000000240)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f00000003c0)=[{&(0x7f00000002c0)="90bc06759de1e547969f47355c7845894d326b8a094fa099887f6ac171eca243856301d7240d6a97ae7988213eaf8ae3b8351a8043b98eaf7014d80bf14df53cacd5807d2503a9acc16bf9e26893c9a9c49e6ac4e4ef33ae15bb920e23337b055cfea75defb810a2cdb31bd8307fc98be8372513e0207ed206c30e546b1a075a4643e110b03cf57d645951fd476877bde0e7a60f0c64b6e83c73104ac64bafc54ca812f092c61c4c6e4d0d299e5c6a19f13d1c", 0xb3}], 0x1, &(0x7f00000005c0)=ANY=[@ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="20000000000000000100000001000000611aed033e198d4a53ee2c12674e79a834fa62ee7d48fdb72e50f48a86bd4c6cf8aa4547a6616112f3b73e5a2382a476548231a1e5e580906f37538b58ce1582f46a048b88f37f00000000000000840807e0e57587cfe56b6b6680793e8f605b002325c3ee8491cbb0500bf1c0c9e6f1c551bfcfbca685ad163dde05adaae44246be6fadaec4f0640736da00ca0b86ab13470e5e3471147942dc186e928baf3200", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="eb528702c712df268db99bb4be431c84af393dea0cf300000066000000000000"], 0x34, 0x84}, 0x40) r2 = gettid() ptrace$poke(0x5, r2, &(0x7f0000000380), 0x3) r3 = syz_open_dev$sg(&(0x7f0000000700)='/dev/sg#\x00', 0x1000000000, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x400, 0x0) socket$inet6(0xa, 0x0, 0x0) r4 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r4, &(0x7f00000006c0)={0xa, 0x4e20, 0x0, @ipv4={[], [0xff, 0xff], @local={0xac, 0x14, 0x14, 0xaa}}}, 0xfffffd32) listen(r4, 0x80001003) r5 = socket$inet6(0xa, 0x6, 0x2) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000440)={&(0x7f0000000400)='./file0\x00', 0x0, 0x10}, 0x10) connect$inet6(r5, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) readv(r5, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/11, 0x37}], 0x100000000000019c) close(r5) accept(r4, 0x0, &(0x7f0000efaffc)) sendmmsg(r5, &(0x7f00000000c0)=[{{&(0x7f0000000240)=@ax25={0x3, {"aba998cfc95797"}}, 0x80, &(0x7f00000016c0), 0x0, &(0x7f0000001740)}}], 0x198, 0x0) r6 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$DRM_IOCTL_MARK_BUFS(0xffffffffffffff9c, 0x40206417, &(0x7f00000001c0)={0x81, 0x9, 0x200, 0x8, 0x4, 0x1}) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x8, 0x200, 0x20000800}) ioctl(r6, 0x2285, &(0x7f0000007000)='S') getsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f00000004c0)={{{@in=@dev, @in6=@local}}, {{@in=@remote}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000180)=0xe8) getsockname$unix(r3, &(0x7f0000000040), &(0x7f0000000100)=0x6e) ioctl$TCSBRK(r1, 0x5409, 0xffff) 2018/03/31 14:23:28 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r2, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180), &(0x7f0000000200)=0x1) r3 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r3, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:28 executing program 7: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TIOCNXCL(r0, 0x540d) fcntl$getownex(r1, 0x10, &(0x7f0000000080)={0x0, 0x0}) ptrace$peekuser(0x3, r2, 0x8001) 2018/03/31 14:23:28 executing program 5 (fault-call:12 fault-nth:7): r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:28 executing program 2 (fault-call:4 fault-nth:0): nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) socket$kcm(0x29, 0x7, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)) [ 540.784645] FAULT_INJECTION: forcing a failure. [ 540.784645] name failslab, interval 1, probability 0, space 0, times 0 [ 540.796477] CPU: 1 PID: 5142 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 540.803752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 540.813096] Call Trace: [ 540.815682] dump_stack+0x194/0x24d [ 540.819310] ? arch_local_irq_restore+0x53/0x53 [ 540.823987] should_fail+0x8c0/0xa40 [ 540.827705] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 540.832804] ? find_next_zero_bit+0xe3/0x110 [ 540.837211] ? trace_hardirqs_off+0x10/0x10 [ 540.841531] ? __lock_is_held+0xb6/0x140 [ 540.845597] ? find_held_lock+0x35/0x1d0 [ 540.849665] ? __lock_is_held+0xb6/0x140 [ 540.853738] ? check_same_owner+0x320/0x320 [ 540.858063] ? rcu_note_context_switch+0x710/0x710 [ 540.862994] ? rcu_note_context_switch+0x710/0x710 [ 540.867930] should_failslab+0xec/0x120 [ 540.871906] __kmalloc+0x63/0x760 [ 540.875361] ? lockdep_init_map+0x9/0x10 [ 540.879419] ? debug_mutex_init+0x2d/0x60 [ 540.883564] ? __list_lru_init+0xcf/0x750 [ 540.887713] __list_lru_init+0xcf/0x750 [ 540.891687] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 540.897568] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 540.902585] ? __lockdep_init_map+0xe4/0x650 [ 540.906996] ? lockdep_init_map+0x9/0x10 [ 540.911059] sget_userns+0x691/0xe40 [ 540.914765] ? get_anon_bdev+0x2a0/0x2a0 [ 540.918828] ? destroy_unused_super.part.6+0xd0/0xd0 [ 540.923932] ? alloc_vfsmnt+0x762/0x9c0 [ 540.927900] ? path_lookupat+0x238/0xba0 2018/03/31 14:23:28 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:28 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 540.931959] ? mnt_free_id.isra.21+0x50/0x50 [ 540.936370] ? trace_hardirqs_off+0x10/0x10 [ 540.940695] ? cap_capable+0x1b5/0x230 [ 540.944582] ? security_capable+0x8e/0xc0 [ 540.948728] ? get_anon_bdev+0x2a0/0x2a0 [ 540.952784] ? ns_capable_common+0xcf/0x160 [ 540.957104] ? get_anon_bdev+0x2a0/0x2a0 [ 540.961159] sget+0xd2/0x120 [ 540.964171] ? __get_fs_type+0x8a/0xc0 [ 540.968058] ? shmem_remount_fs+0x750/0x750 [ 540.972375] mount_nodev+0x37/0x100 [ 540.975999] shmem_mount+0x2c/0x40 [ 540.979536] mount_fs+0x66/0x2d0 [ 540.982899] vfs_kern_mount.part.26+0xc6/0x4a0 [ 540.987484] ? may_umount+0xa0/0xa0 [ 540.991110] ? _raw_read_unlock+0x22/0x30 [ 540.995253] ? __get_fs_type+0x8a/0xc0 [ 540.999139] do_mount+0xea4/0x2bb0 [ 541.002674] ? __might_fault+0x110/0x1d0 [ 541.006732] ? copy_mount_string+0x40/0x40 [ 541.010962] ? check_same_owner+0x320/0x320 [ 541.015278] ? __check_object_size+0x8b/0x530 [ 541.019775] ? __might_sleep+0x95/0x190 [ 541.023750] ? kasan_check_write+0x14/0x20 [ 541.027981] ? _copy_from_user+0x99/0x110 [ 541.032124] ? memdup_user+0x5e/0x90 2018/03/31 14:23:29 executing program 4: sendmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x6, 0x20000) sendmsg$unix(r1, &(0x7f0000000480)={&(0x7f0000000240)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f00000003c0)=[{&(0x7f00000002c0)="90bc06759de1e547969f47355c7845894d326b8a094fa099887f6ac171eca243856301d7240d6a97ae7988213eaf8ae3b8351a8043b98eaf7014d80bf14df53cacd5807d2503a9acc16bf9e26893c9a9c49e6ac4e4ef33ae15bb920e23337b055cfea75defb810a2cdb31bd8307fc98be8372513e0207ed206c30e546b1a075a4643e110b03cf57d645951fd476877bde0e7a60f0c64b6e83c73104ac64bafc54ca812f092c61c4c6e4d0d299e5c6a19f13d1c", 0xb3}], 0x1, &(0x7f0000000400)=ANY=[@ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="20000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="eb610000"], 0x34, 0x84}, 0x40) r2 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x400, 0x0) getsockopt$inet_tcp_buf(r1, 0x6, 0xb, &(0x7f0000000700)=""/46, &(0x7f0000000740)=0x2e) socket$inet6(0xa, 0x0, 0x0) r3 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r3, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) listen(r3, 0x80001003) r4 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r4, &(0x7f0000419000)={0xa, 0x4e20, 0xfffffffffffdfffe, @dev={0xfe, 0x80, [], 0xe}}, 0x1c) readv(r4, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/11, 0x37}], 0x100000000000019c) close(r4) r5 = accept(r3, 0x0, &(0x7f0000efaffc)) sendmmsg(r4, &(0x7f00000000c0)=[{{&(0x7f0000000240)=@ax25={0x3, {"aba998cfc95797"}}, 0x80, &(0x7f00000016c0), 0x0, &(0x7f0000001740)}}], 0x198, 0x0) socket$can_raw(0x1d, 0x3, 0x1) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x8, 0x200, 0x20000800}) ioctl(r2, 0x2285, &(0x7f0000007000)='S') r6 = syz_open_dev$dmmidi(&(0x7f00000001c0)='/dev/dmmidi#\x00', 0x4, 0x101000) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r6, 0x84, 0x74, &(0x7f00000005c0)=""/135, &(0x7f0000000380)=0x87) setsockopt$packet_fanout_data(r5, 0x107, 0x16, &(0x7f0000000680)={0x4, &(0x7f0000000440)=[{0x1, 0x3f, 0x7, 0x10000}, {0x8, 0x100000001, 0x0, 0x80000000}, {0xff, 0x5, 0x9}, {0x10001, 0x400, 0x2, 0x81}]}, 0x10) ioctl$TUNSETNOCSUM(r6, 0x400454c8, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f00000004c0)={{{@in=@dev, @in6=@local}}, {{@in=@remote}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000180)=0xe8) getsockname$unix(r2, &(0x7f0000000040), &(0x7f0000000100)=0x6e) ioctl$KDGKBTYPE(r1, 0x4b33, &(0x7f00000006c0)) ioctl$TCSBRK(r1, 0x5409, 0xffff) [ 541.035830] ? copy_mount_options+0x1f7/0x2e0 [ 541.040324] SyS_mount+0xab/0x120 [ 541.043767] ? copy_mnt_ns+0xb30/0xb30 [ 541.047653] do_syscall_64+0x281/0x940 [ 541.051534] ? vmalloc_sync_all+0x30/0x30 [ 541.055676] ? _raw_spin_unlock_irq+0x27/0x70 [ 541.060165] ? finish_task_switch+0x1c1/0x7e0 [ 541.064659] ? syscall_return_slowpath+0x550/0x550 [ 541.069586] ? syscall_return_slowpath+0x2ac/0x550 [ 541.074509] ? prepare_exit_to_usermode+0x350/0x350 [ 541.079524] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 541.084889] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 541.089735] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 541.094940] RIP: 0033:0x454e79 [ 541.098117] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 541.105822] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 [ 541.113084] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 541.120345] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 541.127603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 2018/03/31 14:23:29 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 541.134863] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000007 [ 541.658252] FAULT_INJECTION: forcing a failure. [ 541.658252] name failslab, interval 1, probability 0, space 0, times 0 [ 541.669926] CPU: 0 PID: 5187 Comm: syz-executor2 Not tainted 4.16.0-rc7+ #373 [ 541.677201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 541.686540] Call Trace: [ 541.689122] dump_stack+0x194/0x24d [ 541.692756] ? arch_local_irq_restore+0x53/0x53 [ 541.697432] should_fail+0x8c0/0xa40 [ 541.701149] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 541.706248] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 541.711426] ? trace_hardirqs_off+0x10/0x10 [ 541.715741] ? find_held_lock+0x35/0x1d0 [ 541.719789] ? check_same_owner+0x320/0x320 [ 541.724097] ? rcu_note_context_switch+0x710/0x710 [ 541.729020] ? find_held_lock+0x35/0x1d0 [ 541.733077] should_failslab+0xec/0x120 [ 541.737036] kmem_cache_alloc+0x47/0x760 [ 541.741078] ? lock_downgrade+0x980/0x980 [ 541.745202] ? get_pid_task+0xbc/0x140 [ 541.749064] ? proc_fail_nth_write+0x9b/0x1d0 [ 541.753534] mpol_new+0x144/0x2e0 [ 541.756963] ? mpol_new_bind+0x30/0x30 [ 541.760826] ? __might_fault+0x110/0x1d0 [ 541.764862] do_mbind+0x1d0/0xce0 [ 541.768289] ? lock_release+0xa40/0xa40 [ 541.772240] ? check_same_owner+0x320/0x320 [ 541.776543] ? __mpol_equal+0x2d0/0x2d0 [ 541.780492] ? __might_sleep+0x95/0x190 [ 541.784455] ? kasan_check_write+0x14/0x20 [ 541.788672] ? _copy_from_user+0x99/0x110 [ 541.792804] ? get_nodes+0x117/0x1e0 [ 541.796498] SyS_mbind+0x13b/0x150 [ 541.800020] ? compat_SyS_mbind+0x240/0x240 [ 541.804326] ? do_syscall_64+0xb7/0x940 [ 541.808287] ? compat_SyS_mbind+0x240/0x240 [ 541.812589] do_syscall_64+0x281/0x940 [ 541.816453] ? vmalloc_sync_all+0x30/0x30 [ 541.820578] ? _raw_spin_unlock_irq+0x27/0x70 [ 541.825051] ? finish_task_switch+0x1c1/0x7e0 [ 541.829522] ? syscall_return_slowpath+0x550/0x550 [ 541.834424] ? syscall_return_slowpath+0x2ac/0x550 [ 541.839336] ? prepare_exit_to_usermode+0x350/0x350 [ 541.844339] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 541.849687] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 541.854517] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 541.859695] RIP: 0033:0x454e79 [ 541.862873] RSP: 002b:00007f184706fc68 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 541.870579] RAX: ffffffffffffffda RBX: 00007f18470706d4 RCX: 0000000000454e79 [ 541.877836] RDX: 0000000000008001 RSI: 0000000000002000 RDI: 0000000020ffb000 [ 541.885094] RBP: 000000000072c010 R08: 0000000000000009 R09: 0000000000000000 [ 541.892352] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000013 [ 541.899612] R13: 00000000000003e5 R14: 00000000006f7e18 R15: 0000000000000000 2018/03/31 14:23:30 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:30 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r6, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:30 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:30 executing program 5 (fault-call:12 fault-nth:8): r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:30 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r2, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180), &(0x7f0000000200)=0x1) r3 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r3, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:30 executing program 7: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x8031, 0xffffffffffffffff, 0x52) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)) 2018/03/31 14:23:30 executing program 4: sendmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x4000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x6, 0x20000) sendmsg$unix(r1, &(0x7f0000000480)={&(0x7f0000000240)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f00000003c0)=[{&(0x7f00000002c0)="90bc06759de1e547969f47355c7845894d326b8a094fa099887f6ac171eca243856301d7240d6a97ae7988213eaf8ae3b8351a8043b98eaf7014d80bf14df53cacd5807d2503a9acc16bf9e26893c9a9c49e6ac4e4ef33ae15bb920e23337b055cfea75defb810a2cdb31bd8307fc98be8372513e0207ed206c30e546b1a075a4643e110b03cf57d645951fd476877bde0e7a60f0c64b6e83c73104ac64bafc54ca812f092c61c4c6e4d0d299e5c6a19f13d1c", 0xb3}], 0x1, &(0x7f00000005c0)=ANY=[@ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="20000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="aa715ed1371f2907bcc4fc51c2d3716a79b0977b920bdbe10ba0410b2aff595e550a389565378c061961bc2f621ea0f22108ef540adfecac47d83a742ab84d1f4a7356ef2605955cbc252056eab1beaf7e14031c78db8eb64264794708509d99a86d5fa69e5a90803ec9077bd40b"], 0x34, 0x84}, 0x40) r2 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x400, 0x0) socket$inet6(0xa, 0x0, 0x0) r3 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r3, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) listen(r3, 0x80001003) r4 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r4, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) readv(r4, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/11, 0x37}], 0x100000000000019c) close(r2) r5 = accept(r3, 0x0, &(0x7f0000efaffc)) sendmmsg(r4, &(0x7f00000000c0)=[{{&(0x7f0000000240)=@ax25={0x3, {"aba998cfc95797"}}, 0x80, &(0x7f00000016c0), 0x0, &(0x7f0000001740)}}], 0x198, 0x0) socket$can_raw(0x1d, 0x3, 0x1) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x8, 0x200, 0x20000800}) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x1, 0x30}, &(0x7f0000000380)=0xc) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x6, &(0x7f0000000680)={r6, @in={{0x2, 0x4e20, @broadcast=0xffffffff}}}, 0x84) ioctl(r2, 0x2285, &(0x7f0000007000)='S') getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f00000004c0)={{{@in=@dev, @in6=@local}}, {{@in=@remote}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000180)=0xe8) getsockname$unix(r2, &(0x7f0000000040), &(0x7f0000000100)=0x6e) ioctl$TCSBRK(r1, 0x5409, 0xffff) 2018/03/31 14:23:30 executing program 2 (fault-call:4 fault-nth:1): nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) socket$kcm(0x29, 0x7, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)) [ 542.094686] FAULT_INJECTION: forcing a failure. [ 542.094686] name failslab, interval 1, probability 0, space 0, times 0 [ 542.105947] CPU: 1 PID: 5201 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 542.113212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 542.122557] Call Trace: [ 542.125141] dump_stack+0x194/0x24d [ 542.128770] ? arch_local_irq_restore+0x53/0x53 [ 542.133448] should_fail+0x8c0/0xa40 [ 542.137160] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 542.142268] ? save_stack+0x43/0xd0 [ 542.145888] ? kasan_kmalloc+0xad/0xe0 [ 542.149771] ? __kmalloc+0x162/0x760 [ 542.153478] ? __list_lru_init+0xcf/0x750 [ 542.157624] ? find_held_lock+0x35/0x1d0 [ 542.161687] ? __lock_is_held+0xb6/0x140 [ 542.165753] ? check_same_owner+0x320/0x320 [ 542.170082] ? rcu_note_context_switch+0x710/0x710 [ 542.175019] should_failslab+0xec/0x120 [ 542.178987] kmem_cache_alloc_node_trace+0x5a/0x760 [ 542.183997] ? mark_held_locks+0xaf/0x100 [ 542.188142] ? __raw_spin_lock_init+0x1c/0x100 2018/03/31 14:23:30 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 542.192728] __kmalloc_node+0x33/0x70 [ 542.196528] kvmalloc_node+0x99/0xd0 [ 542.200240] __list_lru_init+0x5d5/0x750 [ 542.204301] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 542.210185] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 542.215199] ? __lockdep_init_map+0xe4/0x650 [ 542.219603] ? lockdep_init_map+0x9/0x10 [ 542.223664] sget_userns+0x691/0xe40 [ 542.227370] ? get_anon_bdev+0x2a0/0x2a0 [ 542.231441] ? destroy_unused_super.part.6+0xd0/0xd0 [ 542.236547] ? alloc_vfsmnt+0x762/0x9c0 [ 542.240516] ? path_lookupat+0x238/0xba0 2018/03/31 14:23:30 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 542.244573] ? mnt_free_id.isra.21+0x50/0x50 [ 542.249069] ? trace_hardirqs_off+0x10/0x10 [ 542.253396] ? cap_capable+0x1b5/0x230 [ 542.257292] ? security_capable+0x8e/0xc0 [ 542.261436] ? get_anon_bdev+0x2a0/0x2a0 [ 542.265495] ? ns_capable_common+0xcf/0x160 [ 542.269811] ? get_anon_bdev+0x2a0/0x2a0 [ 542.273878] sget+0xd2/0x120 [ 542.276891] ? __get_fs_type+0x8a/0xc0 [ 542.280774] ? shmem_remount_fs+0x750/0x750 [ 542.285092] mount_nodev+0x37/0x100 [ 542.288721] shmem_mount+0x2c/0x40 [ 542.292252] mount_fs+0x66/0x2d0 [ 542.295616] vfs_kern_mount.part.26+0xc6/0x4a0 [ 542.300194] ? may_umount+0xa0/0xa0 [ 542.303820] ? _raw_read_unlock+0x22/0x30 [ 542.307962] ? __get_fs_type+0x8a/0xc0 [ 542.311854] do_mount+0xea4/0x2bb0 [ 542.315391] ? __might_fault+0x110/0x1d0 [ 542.319453] ? copy_mount_string+0x40/0x40 [ 542.323684] ? check_same_owner+0x320/0x320 [ 542.328002] ? __check_object_size+0x8b/0x530 [ 542.332497] ? __might_sleep+0x95/0x190 [ 542.336474] ? kasan_check_write+0x14/0x20 [ 542.340701] ? _copy_from_user+0x99/0x110 2018/03/31 14:23:30 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 542.344850] ? memdup_user+0x5e/0x90 [ 542.348558] ? copy_mount_options+0x1f7/0x2e0 [ 542.353050] SyS_mount+0xab/0x120 [ 542.356487] ? copy_mnt_ns+0xb30/0xb30 [ 542.360365] do_syscall_64+0x281/0x940 [ 542.364257] ? vmalloc_sync_all+0x30/0x30 [ 542.368400] ? _raw_spin_unlock_irq+0x27/0x70 [ 542.372889] ? finish_task_switch+0x1c1/0x7e0 [ 542.377380] ? syscall_return_slowpath+0x550/0x550 [ 542.382301] ? syscall_return_slowpath+0x2ac/0x550 [ 542.387235] ? prepare_exit_to_usermode+0x350/0x350 2018/03/31 14:23:30 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 542.392248] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 542.397986] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 542.402830] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 542.408011] RIP: 0033:0x454e79 [ 542.411191] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 542.418896] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 [ 542.426156] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 542.433417] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 2018/03/31 14:23:30 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:30 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) [ 542.440682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 542.447945] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000008 2018/03/31 14:23:30 executing program 5 (fault-call:12 fault-nth:9): r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:30 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r6, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:30 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r2, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r3 = socket$inet(0x2, 0x0, 0x2) setsockopt$inet_int(r3, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:30 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 542.588159] FAULT_INJECTION: forcing a failure. [ 542.588159] name failslab, interval 1, probability 0, space 0, times 0 [ 542.599478] CPU: 1 PID: 5236 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 542.606748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 542.616093] Call Trace: [ 542.618681] dump_stack+0x194/0x24d [ 542.622313] ? arch_local_irq_restore+0x53/0x53 [ 542.626985] should_fail+0x8c0/0xa40 [ 542.630700] ? is_bpf_text_address+0xa4/0x120 2018/03/31 14:23:30 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 542.635194] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 542.640291] ? __kernel_text_address+0xd/0x40 [ 542.644788] ? unwind_get_return_address+0x61/0xa0 [ 542.649724] ? find_held_lock+0x35/0x1d0 [ 542.653784] ? __lock_is_held+0xb6/0x140 [ 542.657850] ? check_same_owner+0x320/0x320 [ 542.662171] ? rcu_note_context_switch+0x710/0x710 [ 542.667108] should_failslab+0xec/0x120 [ 542.671083] kmem_cache_alloc_trace+0x4b/0x740 [ 542.675660] ? __kmalloc_node+0x33/0x70 [ 542.679629] ? __kmalloc_node+0x33/0x70 [ 542.683602] ? rcu_read_lock_sched_held+0x108/0x120 2018/03/31 14:23:30 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 542.688619] __memcg_init_list_lru_node+0x169/0x270 [ 542.693637] ? list_lru_add+0x7c0/0x7c0 [ 542.697609] ? __kmalloc_node+0x47/0x70 [ 542.701586] __list_lru_init+0x544/0x750 [ 542.705650] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 542.711530] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 542.716544] ? __lockdep_init_map+0xe4/0x650 [ 542.720954] ? lockdep_init_map+0x9/0x10 [ 542.725012] sget_userns+0x691/0xe40 [ 542.728717] ? get_anon_bdev+0x2a0/0x2a0 [ 542.732783] ? destroy_unused_super.part.6+0xd0/0xd0 2018/03/31 14:23:30 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 542.737891] ? alloc_vfsmnt+0x762/0x9c0 [ 542.741860] ? path_lookupat+0x238/0xba0 [ 542.745921] ? mnt_free_id.isra.21+0x50/0x50 [ 542.750330] ? trace_hardirqs_off+0x10/0x10 [ 542.754655] ? cap_capable+0x1b5/0x230 [ 542.758542] ? security_capable+0x8e/0xc0 [ 542.762688] ? get_anon_bdev+0x2a0/0x2a0 [ 542.766744] ? ns_capable_common+0xcf/0x160 [ 542.771057] ? get_anon_bdev+0x2a0/0x2a0 [ 542.775113] sget+0xd2/0x120 [ 542.778127] ? __get_fs_type+0x8a/0xc0 [ 542.782012] ? shmem_remount_fs+0x750/0x750 [ 542.786331] mount_nodev+0x37/0x100 [ 542.789963] shmem_mount+0x2c/0x40 [ 542.793496] mount_fs+0x66/0x2d0 [ 542.796864] vfs_kern_mount.part.26+0xc6/0x4a0 [ 542.801442] ? may_umount+0xa0/0xa0 [ 542.805063] ? _raw_read_unlock+0x22/0x30 [ 542.809204] ? __get_fs_type+0x8a/0xc0 [ 542.813091] do_mount+0xea4/0x2bb0 [ 542.816616] ? __might_fault+0x110/0x1d0 [ 542.820666] ? copy_mount_string+0x40/0x40 [ 542.824899] ? check_same_owner+0x320/0x320 [ 542.829216] ? __check_object_size+0x8b/0x530 [ 542.833713] ? __might_sleep+0x95/0x190 [ 542.837688] ? kasan_check_write+0x14/0x20 [ 542.841925] ? _copy_from_user+0x99/0x110 [ 542.846069] ? memdup_user+0x5e/0x90 [ 542.849768] ? copy_mount_options+0x1f7/0x2e0 [ 542.854264] SyS_mount+0xab/0x120 [ 542.857713] ? copy_mnt_ns+0xb30/0xb30 [ 542.861596] do_syscall_64+0x281/0x940 [ 542.865479] ? vmalloc_sync_all+0x30/0x30 [ 542.869614] ? _raw_spin_unlock_irq+0x27/0x70 [ 542.874092] ? finish_task_switch+0x1c1/0x7e0 [ 542.878568] ? syscall_return_slowpath+0x550/0x550 [ 542.883474] ? syscall_return_slowpath+0x2ac/0x550 [ 542.888378] ? prepare_exit_to_usermode+0x350/0x350 [ 542.893378] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 542.898730] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 542.903557] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 542.908726] RIP: 0033:0x454e79 [ 542.911898] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 542.919587] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 [ 542.926843] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 542.934091] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 542.941348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 542.948604] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000009 2018/03/31 14:23:31 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r6, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:31 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x0, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:31 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:31 executing program 2: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) socket$kcm(0x29, 0x7, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)) 2018/03/31 14:23:31 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r2, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r3 = socket$inet(0x2, 0x0, 0x2) setsockopt$inet_int(r3, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:31 executing program 4: sendmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$vcsa(&(0x7f00000001c0)='/dev/vcsa#\x00', 0x3f, 0x10000) ioctl$KDSETLED(r1, 0x4b32, 0x100000001) r2 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x6, 0x20000) sendmsg$unix(r2, &(0x7f0000000480)={&(0x7f0000000240)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f00000003c0)=[{&(0x7f00000002c0)="90bc06759de1e547969f47355c7845894d326b8a094fa099887f6ac171eca243856301d7240d6a97ae7988213eaf8ae3b8351a8043b98eaf7014d80bf14df53cacd5807d2503a9acc16bf9e26893c9a9c49e6ac4e4ef33ae15bb920e23337b055cfea75defb810a2cdb31bd8307fc98be8372513e0207ed206c30e546b1a075a4643e110b03cf57d645951fd476877bde0e7a60f0c64b6e83c73104ac64bafc54ca812f092c61c4c6e4d0d299e5c6a19f13d1c", 0xb3}], 0x1, &(0x7f00000005c0)=ANY=[@ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="200000000000000001000000010000002a94e78d8e1d797cec724914a80bfd6095ec346d41fded10549fec4fd3dc64edecb09726a88f1eab6722beb698299469cb71ffb434b991c76e80335d2ace6a8d68dc46b7f29db2873ade8a7625c19d1664", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="eb610000"], 0x34, 0x84}, 0x40) r3 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x400, 0x0) socket$inet6(0xa, 0x0, 0x0) r4 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r4, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) mremap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000ffa000/0x4000)=nil) listen(r4, 0x80001003) r5 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r5, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) readv(r5, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/11, 0x37}], 0x100000000000019c) close(r5) accept(r4, 0x0, &(0x7f0000efaffc)) sendmmsg(r5, &(0x7f00000000c0)=[{{&(0x7f0000000240)=@ax25={0x3, {"aba998cfc95797"}}, 0x80, &(0x7f00000016c0), 0x0, &(0x7f0000001740)}}], 0x198, 0x0) socket$can_raw(0x1d, 0x3, 0x1) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x8, 0x200, 0x20000800}) ioctl(r3, 0x2285, &(0x7f0000007000)='S') getsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f00000004c0)={{{@in=@dev, @in6=@local}}, {{@in=@remote}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000180)=0xe8) getsockname$unix(r3, &(0x7f0000000040), &(0x7f0000000100)=0x6e) ioctl$TCSBRK(r2, 0x5409, 0xffff) 2018/03/31 14:23:31 executing program 5 (fault-call:12 fault-nth:10): r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:31 executing program 7: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x80000001, 0x10000) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) r0 = syz_open_procfs(0x0, &(0x7f0000000900)="6d6f756e74696e666f004388f750c83d14c4a3a9ac1488a477660a6763891738ac656bb3e891941f02f1265047502f6c2dd9f655ef7131eabf3110d638f0d2e6a49a2bc4a08d63e2da7af47e6c37972352875f125bcf3ea7f04b7b505b6a06beedb2a86e30a86bc0d37a6438b99a45ea22b1f4fb05") unshare(0xa000000) preadv(r0, &(0x7f00000023c0)=[{&(0x7f00000012c0)=""/4096, 0x22f}], 0x16d, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)) [ 543.233555] FAULT_INJECTION: forcing a failure. [ 543.233555] name failslab, interval 1, probability 0, space 0, times 0 [ 543.244866] CPU: 0 PID: 5293 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 543.252143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 543.261497] Call Trace: [ 543.264076] dump_stack+0x194/0x24d [ 543.267697] ? arch_local_irq_restore+0x53/0x53 [ 543.272363] should_fail+0x8c0/0xa40 [ 543.276075] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 543.281178] ? kasan_kmalloc+0xad/0xe0 [ 543.285057] ? kmem_cache_alloc_trace+0x136/0x740 [ 543.289884] ? __memcg_init_list_lru_node+0x169/0x270 [ 543.295058] ? __list_lru_init+0x544/0x750 [ 543.299281] ? sget_userns+0x691/0xe40 [ 543.303161] ? mount_fs+0x66/0x2d0 [ 543.306690] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 543.311436] ? do_mount+0xea4/0x2bb0 [ 543.315144] ? SyS_mount+0xab/0x120 [ 543.318760] ? do_syscall_64+0x281/0x940 [ 543.322837] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 543.328190] ? find_held_lock+0x35/0x1d0 [ 543.332253] ? __lock_is_held+0xb6/0x140 [ 543.336326] ? check_same_owner+0x320/0x320 [ 543.340645] ? rcu_note_context_switch+0x710/0x710 [ 543.345569] should_failslab+0xec/0x120 [ 543.349527] kmem_cache_alloc_trace+0x4b/0x740 [ 543.354094] ? __kmalloc_node+0x33/0x70 [ 543.358061] ? __kmalloc_node+0x33/0x70 [ 543.362039] ? rcu_read_lock_sched_held+0x108/0x120 [ 543.367063] __memcg_init_list_lru_node+0x169/0x270 [ 543.372081] ? list_lru_add+0x7c0/0x7c0 [ 543.376055] ? __kmalloc_node+0x47/0x70 [ 543.380038] __list_lru_init+0x544/0x750 [ 543.384101] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 543.389983] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 543.395004] ? __lockdep_init_map+0xe4/0x650 [ 543.399412] ? lockdep_init_map+0x9/0x10 [ 543.403473] sget_userns+0x691/0xe40 [ 543.407181] ? get_anon_bdev+0x2a0/0x2a0 [ 543.411236] ? destroy_unused_super.part.6+0xd0/0xd0 [ 543.416326] ? alloc_vfsmnt+0x762/0x9c0 [ 543.420279] ? path_lookupat+0x238/0xba0 [ 543.424317] ? mnt_free_id.isra.21+0x50/0x50 [ 543.428708] ? trace_hardirqs_off+0x10/0x10 [ 543.433023] ? cap_capable+0x1b5/0x230 [ 543.436901] ? security_capable+0x8e/0xc0 [ 543.441037] ? get_anon_bdev+0x2a0/0x2a0 [ 543.445086] ? ns_capable_common+0xcf/0x160 [ 543.449398] ? get_anon_bdev+0x2a0/0x2a0 [ 543.453453] sget+0xd2/0x120 [ 543.456466] ? __get_fs_type+0x8a/0xc0 [ 543.460345] ? shmem_remount_fs+0x750/0x750 [ 543.464660] mount_nodev+0x37/0x100 [ 543.468287] shmem_mount+0x2c/0x40 [ 543.471815] mount_fs+0x66/0x2d0 [ 543.475176] vfs_kern_mount.part.26+0xc6/0x4a0 [ 543.479746] ? may_umount+0xa0/0xa0 [ 543.483363] ? _raw_read_unlock+0x22/0x30 [ 543.487504] ? __get_fs_type+0x8a/0xc0 [ 543.491398] do_mount+0xea4/0x2bb0 [ 543.494922] ? __might_fault+0x110/0x1d0 [ 543.498966] ? copy_mount_string+0x40/0x40 [ 543.503182] ? check_same_owner+0x320/0x320 [ 543.507490] ? __check_object_size+0x8b/0x530 [ 543.511981] ? __might_sleep+0x95/0x190 [ 543.515956] ? kasan_check_write+0x14/0x20 [ 543.520178] ? _copy_from_user+0x99/0x110 [ 543.524311] ? memdup_user+0x5e/0x90 [ 543.528016] ? copy_mount_options+0x1f7/0x2e0 [ 543.532511] SyS_mount+0xab/0x120 [ 543.535950] ? copy_mnt_ns+0xb30/0xb30 [ 543.539830] do_syscall_64+0x281/0x940 [ 543.543702] ? vmalloc_sync_all+0x30/0x30 [ 543.547848] ? _raw_spin_unlock_irq+0x27/0x70 [ 543.552342] ? finish_task_switch+0x1c1/0x7e0 [ 543.556836] ? syscall_return_slowpath+0x550/0x550 [ 543.561760] ? syscall_return_slowpath+0x2ac/0x550 [ 543.566991] ? prepare_exit_to_usermode+0x350/0x350 [ 543.572007] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 543.577372] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 543.582208] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 543.587375] RIP: 0033:0x454e79 [ 543.590546] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 543.598239] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 [ 543.605494] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 543.612755] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 543.620018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 543.627284] R13: 00000000000003fa R14: 00000000006f8010 R15: 000000000000000a 2018/03/31 14:23:31 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r4 = dup3(r2, r3, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r4, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r5 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r5, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r5, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:31 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x0, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:31 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:31 executing program 5 (fault-call:12 fault-nth:11): r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:31 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r4 = dup3(r2, r3, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r4, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r5 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r5, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r5, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:31 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r2, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r3 = socket$inet(0x2, 0x0, 0x2) setsockopt$inet_int(r3, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:31 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x0, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 543.801089] FAULT_INJECTION: forcing a failure. [ 543.801089] name failslab, interval 1, probability 0, space 0, times 0 [ 543.812385] CPU: 1 PID: 5318 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 543.819651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 543.828995] Call Trace: [ 543.831581] dump_stack+0x194/0x24d [ 543.835208] ? arch_local_irq_restore+0x53/0x53 [ 543.839877] ? __save_stack_trace+0x7e/0xd0 [ 543.844208] should_fail+0x8c0/0xa40 2018/03/31 14:23:31 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x0, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 543.847928] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 543.853032] ? kasan_kmalloc+0xad/0xe0 [ 543.856921] ? kmem_cache_alloc_trace+0x136/0x740 [ 543.861762] ? __memcg_init_list_lru_node+0x169/0x270 [ 543.866951] ? __list_lru_init+0x544/0x750 [ 543.871183] ? sget_userns+0x691/0xe40 [ 543.875066] ? mount_fs+0x66/0x2d0 [ 543.878603] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 543.883356] ? do_mount+0xea4/0x2bb0 [ 543.887062] ? SyS_mount+0xab/0x120 [ 543.890687] ? do_syscall_64+0x281/0x940 [ 543.894746] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 2018/03/31 14:23:31 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x0, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 543.900108] ? find_held_lock+0x35/0x1d0 [ 543.904174] ? __lock_is_held+0xb6/0x140 [ 543.908242] ? check_same_owner+0x320/0x320 [ 543.912568] ? rcu_note_context_switch+0x710/0x710 [ 543.917500] should_failslab+0xec/0x120 [ 543.921469] kmem_cache_alloc_trace+0x4b/0x740 [ 543.926047] ? __kmalloc_node+0x33/0x70 [ 543.930015] ? __kmalloc_node+0x33/0x70 [ 543.933987] ? rcu_read_lock_sched_held+0x108/0x120 [ 543.939007] __memcg_init_list_lru_node+0x169/0x270 [ 543.944023] ? list_lru_add+0x7c0/0x7c0 [ 543.947997] ? __kmalloc_node+0x47/0x70 2018/03/31 14:23:31 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x0, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 543.951973] __list_lru_init+0x544/0x750 [ 543.956036] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 543.961924] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 543.966935] ? __lockdep_init_map+0xe4/0x650 [ 543.971340] ? lockdep_init_map+0x9/0x10 [ 543.975403] sget_userns+0x691/0xe40 [ 543.979109] ? get_anon_bdev+0x2a0/0x2a0 [ 543.983173] ? destroy_unused_super.part.6+0xd0/0xd0 [ 543.988276] ? alloc_vfsmnt+0x762/0x9c0 [ 543.992240] ? path_lookupat+0x238/0xba0 [ 543.996297] ? mnt_free_id.isra.21+0x50/0x50 2018/03/31 14:23:32 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x0, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 544.000703] ? trace_hardirqs_off+0x10/0x10 [ 544.005022] ? cap_capable+0x1b5/0x230 [ 544.008908] ? security_capable+0x8e/0xc0 [ 544.013051] ? get_anon_bdev+0x2a0/0x2a0 [ 544.017109] ? ns_capable_common+0xcf/0x160 [ 544.021427] ? get_anon_bdev+0x2a0/0x2a0 [ 544.025480] sget+0xd2/0x120 [ 544.028490] ? __get_fs_type+0x8a/0xc0 [ 544.032372] ? shmem_remount_fs+0x750/0x750 [ 544.036691] mount_nodev+0x37/0x100 [ 544.040312] shmem_mount+0x2c/0x40 [ 544.043845] mount_fs+0x66/0x2d0 [ 544.047209] vfs_kern_mount.part.26+0xc6/0x4a0 [ 544.051788] ? may_umount+0xa0/0xa0 [ 544.055412] ? _raw_read_unlock+0x22/0x30 [ 544.059553] ? __get_fs_type+0x8a/0xc0 [ 544.063437] do_mount+0xea4/0x2bb0 [ 544.066971] ? __might_fault+0x110/0x1d0 [ 544.071028] ? copy_mount_string+0x40/0x40 [ 544.075264] ? check_same_owner+0x320/0x320 [ 544.079580] ? __check_object_size+0x8b/0x530 [ 544.084077] ? __might_sleep+0x95/0x190 [ 544.088054] ? kasan_check_write+0x14/0x20 [ 544.092282] ? _copy_from_user+0x99/0x110 [ 544.096424] ? memdup_user+0x5e/0x90 [ 544.100129] ? copy_mount_options+0x1f7/0x2e0 [ 544.104619] SyS_mount+0xab/0x120 [ 544.108066] ? copy_mnt_ns+0xb30/0xb30 [ 544.111949] do_syscall_64+0x281/0x940 [ 544.115836] ? vmalloc_sync_all+0x30/0x30 [ 544.119981] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 544.125515] ? syscall_return_slowpath+0x550/0x550 [ 544.130436] ? syscall_return_slowpath+0x2ac/0x550 [ 544.135361] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 544.140723] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 544.145566] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 544.150743] RIP: 0033:0x454e79 [ 544.153927] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 544.161629] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 [ 544.168892] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 544.176156] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 544.183414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 544.190676] R13: 00000000000003fa R14: 00000000006f8010 R15: 000000000000000b 2018/03/31 14:23:32 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x0) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:32 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r4 = dup3(r2, r3, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r4, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r5 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r5, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r5, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:32 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x0, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:32 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r2, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r3 = socket$inet(0x2, 0x3, 0x0) setsockopt$inet_int(r3, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:32 executing program 5 (fault-call:12 fault-nth:12): r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:32 executing program 4: sendmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x6, 0x20000) sendmsg$unix(r1, &(0x7f0000000480)={&(0x7f0000000240)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f00000003c0)=[{&(0x7f00000002c0)="90bc06759de1e547969f47355c7845894d326b8a094fa099887f6ac171eca243856301d7240d6a97ae7988213eaf8ae3b8351a8043b98eaf7014d80bf14df53cacd5807d2503a9acc16bf9e26893c9a9c49e6ac4e4ef33ae15bb920e23337b055cfea75defb810a2cdb31bd8307fc98be8372513e0207ed206c30e546b1a075a4643e110b03cf57d645951fd476877bde0e7a60f0c64b6e83c73104ac64bafc54ca812f092c61c4c6e4d0d299e5c6a19f13d1c", 0xb3}], 0x1, &(0x7f0000000400)=ANY=[@ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="20000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="eb610000"], 0x34, 0x84}, 0x40) r2 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x400, 0x0) r3 = socket$inet6(0xa, 0x0, 0x0) r4 = socket$inet6(0xa, 0x40000080806, 0x0) recvfrom$inet6(r3, &(0x7f00000005c0)=""/202, 0xca, 0x10001, &(0x7f00000001c0)={0xa, 0x4e23, 0x8a, @mcast1={0xff, 0x1, [], 0x1}}, 0x1c) bind$inet6(r4, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) listen(r4, 0x80001003) r5 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r5, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) readv(r5, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/11, 0x37}], 0x100000000000019c) close(r5) accept(r4, 0x0, &(0x7f0000efaffc)) sendmmsg(r5, &(0x7f00000000c0)=[{{&(0x7f0000000240)=@ax25={0x3, {"aba998cfc95797"}}, 0x80, &(0x7f00000016c0), 0x0, &(0x7f0000001740)}}], 0x198, 0x0) socket$can_raw(0x1d, 0x3, 0x1) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x8, 0x200, 0x20000800}) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f00000009c0)={0x0, @remote, @rand_addr}, &(0x7f0000000a00)=0xc) ioctl$sock_inet6_SIOCDELRT(r2, 0x890c, &(0x7f0000000a40)={@remote={0xfe, 0x80, [], 0xbb}, @dev={0xfe, 0x80, [], 0xa}, @local={0xfe, 0x80, [], 0xaa}, 0x5, 0x4, 0x0, 0x500, 0x8, 0x40000008, r6}) ioctl(r2, 0x2285, &(0x7f0000007000)='S') getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f00000004c0)={{{@in=@dev, @in6=@local}}, {{@in=@remote}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000180)=0xe8) getsockname$unix(r2, &(0x7f0000000040), &(0x7f0000000100)=0x6e) ioctl$TCSBRK(r1, 0x5409, 0xffff) 2018/03/31 14:23:32 executing program 2: nanosleep(&(0x7f0000000140)={0x0, 0x989680}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) socket$kcm(0x29, 0x7, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) r0 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x401, 0x40200) ioctl$VT_ACTIVATE(r0, 0x5606, 0x7ff) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)) syz_open_dev$dmmidi(&(0x7f00000000c0)='/dev/dmmidi#\x00', 0x0, 0x10000) 2018/03/31 14:23:32 executing program 7: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) socketpair(0x1f, 0x4, 0x800, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$getownex(r0, 0x10, &(0x7f0000000080)={0x0, 0x0}) wait4(r1, &(0x7f0000000140), 0xc, &(0x7f0000000200)) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) mbind(&(0x7f000095f000/0x3000)=nil, 0x3000, 0x2, &(0x7f00000002c0), 0x4, 0x2) socketpair(0x400006, 0x40000000000000, 0x2000002, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KDSETMODE(r2, 0x4b3a, 0x1) [ 544.588548] FAULT_INJECTION: forcing a failure. [ 544.588548] name failslab, interval 1, probability 0, space 0, times 0 [ 544.599819] CPU: 1 PID: 5369 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 544.607087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 544.616436] Call Trace: [ 544.619023] dump_stack+0x194/0x24d [ 544.622655] ? arch_local_irq_restore+0x53/0x53 [ 544.627324] ? __save_stack_trace+0x7e/0xd0 [ 544.631648] should_fail+0x8c0/0xa40 2018/03/31 14:23:32 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x0, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 544.635364] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 544.640462] ? kasan_kmalloc+0xad/0xe0 [ 544.644346] ? kmem_cache_alloc_trace+0x136/0x740 [ 544.649188] ? __memcg_init_list_lru_node+0x169/0x270 [ 544.654380] ? __list_lru_init+0x544/0x750 [ 544.658613] ? sget_userns+0x691/0xe40 [ 544.662495] ? mount_fs+0x66/0x2d0 [ 544.666030] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 544.670780] ? do_mount+0xea4/0x2bb0 [ 544.674487] ? SyS_mount+0xab/0x120 [ 544.678110] ? do_syscall_64+0x281/0x940 [ 544.682170] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 544.687535] ? find_held_lock+0x35/0x1d0 [ 544.691601] ? __lock_is_held+0xb6/0x140 [ 544.695671] ? check_same_owner+0x320/0x320 [ 544.699994] ? rcu_note_context_switch+0x710/0x710 [ 544.704930] should_failslab+0xec/0x120 [ 544.708905] kmem_cache_alloc_trace+0x4b/0x740 [ 544.713482] ? __kmalloc_node+0x33/0x70 [ 544.717449] ? __kmalloc_node+0x33/0x70 [ 544.721418] ? rcu_read_lock_sched_held+0x108/0x120 [ 544.726437] __memcg_init_list_lru_node+0x169/0x270 [ 544.731449] ? list_lru_add+0x7c0/0x7c0 [ 544.735416] ? __kmalloc_node+0x47/0x70 [ 544.739388] __list_lru_init+0x544/0x750 [ 544.743452] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 544.749336] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 544.754352] ? __lockdep_init_map+0xe4/0x650 [ 544.758759] ? lockdep_init_map+0x9/0x10 [ 544.762817] sget_userns+0x691/0xe40 [ 544.766519] ? get_anon_bdev+0x2a0/0x2a0 [ 544.770582] ? destroy_unused_super.part.6+0xd0/0xd0 [ 544.775684] ? alloc_vfsmnt+0x762/0x9c0 [ 544.779651] ? path_lookupat+0x238/0xba0 [ 544.783704] ? mnt_free_id.isra.21+0x50/0x50 [ 544.788113] ? trace_hardirqs_off+0x10/0x10 [ 544.792423] ? cap_capable+0x1b5/0x230 [ 544.796288] ? security_capable+0x8e/0xc0 [ 544.800413] ? get_anon_bdev+0x2a0/0x2a0 [ 544.804453] ? ns_capable_common+0xcf/0x160 [ 544.808753] ? get_anon_bdev+0x2a0/0x2a0 [ 544.812793] sget+0xd2/0x120 [ 544.815785] ? __get_fs_type+0x8a/0xc0 [ 544.819651] ? shmem_remount_fs+0x750/0x750 [ 544.823946] mount_nodev+0x37/0x100 [ 544.827562] shmem_mount+0x2c/0x40 [ 544.831097] mount_fs+0x66/0x2d0 [ 544.834443] vfs_kern_mount.part.26+0xc6/0x4a0 [ 544.839004] ? may_umount+0xa0/0xa0 [ 544.842614] ? _raw_read_unlock+0x22/0x30 [ 544.846735] ? __get_fs_type+0x8a/0xc0 [ 544.850598] do_mount+0xea4/0x2bb0 [ 544.854113] ? __might_fault+0x110/0x1d0 [ 544.858153] ? copy_mount_string+0x40/0x40 [ 544.862363] ? check_same_owner+0x320/0x320 [ 544.866660] ? __check_object_size+0x8b/0x530 [ 544.871133] ? __might_sleep+0x95/0x190 [ 544.875088] ? kasan_check_write+0x14/0x20 [ 544.879298] ? _copy_from_user+0x99/0x110 [ 544.883421] ? memdup_user+0x5e/0x90 [ 544.887107] ? copy_mount_options+0x1f7/0x2e0 [ 544.891579] SyS_mount+0xab/0x120 [ 544.895010] ? copy_mnt_ns+0xb30/0xb30 [ 544.898879] do_syscall_64+0x281/0x940 [ 544.902742] ? vmalloc_sync_all+0x30/0x30 [ 544.906865] ? _raw_spin_unlock_irq+0x27/0x70 [ 544.911333] ? finish_task_switch+0x1c1/0x7e0 [ 544.915803] ? syscall_return_slowpath+0x550/0x550 [ 544.920708] ? syscall_return_slowpath+0x2ac/0x550 [ 544.925613] ? prepare_exit_to_usermode+0x350/0x350 [ 544.930608] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 544.935946] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 544.940768] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 544.945930] RIP: 0033:0x454e79 [ 544.949094] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 544.956780] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 [ 544.964030] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 544.971275] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 544.978519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 544.985766] R13: 00000000000003fa R14: 00000000006f8010 R15: 000000000000000c 2018/03/31 14:23:33 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x0) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:33 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r6, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:33 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r2, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r3 = socket$inet(0x2, 0x3, 0x0) setsockopt$inet_int(r3, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:33 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x0, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:33 executing program 5 (fault-call:12 fault-nth:13): r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:33 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x0) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) [ 545.168743] FAULT_INJECTION: forcing a failure. [ 545.168743] name failslab, interval 1, probability 0, space 0, times 0 [ 545.180134] CPU: 0 PID: 5406 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 545.187412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 545.196766] Call Trace: [ 545.199359] dump_stack+0x194/0x24d [ 545.202998] ? arch_local_irq_restore+0x53/0x53 [ 545.207697] should_fail+0x8c0/0xa40 [ 545.211426] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 545.216537] ? kasan_kmalloc+0xad/0xe0 [ 545.220425] ? kmem_cache_alloc_trace+0x136/0x740 [ 545.225272] ? __memcg_init_list_lru_node+0x169/0x270 [ 545.230469] ? __list_lru_init+0x544/0x750 [ 545.234711] ? sget_userns+0x691/0xe40 [ 545.238599] ? mount_fs+0x66/0x2d0 [ 545.242143] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 545.246894] ? do_mount+0xea4/0x2bb0 [ 545.250605] ? SyS_mount+0xab/0x120 [ 545.254241] ? do_syscall_64+0x281/0x940 [ 545.258303] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 545.263683] ? find_held_lock+0x35/0x1d0 [ 545.267752] ? __lock_is_held+0xb6/0x140 [ 545.271839] ? check_same_owner+0x320/0x320 [ 545.276172] ? rcu_note_context_switch+0x710/0x710 [ 545.281118] should_failslab+0xec/0x120 [ 545.285096] kmem_cache_alloc_trace+0x4b/0x740 [ 545.289687] ? __kmalloc_node+0x33/0x70 [ 545.293669] ? __kmalloc_node+0x33/0x70 [ 545.297649] ? rcu_read_lock_sched_held+0x108/0x120 [ 545.302688] __memcg_init_list_lru_node+0x169/0x270 [ 545.307711] ? list_lru_add+0x7c0/0x7c0 [ 545.311697] ? __kmalloc_node+0x47/0x70 [ 545.315693] __list_lru_init+0x544/0x750 [ 545.319771] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 545.325668] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 545.330695] ? __lockdep_init_map+0xe4/0x650 [ 545.335114] ? lockdep_init_map+0x9/0x10 [ 545.339183] sget_userns+0x691/0xe40 [ 545.342895] ? get_anon_bdev+0x2a0/0x2a0 [ 545.346965] ? destroy_unused_super.part.6+0xd0/0xd0 [ 545.352076] ? alloc_vfsmnt+0x762/0x9c0 [ 545.356047] ? path_lookupat+0x238/0xba0 [ 545.360111] ? mnt_free_id.isra.21+0x50/0x50 [ 545.364523] ? trace_hardirqs_off+0x10/0x10 2018/03/31 14:23:33 executing program 2: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) r0 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) ioctl$sock_netrom_SIOCGSTAMPNS(r0, 0x8907, &(0x7f0000000140)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) r1 = syz_open_dev$sndpcmp(&(0x7f0000000080)='/dev/snd/pcmC#D#p\x00', 0x8, 0x100) ioctl$TIOCLINUX7(r1, 0x541c, &(0x7f00000000c0)={0x7, 0xc62e}) socket$kcm(0x29, 0x7, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f0000000200)={'nat\x00', 0x3, [{}, {}, {}]}, 0x58) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) ioctl$KIOCSOUND(r1, 0x4b2f, 0x0) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)) [ 545.368849] ? cap_capable+0x1b5/0x230 [ 545.372746] ? security_capable+0x8e/0xc0 [ 545.376895] ? get_anon_bdev+0x2a0/0x2a0 [ 545.380956] ? ns_capable_common+0xcf/0x160 [ 545.385281] ? get_anon_bdev+0x2a0/0x2a0 [ 545.389344] sget+0xd2/0x120 [ 545.392363] ? __get_fs_type+0x8a/0xc0 [ 545.396255] ? shmem_remount_fs+0x750/0x750 [ 545.400579] mount_nodev+0x37/0x100 [ 545.404213] shmem_mount+0x2c/0x40 [ 545.407754] mount_fs+0x66/0x2d0 [ 545.411112] vfs_kern_mount.part.26+0xc6/0x4a0 [ 545.415682] ? may_umount+0xa0/0xa0 [ 545.419298] ? _raw_read_unlock+0x22/0x30 [ 545.423431] ? __get_fs_type+0x8a/0xc0 [ 545.427324] do_mount+0xea4/0x2bb0 [ 545.430857] ? __might_fault+0x110/0x1d0 [ 545.434922] ? copy_mount_string+0x40/0x40 [ 545.439145] ? check_same_owner+0x320/0x320 [ 545.443454] ? __check_object_size+0x8b/0x530 [ 545.447954] ? __might_sleep+0x95/0x190 [ 545.451924] ? kasan_check_write+0x14/0x20 [ 545.456148] ? _copy_from_user+0x99/0x110 [ 545.460284] ? memdup_user+0x5e/0x90 [ 545.463984] ? copy_mount_options+0x1f7/0x2e0 [ 545.468469] SyS_mount+0xab/0x120 [ 545.471908] ? copy_mnt_ns+0xb30/0xb30 [ 545.475776] do_syscall_64+0x281/0x940 [ 545.479641] ? vmalloc_sync_all+0x30/0x30 [ 545.483780] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 545.489319] ? syscall_return_slowpath+0x550/0x550 [ 545.494246] ? syscall_return_slowpath+0x2ac/0x550 [ 545.499166] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 545.504513] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 545.509339] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 545.514507] RIP: 0033:0x454e79 2018/03/31 14:23:33 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r6, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) [ 545.517676] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 545.525362] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 [ 545.532630] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 545.539898] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 545.547148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 545.554401] R13: 00000000000003fa R14: 00000000006f8010 R15: 000000000000000d 2018/03/31 14:23:33 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:33 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x0, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:33 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r6, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:33 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r2, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r3 = socket$inet(0x2, 0x3, 0x0) setsockopt$inet_int(r3, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:33 executing program 4: sendmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x6, 0x20000) sendmsg$unix(r1, &(0x7f0000000480)={&(0x7f0000000240)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f00000003c0)=[{&(0x7f00000002c0)="90bc06759de1e547969f47355c7845894d326b8a094fa099887f6ac171eca243856301d7240d6a97ae7988213eaf8ae3b8351a8043b98eaf7014d80bf14df53cacd5807d2503a9acc16bf9e26893c9a9c49e6ac4e4ef33ae15bb920e23337b055cfea75defb810a2cdb31bd8307fc98be8372513e0207ed206c30e546b1a075a4643e110b03cf57d645951fd476877bde0e7a60f0c64b6e83c73104ac64bafc54ca812f092c61c4c6e4d0d299e5c6a19f13d1c", 0xb3}], 0x1, &(0x7f0000000400)=ANY=[@ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="20000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="eb610000"], 0x34, 0x84}, 0x40) r2 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x400, 0x0) r3 = socket$inet6(0xa, 0x0, 0x0) getsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, &(0x7f00000001c0)=0x9, &(0x7f0000000380)=0x4) r4 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r4, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) listen(r4, 0x80001003) r5 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r5, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) ioctl$KVM_CHECK_EXTENSION_VM(r3, 0xae03, 0x6) readv(r5, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/11, 0x37}], 0x100000000000019c) close(r5) accept(r4, 0x0, &(0x7f0000efaffc)) sendmmsg(r5, &(0x7f00000000c0)=[{{&(0x7f0000000240)=@ax25={0x3, {"aba998cfc95797"}}, 0x80, &(0x7f00000016c0), 0x0, &(0x7f0000001740)}}], 0x198, 0x0) socket$can_raw(0x1d, 0x3, 0x1) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x8, 0x200, 0x20000800}) ioctl(r2, 0x2285, &(0x7f0000007000)='S') getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f00000004c0)={{{@in=@dev, @in6=@local}}, {{@in=@remote}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000180)=0xe8) getsockname$unix(r2, &(0x7f0000000040), &(0x7f0000000100)=0x6e) ioctl$TCSBRK(r1, 0x5409, 0xffff) 2018/03/31 14:23:33 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:34 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r6, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:34 executing program 4: sendmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x6, 0x20000) sendmsg$unix(r1, &(0x7f0000000480)={&(0x7f0000000240)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f00000003c0)=[{&(0x7f00000002c0)="90bc06759de1e547969f47355c7845894d326b8a094fa099887f6ac171eca243856301d7240d6a97ae7988213eaf8ae3b8351a8043b98eaf7014d80bf14df53cacd5807d2503a9acc16bf9e26893c9a9c49e6ac4e4ef33ae15bb920e23337b055cfea75defb810a2cdb31bd8307fc98be8372513e0207ed206c30e546b1a075a4643e110b03cf57d645951fd476877bde0e7a60f0c64b6e83c73104ac64bafc54ca812f092c61c4c6e4d0d299e5c6a19f13d1c", 0xb3}], 0x1, &(0x7f0000000400)=ANY=[@ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="20000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="eb61ff7f00000001800000ac60ea0017e9000000000000000000000000dfa1e098c0ce32c42643d6662fdcf535b4fbb4e86de90300000000000000000000"], 0x34, 0x84}, 0x40) r2 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x400, 0x0) socket$inet6(0xa, 0x0, 0x0) r3 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r3, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, &(0x7f00000001c0)={0x2, 'bpq0\x00'}, 0x18) listen(r3, 0x80001003) r4 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r4, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) readv(r4, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/11, 0x37}], 0x100000000000019c) close(r4) accept(r3, 0x0, &(0x7f0000efaffc)) sendmmsg(r4, &(0x7f00000000c0)=[{{&(0x7f0000000240)=@ax25={0x3, {"aba998cfc95797"}}, 0x80, &(0x7f00000016c0), 0x0, &(0x7f0000001740)}}], 0x198, 0x0) socket$can_raw(0x1d, 0x3, 0x1) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x8, 0x200, 0x20000800}) ioctl(r2, 0x2285, &(0x7f0000007000)='S') getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f00000004c0)={{{@in=@dev, @in6=@local}}, {{@in=@remote}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000180)=0xe8) getsockname$unix(r2, &(0x7f0000000040), &(0x7f0000000100)=0x6e) ioctl$TCSBRK(r1, 0x5409, 0xffff) 2018/03/31 14:23:34 executing program 2: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) socket$kcm(0x29, 0x7, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x18, 0x80800, 0x4e8, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) accept$inet6(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, @remote}, &(0x7f0000000280)=0x1c) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)) 2018/03/31 14:23:34 executing program 5 (fault-call:12 fault-nth:14): r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:34 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x0, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:34 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:34 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r2, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r3 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:34 executing program 7: nanosleep(&(0x7f0000000240)={0x77359400}, &(0x7f00000002c0)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) mmap(&(0x7f00000cf000/0x3000)=nil, 0x3000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000080)=0xfffffffffffff030, 0x9, 0x0) r0 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x7fffffff, 0x8000) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="02009b00efc3342b0d8ad923a25cf57500f400000000"], 0x8) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)={0xffffffffffffffff}) getsockopt$ax25_int(r1, 0x101, 0x5, &(0x7f0000000140), &(0x7f0000000200)=0x4) [ 546.808014] FAULT_INJECTION: forcing a failure. [ 546.808014] name failslab, interval 1, probability 0, space 0, times 0 [ 546.819344] CPU: 0 PID: 5477 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 546.826617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 546.835974] Call Trace: [ 546.838578] dump_stack+0x194/0x24d [ 546.842217] ? arch_local_irq_restore+0x53/0x53 [ 546.846891] should_fail+0x8c0/0xa40 [ 546.850604] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 546.855696] ? kasan_kmalloc+0xad/0xe0 [ 546.859582] ? kmem_cache_alloc_trace+0x136/0x740 [ 546.864419] ? __memcg_init_list_lru_node+0x169/0x270 [ 546.869596] ? __list_lru_init+0x544/0x750 [ 546.873830] ? sget_userns+0x691/0xe40 [ 546.877715] ? mount_fs+0x66/0x2d0 [ 546.881248] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 546.885997] ? do_mount+0xea4/0x2bb0 [ 546.889699] ? SyS_mount+0xab/0x120 [ 546.893307] ? do_syscall_64+0x281/0x940 [ 546.897350] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 546.902713] ? find_held_lock+0x35/0x1d0 [ 546.906787] ? __lock_is_held+0xb6/0x140 [ 546.910845] ? check_same_owner+0x320/0x320 [ 546.915172] ? rcu_note_context_switch+0x710/0x710 [ 546.920100] should_failslab+0xec/0x120 [ 546.924075] kmem_cache_alloc_trace+0x4b/0x740 [ 546.928645] ? __kmalloc_node+0x33/0x70 [ 546.932611] ? __kmalloc_node+0x33/0x70 [ 546.936580] ? rcu_read_lock_sched_held+0x108/0x120 [ 546.941593] __memcg_init_list_lru_node+0x169/0x270 [ 546.946602] ? list_lru_add+0x7c0/0x7c0 [ 546.950569] ? __kmalloc_node+0x47/0x70 [ 546.954553] __list_lru_init+0x544/0x750 [ 546.958611] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 546.964490] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 546.969495] ? __lockdep_init_map+0xe4/0x650 [ 546.973883] ? lockdep_init_map+0x9/0x10 [ 546.977939] sget_userns+0x691/0xe40 [ 546.981639] ? get_anon_bdev+0x2a0/0x2a0 [ 546.985686] ? destroy_unused_super.part.6+0xd0/0xd0 [ 546.990784] ? alloc_vfsmnt+0x762/0x9c0 [ 546.994745] ? path_lookupat+0x238/0xba0 [ 546.998798] ? mnt_free_id.isra.21+0x50/0x50 [ 547.003210] ? trace_hardirqs_off+0x10/0x10 [ 547.007533] ? cap_capable+0x1b5/0x230 [ 547.011418] ? security_capable+0x8e/0xc0 [ 547.015552] ? get_anon_bdev+0x2a0/0x2a0 [ 547.019605] ? ns_capable_common+0xcf/0x160 [ 547.023926] ? get_anon_bdev+0x2a0/0x2a0 [ 547.027975] sget+0xd2/0x120 [ 547.030984] ? __get_fs_type+0x8a/0xc0 [ 547.034864] ? shmem_remount_fs+0x750/0x750 [ 547.039167] mount_nodev+0x37/0x100 [ 547.042794] shmem_mount+0x2c/0x40 [ 547.046337] mount_fs+0x66/0x2d0 [ 547.049701] vfs_kern_mount.part.26+0xc6/0x4a0 [ 547.054275] ? may_umount+0xa0/0xa0 [ 547.057882] ? _raw_read_unlock+0x22/0x30 [ 547.062015] ? __get_fs_type+0x8a/0xc0 [ 547.065909] do_mount+0xea4/0x2bb0 [ 547.069441] ? __might_fault+0x110/0x1d0 [ 547.073505] ? copy_mount_string+0x40/0x40 [ 547.077729] ? check_same_owner+0x320/0x320 [ 547.082041] ? __check_object_size+0x8b/0x530 [ 547.086546] ? __might_sleep+0x95/0x190 [ 547.090511] ? kasan_check_write+0x14/0x20 [ 547.094738] ? _copy_from_user+0x99/0x110 [ 547.098895] ? memdup_user+0x5e/0x90 [ 547.102600] ? copy_mount_options+0x1f7/0x2e0 [ 547.107086] SyS_mount+0xab/0x120 [ 547.110531] ? copy_mnt_ns+0xb30/0xb30 [ 547.114419] do_syscall_64+0x281/0x940 [ 547.118298] ? vmalloc_sync_all+0x30/0x30 [ 547.122434] ? _raw_spin_unlock_irq+0x27/0x70 [ 547.126917] ? finish_task_switch+0x1c1/0x7e0 [ 547.131415] ? syscall_return_slowpath+0x550/0x550 [ 547.136342] ? syscall_return_slowpath+0x2ac/0x550 [ 547.141270] ? prepare_exit_to_usermode+0x350/0x350 [ 547.146286] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 547.151655] ? trace_hardirqs_off_thunk+0x1a/0x1c 2018/03/31 14:23:35 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r2, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r3 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xd2, &(0x7f000003affc), 0x3c) [ 547.156503] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 547.161689] RIP: 0033:0x454e79 [ 547.164861] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 547.172552] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 [ 547.179808] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 547.187076] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 547.194342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 547.201597] R13: 00000000000003fa R14: 00000000006f8010 R15: 000000000000000e 2018/03/31 14:23:35 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x0, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:35 executing program 5 (fault-call:12 fault-nth:15): r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) [ 547.318819] FAULT_INJECTION: forcing a failure. [ 547.318819] name failslab, interval 1, probability 0, space 0, times 0 [ 547.330124] CPU: 1 PID: 5504 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 547.337391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 547.346736] Call Trace: [ 547.349321] dump_stack+0x194/0x24d [ 547.352955] ? arch_local_irq_restore+0x53/0x53 [ 547.357622] ? __save_stack_trace+0x7e/0xd0 [ 547.361944] should_fail+0x8c0/0xa40 [ 547.365645] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 547.370730] ? kasan_kmalloc+0xad/0xe0 [ 547.374593] ? kmem_cache_alloc_trace+0x136/0x740 [ 547.379416] ? __memcg_init_list_lru_node+0x169/0x270 [ 547.384588] ? __list_lru_init+0x544/0x750 [ 547.388797] ? sget_userns+0x691/0xe40 [ 547.392671] ? mount_fs+0x66/0x2d0 [ 547.396199] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 547.400926] ? do_mount+0xea4/0x2bb0 [ 547.404612] ? SyS_mount+0xab/0x120 [ 547.408220] ? do_syscall_64+0x281/0x940 [ 547.412267] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 547.417612] ? find_held_lock+0x35/0x1d0 [ 547.421658] ? __lock_is_held+0xb6/0x140 [ 547.425703] ? check_same_owner+0x320/0x320 [ 547.430009] ? rcu_note_context_switch+0x710/0x710 [ 547.434934] should_failslab+0xec/0x120 [ 547.438887] kmem_cache_alloc_trace+0x4b/0x740 [ 547.443450] ? __kmalloc_node+0x33/0x70 [ 547.447405] ? __kmalloc_node+0x33/0x70 [ 547.451356] ? rcu_read_lock_sched_held+0x108/0x120 [ 547.456352] __memcg_init_list_lru_node+0x169/0x270 [ 547.461342] ? list_lru_add+0x7c0/0x7c0 [ 547.465298] ? __kmalloc_node+0x47/0x70 [ 547.469252] __list_lru_init+0x544/0x750 [ 547.473289] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 547.479147] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 547.484145] ? __lockdep_init_map+0xe4/0x650 [ 547.488545] ? lockdep_init_map+0x9/0x10 [ 547.492587] sget_userns+0x691/0xe40 [ 547.496282] ? get_anon_bdev+0x2a0/0x2a0 [ 547.500329] ? destroy_unused_super.part.6+0xd0/0xd0 [ 547.505406] ? alloc_vfsmnt+0x762/0x9c0 [ 547.509353] ? path_lookupat+0x238/0xba0 [ 547.513390] ? mnt_free_id.isra.21+0x50/0x50 [ 547.517773] ? trace_hardirqs_off+0x10/0x10 [ 547.522079] ? cap_capable+0x1b5/0x230 [ 547.525955] ? security_capable+0x8e/0xc0 [ 547.530088] ? get_anon_bdev+0x2a0/0x2a0 [ 547.534127] ? ns_capable_common+0xcf/0x160 [ 547.538425] ? get_anon_bdev+0x2a0/0x2a0 [ 547.542462] sget+0xd2/0x120 [ 547.545469] ? __get_fs_type+0x8a/0xc0 [ 547.549339] ? shmem_remount_fs+0x750/0x750 [ 547.553648] mount_nodev+0x37/0x100 [ 547.557250] shmem_mount+0x2c/0x40 [ 547.560767] mount_fs+0x66/0x2d0 [ 547.564123] vfs_kern_mount.part.26+0xc6/0x4a0 [ 547.568680] ? may_umount+0xa0/0xa0 [ 547.572292] ? _raw_read_unlock+0x22/0x30 [ 547.576420] ? __get_fs_type+0x8a/0xc0 [ 547.580294] do_mount+0xea4/0x2bb0 [ 547.583805] ? __might_fault+0x110/0x1d0 [ 547.587854] ? copy_mount_string+0x40/0x40 [ 547.592083] ? check_same_owner+0x320/0x320 [ 547.596395] ? __check_object_size+0x8b/0x530 [ 547.600878] ? __might_sleep+0x95/0x190 [ 547.604830] ? kasan_check_write+0x14/0x20 [ 547.609049] ? _copy_from_user+0x99/0x110 [ 547.613176] ? memdup_user+0x5e/0x90 [ 547.616871] ? copy_mount_options+0x1f7/0x2e0 [ 547.621354] SyS_mount+0xab/0x120 [ 547.624794] ? copy_mnt_ns+0xb30/0xb30 [ 547.628680] do_syscall_64+0x281/0x940 [ 547.632562] ? vmalloc_sync_all+0x30/0x30 [ 547.636705] ? _raw_spin_unlock_irq+0x27/0x70 [ 547.641191] ? finish_task_switch+0x1c1/0x7e0 [ 547.645676] ? syscall_return_slowpath+0x550/0x550 [ 547.650600] ? syscall_return_slowpath+0x2ac/0x550 [ 547.655525] ? prepare_exit_to_usermode+0x350/0x350 [ 547.660536] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 547.665895] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 547.670737] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 547.675914] RIP: 0033:0x454e79 [ 547.679094] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 547.686795] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 [ 547.694058] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 547.701316] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 547.708575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 547.715835] R13: 00000000000003fa R14: 00000000006f8010 R15: 000000000000000f 2018/03/31 14:23:36 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r6, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:36 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r2, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r3 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:36 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x0, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:36 executing program 2: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) socket$kcm(0x29, 0x2, 0x0) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) socket$kcm(0x29, 0x7, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)) syz_open_dev$adsp(&(0x7f0000000080)='/dev/adsp#\x00', 0xbe3, 0x40000) 2018/03/31 14:23:36 executing program 5 (fault-call:12 fault-nth:16): r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:36 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x0, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:36 executing program 4: sendmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x6, 0x20000) sendmsg$unix(r1, &(0x7f0000000480)={&(0x7f0000000240)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f00000003c0)=[{&(0x7f00000002c0)="90bc06759de1e547969f47355c7845894d326b8a094fa099887f6ac171eca243856301d7240d6a97ae7988213eaf8ae3b8351a8043b98eaf7014d80bf14df53cacd5807d2503a9acc16bf9e26893c9a9c49e6ac4e4ef33ae15bb920e23337b055cfea75defb810a2cdb31bd8307fc98be8372513e0207ed206c30e546b1a075a4643e110b03cf57d645951fd476877bde0e7a60f0c64b6e83c73104ac64bafc54ca812f092c61c4c6e4d0d299e5c6a19f13d1c", 0xb3}], 0x1, &(0x7f0000000400)=ANY=[@ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="20000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="eb610000"], 0x34, 0x84}, 0x40) r2 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x400, 0x0) socket$inet6(0xa, 0x0, 0x0) r3 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r3, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) listen(r3, 0x80001003) r4 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r4, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) readv(r4, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/11, 0x37}], 0x100000000000019c) close(r4) accept(r3, 0x0, &(0x7f0000efaffc)) sendmmsg(r4, &(0x7f00000000c0)=[{{&(0x7f0000000240)=@ax25={0x3, {"aba998cfc95797"}}, 0x80, &(0x7f00000016c0), 0x0, &(0x7f0000001740)}}], 0x198, 0x0) socket$can_raw(0x1d, 0x3, 0x1) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x8, 0x200, 0x20000800}) ioctl(r2, 0x2285, &(0x7f0000007000)='S') getsockopt$inet6_dccp_int(r3, 0x21, 0x11, &(0x7f00000001c0), &(0x7f0000000380)=0x4) getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f00000004c0)={{{@in=@dev, @in6=@local}}, {{@in=@remote}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000180)=0xe8) r5 = getpgid(0x0) perf_event_open(&(0x7f00000005c0)={0x0, 0x70, 0x81, 0x3a57, 0x9, 0x6, 0x0, 0x7f9, 0x8000, 0x6, 0x0, 0xf69, 0x0, 0x80000001, 0xfffffffffffffffd, 0x8, 0xc8, 0x4, 0xe68, 0x1ff, 0x3, 0x6, 0x44, 0x8, 0x9333, 0x400, 0x1, 0x94d9, 0x1cb8, 0x8, 0x9, 0x401, 0x8557, 0x0, 0x2, 0x9, 0x7e, 0xfffffffffffffffd, 0x0, 0x7c3d9210, 0x4, @perf_config_ext={0x8, 0x6}, 0x44, 0x0, 0x4, 0x6, 0x4, 0x401}, r5, 0xb, r2, 0x8) getsockname$unix(r2, &(0x7f0000000040), &(0x7f0000000100)=0x6e) ioctl$TCSBRK(r1, 0x5409, 0xffff) 2018/03/31 14:23:36 executing program 7: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r0, 0x800442d4, &(0x7f0000000080)=0x2) [ 548.100957] FAULT_INJECTION: forcing a failure. [ 548.100957] name failslab, interval 1, probability 0, space 0, times 0 [ 548.112265] CPU: 1 PID: 5539 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 548.119539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 548.128893] Call Trace: [ 548.131483] dump_stack+0x194/0x24d [ 548.135111] ? arch_local_irq_restore+0x53/0x53 [ 548.139783] ? __save_stack_trace+0x7e/0xd0 [ 548.144110] should_fail+0x8c0/0xa40 2018/03/31 14:23:36 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x0, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 548.147828] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 548.152931] ? kasan_kmalloc+0xad/0xe0 [ 548.156818] ? kmem_cache_alloc_trace+0x136/0x740 [ 548.161662] ? __memcg_init_list_lru_node+0x169/0x270 [ 548.166851] ? __list_lru_init+0x544/0x750 [ 548.171082] ? sget_userns+0x691/0xe40 [ 548.174970] ? mount_fs+0x66/0x2d0 [ 548.178510] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 548.183267] ? do_mount+0xea4/0x2bb0 [ 548.186983] ? SyS_mount+0xab/0x120 [ 548.190604] ? do_syscall_64+0x281/0x940 [ 548.194665] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 2018/03/31 14:23:36 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 548.200031] ? find_held_lock+0x35/0x1d0 [ 548.204096] ? __lock_is_held+0xb6/0x140 [ 548.208150] ? check_same_owner+0x320/0x320 [ 548.212464] ? rcu_note_context_switch+0x710/0x710 [ 548.217401] should_failslab+0xec/0x120 [ 548.221373] kmem_cache_alloc_trace+0x4b/0x740 [ 548.225957] ? __kmalloc_node+0x33/0x70 [ 548.229924] ? __kmalloc_node+0x33/0x70 [ 548.233897] ? rcu_read_lock_sched_held+0x108/0x120 [ 548.238907] __memcg_init_list_lru_node+0x169/0x270 [ 548.243919] ? list_lru_add+0x7c0/0x7c0 2018/03/31 14:23:36 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:36 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 548.248067] ? __kmalloc_node+0x47/0x70 [ 548.252043] __list_lru_init+0x544/0x750 [ 548.256106] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 548.261992] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 548.267007] ? __lockdep_init_map+0xe4/0x650 [ 548.271420] ? lockdep_init_map+0x9/0x10 [ 548.275477] sget_userns+0x691/0xe40 [ 548.279179] ? get_anon_bdev+0x2a0/0x2a0 [ 548.283243] ? destroy_unused_super.part.6+0xd0/0xd0 [ 548.288344] ? alloc_vfsmnt+0x762/0x9c0 [ 548.292310] ? path_lookupat+0x238/0xba0 [ 548.296366] ? mnt_free_id.isra.21+0x50/0x50 2018/03/31 14:23:36 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(0xffffffffffffffff, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 548.300771] ? trace_hardirqs_off+0x10/0x10 [ 548.305092] ? cap_capable+0x1b5/0x230 [ 548.308982] ? security_capable+0x8e/0xc0 [ 548.313126] ? get_anon_bdev+0x2a0/0x2a0 [ 548.317180] ? ns_capable_common+0xcf/0x160 [ 548.321494] ? get_anon_bdev+0x2a0/0x2a0 [ 548.325546] sget+0xd2/0x120 [ 548.328557] ? __get_fs_type+0x8a/0xc0 [ 548.332438] ? shmem_remount_fs+0x750/0x750 [ 548.336748] mount_nodev+0x37/0x100 [ 548.340372] shmem_mount+0x2c/0x40 [ 548.343907] mount_fs+0x66/0x2d0 [ 548.347272] vfs_kern_mount.part.26+0xc6/0x4a0 2018/03/31 14:23:36 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(0xffffffffffffffff, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 548.351853] ? may_umount+0xa0/0xa0 [ 548.355476] ? _raw_read_unlock+0x22/0x30 [ 548.359620] ? __get_fs_type+0x8a/0xc0 [ 548.363506] do_mount+0xea4/0x2bb0 [ 548.367039] ? __might_fault+0x110/0x1d0 [ 548.371102] ? copy_mount_string+0x40/0x40 [ 548.375326] ? check_same_owner+0x320/0x320 [ 548.379640] ? __check_object_size+0x8b/0x530 [ 548.384133] ? __might_sleep+0x95/0x190 [ 548.388109] ? kasan_check_write+0x14/0x20 [ 548.392339] ? _copy_from_user+0x99/0x110 [ 548.396930] ? memdup_user+0x5e/0x90 [ 548.400638] ? copy_mount_options+0x1f7/0x2e0 [ 548.405120] SyS_mount+0xab/0x120 [ 548.408558] ? copy_mnt_ns+0xb30/0xb30 [ 548.412444] do_syscall_64+0x281/0x940 [ 548.416323] ? vmalloc_sync_all+0x30/0x30 [ 548.420466] ? _raw_spin_unlock_irq+0x27/0x70 [ 548.424961] ? finish_task_switch+0x1c1/0x7e0 [ 548.429454] ? syscall_return_slowpath+0x550/0x550 [ 548.434379] ? syscall_return_slowpath+0x2ac/0x550 [ 548.439304] ? prepare_exit_to_usermode+0x350/0x350 [ 548.444330] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 548.449696] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 548.454539] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 548.459720] RIP: 0033:0x454e79 [ 548.462903] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 548.470614] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 [ 548.477875] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 548.485137] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 548.492400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 2018/03/31 14:23:36 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(0xffffffffffffffff, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:36 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x0, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 548.499665] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000010 2018/03/31 14:23:36 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r6, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:36 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x0, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:36 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r2, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r3 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r3, 0x0, 0x0, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:37 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x0, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:37 executing program 2: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) socket$kcm(0x29, 0x7, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) prctl$getname(0x10, &(0x7f0000000200)=""/132) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) connect$netlink(r0, &(0x7f00000000c0)=@unspec, 0xc) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) unlink(&(0x7f0000000140)='./file0\x00') ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)) 2018/03/31 14:23:37 executing program 7: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000100)={0x0, 0x989680}, &(0x7f00005bfff0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x401, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000140)={0x5, 0x10, 0x1, 0xffffffffffffffff}) ioctl$ION_IOC_HEAP_QUERY(r0, 0xc0184908, &(0x7f0000000200)={0x100, 0x2, 0x1, r1}) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x0, 0x5, 0x1400, &(0x7f0000000080)) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)) 2018/03/31 14:23:37 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r2, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(0xffffffffffffffff, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r4 = dup3(0xffffffffffffffff, r3, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r4, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r2, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r5 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r5, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r5, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:37 executing program 5 (fault-call:12 fault-nth:17): r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:37 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x0, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:37 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r2, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r3 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r3, 0x0, 0x0, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:37 executing program 4: sendmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x6, 0x20000) sendmsg$unix(r1, &(0x7f0000000480)={&(0x7f0000000240)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f00000003c0)=[{&(0x7f00000002c0)="90bc06759de1e547969f47355c7845894d326b8a094fa099887f6ac171eca243856301d7240d6a97ae7988213eaf8ae3b8351a8043b98eaf7014d80bf14df53cacd5807d2503a9acc16bf9e26893c9a9c49e6ac4e4ef33ae15bb920e23337b055cfea75defb810a2cdb31bd8307fc98be8372513e0207ed206c30e546b1a075a4643e110b03cf57d645951fd476877bde0e7a60f0c64b6e83c73104ac64bafc54ca812f092c61c4c6e4d0d299e5c6a19f13d1c", 0xb3}], 0x1, &(0x7f0000000400)=ANY=[@ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="20000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="eb610000"], 0x34, 0x84}, 0x40) r2 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) ioctl$KVM_SET_IDENTITY_MAP_ADDR(r1, 0x4008ae48, &(0x7f0000000440)=0x110001) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x400, 0x0) r3 = socket$inet6(0xa, 0x0, 0x0) r4 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r4, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) listen(r4, 0x80001003) r5 = socket$inet6(0xa, 0x6, 0x0) ioctl$TIOCCBRK(r1, 0x5428) connect$inet6(r5, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) readv(r5, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/11, 0x37}], 0x100000000000019c) close(r5) accept(r4, 0x0, &(0x7f0000efaffc)) sendmmsg(r5, &(0x7f00000000c0)=[{{&(0x7f0000000240)=@ax25={0x3, {"aba998cfc95797"}}, 0x80, &(0x7f00000016c0), 0x0, &(0x7f0000001740)}}], 0x198, 0x0) socket$can_raw(0x1d, 0x3, 0x1) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x8, 0x200, 0x20000800}) ioctl(r2, 0x2285, &(0x7f0000007000)='S') ioctl$TIOCGSOFTCAR(r1, 0x5419, &(0x7f00000006c0)) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f00000008c0)={{{@in=@dev, @in6=@local}}, {{@in=@remote}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000880)=0x14a) getsockname$unix(r2, &(0x7f0000000040), &(0x7f0000000100)=0x6e) getsockopt$inet6_udp_int(r3, 0x11, 0x67, &(0x7f00000001c0), &(0x7f0000000380)=0x4) ioctl$TCSBRK(r1, 0x5409, 0xffff) mq_timedsend(r2, &(0x7f00000005c0)="fc46e490a15eb56de322ae94c937068776b1a4da74b2c7d815f860f00f177a0aa9f6668f6d840adc2e08489337a53b93e701c8b60b2874e60421e875e5bd556d95454052313fa65ed5844eff8a8c8f8a9a69948e4eacd1e59044d96310db60078ef24a1e4e2c0bcd9e3ce8d482ce829d8063e1c74fb89096d78770c3153b1f95131ca16de43b3395ecbb1810de0cbb846ff3491beff4d4735f076986ee1a9b2aa0820fa1676cdb2129fb9a88aa61ed5820137ef5961432446ec5ae362487def3ef5350e355fe0f67fc5b20e4f06be96952e9d22ed30a339a3385bccec2cf4a8ae0e67e43e8", 0xe5, 0x28d, 0x0) [ 549.415878] FAULT_INJECTION: forcing a failure. [ 549.415878] name failslab, interval 1, probability 0, space 0, times 0 [ 549.427224] CPU: 1 PID: 5608 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 549.434496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 549.444016] Call Trace: [ 549.446604] dump_stack+0x194/0x24d [ 549.450230] ? arch_local_irq_restore+0x53/0x53 [ 549.454889] ? __save_stack_trace+0x7e/0xd0 [ 549.459193] should_fail+0x8c0/0xa40 [ 549.462885] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 549.467964] ? kasan_kmalloc+0xad/0xe0 [ 549.471824] ? kmem_cache_alloc_trace+0x136/0x740 [ 549.476642] ? __memcg_init_list_lru_node+0x169/0x270 [ 549.481804] ? __list_lru_init+0x544/0x750 [ 549.486015] ? sget_userns+0x691/0xe40 [ 549.489896] ? mount_fs+0x66/0x2d0 [ 549.493412] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 549.498140] ? do_mount+0xea4/0x2bb0 [ 549.501824] ? SyS_mount+0xab/0x120 [ 549.505428] ? do_syscall_64+0x281/0x940 [ 549.509467] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 549.514808] ? find_held_lock+0x35/0x1d0 [ 549.518845] ? __lock_is_held+0xb6/0x140 [ 549.522895] ? check_same_owner+0x320/0x320 [ 549.527196] ? rcu_note_context_switch+0x710/0x710 [ 549.532105] should_failslab+0xec/0x120 [ 549.536054] kmem_cache_alloc_trace+0x4b/0x740 [ 549.540610] ? __kmalloc_node+0x33/0x70 [ 549.544562] ? __kmalloc_node+0x33/0x70 [ 549.548512] ? rcu_read_lock_sched_held+0x108/0x120 [ 549.553508] __memcg_init_list_lru_node+0x169/0x270 [ 549.558503] ? list_lru_add+0x7c0/0x7c0 [ 549.562464] ? __kmalloc_node+0x47/0x70 [ 549.566432] __list_lru_init+0x544/0x750 [ 549.570476] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 549.576341] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 549.581332] ? __lockdep_init_map+0xe4/0x650 [ 549.585719] ? lockdep_init_map+0x9/0x10 [ 549.589758] sget_userns+0x691/0xe40 [ 549.593446] ? get_anon_bdev+0x2a0/0x2a0 [ 549.597487] ? destroy_unused_super.part.6+0xd0/0xd0 [ 549.602567] ? alloc_vfsmnt+0x762/0x9c0 [ 549.606515] ? path_lookupat+0x238/0xba0 [ 549.610551] ? mnt_free_id.isra.21+0x50/0x50 [ 549.614935] ? trace_hardirqs_off+0x10/0x10 [ 549.619232] ? cap_capable+0x1b5/0x230 [ 549.623098] ? security_capable+0x8e/0xc0 [ 549.627220] ? get_anon_bdev+0x2a0/0x2a0 [ 549.631255] ? ns_capable_common+0xcf/0x160 [ 549.635551] ? get_anon_bdev+0x2a0/0x2a0 [ 549.639586] sget+0xd2/0x120 [ 549.642578] ? __get_fs_type+0x8a/0xc0 [ 549.646444] ? shmem_remount_fs+0x750/0x750 [ 549.650738] mount_nodev+0x37/0x100 [ 549.654340] shmem_mount+0x2c/0x40 [ 549.657859] mount_fs+0x66/0x2d0 [ 549.661204] vfs_kern_mount.part.26+0xc6/0x4a0 [ 549.665761] ? may_umount+0xa0/0xa0 [ 549.669368] ? _raw_read_unlock+0x22/0x30 [ 549.673492] ? __get_fs_type+0x8a/0xc0 [ 549.677356] do_mount+0xea4/0x2bb0 [ 549.680868] ? __might_fault+0x110/0x1d0 [ 549.684905] ? copy_mount_string+0x40/0x40 [ 549.689113] ? check_same_owner+0x320/0x320 [ 549.693408] ? __check_object_size+0x8b/0x530 [ 549.697882] ? __might_sleep+0x95/0x190 [ 549.701832] ? kasan_check_write+0x14/0x20 [ 549.706043] ? _copy_from_user+0x99/0x110 [ 549.710166] ? memdup_user+0x5e/0x90 [ 549.713858] ? copy_mount_options+0x1f7/0x2e0 [ 549.718328] SyS_mount+0xab/0x120 [ 549.721755] ? copy_mnt_ns+0xb30/0xb30 [ 549.725621] do_syscall_64+0x281/0x940 [ 549.729482] ? vmalloc_sync_all+0x30/0x30 [ 549.733604] ? _raw_spin_unlock_irq+0x27/0x70 [ 549.738075] ? finish_task_switch+0x1c1/0x7e0 [ 549.742545] ? syscall_return_slowpath+0x550/0x550 [ 549.747448] ? syscall_return_slowpath+0x2ac/0x550 [ 549.752354] ? prepare_exit_to_usermode+0x350/0x350 [ 549.757345] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 549.762688] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 549.767506] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 549.772668] RIP: 0033:0x454e79 [ 549.775831] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 549.783526] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 [ 549.790771] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 549.798017] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 549.805261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 2018/03/31 14:23:37 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r2, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(0xffffffffffffffff, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r4 = dup3(0xffffffffffffffff, r3, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r4, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r2, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r5 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r5, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r5, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) [ 549.812506] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000011 2018/03/31 14:23:37 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r2, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r3 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r3, 0x0, 0x0, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:37 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x0, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:37 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x0, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:37 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r2, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(0xffffffffffffffff, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r4 = dup3(0xffffffffffffffff, r3, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r4, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r2, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r5 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r5, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r5, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:37 executing program 5 (fault-call:12 fault-nth:18): r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:38 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x0, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 549.980374] FAULT_INJECTION: forcing a failure. [ 549.980374] name failslab, interval 1, probability 0, space 0, times 0 [ 549.991689] CPU: 1 PID: 5638 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 549.998955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 550.008313] Call Trace: [ 550.010900] dump_stack+0x194/0x24d [ 550.014525] ? arch_local_irq_restore+0x53/0x53 [ 550.019190] ? __save_stack_trace+0x7e/0xd0 [ 550.023520] should_fail+0x8c0/0xa40 2018/03/31 14:23:38 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x0, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 550.027232] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 550.032331] ? kasan_kmalloc+0xad/0xe0 [ 550.036214] ? kmem_cache_alloc_trace+0x136/0x740 [ 550.041051] ? __memcg_init_list_lru_node+0x169/0x270 [ 550.046235] ? __list_lru_init+0x544/0x750 [ 550.051155] ? sget_userns+0x691/0xe40 [ 550.055034] ? mount_fs+0x66/0x2d0 [ 550.058571] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 550.063324] ? do_mount+0xea4/0x2bb0 [ 550.067034] ? SyS_mount+0xab/0x120 [ 550.070658] ? do_syscall_64+0x281/0x940 [ 550.074715] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 2018/03/31 14:23:38 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 550.080083] ? find_held_lock+0x35/0x1d0 [ 550.084146] ? __lock_is_held+0xb6/0x140 [ 550.088214] ? check_same_owner+0x320/0x320 [ 550.092537] ? rcu_note_context_switch+0x710/0x710 [ 550.097470] should_failslab+0xec/0x120 [ 550.101442] kmem_cache_alloc_trace+0x4b/0x740 [ 550.106021] ? __kmalloc_node+0x33/0x70 [ 550.109989] ? __kmalloc_node+0x33/0x70 [ 550.113960] ? rcu_read_lock_sched_held+0x108/0x120 [ 550.118976] __memcg_init_list_lru_node+0x169/0x270 [ 550.123989] ? list_lru_add+0x7c0/0x7c0 [ 550.127960] ? __kmalloc_node+0x47/0x70 [ 550.131933] __list_lru_init+0x544/0x750 [ 550.135996] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 550.141883] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 550.146898] ? __lockdep_init_map+0xe4/0x650 [ 550.151309] ? lockdep_init_map+0x9/0x10 [ 550.155366] sget_userns+0x691/0xe40 [ 550.159070] ? get_anon_bdev+0x2a0/0x2a0 [ 550.163131] ? destroy_unused_super.part.6+0xd0/0xd0 [ 550.168232] ? alloc_vfsmnt+0x762/0x9c0 [ 550.172202] ? path_lookupat+0x238/0xba0 [ 550.176250] ? mnt_free_id.isra.21+0x50/0x50 [ 550.180635] ? trace_hardirqs_off+0x10/0x10 [ 550.184935] ? cap_capable+0x1b5/0x230 [ 550.188801] ? security_capable+0x8e/0xc0 [ 550.192928] ? get_anon_bdev+0x2a0/0x2a0 [ 550.196976] ? ns_capable_common+0xcf/0x160 [ 550.201296] ? get_anon_bdev+0x2a0/0x2a0 [ 550.205347] sget+0xd2/0x120 [ 550.208371] ? __get_fs_type+0x8a/0xc0 [ 550.212253] ? shmem_remount_fs+0x750/0x750 [ 550.216568] mount_nodev+0x37/0x100 [ 550.220189] shmem_mount+0x2c/0x40 [ 550.223722] mount_fs+0x66/0x2d0 [ 550.227081] vfs_kern_mount.part.26+0xc6/0x4a0 [ 550.231657] ? may_umount+0xa0/0xa0 [ 550.235276] ? _raw_read_unlock+0x22/0x30 [ 550.239416] ? __get_fs_type+0x8a/0xc0 [ 550.243300] do_mount+0xea4/0x2bb0 [ 550.246832] ? __might_fault+0x110/0x1d0 [ 550.250889] ? copy_mount_string+0x40/0x40 [ 550.255118] ? check_same_owner+0x320/0x320 [ 550.259432] ? __check_object_size+0x8b/0x530 [ 550.263925] ? __might_sleep+0x95/0x190 [ 550.267900] ? kasan_check_write+0x14/0x20 [ 550.272129] ? _copy_from_user+0x99/0x110 [ 550.276268] ? memdup_user+0x5e/0x90 [ 550.279969] ? copy_mount_options+0x1f7/0x2e0 [ 550.284455] SyS_mount+0xab/0x120 [ 550.287896] ? copy_mnt_ns+0xb30/0xb30 [ 550.291775] do_syscall_64+0x281/0x940 [ 550.295660] ? vmalloc_sync_all+0x30/0x30 [ 550.299803] ? _raw_spin_unlock_irq+0x27/0x70 [ 550.304294] ? finish_task_switch+0x1c1/0x7e0 [ 550.308781] ? syscall_return_slowpath+0x550/0x550 [ 550.313705] ? syscall_return_slowpath+0x2ac/0x550 [ 550.318625] ? prepare_exit_to_usermode+0x350/0x350 [ 550.323640] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 550.329001] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 550.333846] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 550.339024] RIP: 0033:0x454e79 [ 550.342206] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 550.349909] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 [ 550.357169] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 550.364432] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 550.371692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 550.378950] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000012 2018/03/31 14:23:38 executing program 7: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x4a8a00) getsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f00000000c0)=0x8, &(0x7f0000000140)=0x4) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)) nanosleep(&(0x7f0000000200)={0x77359400}, &(0x7f0000000240)) 2018/03/31 14:23:38 executing program 2: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f0000000140)={0x0, 0x0}) utimes(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)={{r0, r1/1000+10000}}) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) r2 = socket$kcm(0x29, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r3 = fcntl$dupfd(r2, 0x406, r2) bind$pptp(r3, &(0x7f0000000080)={0x18, 0x2, {0x0, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x1e) getpid() ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$kcm(r4, &(0x7f00000018c0)={&(0x7f0000000240)=@un=@abs={0x1, 0x0, 0x4e21}, 0x80, &(0x7f0000001540)=[{&(0x7f00000002c0)="ffa1e033787756270fea88c3c4ff4d402032c5b02d52a871f0105f04dc7fed2fa89c876cab5b34e9445d987b27903cc8e01324dd8e71a1c5924ca8c701603a84c07e9709371ead06ae1904d3f6567f141588c5303f571dabd60be907506bdb6c165f56fef272f7a80235196c8cef51dda61ba23315172acea5259230c0502b521938a0534d187a44c57d66ec1c2e6cf4ab69b49c90ff4e8b7556d191a5472091ce0a15984b989c08021e82fdee32c95d9d46a6f59a6df1ef148634a662229576cf749a939e1fe3ee9793448a0345f91abf6bdb62b978462fa1c45a87d23dfa49ba252c00b149b419b9be6a1032c748577ad2ad01ec3d804435da6fbbd3650a3f0a0b33abe2a26f8b66821302cdd5ed543a8d1a6fd5cbfc81507a94d95f24e36c4eb5a6ea57efe89f0de2e1d544611b47b8aa3ec2433abc80b21a4ed49481988d6de0e9740192c2eaad19ca0efb6e113931587a66b4a51f34922b00c5fb6fd976f4b4042a11afb19e150810c9fabf3d7f433f3bac48e4eb901a9c47ff2781e616125197cd865ecaf6415dcb108822872cf6362b932a59159c2844e6b980cff9e7db602781a25c9fe4a6ee6819ad23a40b514d820c3ec67f427a39fb215b96534ee46a3f45c44967441aae613b0e2ae085edce7f80cf5b431649665280111db59f724c7b04ff6a4f208e2ed0067d4918810a159cb5fcd3d346e70e2e33d6e1b681edba5cc3b1a62180d884368a6aaa5d435c904c25094f5778977d43ca231ffd948f0a9ad4f6896f9cacbd82b62575d492110b10845401e4d697fb0acc62a98d0ebd2147939428f0629aa98fe2a0db7ce903acefa6ff237681934e99de481ad410db128cf3de0acc2e1e1befc5c549affaa8b965327dba20a2af750cec49e7eee61ccbabe7087ccd30edb3176f8f6449c729362f263e27245c43ea25cd71c2a648aa8d3f62b2d75fc4b62d17dd0fffe30f6fa19067d8bf0775f090f6b9858890ba6aa84b757f366e827894a68811ad73f96a869e555dee180c6aaddf218c3a7df9be8e22cc994aa00994b0536faf7e12600926e80c044ef6c47660bf764e9edae68b20aee74e98dbd5656a0b1c659f3f54c793b0f730a29536070c2a98adff202db8f723ea45ec3def0cdc0746101c39bcff6a6c534c3db91061074555f41fbf8eb83d0cc2cd081b9d95010b3d94aa0108e16a2233d0146d253d09646348aa1a86f43657d2486fafdd04a65167b4356e0e9ef68161beda8c1da9b3f54ee9a8b5feb04fa4bc2166592e84914a514e652ea6905a8eef22c4fd804a3c87acf027f1b7a713ab30b80011d2750df9203b82fcd8a124f4f407d20cf2f0b6f3134de976d7c474cca2178a5e1d7e005af078c308d4f9a65494596ac6891ebf94ce09f8c4864b015424b427e55a6a35be684314667330e9224c25aee7c94d7b69d33ea965eec031a88b68a3329db3df796d99f3a92c340d2cecaecddb560f618c67b3b9ee23be07d9744097e7b0e4684839c38e850efb3778f346890387565e5d1864c5bcab097b6f6cbe9b5d473f320dc29e0ca0c9a455f20895a14f02abc334e11e4a2ceec23d2dd3d9f29545a97394ce0da5ee7716415c6121a0e7475a47707486b1c9fd1939ca78ea2d7738db2b691ac4bd3bc70ac1d3f8bd063cf0298f5dadfbdc73ecc7d7ed221712279729da1e27876d11f46396b9ab542f82a4210fec413a0f93d8ea2d18d2ffd4012a0ddf7cb85cfde41e9029a6495c372c0e928beda3d866a9259fa58d5c11269bb43c362e233253bfeebc7b28924bd98328448f02302bea5c1101704cd52485739df6645878d321b8d48f5098804b6f19232daa98fff62aad14d48082ac231d4f53eab6e99e1527b258aa5d5d366259a4525dc489d5734088439d1e04113de6929837a9cd0c967726c5d2f28874bab460d4a7fea85c6078f32cea523d41a17077b46cb7e09a815d9ef48272345e766f289c52d40b41ce2ed2a66e3a2ca14e5e8ff323618e8191c06ec968868c16b5a33ed93f20815e3a834cf4041683a100d8a4d2f234ccf158fde45557ea0abe37843864a18e3d67d2a2f3052abb68021a040c874b7276a076a91e32ce6c8fd6ac8bf2aade022d666111fc946e35e5c8afb666b19fdddc3c08070d397f2e94af200ea6e5f0c3e21f4b230b670168abe0935dabf8363db03eb328c2fe36f56554a730786354e977a66249f87c495cf3af0aa98d9724889b11c2fffea7ba2814dc16eaa66e127e84f396d9adfe5afe81115d48b30f881c2ccde9dab4b82dbf6a2abf24afe013a17d0bb6fb65e6f67a7df018ed5114b3216c424f0aa4273a173feb0f7cc68715f91f94536f815cfc5be775f65e200d059b0ecfcf533ccedee62d722b51e6e5518079f2464d6b7744d8f24ab212eb7d0b4de31f6ada4df149f71e194350db50962616eb3b84eba79385bee4b1cccae2d8355d4a0cc0190a47861d8aa2014b66cebce7fd513fa7376b98e47a0424c4cdd6471df1239dd90656412da2cfeca78f41fd8ad8187cf4d5106c51abc248a6d0c00feb698c5c186efebb1300101502cc08227eea4d4600ad2c4ec76429a85b8542d1a2d3a3466889a6f0a54fe737b81f23112b73776b249e4c48852502b19fe3a441a2b64656c76a798290cdeae171f79e8a4c57b746ebb6297a948fb033c2a6456c1a502d6fd0f5378efac86031107fbe4c20626dfd1e79a7bdc363085ecfb13dff9735bc06c72cb9599149ce9ab07ed28f70810f5797d9ece2f76a59bdea1d8f1f8d106a6d123e69cc4cacff13e7937cb4a944985d0737448638bf8aba05480777c19749da786d1ac7e33453da691db6e4772b79df66884473286be832f46fc85d3d79bdc0090fbdf7af9a1e43fd03ee57a657757091dd1cdae32e7b73bf99c40eefe2d5fdd24bbf1b2b882ffaac475efe77bd0c8062422a67bd2d051c9c4d3f7fc3f5946b79ce1abb2474f01b523988703704e59fdad6be8bb954054de857fcff4d347a85a5a3cce0f7a634a99790a78761eeda51bec9d22562232b96daa7354ec9ff7f7a4421ab8ece3bbf28961790bc127c9a25ec1a512a3d0572edc93507595de3626ba4d9a1bb99da4dafcde22fc1f22d0e6905212a3b6bef9281a9389afe5c5a5cc410c499570cb78f089dfdbe0c2a440bcf5308b8e6bd659951279bb5e8f7f84e3d85414e8371473c51411b41270b1406ca3674c9013dd99374e76eb8c5b3467fb5ae456f71e653bdce1746f0424f84c629374de8af4262ad09c00950d2771132c261dad53bf3277e57c355c0daf92b67c1a565d07d00dc55fadc857dbb48847e258aaac948f1602f50836b0a277c15353ba3e467ff352998b4e92981a6625ba1bea53118ec2e8841acdc2a5587d866b16e5ab5101d8cbaeeda7a579f92f1ed4bf2c0bc84e62672392e62e2cab33916467f28706f73f2f8e31baed8e83390b6c202af920af67a243d2a0dec4633ccd54e860af12127e19c8bec927223d2783984d6d47fa4bb0956d0037948c3e65614a0487a393e2de6bdea52afe26ad85d58b3dcc48b97b3af1e96aad0e5e7d64b64f66db62cfe12e67aa60b027f1ad85cc71bcef6f0ce5b4b0b7344f2bafd2947c39e168f9a2767dc3f11a7eca6657d52b9f1d967a11a345c4275949d3cbefa16106f39f9a5610efb7de2849fcbcc81714205df2fbf2db3b253b6bf179369f4e7c263e4aecf1df1b3da9224c04cc847a03ad53e4b60dc1799536c96b7d78027fdd7cb339cc20bfb1aa9fc0046a038446aad6383ba1ad13ca6bcb49b21d8551750fd6eae35eb2342132b8fd67ca2618da9cd82bf4e422c94e7e213365437491f3776559dd86e1dc34b807125810aec9468475af32ad6d219cd1546237c39f985c0528b429fa7a507df35ecabaaae968de6d58ee56a25c70d69a6e581693f9f7d55f87ea0f615b6d5b8210b60dfd83e45b9add09a4658e897ec342974ee32400d066b3120f0212c394bde8d1d7d8cb85a84a387afdb28f1341e6c48afa5abb390c15e8945e21f88d799f5939c2f5325b5f3654ef47b4829d25637ce239fe1f3d896780d3c54f8c16a8c46c79e2dd0581c3b667711291d41034571a9aa6ab08e18cc66630d8b33101e79465d2da008a9f83930992d0e72fdfe239901bf55067b3170d16f09e98a98d118fbb691209e949e9bce23f958fe3315a2437c134286c9dda3de0926a3b64161be8097fc5fd6ddab7ad935fbcef05a4b4c8c2d4e50d791c5fb1ab6b5a93bf45ed3bbefc07b1cccea720b454bff248dcb7a19634f8d7562d0a32d55b656d999ba054dc193595172303317fa2d32010c30f9f64b194d260c0b1a0833da8c687fc9347721bce61104b8468b41069f94dd358f1be1066641730f6e25eb02e81a56d7f109bef7920f8411e8753b4dd179d337f530a0638217297019e9d20520795a104dfd42d0a3b9ba4fa0b146042c23530d75008aba582bfa9fdfd97d06ac51841e4356199651d02ee1d2bd3fcaaea6686c60efdbfb695e02c009a86992d36f80f87b051da18b2288ec7475b09ec8163e4b25cfbace2589937c60ffb3d1c876f0e7ef35673c5f0bcd6918781c54867fcddbb52b174fd4e0feda82460cd2bdd9ec75f5488d73ef881bfb735f9e71cf7b779a1a88561199d1341ce8e0ba7a372366a1f609f0dff1ef030b9e26eca4f9826e809d198316cba370aaa789b4d39b50c558b06b1bcd233abb745375fc5db15e814ddf7a9b9ef5df96c50bd1cee1ad449bbc6a7bc68cb4fcce5ae5fd0a5528af27bf7ed78a2737328cd90967153163874e8c5801917f3cc15de31de984195e0811464576713003e3c7c1bad2d13726595c9eeb021e084611857e436789582f9d86a38a8c05be410461f03f5b0322ea367d0262f48c0b4e8f14f625579ce5dbfc42d62f4a29bc827efb1e6581b105968a80cb91ed6ee89f7da6cee2d811ddef0a7a355899dfd1eded239acf7b85a887979e47211258b8577ed9370b1b731b44bbd80f0ef608e3796ab98bcce26887fb684c8f96d11977af2d70cfea0bda12796a3809e4731c3265bacda6e9a74d905a3be42d013416e3eca84eea83dd8583c3f69b11e4ddba6ca4b4ffb68e0a2aa698a5bd5508ce3a16bac2ca09d1501dcd063a1015d6ceca540116cd72873ab3612fc16a2c0c3f6be478aa62c0f10494483270b84882a41adfa648cd78ec51c41081ddd245be66325742089c0d4cfcd871cb038fecbacc098449ba20f4a32f697172857577ad498398cec6164a657aa9d49bbe6d733202580e2378002edff85cbd5e350d8fd4721bcc763dcd9ccfac86de28ea97f6cb1ca7c613991d85a85fdfbd2e7428bd8c722f30a11bcef6570f46334ef003ff37fd0dc2175a3ee2df74ae468ac5b354152c98930502572e017d80319d3ab3725f51a03f0042aad1ce9edda2886952283e4baf7c3d3323e51e05fbd41028169a581983eac3ea83d03090af435db06b915a7251aaf4c0b072152d7bfa211040d8dd5fdfd3e7eedeb3ea8bcb54f06cdb071ec6adbc4304226b9974dfade49e42074590553687e9540a49a6d73098f7c868b49e713d1a61bd20ede9af756e032ab1c059042837d9cda8df1ade86b666c0fa688158bd81181406f1ae8591219944f34f3770bbca5ba020b17bac0d5bea4ac674c48294cf805b1d176311bac6707c520545a31eb03dfe886ea1e3ac37858982f9ea24eed8991861ed31b80f5bb417b34992307135030b0e515b31306acbf265f3c3085c512b51643a7c5a8a43cc9ce39e3ee81a110120bcafb28316bb1e", 0x1000}, {&(0x7f0000000040)}, {&(0x7f00000012c0)="3a3fbda6118da9e07bcdad029fabc11d1c9c6961cdf360a4ad836bae7038acb0d1db699c228eeca4abf4fe35c079886255cb14ae4b7d547eb477636ea0d7a9f7d68f0158bec9bfc49e44bf2975bf7a3bf9137610aa0b12e6043ae8c8cc433b5c7342ded6d4d7e7ce299b263409ad466f0a15f21a174c2b178f481b2b583380fa70bfea02e39ff9fde8e5c0c67c96c833d65ad44e8a9b41a50fb4538bc65133ba1ce9652d1b912445c3df7d1333cc6a8fa428dd9cf8486fdb74939898b63ab8389ce6264c4b4b854713aeafc772", 0xcd}, {&(0x7f00000013c0)="026f6ea8f98dbb9057a22a94d12cc4fccd2aff374c4d7189fb2fcdefd73f25684bd22bd45159305c963ab9bf505c7056ba0a5f58df9df0693591ac015214d16107944ed9da2cb9ed899da941d6c02c", 0x4f}, {&(0x7f0000001440)="4ebeb838572503a6d7fc736eada835ba72e836a87f02039beb35bab289d5a620f65bcd6cdc4cfad5af52b116e1ff294a37d6d2ab298d679d6726ae1252b30b29b736479af5c9110eba1463fe62245cbf46372d61a605689711864b91c5641f9719fed5a28d2d79a612b1585c0436925fce58aec9b5ce2ac452d8519ccd9b5c75ef195ff6ba230f2052f35395920ce188f0a3d3b9376537fb755cd7457ce76bdbccbe899abde5311f51e396c3497694bd61d4bff4f42b6564cdc9156fc1dac5a7c0f086bcff7e6a15e9c4c4d9c47bfc6d88f55ad76cfeec35088bb7399db4e9eadfa1ac2f6f71946e5100293ca362b6f9d9", 0xf1}], 0x5, &(0x7f00000015c0)=ANY=[@ANYBLOB="98000000000000000b010000b4bb0000f56de7f13c19eba598f95e59890abf4e6284c1c347a98134d741c865d4a16b3e17c414870cb97e5d252e02579628138f3b085ced298cff7deb6a70b65c40cd6389f47de339d36de26a15294ebd13d127c62197158e556dbf9125c3d4370fd52e9bb0d44fef93a9138c10bc0b0b4dc674622ead211fe2ab2d1d7520f833ad2e69efd0b06c9374000020000000000000000d0100000d02000002cc0a145b3bbc1fd900000000000000b000000000000000110100002068000090e0f2c35675f1bfd8a1e6e8fdc0676c0feff7c971047c4cd6a393ee284e498e8f9206890e9b02943f1058402379ca3c4f8b2af8351857ee2276689043b015869feb0608438e13bd3ea478df4d0802ea98df765b9a52dfff07e9a2ee53a5fb9190a4ce24102bf59e6675adcc708dcf2dca8a1d86d7ea4d99d00f35d1a4b102c619078b3dec3d6aeb156db86906b816e57f5ec7ece21eee93e7f9de9200000000c800000000000000030100000000000063cea99d265d0bd4a000007bda0420e67e5aef3b91fc45bb0594717c6dca4816d1585351f32f944946c245e1b26dbdcf2f9a896e1ab75a7fce8c01f85df76540c27cd9fafb11faefb824547b67718e8cd0001fd313dac429be3a1f44358eaf8cf83120acfab645e7e22e5544125a7074c76266ce5f8f0f72c0c8132689293f5c2a168b71beb27b279b2a5c2d63fffdb5618bf9346861766d1dd1e2970c8126bc2aa859dba08cb90ceccb1cd371e4104d9d00000000000000c0000000000000000100000006000000e2560b18fb279ff4fc150752206e1101517f94ccd11b7b5b66f417e2595294068f051af360dfa8713c0d2206ad3dba00b7bb7427ccdf161b85df4dd8a1b83f2122c07de5bbd98cea500670dfa45b5b77929343443ece98540bc388cbf504ea0474f43a2867a4a842a298bcc5d487836b6912e7abe10c2a59650cd05054c34c9d586df541a8c52c1dc3166e98a2c4ef85e842c5c08159bda6b5ad67de7b0f1906e1684d8f38b024e58e7540d36cea0000"], 0x2f0, 0x88c0}, 0x4) 2018/03/31 14:23:38 executing program 0 (fault-call:13 fault-nth:0): socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r2, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r3 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r3, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:38 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r6, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:38 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:38 executing program 5 (fault-call:12 fault-nth:19): r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:38 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080), 0x0) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:38 executing program 4: sendmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x6, 0x20000) sendmsg$unix(r1, &(0x7f0000000480)={&(0x7f0000000240)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f00000003c0)=[{&(0x7f00000002c0)="90bc06759de1e547969f47355c7845894d326b8a094fa099887f6ac171eca243856301d7240d6a97ae7988213eaf8ae3b8351a8043b98eaf7014d80bf14df53cacd5807d2503a9acc16bf9e26893c9a9c49e6ac4e4ef33ae15bb920e23337b055cfea75defb810a2cdb31bd8307fc98be8372513e0207ed206c30e546b1a075a4643e110b03cf57d645951fd476877bde0e7a60f0c64b6e83c73104ac64bafc54ca812f092c61c4c6e4d0d299e5c6a19f13d1c", 0xb3}], 0x1, &(0x7f0000000400)=ANY=[@ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="20000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="eb610000"], 0x34, 0x84}, 0x40) r2 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x400, 0x0) r3 = socket$inet6(0xa, 0x0, 0x0) r4 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r4, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) listen(r4, 0x80001003) r5 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r5, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) readv(r5, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/11, 0x37}], 0x100000000000019c) close(r5) r6 = accept(r4, 0x0, &(0x7f0000efaffc)) sendmmsg(r5, &(0x7f00000000c0)=[{{&(0x7f0000000240)=@ax25={0x3, {"aba998cfc95797"}}, 0x80, &(0x7f00000016c0), 0x0, &(0x7f0000001740)}}], 0x198, 0x0) recvfrom$llc(r6, &(0x7f00000005c0)=""/92, 0x5c, 0x102, &(0x7f00000001c0)={0x1a, 0x107, 0x7467, 0x6, 0x7, 0x2, @random="8d54f00df909"}, 0x10) socket$can_raw(0x1d, 0x3, 0x1) getsockopt$inet6_IPV6_IPSEC_POLICY(r6, 0x29, 0x22, &(0x7f0000000900)={{{@in=@multicast2, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in=@loopback}}, &(0x7f0000000a00)=0xe8) r8 = getuid() setsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f0000000a40)={{{@in=@multicast2=0xe0000002, @in=@dev={0xac, 0x14, 0x14, 0x13}, 0x4e23, 0x0, 0x4e22, 0x3, 0x2, 0xa0, 0x80, 0x0, r7, r8}, {0x10001, 0x3, 0x3, 0x5, 0x7, 0x625, 0x0, 0x4}, {0x9, 0x9, 0x8001, 0x4}, 0x1, 0x6e6bbb, 0x3, 0x1, 0x1, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0xe}, 0x4d6, 0x3c}, 0x0, @in, 0x3500, 0x4, 0x3, 0x5, 0xcc49, 0xe8b2, 0xda3e}}, 0xe8) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x8, 0x200, 0x20000800}) ioctl(r2, 0x2285, &(0x7f0000007000)='S') getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f00000004c0)={{{@in=@dev, @in6=@local}}, {{@in=@remote}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000180)=0xe8) getsockname$unix(r2, &(0x7f0000000040), &(0x7f0000000100)=0x6e) ioctl$TCSBRK(r1, 0x5409, 0xffff) [ 550.825570] FAULT_INJECTION: forcing a failure. [ 550.825570] name failslab, interval 1, probability 0, space 0, times 0 [ 550.836929] CPU: 0 PID: 5683 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 550.844200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 550.853551] Call Trace: [ 550.856142] dump_stack+0x194/0x24d [ 550.859779] ? arch_local_irq_restore+0x53/0x53 [ 550.864468] should_fail+0x8c0/0xa40 [ 550.868192] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 550.873305] ? trace_event_raw_event_lock+0x340/0x340 [ 550.878506] ? trace_hardirqs_off+0x10/0x10 [ 550.882844] ? lock_downgrade+0x980/0x980 [ 550.886991] ? trace_hardirqs_off+0x10/0x10 [ 550.891299] ? find_held_lock+0x35/0x1d0 [ 550.895362] ? __lock_is_held+0xb6/0x140 [ 550.899442] ? check_same_owner+0x320/0x320 [ 550.903758] ? rcu_note_context_switch+0x710/0x710 [ 550.908690] ? rcu_note_context_switch+0x710/0x710 [ 550.913615] should_failslab+0xec/0x120 [ 550.917577] __kmalloc+0x63/0x760 [ 550.921021] ? __kmalloc_node+0x47/0x70 [ 550.924991] ? __list_lru_init+0xcf/0x750 [ 550.929143] __list_lru_init+0xcf/0x750 [ 550.933121] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 550.939007] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 550.944032] ? lockdep_init_map+0x9/0x10 [ 550.948096] sget_userns+0x6b1/0xe40 [ 550.951800] ? get_anon_bdev+0x2a0/0x2a0 [ 550.955861] ? destroy_unused_super.part.6+0xd0/0xd0 [ 550.960959] ? alloc_vfsmnt+0x762/0x9c0 [ 550.964933] ? path_lookupat+0x238/0xba0 [ 550.968990] ? mnt_free_id.isra.21+0x50/0x50 [ 550.973400] ? trace_hardirqs_off+0x10/0x10 [ 550.977724] ? cap_capable+0x1b5/0x230 [ 550.981608] ? security_capable+0x8e/0xc0 [ 550.985742] ? get_anon_bdev+0x2a0/0x2a0 [ 550.989796] ? ns_capable_common+0xcf/0x160 [ 550.994114] ? get_anon_bdev+0x2a0/0x2a0 [ 550.998161] sget+0xd2/0x120 [ 551.001166] ? __get_fs_type+0x8a/0xc0 [ 551.005037] ? shmem_remount_fs+0x750/0x750 [ 551.009350] mount_nodev+0x37/0x100 [ 551.012978] shmem_mount+0x2c/0x40 [ 551.016507] mount_fs+0x66/0x2d0 [ 551.019869] vfs_kern_mount.part.26+0xc6/0x4a0 [ 551.024449] ? may_umount+0xa0/0xa0 [ 551.028070] ? _raw_read_unlock+0x22/0x30 [ 551.032211] ? __get_fs_type+0x8a/0xc0 [ 551.036098] do_mount+0xea4/0x2bb0 [ 551.039624] ? __might_fault+0x110/0x1d0 [ 551.043672] ? copy_mount_string+0x40/0x40 [ 551.047900] ? check_same_owner+0x320/0x320 [ 551.052213] ? __check_object_size+0x8b/0x530 [ 551.056703] ? __might_sleep+0x95/0x190 [ 551.060674] ? kasan_check_write+0x14/0x20 [ 551.064895] ? _copy_from_user+0x99/0x110 [ 551.069035] ? memdup_user+0x5e/0x90 [ 551.072732] ? copy_mount_options+0x1f7/0x2e0 [ 551.077227] SyS_mount+0xab/0x120 [ 551.080669] ? copy_mnt_ns+0xb30/0xb30 [ 551.084538] do_syscall_64+0x281/0x940 [ 551.088411] ? vmalloc_sync_all+0x30/0x30 [ 551.092541] ? _raw_spin_unlock_irq+0x27/0x70 [ 551.097020] ? finish_task_switch+0x1c1/0x7e0 [ 551.101506] ? syscall_return_slowpath+0x550/0x550 [ 551.106430] ? syscall_return_slowpath+0x2ac/0x550 [ 551.111353] ? prepare_exit_to_usermode+0x350/0x350 [ 551.116368] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 551.121732] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 551.126579] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 551.131761] RIP: 0033:0x454e79 [ 551.134943] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 551.142644] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 [ 551.149897] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 551.157157] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 551.164403] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 2018/03/31 14:23:39 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r6, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:39 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r2, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r3 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r3, 0x0, 0xd2, &(0x7f000003affc), 0x3c) [ 551.171651] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000013 2018/03/31 14:23:39 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080), 0x0) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:39 executing program 5 (fault-call:12 fault-nth:20): r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:39 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892a8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3e5) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)=ANY=[@ANYBLOB="6e6174000000000000000000000000000000000000000001000000000000000005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r2, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r3 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r3, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:39 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:39 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r6, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) [ 551.310402] FAULT_INJECTION: forcing a failure. [ 551.310402] name failslab, interval 1, probability 0, space 0, times 0 [ 551.321816] CPU: 0 PID: 5706 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 551.329099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 551.338449] Call Trace: [ 551.341045] dump_stack+0x194/0x24d [ 551.344685] ? arch_local_irq_restore+0x53/0x53 [ 551.349386] should_fail+0x8c0/0xa40 [ 551.353110] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 551.358241] ? save_stack+0x43/0xd0 [ 551.361869] ? kasan_kmalloc+0xad/0xe0 [ 551.365758] ? __kmalloc+0x162/0x760 [ 551.369471] ? __list_lru_init+0xcf/0x750 [ 551.373629] ? find_held_lock+0x35/0x1d0 [ 551.377702] ? __lock_is_held+0xb6/0x140 [ 551.381798] ? check_same_owner+0x320/0x320 [ 551.386129] ? rcu_note_context_switch+0x710/0x710 [ 551.391072] should_failslab+0xec/0x120 [ 551.395042] kmem_cache_alloc_node_trace+0x5a/0x760 [ 551.400052] ? mark_held_locks+0xaf/0x100 [ 551.404201] ? __raw_spin_lock_init+0x1c/0x100 [ 551.408794] __kmalloc_node+0x33/0x70 [ 551.412593] kvmalloc_node+0x99/0xd0 [ 551.416310] __list_lru_init+0x5d5/0x750 [ 551.420384] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 551.426277] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 551.431301] ? lockdep_init_map+0x9/0x10 [ 551.435365] sget_userns+0x6b1/0xe40 [ 551.439072] ? get_anon_bdev+0x2a0/0x2a0 [ 551.443124] ? destroy_unused_super.part.6+0xd0/0xd0 [ 551.448230] ? alloc_vfsmnt+0x762/0x9c0 [ 551.452193] ? path_lookupat+0x238/0xba0 [ 551.456256] ? mnt_free_id.isra.21+0x50/0x50 [ 551.460655] ? trace_hardirqs_off+0x10/0x10 [ 551.464965] ? cap_capable+0x1b5/0x230 [ 551.468853] ? security_capable+0x8e/0xc0 [ 551.472997] ? get_anon_bdev+0x2a0/0x2a0 [ 551.477052] ? ns_capable_common+0xcf/0x160 [ 551.481368] ? get_anon_bdev+0x2a0/0x2a0 [ 551.485421] sget+0xd2/0x120 [ 551.488440] ? __get_fs_type+0x8a/0xc0 [ 551.492324] ? shmem_remount_fs+0x750/0x750 [ 551.496639] mount_nodev+0x37/0x100 [ 551.500264] shmem_mount+0x2c/0x40 [ 551.503796] mount_fs+0x66/0x2d0 [ 551.507171] vfs_kern_mount.part.26+0xc6/0x4a0 [ 551.511749] ? may_umount+0xa0/0xa0 [ 551.515366] ? _raw_read_unlock+0x22/0x30 [ 551.519502] ? __get_fs_type+0x8a/0xc0 [ 551.523380] do_mount+0xea4/0x2bb0 [ 551.526908] ? __might_fault+0x110/0x1d0 [ 551.530962] ? copy_mount_string+0x40/0x40 [ 551.535176] ? check_same_owner+0x320/0x320 [ 551.539477] ? __check_object_size+0x8b/0x530 [ 551.543958] ? __might_sleep+0x95/0x190 [ 551.547931] ? kasan_check_write+0x14/0x20 [ 551.552151] ? _copy_from_user+0x99/0x110 [ 551.556294] ? memdup_user+0x5e/0x90 [ 551.560000] ? copy_mount_options+0x1f7/0x2e0 [ 551.564811] SyS_mount+0xab/0x120 [ 551.568252] ? copy_mnt_ns+0xb30/0xb30 [ 551.572136] do_syscall_64+0x281/0x940 [ 551.576027] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 551.581557] ? syscall_return_slowpath+0x550/0x550 [ 551.586477] ? syscall_return_slowpath+0x2ac/0x550 [ 551.591400] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 551.596755] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 551.601581] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 551.606759] RIP: 0033:0x454e79 [ 551.609944] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 551.617647] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 [ 551.624900] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 551.632159] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 551.639414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 551.646678] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000014 2018/03/31 14:23:39 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x0) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:40 executing program 2: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) socket$kcm(0x29, 0x7, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)={0xffffffffffffffff}) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000080)=0xc, 0x4) 2018/03/31 14:23:40 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r2, 0xc008af12, &(0x7f0000000340)) syz_mount_image$hfsplus(&(0x7f0000000100)='hfsplus\x00', &(0x7f0000000140)='./control\x00', 0x75, 0x8, &(0x7f00000009c0)=[{&(0x7f00000001c0)="2cda0fd5", 0x4, 0x9}, {&(0x7f0000000480)="a83a3c3aa6c11177b4fcad4ba4f8a8bab631e7ff3c872e59a9a949f5c8211c10b4065a4a5d387211518e50ca3730e35b9dc3408367edf7a14c46920bb477c5791daab6a7534bea0ccd93c753d7239f8d0a38952259def92ade0fae9a7d6fc1322f04f4579b0fd576b5c1b175df295833b381a528548ce8d19410e0f6a6c27183fd93d370797d0ed5065f182afeda4d37ef14e11bddd276c2facc05e444e9c2cfe318c3ccfd", 0xa5, 0x4}, {&(0x7f0000000640)="da9ccfa0841b45d891c47bb1db67ccf1def011d527d6496ebd0dcb5073f97bb68b424285248e95963746b739fb3995df8122eab0a3b57566cab5ca20c0d82386c319535f68b3eef0a13a77f522a6cc21f83d6a08bc15ae3741641de4f629b8231dba4e65408850879663d14858230aff73a968b01e64d2ecb15c69b63ad42ae3178367b2592d20c298529c637bda8574d49a7b9f1a45aa4d7d71a2b524f19707a6d3ad5c", 0xa4, 0xfffffffffffeffff}, {&(0x7f0000000700)="1d18dfba53fc4ff106a6ebc43d33a95da679b3d1966d889dc891e6ff8bc628aa5291e9e1d7392d5f17323ff86d857fc6f1394e0977d5789a64c0d385147e451e956c1ee1bcf75f920a21c3754b4c93f8c4039aff9386abcfd04a6854afe72ef2fd8de5f615099bff0fb61c541cc58a1075254394e528b529469eb09852f02a355ce1e99adeae354ff22467a71fbd81f2059ad8222afe68ac18a3ff442037197a794a32bc38f1c22ff688b445b07f1adb55fc9e7a2b93", 0xb6, 0x1}, {&(0x7f00000007c0)="a216c5a781a06e4e4fc4b31a93b539ef156d74892d401aa2b3975554ecb7a0f4a725bf1262ab40e1efe16f7aeb010605b0e488715ded57d9f65c21ced416819e7dc5f91c6d9a213152048e9bddec1f361119b3ca6484b3fcb70622eea5284c6b8c5306f06f7bf3b37e3da422dc4337fdd77938a25c2011ba95cb2357b6a6e66526cb0d834402803d4f96451a6826d0fe8a12b25cc0f5045b8569caa0431d", 0x9e, 0x46}, {&(0x7f0000000380)="6f55b8dad4c5a20464855de3b3ae02c41f6d3d4f80b4df70", 0x18}, {&(0x7f0000000540)="1cea5757abb2bd1a0e2a1560c63194740ce7752ce62563d440457a96807bbf0b7e1c0becce4bc5dc70fd4d67f10eeb1e24cf8bd875de75ce1a79c1615a81a746db8f8c00bb20669c49486d26129b927c32c3e3f472dd", 0x56, 0x400}, {&(0x7f0000000940)="03530b502aca45680dbb1ea182c1b57f4846d57cff9f4aa2cf5f1c2579fc2856b1a96a9b585f960c0b580f38346694a77e1d3a27e88672da55153141be688f3523b33e0dec631b1cd90f9f029103", 0x4e, 0x2}], 0x1, &(0x7f0000000a80)={[{@session={'session', 0x3d, [0x38, 0x31, 0x3d]}, 0x2c}, {@creator={'creator', 0x3d, "71d42849"}, 0x2c}, {@barrier='barrier', 0x2c}, {@barrier='barrier', 0x2c}, {@nodecompose='nodecompose', 0x2c}, {@decompose='decompose', 0x2c}]}) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r3 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r3, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:40 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080), 0x0) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:40 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r6, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:40 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x0) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:40 executing program 5 (fault-call:12 fault-nth:21): r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:40 executing program 4: sendmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x6, 0x20000) sendmsg$unix(r1, &(0x7f0000000480)={&(0x7f0000000240)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f00000003c0)=[{&(0x7f00000002c0)="90bc06759de1e547969f47355c7845894d326b8a094fa099887f6ac171eca243856301d7240d6a97ae7988213eaf8ae3b8351a8043b98eaf7014d80bf14df53cacd5807d2503a9acc16bf9e26893c9a9c49e6ac4e4ef33ae15bb920e23337b055cfea75defb810a2cdb31bd8307fc98be8372513e0207ed206c30e546b1a075a4643e110b03cf57d645951fd476877bde0e7a60f0c64b6e83c73104ac64bafc54ca812f092c61c4c6e4d0d299e5c6a19f13d1c", 0xb3}], 0x1, &(0x7f0000000400)=ANY=[@ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="20000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="eb610000"], 0x34, 0x84}, 0x40) r2 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x400, 0x0) socket$inet6(0xa, 0x0, 0x0) r3 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r3, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) listen(r3, 0x80001003) r4 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r4, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) readv(r4, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/11, 0x37}], 0x100000000000019c) close(r4) accept(r3, 0x0, &(0x7f0000efaffc)) openat$cgroup_subtree(r1, &(0x7f0000000440)='cgroup.subtree_control\x00', 0x2, 0x0) sendmmsg(r4, &(0x7f00000000c0)=[{{&(0x7f0000000240)=@ax25={0x3, {"aba998cfc95797"}}, 0x80, &(0x7f00000016c0), 0x0, &(0x7f0000001740)}}], 0x198, 0x0) socket$can_raw(0x1d, 0x3, 0x1) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f00000005c0)={0x100000000, {{0x2, 0x4e21, @broadcast=0xffffffff}}}, 0x88) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r3, 0x84, 0x6c, &(0x7f0000000680)={0x0, 0xd0, "c5c9ff33e03bb5323b6092cbea6780ab70dab58b9218adf0d1b06bcfa5b1472db46ba96daa99ff3c74cf76ed68bf72b7eab0769271e6913906914f9bb4cbff749bfaa17c3dfd6c15da7a00c50b53c2e3a2c06d256bd57a05bab7f64bb37769fb6ff1d747e862e379b3188e4038743150e99f81454f2dfdd3798920c3253366e44ea4307e9357e2b9d1b2d380897beef793faf1faf470a58d66d4c57ea0eac37bd89922f4431ed42d962630e5d68869802cbc46c4e4eee704e5a42fe0bb936c7bde533a0263d53f5b2e5213c485b99ad4"}, &(0x7f00000001c0)=0xd8) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000000380)={0x3, 0x2, 0x7, 0xff, r5}, 0x10) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x8, 0x200, 0x20000800}) ioctl(r2, 0x2285, &(0x7f0000007000)='S') getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f00000004c0)={{{@in=@dev, @in6=@local}}, {{@in=@remote}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000180)=0xe8) getsockname$unix(r2, &(0x7f0000000040), &(0x7f0000000100)=0x6e) ioctl$TCSBRK(r1, 0x5409, 0xffff) 2018/03/31 14:23:40 executing program 7: nanosleep(&(0x7f0000000140), &(0x7f0000000240)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_SET_GUEST_DEBUG(r1, 0x4048ae9b, &(0x7f0000000080)={0x30003, 0x0, [0x0, 0x1000, 0x4, 0x7, 0x63, 0x8001, 0x1, 0x7ff]}) ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f0000000180)={0x15, 0xd4, &(0x7f0000000280)="e76ea83b88dd72e553d6f64c260cc6a2aca545743b8d866082915bcb8205dd669fcb4a501e3daae2ee874aebe622fa6cdc6dc281b7fdbe8e990eb98f208605a769f0cfe8666c05c3a6da26425e51eb4012d7da31073d748078af2c63bcbd1e53ccd793b4cd00a3ecf28c2323aa901ab22a3dfa54dd2a946c48519dd0ae7d0b36cc29b138f700554fc09d9a60702d632c3645a6a7f9373353b1761db06b7986b3ed37627cb3a3f19e2afcf64d01738246f31da231d5260856fbcb6ae6aa23b0481f6d0a87c781f00d9d8a0769d6d202b1582ff1bf"}) [ 552.278666] FAULT_INJECTION: forcing a failure. [ 552.278666] name failslab, interval 1, probability 0, space 0, times 0 [ 552.290073] CPU: 0 PID: 5759 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 552.297370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 552.306744] Call Trace: [ 552.309343] dump_stack+0x194/0x24d [ 552.312981] ? arch_local_irq_restore+0x53/0x53 [ 552.317676] should_fail+0x8c0/0xa40 [ 552.321406] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 552.326505] ? kasan_kmalloc+0xad/0xe0 [ 552.330374] ? kmem_cache_alloc_trace+0x136/0x740 [ 552.335207] ? __memcg_init_list_lru_node+0x169/0x270 [ 552.340382] ? __list_lru_init+0x544/0x750 [ 552.344600] ? sget_userns+0x6b1/0xe40 [ 552.348475] ? mount_fs+0x66/0x2d0 [ 552.352000] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 552.356753] ? do_mount+0xea4/0x2bb0 [ 552.360468] ? SyS_mount+0xab/0x120 [ 552.364097] ? do_syscall_64+0x281/0x940 [ 552.368181] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 552.373557] ? find_held_lock+0x35/0x1d0 [ 552.377627] ? __lock_is_held+0xb6/0x140 [ 552.381714] ? check_same_owner+0x320/0x320 [ 552.386044] ? rcu_note_context_switch+0x710/0x710 [ 552.390989] should_failslab+0xec/0x120 [ 552.394976] kmem_cache_alloc_trace+0x4b/0x740 [ 552.399565] ? __kmalloc_node+0x33/0x70 [ 552.403538] ? __kmalloc_node+0x33/0x70 [ 552.407520] ? rcu_read_lock_sched_held+0x108/0x120 [ 552.412551] __memcg_init_list_lru_node+0x169/0x270 [ 552.417575] ? list_lru_add+0x7c0/0x7c0 [ 552.421556] ? __kmalloc_node+0x47/0x70 [ 552.425541] __list_lru_init+0x544/0x750 [ 552.429610] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 552.435508] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 552.440537] ? lockdep_init_map+0x9/0x10 [ 552.444603] sget_userns+0x6b1/0xe40 [ 552.448318] ? get_anon_bdev+0x2a0/0x2a0 [ 552.452389] ? destroy_unused_super.part.6+0xd0/0xd0 [ 552.457498] ? alloc_vfsmnt+0x762/0x9c0 [ 552.461471] ? path_lookupat+0x238/0xba0 [ 552.465530] ? mnt_free_id.isra.21+0x50/0x50 [ 552.469945] ? trace_hardirqs_off+0x10/0x10 [ 552.474271] ? cap_capable+0x1b5/0x230 [ 552.478187] ? security_capable+0x8e/0xc0 [ 552.482337] ? get_anon_bdev+0x2a0/0x2a0 [ 552.486402] ? ns_capable_common+0xcf/0x160 [ 552.490725] ? get_anon_bdev+0x2a0/0x2a0 [ 552.494783] sget+0xd2/0x120 [ 552.497798] ? __get_fs_type+0x8a/0xc0 [ 552.501686] ? shmem_remount_fs+0x750/0x750 [ 552.506009] mount_nodev+0x37/0x100 [ 552.509636] shmem_mount+0x2c/0x40 [ 552.513179] mount_fs+0x66/0x2d0 [ 552.516555] vfs_kern_mount.part.26+0xc6/0x4a0 [ 552.521139] ? may_umount+0xa0/0xa0 [ 552.524772] ? _raw_read_unlock+0x22/0x30 [ 552.528921] ? __get_fs_type+0x8a/0xc0 [ 552.532817] do_mount+0xea4/0x2bb0 [ 552.536356] ? __might_fault+0x110/0x1d0 [ 552.540428] ? copy_mount_string+0x40/0x40 [ 552.544662] ? check_same_owner+0x320/0x320 [ 552.548985] ? __check_object_size+0x8b/0x530 [ 552.553491] ? __might_sleep+0x95/0x190 [ 552.557475] ? kasan_check_write+0x14/0x20 [ 552.561708] ? _copy_from_user+0x99/0x110 [ 552.565860] ? memdup_user+0x5e/0x90 [ 552.569570] ? copy_mount_options+0x1f7/0x2e0 [ 552.574068] SyS_mount+0xab/0x120 [ 552.577517] ? copy_mnt_ns+0xb30/0xb30 [ 552.581408] do_syscall_64+0x281/0x940 [ 552.585296] ? vmalloc_sync_all+0x30/0x30 [ 552.589443] ? _raw_spin_unlock_irq+0x27/0x70 [ 552.593934] ? finish_task_switch+0x1c1/0x7e0 [ 552.598431] ? syscall_return_slowpath+0x550/0x550 [ 552.603362] ? syscall_return_slowpath+0x2ac/0x550 [ 552.608295] ? prepare_exit_to_usermode+0x350/0x350 [ 552.613311] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 552.618682] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 552.623519] entry_SYSCALL_64_after_hwframe+0x42/0xb7 2018/03/31 14:23:40 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r6, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:40 executing program 7: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x4e0040, 0x0) ioctl$DRM_IOCTL_RM_MAP(r0, 0x4028641b, &(0x7f0000000140)={&(0x7f000075f000/0x4000)=nil, 0x0, 0x0, 0x1, &(0x7f00002dd000/0x2000)=nil}) ioctl$TCSETSW(r0, 0x5403, &(0x7f00000000c0)={0x5, 0x3, 0x27, 0x2, 0x6, 0x1, 0x9, 0x3, 0x7, 0x20, 0x80, 0x1}) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)) [ 552.628697] RIP: 0033:0x454e79 [ 552.631884] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 552.639592] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 [ 552.646862] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 552.654130] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 552.661400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 552.668671] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000015 2018/03/31 14:23:40 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x0) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:40 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8", 0x73) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:40 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r6, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:40 executing program 5 (fault-call:12 fault-nth:22): r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) [ 552.836454] FAULT_INJECTION: forcing a failure. [ 552.836454] name failslab, interval 1, probability 0, space 0, times 0 [ 552.847773] CPU: 0 PID: 5802 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 552.855048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 552.864399] Call Trace: [ 552.866995] dump_stack+0x194/0x24d [ 552.870635] ? arch_local_irq_restore+0x53/0x53 [ 552.875326] should_fail+0x8c0/0xa40 [ 552.879046] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 552.884154] ? kasan_kmalloc+0xad/0xe0 [ 552.888041] ? kmem_cache_alloc_trace+0x136/0x740 [ 552.892884] ? __memcg_init_list_lru_node+0x169/0x270 [ 552.898065] ? __list_lru_init+0x544/0x750 [ 552.902280] ? sget_userns+0x6b1/0xe40 [ 552.906160] ? mount_fs+0x66/0x2d0 [ 552.909689] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 552.914424] ? do_mount+0xea4/0x2bb0 [ 552.918118] ? SyS_mount+0xab/0x120 [ 552.921747] ? do_syscall_64+0x281/0x940 [ 552.925799] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 552.931168] ? find_held_lock+0x35/0x1d0 [ 552.935225] ? __lock_is_held+0xb6/0x140 [ 552.939298] ? check_same_owner+0x320/0x320 [ 552.943628] ? rcu_note_context_switch+0x710/0x710 [ 552.948558] should_failslab+0xec/0x120 [ 552.952517] kmem_cache_alloc_trace+0x4b/0x740 [ 552.957081] ? __kmalloc_node+0x33/0x70 [ 552.961049] ? __kmalloc_node+0x33/0x70 [ 552.965023] ? rcu_read_lock_sched_held+0x108/0x120 [ 552.970046] __memcg_init_list_lru_node+0x169/0x270 [ 552.975071] ? list_lru_add+0x7c0/0x7c0 [ 552.979046] ? __kmalloc_node+0x47/0x70 [ 552.983028] __list_lru_init+0x544/0x750 [ 552.987082] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 552.992958] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 552.997968] ? lockdep_init_map+0x9/0x10 [ 553.002018] sget_userns+0x6b1/0xe40 [ 553.005716] ? get_anon_bdev+0x2a0/0x2a0 [ 553.009762] ? destroy_unused_super.part.6+0xd0/0xd0 [ 553.014846] ? alloc_vfsmnt+0x762/0x9c0 [ 553.018801] ? path_lookupat+0x238/0xba0 [ 553.022852] ? mnt_free_id.isra.21+0x50/0x50 [ 553.027243] ? trace_hardirqs_off+0x10/0x10 [ 553.031561] ? cap_capable+0x1b5/0x230 [ 553.035444] ? security_capable+0x8e/0xc0 [ 553.039570] ? get_anon_bdev+0x2a0/0x2a0 [ 553.043624] ? ns_capable_common+0xcf/0x160 [ 553.047939] ? get_anon_bdev+0x2a0/0x2a0 [ 553.051979] sget+0xd2/0x120 [ 553.054989] ? __get_fs_type+0x8a/0xc0 [ 553.058878] ? shmem_remount_fs+0x750/0x750 [ 553.063205] mount_nodev+0x37/0x100 [ 553.066826] shmem_mount+0x2c/0x40 [ 553.070348] mount_fs+0x66/0x2d0 [ 553.073713] vfs_kern_mount.part.26+0xc6/0x4a0 [ 553.078288] ? may_umount+0xa0/0xa0 [ 553.081905] ? _raw_read_unlock+0x22/0x30 [ 553.086045] ? __get_fs_type+0x8a/0xc0 [ 553.089939] do_mount+0xea4/0x2bb0 [ 553.093478] ? __might_fault+0x110/0x1d0 [ 553.097546] ? copy_mount_string+0x40/0x40 [ 553.101779] ? check_same_owner+0x320/0x320 [ 553.106097] ? __check_object_size+0x8b/0x530 [ 553.110616] ? __might_sleep+0x95/0x190 [ 553.114600] ? kasan_check_write+0x14/0x20 [ 553.118834] ? _copy_from_user+0x99/0x110 [ 553.122984] ? memdup_user+0x5e/0x90 [ 553.126693] ? copy_mount_options+0x1f7/0x2e0 [ 553.131196] SyS_mount+0xab/0x120 [ 553.134647] ? copy_mnt_ns+0xb30/0xb30 [ 553.138536] do_syscall_64+0x281/0x940 [ 553.142421] ? vmalloc_sync_all+0x30/0x30 [ 553.146569] ? _raw_spin_unlock_irq+0x27/0x70 [ 553.151065] ? finish_task_switch+0x1c1/0x7e0 [ 553.155559] ? syscall_return_slowpath+0x550/0x550 [ 553.160492] ? syscall_return_slowpath+0x2ac/0x550 [ 553.165421] ? prepare_exit_to_usermode+0x350/0x350 [ 553.170442] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 553.175811] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 553.180667] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 553.185853] RIP: 0033:0x454e79 [ 553.189036] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 553.196746] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 [ 553.204007] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 553.211263] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 553.218517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 553.225774] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000016 2018/03/31 14:23:41 executing program 0: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) fchdir(r0) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r1, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r3 = dup3(r1, r2, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r3, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r4 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r4, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:41 executing program 2: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000140)={0x0, 0x1c9c380}, &(0x7f00000000c0)) socket$kcm(0x29, 0x7, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x2000, 0x0) ioctl$TIOCSBRK(r0, 0x5427) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)) r1 = syz_open_dev$sndmidi(&(0x7f0000000100)='/dev/snd/midiC#D#\x00', 0x3, 0x40500) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000200)={0x0, @in={{0x2, 0x4e21, @remote={0xac, 0x14, 0x14, 0xbb}}}}, &(0x7f00000002c0)=0x84) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000300)={r2, 0x1}, 0x8) 2018/03/31 14:23:41 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8", 0x73) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:41 executing program 5 (fault-call:12 fault-nth:23): r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:41 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:41 executing program 4: sendmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x6, 0x20000) sendmsg$unix(r1, &(0x7f0000000480)={&(0x7f0000000240)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f00000003c0)=[{&(0x7f00000002c0)="90bc06759de1e547969f47355c7845894d326b8a094fa099887f6ac171eca243856301d7240d6a97ae7988213eaf8ae3b8351a8043b98eaf7014d80bf14df53cacd5807d2503a9acc16bf9e26893c9a9c49e6ac4e4ef33ae15bb920e23337b055cfea75defb810a2cdb31bd8307fc98be8372513e0207ed206c30e546b1a075a4643e110b03cf57d645951fd476877bde0e7a60f0c64b6e83c73104ac64bafc54ca812f092c61c4c6e4d0d299e5c6a19f13d1c", 0xb3}], 0x1, &(0x7f00000005c0)=ANY=[@ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="20000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="eb6cde0032185702b0a68f8cdd310b50bbc3ab0239fcceda0247653826b6f2b1c7b0797012679bb002645a1a6109a0d49f5b7ad5c9e94ab20c7ac4e436155c31bd0d2a8a38d3fcca83313c9414eb95c071982dab99efb22b11ac91f9610c0ae4"], 0x34, 0x84}, 0x40) ioctl$DRM_IOCTL_GET_MAP(r1, 0xc0286404, &(0x7f00000001c0)={&(0x7f0000ff9000/0x4000)=nil, 0x1, 0x5, 0x80, &(0x7f0000ffe000/0x2000)=nil, 0x3}) r2 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x400, 0x0) socket$inet6(0xa, 0x0, 0x0) r3 = socket$inet6(0xa, 0x40000080806, 0x0) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000400)='IPVS\x00') sendmsg$IPVS_CMD_ZERO(r1, &(0x7f0000000700)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000440)={&(0x7f0000000680)={0x80, r4, 0x20, 0x70bd28, 0x25dfdbfe, {0x10}, [@IPVS_CMD_ATTR_SERVICE={0x24, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, [@IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e22}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x7}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local={0xac, 0x14, 0x14, 0xaa}}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'fo\x00'}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e21}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000) bind$inet6(r3, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) listen(r3, 0x80001003) r5 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r5, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) readv(r5, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/11, 0x37}], 0x100000000000019c) close(r5) accept(r3, 0x0, &(0x7f0000efaffc)) sendmmsg(r5, &(0x7f00000000c0)=[{{&(0x7f0000000240)=@ax25={0x3, {"aba998cfc95797"}}, 0x80, &(0x7f00000016c0), 0x0, &(0x7f0000001740)}}], 0x198, 0x0) socket$can_raw(0x1d, 0x3, 0x1) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x8, 0x200, 0x20000800}) ioctl(r2, 0x2285, &(0x7f0000007000)='S') getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f00000004c0)={{{@in=@dev, @in6=@local}}, {{@in=@remote}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000180)=0xe8) getsockname$unix(r2, &(0x7f0000000040), &(0x7f0000000100)=0x6e) ioctl$TCSBRK(r1, 0x5409, 0xffff) 2018/03/31 14:23:41 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r6, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:41 executing program 7: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000080)=0x0) capset(&(0x7f00000000c0)={0x20080522, r0}, &(0x7f0000000140)={0xada7, 0x3f, 0x9, 0x10001, 0xf7, 0x2}) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)) [ 553.947131] FAULT_INJECTION: forcing a failure. [ 553.947131] name failslab, interval 1, probability 0, space 0, times 0 [ 553.958437] CPU: 1 PID: 5837 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 553.965704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 553.975046] Call Trace: [ 553.977631] dump_stack+0x194/0x24d [ 553.981257] ? arch_local_irq_restore+0x53/0x53 [ 553.985923] ? finish_task_switch+0x1c1/0x7e0 [ 553.990420] ? finish_task_switch+0x182/0x7e0 2018/03/31 14:23:42 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 553.994920] should_fail+0x8c0/0xa40 [ 553.998634] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 554.003739] ? mount_fs+0x66/0x2d0 [ 554.007283] ? __sched_text_start+0x8/0x8 [ 554.011429] ? find_held_lock+0x35/0x1d0 [ 554.015493] ? __lock_is_held+0xb6/0x140 [ 554.019571] ? check_same_owner+0x320/0x320 [ 554.023907] should_failslab+0xec/0x120 [ 554.027885] kmem_cache_alloc_trace+0x4b/0x740 [ 554.032470] ? __kmalloc_node+0x33/0x70 [ 554.036439] ? __kmalloc_node+0x33/0x70 [ 554.040414] ? rcu_read_lock_sched_held+0x108/0x120 2018/03/31 14:23:42 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 554.045445] __memcg_init_list_lru_node+0x169/0x270 [ 554.050470] ? list_lru_add+0x7c0/0x7c0 [ 554.054445] ? __kmalloc_node+0x47/0x70 [ 554.058425] __list_lru_init+0x544/0x750 [ 554.062491] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 554.068379] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 554.073400] ? lockdep_init_map+0x9/0x10 [ 554.077461] sget_userns+0x6b1/0xe40 [ 554.081168] ? get_anon_bdev+0x2a0/0x2a0 [ 554.085232] ? destroy_unused_super.part.6+0xd0/0xd0 [ 554.090336] ? alloc_vfsmnt+0x762/0x9c0 2018/03/31 14:23:42 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 554.094309] ? path_lookupat+0x238/0xba0 [ 554.098368] ? mnt_free_id.isra.21+0x50/0x50 [ 554.102776] ? trace_hardirqs_off+0x10/0x10 [ 554.107102] ? cap_capable+0x1b5/0x230 [ 554.110991] ? security_capable+0x8e/0xc0 [ 554.115135] ? get_anon_bdev+0x2a0/0x2a0 [ 554.119191] ? ns_capable_common+0xcf/0x160 [ 554.123504] ? get_anon_bdev+0x2a0/0x2a0 [ 554.127566] sget+0xd2/0x120 [ 554.130583] ? __get_fs_type+0x8a/0xc0 [ 554.134469] ? shmem_remount_fs+0x750/0x750 [ 554.138788] mount_nodev+0x37/0x100 [ 554.142412] shmem_mount+0x2c/0x40 2018/03/31 14:23:42 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 554.145948] mount_fs+0x66/0x2d0 [ 554.149312] vfs_kern_mount.part.26+0xc6/0x4a0 [ 554.153891] ? may_umount+0xa0/0xa0 [ 554.157514] ? _raw_read_unlock+0x22/0x30 [ 554.161658] ? __get_fs_type+0x8a/0xc0 [ 554.165551] do_mount+0xea4/0x2bb0 [ 554.169088] ? __might_fault+0x110/0x1d0 [ 554.173142] ? copy_mount_string+0x40/0x40 [ 554.177374] ? check_same_owner+0x320/0x320 [ 554.181689] ? __check_object_size+0x8b/0x530 [ 554.186186] ? __might_sleep+0x95/0x190 [ 554.190162] ? kasan_check_write+0x14/0x20 2018/03/31 14:23:42 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 554.194391] ? _copy_from_user+0x99/0x110 [ 554.198549] ? memdup_user+0x5e/0x90 [ 554.202259] ? copy_mount_options+0x1f7/0x2e0 [ 554.206753] SyS_mount+0xab/0x120 [ 554.210194] ? copy_mnt_ns+0xb30/0xb30 [ 554.214078] do_syscall_64+0x281/0x940 [ 554.217957] ? vmalloc_sync_all+0x30/0x30 [ 554.222105] ? _raw_spin_unlock_irq+0x27/0x70 [ 554.226594] ? finish_task_switch+0x1c1/0x7e0 [ 554.231085] ? syscall_return_slowpath+0x550/0x550 [ 554.236006] ? syscall_return_slowpath+0x2ac/0x550 [ 554.240934] ? prepare_exit_to_usermode+0x350/0x350 [ 554.245946] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 554.251305] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 554.256145] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 554.261324] RIP: 0033:0x454e79 [ 554.264505] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 554.272211] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 [ 554.279470] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 554.286734] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 2018/03/31 14:23:42 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:42 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r6, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:42 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 554.293995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 554.301257] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000017 2018/03/31 14:23:42 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)=ANY=[@ANYBLOB="6e6174000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000008151fea21e816cbac42dcb8c2fafeabb000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r1 = dup3(r0, 0xffffffffffffffff, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r1, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r2 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r2, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:43 executing program 5 (fault-call:12 fault-nth:24): r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:43 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r6, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:43 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:43 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)=ANY=[@ANYBLOB="6e6174000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff0000000000000000000000000000000000000000000000000000000000000000"], 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) pipe2(&(0x7f0000000240), 0x80000) getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r2, 0x84, 0xc, &(0x7f0000000100), &(0x7f0000000140)=0x4) ioctl$VHOST_GET_VRING_BASE(r2, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r3 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r3, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:43 executing program 4: sendmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x6, 0x20000) sendmsg$unix(r1, &(0x7f0000000480)={&(0x7f0000000240)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f00000003c0)=[{&(0x7f00000002c0)="90bc06759de1e547969f47355c7845894d326b8a094fa099887f6ac171eca243856301d7240d6a97ae7988213eaf8ae3b8351a8043b98eaf7014d80bf14df53cacd5807d2503a9acc16bf9e26893c9a9c49e6ac4e4ef33ae15bb920e23337b055cfea75defb810a2cdb31bd8307fc98be8372513e0207ed206c30e546b1a075a4643e110b03cf57d645951fd476877bde0e7a60f0c64b6e83c73104ac64bafc54ca812f092c61c4c6e4d0d299e5c6a19f13d1c", 0xb3}], 0x1, &(0x7f0000000400)=ANY=[@ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="20000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="eb610000"], 0x34, 0x84}, 0x40) r2 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x400, 0x0) socket$inet6(0xa, 0x0, 0x0) r3 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r3, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) listen(r3, 0x80001003) r4 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r4, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) readv(r4, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/11, 0x37}], 0x100000000000019c) close(r4) accept(r3, 0x0, &(0x7f0000efaffc)) readv(r0, &(0x7f0000000380)=[{&(0x7f00000005c0)=""/162, 0xa2}, {&(0x7f0000000680)=""/142, 0x8e}, {&(0x7f0000000740)=""/212, 0xd4}], 0x3) sendmmsg(r4, &(0x7f00000000c0)=[{{&(0x7f0000000240)=@ax25={0x3, {"aba998cfc95797"}}, 0x80, &(0x7f00000016c0), 0x0, &(0x7f0000001740)}}], 0x198, 0x0) socket$can_raw(0x1d, 0x3, 0x1) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x8, 0x200, 0x20000800}) ioctl(r2, 0x2285, &(0x7f0000007000)='S') getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f00000004c0)={{{@in=@dev, @in6=@local}}, {{@in=@remote}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000180)=0xe8) getsockname$unix(r2, &(0x7f0000000040), &(0x7f0000000100)=0x6e) ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f00000001c0)=0x10000001c) ioctl$TCSBRK(r1, 0x5409, 0xffff) 2018/03/31 14:23:43 executing program 2: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) r0 = socket$kcm(0x29, 0x7, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r1 = fcntl$getown(r0, 0x9) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r1, 0x7, &(0x7f0000000200)=""/220) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000300)={{{@in6, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in=@remote}}, &(0x7f0000000080)=0xe8) setfsuid(r3) 2018/03/31 14:23:43 executing program 7: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) madvise(&(0x7f00008ce000/0x4000)=nil, 0x4000, 0xf) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x0, 0x200) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'ipddp0\x00', 0x0}) setsockopt$inet6_mreq(r0, 0x29, 0x1d, &(0x7f0000000140)={@mcast2={0xff, 0x2, [], 0x1}, r1}, 0x14) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)) 2018/03/31 14:23:43 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8", 0x73) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) [ 555.245573] FAULT_INJECTION: forcing a failure. [ 555.245573] name failslab, interval 1, probability 0, space 0, times 0 [ 555.256875] CPU: 1 PID: 5909 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 555.264142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 555.273492] Call Trace: [ 555.276079] dump_stack+0x194/0x24d [ 555.279706] ? arch_local_irq_restore+0x53/0x53 [ 555.284375] ? __save_stack_trace+0x7e/0xd0 [ 555.288704] should_fail+0x8c0/0xa40 [ 555.292418] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 555.297515] ? kasan_kmalloc+0xad/0xe0 [ 555.301394] ? kmem_cache_alloc_trace+0x136/0x740 [ 555.306233] ? __memcg_init_list_lru_node+0x169/0x270 [ 555.311417] ? __list_lru_init+0x544/0x750 [ 555.315648] ? sget_userns+0x6b1/0xe40 [ 555.319527] ? mount_fs+0x66/0x2d0 [ 555.323062] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 555.327811] ? do_mount+0xea4/0x2bb0 [ 555.331520] ? SyS_mount+0xab/0x120 [ 555.335152] ? do_syscall_64+0x281/0x940 [ 555.339212] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 555.344574] ? find_held_lock+0x35/0x1d0 [ 555.348636] ? __lock_is_held+0xb6/0x140 [ 555.352704] ? check_same_owner+0x320/0x320 [ 555.357026] ? rcu_note_context_switch+0x710/0x710 [ 555.361964] should_failslab+0xec/0x120 [ 555.365937] kmem_cache_alloc_trace+0x4b/0x740 [ 555.370510] ? __kmalloc_node+0x33/0x70 [ 555.374486] ? __kmalloc_node+0x33/0x70 [ 555.378462] ? rcu_read_lock_sched_held+0x108/0x120 [ 555.383499] __memcg_init_list_lru_node+0x169/0x270 [ 555.388515] ? list_lru_add+0x7c0/0x7c0 [ 555.392488] ? __kmalloc_node+0x47/0x70 [ 555.396470] __list_lru_init+0x544/0x750 [ 555.400532] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 555.406406] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 555.411404] ? lockdep_init_map+0x9/0x10 [ 555.415457] sget_userns+0x6b1/0xe40 [ 555.419156] ? get_anon_bdev+0x2a0/0x2a0 [ 555.423202] ? destroy_unused_super.part.6+0xd0/0xd0 [ 555.428291] ? alloc_vfsmnt+0x762/0x9c0 [ 555.432247] ? path_lookupat+0x238/0xba0 [ 555.436290] ? mnt_free_id.isra.21+0x50/0x50 [ 555.440692] ? trace_hardirqs_off+0x10/0x10 [ 555.445060] ? cap_capable+0x1b5/0x230 [ 555.448947] ? security_capable+0x8e/0xc0 [ 555.453084] ? get_anon_bdev+0x2a0/0x2a0 [ 555.457136] ? ns_capable_common+0xcf/0x160 [ 555.461445] ? get_anon_bdev+0x2a0/0x2a0 [ 555.465493] sget+0xd2/0x120 [ 555.468493] ? __get_fs_type+0x8a/0xc0 [ 555.472369] ? shmem_remount_fs+0x750/0x750 [ 555.476676] mount_nodev+0x37/0x100 [ 555.480289] shmem_mount+0x2c/0x40 [ 555.483808] mount_fs+0x66/0x2d0 [ 555.487161] vfs_kern_mount.part.26+0xc6/0x4a0 [ 555.491729] ? may_umount+0xa0/0xa0 [ 555.495351] ? _raw_read_unlock+0x22/0x30 [ 555.499490] ? __get_fs_type+0x8a/0xc0 [ 555.503364] do_mount+0xea4/0x2bb0 [ 555.506878] ? __might_fault+0x110/0x1d0 [ 555.510917] ? copy_mount_string+0x40/0x40 [ 555.515131] ? check_same_owner+0x320/0x320 [ 555.519443] ? __check_object_size+0x8b/0x530 [ 555.523933] ? __might_sleep+0x95/0x190 [ 555.527905] ? kasan_check_write+0x14/0x20 [ 555.532125] ? _copy_from_user+0x99/0x110 [ 555.536250] ? memdup_user+0x5e/0x90 [ 555.539937] ? copy_mount_options+0x1f7/0x2e0 [ 555.544408] SyS_mount+0xab/0x120 [ 555.547841] ? copy_mnt_ns+0xb30/0xb30 [ 555.551714] do_syscall_64+0x281/0x940 [ 555.555579] ? vmalloc_sync_all+0x30/0x30 [ 555.559705] ? _raw_spin_unlock_irq+0x27/0x70 [ 555.564182] ? finish_task_switch+0x1c1/0x7e0 [ 555.568653] ? syscall_return_slowpath+0x550/0x550 [ 555.573558] ? syscall_return_slowpath+0x2ac/0x550 [ 555.578463] ? prepare_exit_to_usermode+0x350/0x350 [ 555.583460] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 555.588804] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 555.593636] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 555.598815] RIP: 0033:0x454e79 [ 555.601990] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 555.609691] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 [ 555.616946] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 555.624208] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 555.631460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 555.638707] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000018 2018/03/31 14:23:44 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:44 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f", 0xad) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:44 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) r1 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) r2 = fcntl$getown(r1, 0x9) wait4(r2, &(0x7f0000000100), 0x1, &(0x7f0000000480)) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r4 = dup3(r0, r3, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r4, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r5 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r5, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:44 executing program 3: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(0xffffffffffffffff, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r1, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r3 = dup3(r0, r2, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r3, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r1, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r4 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r4, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r4, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:44 executing program 5 (fault-call:12 fault-nth:25): r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:44 executing program 2: nanosleep(&(0x7f0000000080)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) socket$kcm(0x29, 0x7, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)) shmget$private(0x0, 0x3000, 0x0, &(0x7f0000829000/0x3000)=nil) 2018/03/31 14:23:44 executing program 4: r0 = fcntl$dupfd(0xffffffffffffff9c, 0x406, 0xffffffffffffff9c) ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, &(0x7f00000005c0)=""/188) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000380)='/dev/sg#\x00', 0x6, 0x20002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000001c0)=0x0) sched_getscheduler(r3) sendmsg$unix(r2, &(0x7f0000000480)={&(0x7f0000000240)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f00000003c0)=[{&(0x7f00000002c0)="90bc06759de1e547969f47355c7845894d326b8a094fa099887f6ac171eca243856301d7240d6a97ae7988213eaf8ae3b8351a8043b98eaf7014d80bf14df53cacd5807d2503a9acc16bf9e26893c9a9c49e6ac4e4ef33ae15bb920e23337b055cfea75defb810a2cdb31bd8307fc98be8372513e0207ed206c30e546b1a075a4643e110b03cf57d645951fd476877bde0e7a60f0c64b6e83c73104ac64bafc54ca812f092c61c4c6e4d0d299e5c6a19f13d1c", 0xb3}], 0x1, &(0x7f0000000700)=ANY=[@ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r1, @ANYBLOB="200067d31d3802ec10119c4cae7e93ac1e34764d0c4f781b365a67a0bdedd73bd9f72a21", @ANYRES32=r1, @ANYRES32=r1, @ANYBLOB="eb610000"], 0x34, 0x84}, 0x40) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x400, 0x0) r4 = socket$inet6(0xa, 0x0, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000780)={{{@in6=@remote, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in6}}, &(0x7f0000000880)=0xe8) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000008c0)={'eql\x00', r5}) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000200)={0x4b, 0x8, 0x5, 0x8, 0x3f, 0x1c}) r6 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r6, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(0xffffffffffffffff, 0x40505331, &(0x7f0000000680)={{0x80000001, 0x2}, {0x3, 0x1ff}, 0x2, 0x4, 0x6}) listen(r6, 0x80001003) r7 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r7, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) readv(r7, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/11, 0x37}], 0x100000000000019c) close(r7) accept(r6, 0x0, &(0x7f0000efaffc)) sendmmsg(r7, &(0x7f00000000c0)=[{{&(0x7f0000000240)=@ax25={0x3, {"aba998cfc95797"}}, 0x80, &(0x7f00000016c0), 0x0, &(0x7f0000001740)}}], 0x198, 0x0) socket$can_raw(0x1d, 0x3, 0x1) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x8, 0x200, 0x20000800}) ioctl(0xffffffffffffffff, 0x2285, &(0x7f0000007000)='S') getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000004c0)={{{@in=@dev, @in6=@local}}, {{@in=@remote}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000180)=0xe8) getsockname$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000100)=0x6e) ioctl$TCSBRK(r4, 0x5409, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x37, &(0x7f0000000400)=""/31, &(0x7f0000000440)=0x1f) 2018/03/31 14:23:44 executing program 7: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000100), &(0x7f0000000080)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)) 2018/03/31 14:23:44 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 556.588524] FAULT_INJECTION: forcing a failure. [ 556.588524] name failslab, interval 1, probability 0, space 0, times 0 [ 556.599912] CPU: 1 PID: 5967 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 556.607185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 556.616535] Call Trace: [ 556.619124] dump_stack+0x194/0x24d [ 556.622750] ? arch_local_irq_restore+0x53/0x53 [ 556.627416] ? __save_stack_trace+0x7e/0xd0 [ 556.631747] should_fail+0x8c0/0xa40 2018/03/31 14:23:44 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 556.635463] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 556.640562] ? kasan_kmalloc+0xad/0xe0 [ 556.644444] ? kmem_cache_alloc_trace+0x136/0x740 [ 556.649281] ? __memcg_init_list_lru_node+0x169/0x270 [ 556.654472] ? __list_lru_init+0x544/0x750 [ 556.658705] ? sget_userns+0x6b1/0xe40 [ 556.662590] ? mount_fs+0x66/0x2d0 [ 556.666126] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 556.670874] ? do_mount+0xea4/0x2bb0 [ 556.674579] ? SyS_mount+0xab/0x120 [ 556.678202] ? do_syscall_64+0x281/0x940 [ 556.682261] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 2018/03/31 14:23:44 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={0x0, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 556.687622] ? find_held_lock+0x35/0x1d0 [ 556.691685] ? __lock_is_held+0xb6/0x140 [ 556.695755] ? check_same_owner+0x320/0x320 [ 556.700079] ? rcu_note_context_switch+0x710/0x710 [ 556.705021] should_failslab+0xec/0x120 [ 556.709000] kmem_cache_alloc_trace+0x4b/0x740 [ 556.713577] ? __kmalloc_node+0x33/0x70 [ 556.717548] ? __kmalloc_node+0x33/0x70 [ 556.721522] ? rcu_read_lock_sched_held+0x108/0x120 [ 556.726535] __memcg_init_list_lru_node+0x169/0x270 [ 556.731546] ? list_lru_add+0x7c0/0x7c0 [ 556.735516] ? __kmalloc_node+0x47/0x70 [ 556.739490] __list_lru_init+0x544/0x750 [ 556.743554] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 556.749430] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 556.754443] ? lockdep_init_map+0x9/0x10 [ 556.758506] sget_userns+0x6b1/0xe40 [ 556.762212] ? get_anon_bdev+0x2a0/0x2a0 [ 556.766273] ? destroy_unused_super.part.6+0xd0/0xd0 [ 556.771366] ? alloc_vfsmnt+0x762/0x9c0 [ 556.775316] ? path_lookupat+0x238/0xba0 [ 556.779365] ? mnt_free_id.isra.21+0x50/0x50 [ 556.783772] ? trace_hardirqs_off+0x10/0x10 [ 556.788080] ? cap_capable+0x1b5/0x230 [ 556.791945] ? security_capable+0x8e/0xc0 [ 556.796074] ? get_anon_bdev+0x2a0/0x2a0 [ 556.800116] ? ns_capable_common+0xcf/0x160 [ 556.804412] ? get_anon_bdev+0x2a0/0x2a0 [ 556.808448] sget+0xd2/0x120 [ 556.811443] ? __get_fs_type+0x8a/0xc0 [ 556.815310] ? shmem_remount_fs+0x750/0x750 [ 556.819612] mount_nodev+0x37/0x100 [ 556.823236] shmem_mount+0x2c/0x40 [ 556.826764] mount_fs+0x66/0x2d0 [ 556.830115] vfs_kern_mount.part.26+0xc6/0x4a0 [ 556.834676] ? may_umount+0xa0/0xa0 [ 556.838288] ? _raw_read_unlock+0x22/0x30 [ 556.842416] ? __get_fs_type+0x8a/0xc0 [ 556.846290] do_mount+0xea4/0x2bb0 [ 556.849814] ? __might_fault+0x110/0x1d0 [ 556.853857] ? copy_mount_string+0x40/0x40 [ 556.858073] ? check_same_owner+0x320/0x320 [ 556.862378] ? __check_object_size+0x8b/0x530 [ 556.866856] ? __might_sleep+0x95/0x190 [ 556.870819] ? kasan_check_write+0x14/0x20 [ 556.875042] ? _copy_from_user+0x99/0x110 [ 556.879169] ? memdup_user+0x5e/0x90 [ 556.882858] ? copy_mount_options+0x1f7/0x2e0 [ 556.887336] SyS_mount+0xab/0x120 [ 556.890770] ? copy_mnt_ns+0xb30/0xb30 [ 556.894648] do_syscall_64+0x281/0x940 [ 556.898524] ? vmalloc_sync_all+0x30/0x30 [ 556.902667] ? _raw_spin_unlock_irq+0x27/0x70 [ 556.907151] ? finish_task_switch+0x1c1/0x7e0 [ 556.911637] ? syscall_return_slowpath+0x550/0x550 [ 556.916548] ? syscall_return_slowpath+0x2ac/0x550 [ 556.921451] ? prepare_exit_to_usermode+0x350/0x350 [ 556.926446] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 556.931787] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 556.936606] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 556.941767] RIP: 0033:0x454e79 [ 556.944931] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 556.952617] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 [ 556.959871] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 556.967123] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 556.974367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 556.981615] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000019 2018/03/31 14:23:45 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f", 0xad) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:45 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={0x0, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:45 executing program 5 (fault-call:12 fault-nth:26): r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:45 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000100)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r2, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r3 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r3, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:45 executing program 2: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) socket$kcm(0x29, 0x7, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000001440)='/dev/hwrng\x00', 0x180, 0x0) connect$llc(r0, &(0x7f0000001480)={0x1a, 0x323, 0x8, 0x8001, 0x7, 0x269, @random="5964fe3ea1a1"}, 0x10) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x3, 0x0, 0x2, &(0x7f0000000140)) 2018/03/31 14:23:45 executing program 4: sendmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x6, 0x20000) sendmsg$unix(r1, &(0x7f0000000480)={&(0x7f0000000240)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f00000003c0)=[{&(0x7f00000002c0)="90bc06759de1e547969f47355c7845894d326b8a094fa099887f6ac171eca243856301d7240d6a97ae7988213eaf8ae3b8351a8043b98eaf7014d80bf14df53cacd5807d2503a9acc16bf9e26893c9a9c49e6ac4e4ef33ae15bb920e23337b055cfea75defb810a2cdb31bd8307fc98be8372513e0207ed206c30e546b1a075a4643e110b03cf57d645951fd476877bde0e7a60f0c64b6e83c73104ac64bafc54ca812f092c61c4c6e4d0d299e5c6a19f13d1c", 0xb3}], 0x1, &(0x7f0000000400)=ANY=[@ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="20000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00'], 0x34, 0x84}, 0x40) r2 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x400, 0x0) socket$inet6(0xa, 0x0, 0x0) r3 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r3, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) listen(r3, 0x80001003) r4 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r4, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) readv(r4, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/11, 0x37}], 0x100000000000019c) close(r4) accept(r3, 0x0, &(0x7f0000efaffc)) sendmmsg(r4, &(0x7f00000000c0)=[{{&(0x7f0000000240)=@ax25={0x3, {"aba998cfc95797"}}, 0x80, &(0x7f00000016c0), 0x0, &(0x7f0000001740)}}], 0x198, 0x0) socket$can_raw(0x1d, 0x3, 0x1) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x8, 0x200, 0x20000800}) ioctl(r2, 0x2285, &(0x7f0000007000)='S') getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f00000004c0)={{{@in=@dev, @in6=@local}}, {{@in=@remote}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000180)=0xe8) getsockname$unix(r2, &(0x7f0000000040), &(0x7f0000000100)=0x6e) ioctl$TCSBRK(r1, 0x5409, 0xffff) 2018/03/31 14:23:45 executing program 7: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00000000c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x8, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$inet_sctp(r0, &(0x7f00000005c0)={&(0x7f0000000080)=@in6={0xa, 0x4e21, 0x2d0d, @local={0xfe, 0x80, [], 0xaa}, 0x400}, 0x1c, &(0x7f0000000540)=[{&(0x7f0000000140)="7e698a09f3b3ce46f3cf255e0ad4059ce365eac34503d24de4e5a56214640de39cbf4ab554", 0x25}, {&(0x7f0000000200)="f6e52c4be3540b79971edec5c770793b5651210cb4f9f537cb333b9d86a8f17a0dd35caf9736fea9be4b18d02ecc0faea9457c05ad238d0d777f74174f53b3dc0a52be3e77d30d0ca3f59d912fa43c615f917345f8eb3a4513333fcbf247f4628dc1825f43afd7c0003bd17da95918853e7c070e4abf855006", 0x79}, {&(0x7f0000000280)="71ea717f7ecf75ec0850bb99382d7ae36b75ae2ca5412e8fdaef1dedf6f9a3c6dc83613074aafddd6ffc4a026650f4fabacd7cbc1b51ef600c40ae3f1e890958a3a86193c019b3e223ff1726a8d30da04c4275910496cacfb955bbeede3f4ca66223eb40b4081d1ad67a38c086c52174b68c7c75fac2649601fa84122b00684d4c95e7f54cf2bbee6d6ce40472aa6da42921885753d226d6eb4c3243fded2661e0f6d87773e8796856ba31686102a7120450dfbc32559c01c950", 0xba}, {&(0x7f0000000340)="f02bde9cb82b2c7d8b2e4f8ae75fe0bfc091b93eccb3c3eaa38310103dcedaa703eb508458426b7446b9b90ba97c67a4cf306fe73df369c3d3bd6580febf518618e902de361249c838c3057abd100a76f100809b1db3f2956293d164e2a2770cb7df72827ce2346118d412ecec8fd4ad8fd9f91309f37f5026abb9214f9bda5cb6ed", 0x82}, {&(0x7f0000000400)}, {&(0x7f0000000440)="e6dfcb60df8122d4021a501f6bd3431c7fc718dd399e31b6739ec666fd24fd8ca6a4e8b93fb1ae32ca3ce178b8134a7544c967fec34b6535f496285d5c456158f5a427607ac61aacacc5cae5d36231d31e347f7cdcc3063ec6f77477963feb58fae7db7ce3815aa6d6c01986a0ded39af7f45d2c4241fd25a3cc8edf6c311bf704ae032625c160d325bc1ed391c960fe2efecb7014f4edfcc3eea25c5103f320563de089b05bf392da533f21c9164bc9bca6cb98dbc5bfa3729f70026c0d6ee5e4e4d0a71a141835befb446401d20d0221f7717e400a27e09e", 0xd9}], 0x6}, 0x8000) 2018/03/31 14:23:45 executing program 3: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(0xffffffffffffffff, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r1, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r3 = dup3(r0, r2, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r3, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r1, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r4 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r4, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r4, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) [ 557.738348] FAULT_INJECTION: forcing a failure. [ 557.738348] name failslab, interval 1, probability 0, space 0, times 0 [ 557.749704] CPU: 1 PID: 6006 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 557.756976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 557.766498] Call Trace: [ 557.769087] dump_stack+0x194/0x24d [ 557.772727] ? arch_local_irq_restore+0x53/0x53 [ 557.777399] ? __save_stack_trace+0x7e/0xd0 [ 557.781728] should_fail+0x8c0/0xa40 2018/03/31 14:23:45 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={0x0, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 557.785442] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 557.790549] ? kasan_kmalloc+0xad/0xe0 [ 557.794436] ? kmem_cache_alloc_trace+0x136/0x740 [ 557.799281] ? __memcg_init_list_lru_node+0x169/0x270 [ 557.804462] ? __list_lru_init+0x544/0x750 [ 557.808689] ? sget_userns+0x6b1/0xe40 [ 557.812575] ? mount_fs+0x66/0x2d0 [ 557.816113] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 557.820864] ? do_mount+0xea4/0x2bb0 [ 557.824567] ? SyS_mount+0xab/0x120 [ 557.828189] ? do_syscall_64+0x281/0x940 [ 557.832249] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 2018/03/31 14:23:45 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x0, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 557.837619] ? find_held_lock+0x35/0x1d0 [ 557.841683] ? __lock_is_held+0xb6/0x140 [ 557.845753] ? check_same_owner+0x320/0x320 [ 557.850077] ? rcu_note_context_switch+0x710/0x710 [ 557.855014] should_failslab+0xec/0x120 [ 557.858989] kmem_cache_alloc_trace+0x4b/0x740 [ 557.863564] ? __kmalloc_node+0x33/0x70 [ 557.867532] ? __kmalloc_node+0x33/0x70 [ 557.871503] ? rcu_read_lock_sched_held+0x108/0x120 [ 557.876523] __memcg_init_list_lru_node+0x169/0x270 [ 557.881536] ? list_lru_add+0x7c0/0x7c0 2018/03/31 14:23:45 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x0, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 557.885505] ? __kmalloc_node+0x47/0x70 [ 557.889482] __list_lru_init+0x544/0x750 [ 557.893545] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 557.899428] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 557.904445] ? lockdep_init_map+0x9/0x10 [ 557.908505] sget_userns+0x6b1/0xe40 [ 557.912216] ? get_anon_bdev+0x2a0/0x2a0 [ 557.916286] ? destroy_unused_super.part.6+0xd0/0xd0 [ 557.921389] ? alloc_vfsmnt+0x762/0x9c0 [ 557.925358] ? path_lookupat+0x238/0xba0 [ 557.929415] ? mnt_free_id.isra.21+0x50/0x50 [ 557.933830] ? trace_hardirqs_off+0x10/0x10 2018/03/31 14:23:45 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x0, 0x9, [0x8000, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:46 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x8, [0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x18) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 557.938149] ? cap_capable+0x1b5/0x230 [ 557.942039] ? security_capable+0x8e/0xc0 [ 557.946183] ? get_anon_bdev+0x2a0/0x2a0 [ 557.950240] ? ns_capable_common+0xcf/0x160 [ 557.954561] ? get_anon_bdev+0x2a0/0x2a0 [ 557.958616] sget+0xd2/0x120 [ 557.961630] ? __get_fs_type+0x8a/0xc0 [ 557.965516] ? shmem_remount_fs+0x750/0x750 [ 557.969833] mount_nodev+0x37/0x100 [ 557.973455] shmem_mount+0x2c/0x40 [ 557.976985] mount_fs+0x66/0x2d0 [ 557.980345] vfs_kern_mount.part.26+0xc6/0x4a0 [ 557.984926] ? may_umount+0xa0/0xa0 2018/03/31 14:23:46 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x8, [0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x18) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 557.988546] ? _raw_read_unlock+0x22/0x30 [ 557.992690] ? __get_fs_type+0x8a/0xc0 [ 557.996573] do_mount+0xea4/0x2bb0 [ 558.000108] ? __might_fault+0x110/0x1d0 [ 558.004164] ? copy_mount_string+0x40/0x40 [ 558.008393] ? check_same_owner+0x320/0x320 [ 558.012710] ? __check_object_size+0x8b/0x530 [ 558.017204] ? __might_sleep+0x95/0x190 [ 558.021176] ? kasan_check_write+0x14/0x20 [ 558.025403] ? _copy_from_user+0x99/0x110 [ 558.029550] ? memdup_user+0x5e/0x90 [ 558.033264] ? copy_mount_options+0x1f7/0x2e0 2018/03/31 14:23:46 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x8, [0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x18) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 558.037758] SyS_mount+0xab/0x120 [ 558.041203] ? copy_mnt_ns+0xb30/0xb30 [ 558.045086] do_syscall_64+0x281/0x940 [ 558.048969] ? vmalloc_sync_all+0x30/0x30 [ 558.053112] ? _raw_spin_unlock_irq+0x27/0x70 [ 558.057601] ? finish_task_switch+0x1c1/0x7e0 [ 558.062093] ? syscall_return_slowpath+0x550/0x550 [ 558.067025] ? syscall_return_slowpath+0x2ac/0x550 [ 558.071953] ? prepare_exit_to_usermode+0x350/0x350 [ 558.076965] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 558.082328] ? trace_hardirqs_off_thunk+0x1a/0x1c 2018/03/31 14:23:46 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x0, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 558.087170] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 558.092350] RIP: 0033:0x454e79 [ 558.095530] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 558.103226] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 [ 558.110489] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 558.117752] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 558.125014] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 558.132286] R13: 00000000000003fa R14: 00000000006f8010 R15: 000000000000001a 2018/03/31 14:23:46 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r2, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000100)) r3 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r3, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:46 executing program 3: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(0xffffffffffffffff, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r1, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r3 = dup3(r0, r2, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r3, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r1, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r4 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r4, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r4, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:46 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f", 0xad) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:46 executing program 4: sendmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x5, 0x120000) sendmsg$unix(r1, &(0x7f0000000480)={&(0x7f0000000240)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f00000003c0)=[{&(0x7f00000002c0)="90bc06759de1e547969f47355c7845894d326b8a094fa099887f6ac171eca243856301d7240d6a97ae7988213eaf8ae3b8351a8043b98eaf7014d80bf14df53cacd5807d2503a9acc16bf9e26893c9a9c49e6ac4e4ef33ae15bb920e23337b055cfea75defb810a2cdb31bd8307fc98be8372513e0207ed206c30e546b1a075a4643e110b03cf57d645951fd476877bde0e7a60f0c64b6e83c73104ac64bafc54ca812f092c61c4c6e4d0d299e5c6a19f13d1c", 0xb3}], 0x1, &(0x7f0000000400)=ANY=[@ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="20000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="eb610000"], 0x34, 0x84}, 0x40) r2 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x400, 0x0) socket$inet6(0xa, 0x0, 0x0) r4 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r4, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) listen(r4, 0x80001003) r5 = dup2(r2, r3) getsockname$netlink(r5, &(0x7f00000001c0), &(0x7f0000000380)=0xc) r6 = socket$inet6(0xa, 0x7, 0x0) connect$inet6(r6, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) readv(r6, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/11, 0x37}], 0x100000000000019c) close(r6) accept(r4, 0x0, &(0x7f0000efaffc)) sendmmsg(r6, &(0x7f00000000c0)=[{{&(0x7f0000000240)=@ax25={0x3, {"aba998cfc95797"}}, 0x80, &(0x7f00000016c0), 0x0, &(0x7f0000001740)}}], 0x198, 0x0) socket$can_raw(0x1d, 0x3, 0x1) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x8, 0x200, 0x20000800}) ioctl(r2, 0x2285, &(0x7f0000007000)='S') getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f00000004c0)={{{@in=@dev, @in6=@local}}, {{@in=@remote}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000180)=0xe8) getsockname$unix(r2, &(0x7f0000000040), &(0x7f0000000100)=0x6e) ioctl$TCSBRK(r1, 0x5409, 0xffff) 2018/03/31 14:23:46 executing program 5 (fault-call:12 fault-nth:27): r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:46 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x0, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:46 executing program 2: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) r0 = socket$kcm(0x29, 0x7, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x3, 0x28000) ioctl$EVIOCSCLOCKID(r1, 0x400445a0, &(0x7f00000000c0)=0xffffffff) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000140)={0x0}, &(0x7f0000000200)=0xc) ptrace$peekuser(0x3, r2, 0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)) 2018/03/31 14:23:46 executing program 7: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x0, 0x8080001, 0x0, &(0x7f0000000000)) [ 558.990501] FAULT_INJECTION: forcing a failure. [ 558.990501] name failslab, interval 1, probability 0, space 0, times 0 [ 559.001814] CPU: 1 PID: 6068 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 559.009082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 559.018431] Call Trace: [ 559.021024] dump_stack+0x194/0x24d [ 559.024653] ? arch_local_irq_restore+0x53/0x53 [ 559.029313] ? __save_stack_trace+0x7e/0xd0 [ 559.033618] should_fail+0x8c0/0xa40 [ 559.037309] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 559.042389] ? kasan_kmalloc+0xad/0xe0 [ 559.046250] ? kmem_cache_alloc_trace+0x136/0x740 [ 559.051066] ? __memcg_init_list_lru_node+0x169/0x270 [ 559.056229] ? __list_lru_init+0x544/0x750 [ 559.060436] ? sget_userns+0x6b1/0xe40 [ 559.064297] ? mount_fs+0x66/0x2d0 [ 559.067813] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 559.072541] ? do_mount+0xea4/0x2bb0 [ 559.076229] ? SyS_mount+0xab/0x120 [ 559.079832] ? do_syscall_64+0x281/0x940 [ 559.083868] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 559.089216] ? find_held_lock+0x35/0x1d0 [ 559.093253] ? __lock_is_held+0xb6/0x140 [ 559.097298] ? check_same_owner+0x320/0x320 [ 559.101598] ? rcu_note_context_switch+0x710/0x710 [ 559.106508] should_failslab+0xec/0x120 [ 559.110461] kmem_cache_alloc_trace+0x4b/0x740 [ 559.115027] ? __kmalloc_node+0x33/0x70 [ 559.118979] ? __kmalloc_node+0x33/0x70 [ 559.122930] ? rcu_read_lock_sched_held+0x108/0x120 [ 559.127925] __memcg_init_list_lru_node+0x169/0x270 [ 559.132918] ? list_lru_add+0x7c0/0x7c0 [ 559.136868] ? __kmalloc_node+0x47/0x70 [ 559.140821] __list_lru_init+0x544/0x750 [ 559.144861] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 559.150727] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 559.155724] ? lockdep_init_map+0x9/0x10 [ 559.159770] sget_userns+0x6b1/0xe40 [ 559.163459] ? get_anon_bdev+0x2a0/0x2a0 [ 559.167498] ? destroy_unused_super.part.6+0xd0/0xd0 [ 559.172578] ? alloc_vfsmnt+0x762/0x9c0 [ 559.176526] ? path_lookupat+0x238/0xba0 [ 559.180560] ? mnt_free_id.isra.21+0x50/0x50 [ 559.184947] ? trace_hardirqs_off+0x10/0x10 [ 559.189246] ? cap_capable+0x1b5/0x230 [ 559.193112] ? security_capable+0x8e/0xc0 [ 559.197235] ? get_anon_bdev+0x2a0/0x2a0 [ 559.201272] ? ns_capable_common+0xcf/0x160 [ 559.205571] ? get_anon_bdev+0x2a0/0x2a0 [ 559.209605] sget+0xd2/0x120 [ 559.212598] ? __get_fs_type+0x8a/0xc0 [ 559.216460] ? shmem_remount_fs+0x750/0x750 [ 559.220759] mount_nodev+0x37/0x100 [ 559.224362] shmem_mount+0x2c/0x40 [ 559.227876] mount_fs+0x66/0x2d0 [ 559.231218] vfs_kern_mount.part.26+0xc6/0x4a0 [ 559.235777] ? may_umount+0xa0/0xa0 [ 559.239381] ? _raw_read_unlock+0x22/0x30 [ 559.243501] ? __get_fs_type+0x8a/0xc0 [ 559.247366] do_mount+0xea4/0x2bb0 [ 559.250880] ? __might_fault+0x110/0x1d0 [ 559.254920] ? copy_mount_string+0x40/0x40 [ 559.259133] ? check_same_owner+0x320/0x320 [ 559.263428] ? __check_object_size+0x8b/0x530 [ 559.267902] ? __might_sleep+0x95/0x190 [ 559.271853] ? kasan_check_write+0x14/0x20 [ 559.276062] ? _copy_from_user+0x99/0x110 [ 559.280190] ? memdup_user+0x5e/0x90 [ 559.283878] ? copy_mount_options+0x1f7/0x2e0 [ 559.288348] SyS_mount+0xab/0x120 [ 559.291776] ? copy_mnt_ns+0xb30/0xb30 [ 559.295642] do_syscall_64+0x281/0x940 [ 559.299504] ? vmalloc_sync_all+0x30/0x30 [ 559.303629] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 559.309142] ? syscall_return_slowpath+0x550/0x550 [ 559.314049] ? syscall_return_slowpath+0x2ac/0x550 [ 559.318958] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 559.324298] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 559.329119] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 559.334282] RIP: 0033:0x454e79 2018/03/31 14:23:47 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x0, 0x4, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 559.337446] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 559.345127] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 [ 559.352374] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 559.359617] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 559.366860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 559.374104] R13: 00000000000003fa R14: 00000000006f8010 R15: 000000000000001b 2018/03/31 14:23:47 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r6, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:47 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c", 0xca) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:47 executing program 5 (fault-call:12 fault-nth:28): r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:47 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x40}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r2, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) socket$inet(0x2, 0x3, 0x2) [ 559.560698] FAULT_INJECTION: forcing a failure. [ 559.560698] name failslab, interval 1, probability 0, space 0, times 0 [ 559.571990] CPU: 1 PID: 6110 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 559.579261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 559.588608] Call Trace: [ 559.591198] dump_stack+0x194/0x24d [ 559.594833] ? arch_local_irq_restore+0x53/0x53 [ 559.599501] ? __save_stack_trace+0x7e/0xd0 [ 559.603831] should_fail+0x8c0/0xa40 2018/03/31 14:23:47 executing program 4: sendmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x6, 0x20000) sendmsg$unix(r1, &(0x7f0000000480)={&(0x7f0000000240)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f00000003c0)=[{&(0x7f00000002c0)="90bc06759de1e547969f47355c7845894d326b8a094fa099887f6ac171eca243856301d7240d6a97ae7988213eaf8ae3b8351a8043b98eaf7014d80bf14df53cacd5807d2503a9acc16bf9e26893c9a9c49e6ac4e4ef33ae15bb920e23337b055cfea75defb810a2cdb31bd8307fc98be8372513e0207ed206c30e546b1a075a4643e110b03cf57d645951fd476877bde0e7a60f0c64b6e83c73104ac64bafc54ca812f092c61c4c6e4d0d299e5c6a19f13d1c", 0xb3}], 0x1, &(0x7f0000000400)=ANY=[@ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="200000000000000001000d0001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="eb610000"], 0x34, 0x84}, 0x40) r2 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x400, 0x0) r3 = socket$inet6(0xa, 0x0, 0x0) r4 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r4, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) listen(r3, 0x805) r5 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r5, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) readv(r5, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/11, 0x37}], 0x100000000000019c) close(r5) accept(r4, 0x0, &(0x7f0000efaffc)) sendmmsg(r5, &(0x7f00000000c0)=[{{&(0x7f0000000240)=@ax25={0x3, {"aba998cfc95797"}}, 0x80, &(0x7f00000016c0), 0x0, &(0x7f0000001740)}}], 0x198, 0x0) socket$can_raw(0x1d, 0x3, 0x1) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x8, 0x200, 0x20000800}) ioctl(r2, 0x2285, &(0x7f0000007000)='S') getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f00000004c0)={{{@in=@dev, @in6=@local}}, {{@in=@remote}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000180)=0xe8) getsockname$unix(r2, &(0x7f0000000040), &(0x7f0000000100)=0x6e) ioctl$TCSBRK(r1, 0x5409, 0xffff) 2018/03/31 14:23:47 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x8, [0x8000, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x18) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 559.607551] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 559.612653] ? kasan_kmalloc+0xad/0xe0 [ 559.616534] ? kmem_cache_alloc_trace+0x136/0x740 [ 559.621369] ? __memcg_init_list_lru_node+0x169/0x270 [ 559.626549] ? __list_lru_init+0x544/0x750 [ 559.630778] ? sget_userns+0x6b1/0xe40 [ 559.634661] ? mount_fs+0x66/0x2d0 [ 559.638203] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 559.642950] ? do_mount+0xea4/0x2bb0 [ 559.646659] ? SyS_mount+0xab/0x120 [ 559.650282] ? do_syscall_64+0x281/0x940 [ 559.654339] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 2018/03/31 14:23:47 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x8, [0x8000, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x18) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 559.659707] ? find_held_lock+0x35/0x1d0 [ 559.663773] ? __lock_is_held+0xb6/0x140 [ 559.667844] ? check_same_owner+0x320/0x320 [ 559.672171] ? rcu_note_context_switch+0x710/0x710 [ 559.677113] should_failslab+0xec/0x120 [ 559.681086] kmem_cache_alloc_trace+0x4b/0x740 [ 559.685669] ? __kmalloc_node+0x33/0x70 [ 559.689638] ? __kmalloc_node+0x33/0x70 [ 559.693610] ? rcu_read_lock_sched_held+0x108/0x120 [ 559.698630] __memcg_init_list_lru_node+0x169/0x270 [ 559.703642] ? list_lru_add+0x7c0/0x7c0 [ 559.707614] ? __kmalloc_node+0x47/0x70 [ 559.711592] __list_lru_init+0x544/0x750 [ 559.715652] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 559.721536] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 559.726553] ? lockdep_init_map+0x9/0x10 [ 559.730613] sget_userns+0x6b1/0xe40 [ 559.735196] ? get_anon_bdev+0x2a0/0x2a0 [ 559.739258] ? destroy_unused_super.part.6+0xd0/0xd0 [ 559.744356] ? alloc_vfsmnt+0x762/0x9c0 [ 559.748325] ? path_lookupat+0x238/0xba0 [ 559.752385] ? mnt_free_id.isra.21+0x50/0x50 [ 559.756795] ? trace_hardirqs_off+0x10/0x10 [ 559.761111] ? cap_capable+0x1b5/0x230 [ 559.765001] ? security_capable+0x8e/0xc0 [ 559.769145] ? get_anon_bdev+0x2a0/0x2a0 [ 559.773201] ? ns_capable_common+0xcf/0x160 [ 559.777520] ? get_anon_bdev+0x2a0/0x2a0 [ 559.781563] sget+0xd2/0x120 [ 559.784556] ? __get_fs_type+0x8a/0xc0 [ 559.788423] ? shmem_remount_fs+0x750/0x750 [ 559.792724] mount_nodev+0x37/0x100 [ 559.796327] shmem_mount+0x2c/0x40 [ 559.799853] mount_fs+0x66/0x2d0 [ 559.803211] vfs_kern_mount.part.26+0xc6/0x4a0 [ 559.807792] ? may_umount+0xa0/0xa0 [ 559.811412] ? _raw_read_unlock+0x22/0x30 [ 559.815557] ? __get_fs_type+0x8a/0xc0 [ 559.819443] do_mount+0xea4/0x2bb0 [ 559.822982] ? __might_fault+0x110/0x1d0 [ 559.827036] ? copy_mount_string+0x40/0x40 [ 559.831263] ? check_same_owner+0x320/0x320 [ 559.835581] ? __check_object_size+0x8b/0x530 [ 559.840074] ? __might_sleep+0x95/0x190 [ 559.844048] ? kasan_check_write+0x14/0x20 [ 559.848277] ? _copy_from_user+0x99/0x110 [ 559.852423] ? memdup_user+0x5e/0x90 [ 559.856128] ? copy_mount_options+0x1f7/0x2e0 [ 559.860625] SyS_mount+0xab/0x120 [ 559.864072] ? copy_mnt_ns+0xb30/0xb30 [ 559.867955] do_syscall_64+0x281/0x940 [ 559.871833] ? vmalloc_sync_all+0x30/0x30 [ 559.875975] ? _raw_spin_unlock_irq+0x27/0x70 [ 559.880462] ? finish_task_switch+0x1c1/0x7e0 [ 559.884954] ? syscall_return_slowpath+0x550/0x550 [ 559.889879] ? syscall_return_slowpath+0x2ac/0x550 [ 559.894803] ? prepare_exit_to_usermode+0x350/0x350 [ 559.899817] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 559.905175] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 559.910016] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 559.915193] RIP: 0033:0x454e79 [ 559.918360] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 559.926061] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 [ 559.933325] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 559.940582] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 559.947842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 559.955104] R13: 00000000000003fa R14: 00000000006f8010 R15: 000000000000001c 2018/03/31 14:23:48 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x8, [0x8000, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x18) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:48 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r6, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:48 executing program 7: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) r0 = timerfd_create(0x4, 0x80800) timerfd_settime(r0, 0x1, &(0x7f0000000080)={{0x77359400}}, &(0x7f00000000c0)) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x100000000, 0x800, 0x2, &(0x7f0000000000)) 2018/03/31 14:23:48 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00'}, 0x28) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) ioctl$KVM_PPC_ALLOCATE_HTAB(r1, 0xc004aea7, &(0x7f00000001c0)=0x80) r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r3 = dup3(r0, r2, 0x80000) pipe2(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) chroot(&(0x7f0000000380)='./control\x00') ioctl$VHOST_GET_VRING_BASE(r3, 0xc008af12, &(0x7f0000000340)) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r4, 0x54a3) r5 = socket$inet(0x2, 0x3, 0x2) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000140)={0x0, &(0x7f0000000100), 0x1, r1, 0xd}) setsockopt$inet_int(r5, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:48 executing program 4: sendmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x6, 0x20000) sendmsg$unix(r1, &(0x7f0000000480)={&(0x7f0000000240)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f00000003c0)=[{&(0x7f00000002c0)="90bc06759de1e547969f47355c7845894d326b8a094fa099887f6ac171eca243856301d7240d6a97ae7988213eaf8ae3b8351a8043b98eaf7014d80bf14df53cacd5807d2503a9acc16bf9e26893c9a9c49e6ac4e4ef33ae15bb920e23337b055cfea75defb810a2cdb31bd8307fc98be8372513e0207ed206c30e546b1a075a4643e110b03cf57d645951fd476877bde0e7a60f0c64b6e83c73104ac64bafc54ca812f092c61c4c6e4d0d299e5c6a19f13d1c", 0xb3}], 0x1, &(0x7f0000000400)=ANY=[@ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="20000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="eb610000"], 0x34, 0x84}, 0x40) r2 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x400, 0x0) socket$inet6(0xa, 0x0, 0x0) r3 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r3, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) listen(r3, 0x80001003) r4 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r4, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) readv(r4, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/11, 0x37}], 0x100000000000019c) close(r4) getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r4, 0x84, 0x8, &(0x7f00000001c0), &(0x7f0000000380)=0x4) r5 = accept(r3, 0x0, &(0x7f0000efaffc)) sendmmsg(r4, &(0x7f00000000c0)=[{{&(0x7f0000000240)=@ax25={0x3, {"aba998cfc95797"}}, 0x80, &(0x7f00000016c0), 0x0, &(0x7f0000001740)}}], 0x198, 0x0) socket$can_raw(0x1d, 0x3, 0x1) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x8, 0x200, 0x20000800}) ioctl(r2, 0x2285, &(0x7f0000007000)='S') getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f00000004c0)={{{@in=@dev, @in6=@local}}, {{@in=@remote}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000180)=0xe8) getsockname$unix(r2, &(0x7f0000000040), &(0x7f0000000100)=0x6e) ioctl$sock_SIOCDELDLCI(r3, 0x8981, &(0x7f0000000600)={'bridge0\x00', 0x80}) ioctl$TCSBRK(r1, 0x5409, 0xffff) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000440)=@assoc_value, &(0x7f00000005c0)=0x8) 2018/03/31 14:23:48 executing program 2: r0 = syz_open_dev$admmidi(&(0x7f0000000080)='/dev/admmidi#\x00', 0x800, 0x20000) setsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, &(0x7f00000000c0)=0x10001, 0x4) nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) ioctl(r0, 0x1, &(0x7f0000000200)="1f71b0c5997aebaa829b58476bcecb052ce8a7775fa7fe41a65b666be32b0bedbc26fc2c6c357c5b1e07130850ebc9f50a39332bcca60077552c6ff8bce4d4111ef9adacdde5460d13dde86ff689db6ea5551cc0686437afa4287157c52dba8d830afdc2c634a199fc01f9d5771a3a14f1814194f9838d0e907b93e62b7d4d446a3ff3747f740ded920d5d799b44680f4f8b480ad54272aa8cf5bf961d57f7387e87b4d4872a201c6ee0d0ce0322ef1779570788b8ce5946a69a60fed52463efc59b7e1aff99c54029081235b8a05459244832d3097a7c617cd5bdd9a26079df76161effcda6c9d53cfcdfe03db32c9ff5a838c8c9ea2d29828f40190c0b51dbe541eb431aab67240a4f5be6b66f397c053e4b7d166c961f8727a217466e095424e77b0ca4b5818a93c6f3e4c7b4f0c7cf32b23b858210b3471e4ecaacbf24a52b183b0b5fe2422346ca4e6ac5e15bd586d67121ea4baee1ae9ed38e6e1c9fa8903e67eb1df1cb71f24f8eb6a7d85df63aa906539ac7f7311a710e9f609e8b1f3d58c51d9e6ceeb40994fd4e5398f3044f7e6013e605037f6cef1b3b73fcbf63c703245dedc19bfdc276c5aba8e6aee4712adf50d35b379c2d02912a87be55caa460e9ad9ab745cdf824794e14686abc53c3d91fbc033f402c7389f374678f99807ac766035e6382e66fe78e133cbd17120223bb736582efa94aaa0eb5441fedfd7e5c7f6682676502dd60abf397f181cc3a02084ca8aa328c8e0799ee195daf745f38c5d6214b9e1e81a01bbb56bfe2353f2db76f6ef6f5c5c73c977c1eac5677adbe46cd0006fceb859e294c2249daddc71a55c6ee4b714da5458b59f2e57a46369b0b9bd5f6307c06e53e5d3921cb9038b5c7921b3372cd58bb71e1b3c61a1c37d57289172215392e7a5f8a29939658718391c49fe444e1798db93328aa12fefd2b3df92c12165d555e12c54f6b64b8e4c48dc125703f2533cd8ad9627431ef6eeda68575f4339d26d80944c2d2464ce6f4e23027c6d6498b0ba4cc61add5fb47375993caf1d14d89ed2537dc77df25c9859da97608f078a50505e60b753c9ec6d6aae59482f0d07919ae30a55c99450506154dc0c90e0063dc36d05786b61d4a5502a111e9d43a9fc3bf39437281f8a73341405282c773dc5a427c343635f9533efb5e384433f1a4a7794aa9bea2feaf768730fa29898c2b9eaa359efe2f1cc90b34002d1255c1a88bfcfa936feab892b3b27732f57d581e1e2cac668d45b30c45597c14a6c638c03d8326d17b954dce735bf599ca6a3487f8271eafcfbfae947ce37406c22b0f30e3529b8efd30e96f1f1689a70dc1b430e4cd2e64f7fca320cfe27f8d97638fb3e975633758afdbf6c2876d7ca60fa5abc638a7d0e2109f1203934f1fdcd06b46da5f3dbf66fc545c5a1e5e974a5ec168c46022f7403ee24926725e4573ca663d50aeec95efe6677d17aa061d30aff361a4a16c866f00f92eb2a0cd928ec23379b1f09f3a13da7af6691106e1511548c4923727c9dcf3fcbf0e369fa3d568375b6b6d7f394b48381c0fb260e028ed7d9cb35cbe6a96bb205b2edc0a98602c66edd69242271fca691ed157ddab5f9fe3c8417a165843e44af05789d3c3d013fef83ad9836b49c285e0c3b4c8730a6b8d7458b9a1d328f2420b15405cfb95b6efd2b045496889ac86c9e943d1bf7810d054bb3c4580094467857abbeb7fd78ac79a6e41065030883558e762feb2ff64bc4b25ca292a5174e7b0694b9f8f92df3d1f0b51623b663b8122a3c7333363bd49f8ff0d87e7d264fa7f99544a70ada7b3207b89af8d5cf922a7d7e898cf8498fe33c82a1060c7df5554239c1ffb50cdd6cb6be8633fccbce6ee11e3c89369d74d3e1e7d524c100f21b24ffddbf7b39f9e35e9ca149ea801bd815db8aca8944d0d3d605178f476ea0e0fc7f546e2d1f867974ae3021a03dbc126717c9cd3a661904223a6e9c9dd3c15be217269c6809a3ea7877bbd89d93b8b7d3298dc558b44f0593bb60ebaa14216c4db22ec0da6fb1034eea2625f7526a2b992463b868422e18e7de6e34797a57691feea70e41439b85c51b6cfb56ac1d61a37f2ede1fd30a9e6c71ba89396e3947ab26377a4793724face4b9ca4bf9e435a0c5ee46af9c6673646290032fa15cffe0618cdf55e73ed2c4b9a9c8418bbd3199623fb583162d797eda9eea789ff19f28956752f33144ce8a92c616810a2d518dc9019c50af5799d0412b8464f6ccee9826003a464d41d279d5b3db849646b7cd0ae942555740862960bc154dd8b4be3f3bbfd2073fa8b5eeb4ce768dbdd6726b9ce127792c45a0c38b76a711afd0a74c73e0e2a95d9da4133c3e1fda458337fd02754bbdbc85ed0dfae449a7dd6fb99b3d23bb1bec29f5bc6baf05a03d95f25763c0215fb2498c391ac0df81b9582d1969cde9bb3eb0fb821bf0d021201c447e9db96d083f802f9d6680e1299b4b22ea40ab5bef4fc29e3c04b87f1561bc3582f7bd6811007ac7db3701fc59702a9589a68597a20e998187b90928adf81deb941d8d745052fc7a969911ba6c87f414ed482a2d3e2f9fd46d8f3f91e2fbe58005587097493ef5f71b3d256b2ddf7533e637c20aba5481584ee674d1f81d08f72b1b5946762adcd1c3525430f1c43e405d01b1e42cc099483ec46981e4e003223cc8c8b81b8712e5388fbadae4831328bc2d8c96245698fc5f49cf6372e01eb1b5890d27702e318f8bf850ff20cc60a837cab1f075a7afe489af44dec9c3a575851607ad0ffccff00ad3faf664412e8261bbd1fd40d63bbe2a793c610d4ddbcf44d337085fd432e335e0a89eb3f27c0e6ba53a2166ac19f897493f1e84e2532e5c681604003e5556499ce0529336ddf9f7a1c887d7d213b9a1f16cf94ec39bc3c9fd5efde9c017715fe5ed72a305513dca4b1bceb7fbe8b1960394685689f9a7840c2639f038bdfc46180878f01c3390b64cc2c83acb8e92dbd5077155121515f9d48e61a720d7e5baeef99483450ce958a7fabf3da50da18b7d2a95bcbf05d7b28cc7350a4a4a0812cdaed221d67f2bc7a41bbbe960559d87fea64bd501e490e1bdc9ed458be0694d7ade246a3fceb6d7c5b35374c1f0bb654fc3d58577742da3111d1757b62dd94535c482a77e71e4b134e80eeca8a2aea4c94a88a44ac38a2f52d34b298676ff39a1205e10ede5184335b5d065ed78461f640082d4373a6900e0e0e7edfc8917f38b92e6ebe49bfe6b802331e03a2401c1f8a290802929255db7d3183a115e5cd462c0feb296e0a52d87d71a2c9acb999d50b61e92bf59cfdb83a823fe481b861816e4ce03a1acd3f82f580589b2c6fa00fe971ddaac41c68863b4d3d8a58359d9ddc150e18fb7aecc8f7c307030a25f9eb407978ca1309106d61c5b122a2f944aad37872db0c3e32fdcb9f564aa1ea797526f91de17668474383b64faef5770daad69c41b5a35cad8b3c88441c6e43f5fb25cd6317326f9c2311c397e4193c41db970c5a9c3b7d13f650539d7e10e5c9dbec7a972aaa0aead79fd0395ff9deb3e6fa43f0bb7737fa7abf907a1b282d6490904933e3f9faaa1405d360e977d043e6053214f44ef7233c2d1569f8dd112c7386a5caa916a1114633d232ea02a3ee5bcef16d1aebb9ad13fa513ee65df88c610d3de3c9e662578549026fe5f8df18a45ff6a111ebdb56505b51ec00830b2cf572579a066c0094c0e336843df191096f1512a44a8a6496840fb8ca5ec6f255b36d710148d43719c2b7d560097b202358c36aaaceddefadc1294d446faebb5a7df058e11175857ef4606ba3e12a664cfafcb5fae11b81cc13700762089723345d22ecee630703faf57156fa519bcaf1e4946e01b4e5c7f91bce049de8be31f41384f3d84af9b6a5df69a1f7421f9212a4c80f98fe1d66842c935d663eb9d15e9d4ab8940e058553d71893e93822bc041172d7ec30ce677605493d1f7ff52d2440245e898c372828340da291ccd5726488bcb01db1c761b560c7219dbd15edf08304593519528daedb48ade9a65550929e66ee4bc11b6a95b3e35061466959d559ac8d3a14b87cea655fda30b5920344e624e116e3c552b996f30139277d0db193981d1537dddf3f13b5925ae043933882c3599b705226109734599f0cc314f62fb9ad969f6adaa8e8446932c627103cc8c9d193fbdfb4077475b807d051ca76356cda60bffd83070861ad91ba3e35c111723004e9ddf4ccf1b87859057695b5325e0d3814bef5355be17f273fe203dbc78cf7cee5892bb4707fbfeb992c9907389de5f10e6665aa08e2e30b5cb5c67c343a8c6d386bb2108f5f5db0577c18b82adfd6ee1ea06b8a87c9e12138bb3608bc4d7efac5094a1f7988ab21a1b29f4d510353dbc7bcb23954300081979cc9d4eac6f415ac514d086d6bc2c812d3bae123e89ad245bcc57e9b874339d817ad3fdb8bc181880bdbb8177ac8d30ec6bf76ca8bee8a2c85d699ec6926ec3cca6c688084063800f08bf33a64f479b7d9d0f446bfa62281d2aaab5999a33f97ecdbb855265abf827bc12b0439306ab6d25406af2064d7fffc7375ebabf9f5f8615a398c481124ea23930816c02c0c57ad94e92e827478d920f6b684c71981d5269aed799d08dc16046cb75fa926eed5fb3c80cc1f6e08436a082014db22a11500789303ee98c60c8f33781a0f44eca37fea249e2029ef753b65a782e559ae4c216dfc4d99e08bd4e69987588c66c9e06aaf4a8caf26c9f47caf2a881a7fed4033c44416609b51f82d41deccb2973f3a69fa671ea25a031a32a424200154fbebcfd8cc54fbd4cba0ad32cbc7d8a7c22f053cee6339154db8b13410c5ba0b94a8812b48327ba99f528e3a36600d07e3022abaef6cd9ba208b8e9f663be74e9bcf086c6f5b350b683deb685e8ea9fbeaa9f0c13464e3606f77fe65278ade6ae5fcb9173a2a9137479c52b50a69ece420730513edd1aa5d4802ca63a7bea91b0d4feae616ac881ee4cbff308debde662544ea1ccaa72733a847f1ad54fbc8dbec15e638044a9db269e8f8727d96cce2f2f2df77aeffde4f58c490973bdac8a0ff2ad941fc97cf2512cc69085760fb3f5f25e1d7a05b5ad1f549ca1cf568d8b3a6abe34676d7837d0b521f3020a948061919d93afde2fc51aab85dd749c0b0bdf4f501e52fa1ab10926ecd4334837eb1ac77038703ab2ae9f36b0b38ba94a9fae07d650df83ce233da5702d0ad9870dbac4648cf7c4b8556705c04c78f67618e9e7fcbfea4b661ef6771d8960cd2fdb0616f89e99057f5075124036904e6d2e3d30156309cc02564e97a52b67ca153b178acbb2fe1c6181b63cd73eba1738fd920ebdf6e9372d7e25e388dbe9e0cb322d2e620df2cd653aa9fb776ab8a278f1dfe1120a272f002e6b523081cb18e2c3291bf6aece725ae75b2665b6e5d2890c2db544c1903f611033a7c5798aefc06d4f8adbfc2707e0b48fe32c31f8c1e7a7c1585c0cf503d6437e8fab5827b9e8ec689a1e7641396458cc1765b4044fccbea1b1a926d3eeb7ac35e39ecd6f259059c6174e0268450ca9a85ced475c619dd2cfecde500d49c8bb5bdda05929147fa72da4a2daf9aa762ab2757062d59c8185e1ce00b8ce6dde7d74f9e9de29441ffa1c9077a321d4711640a9a16fdb70e27f99b3048553d8b2cc1a7fe57ce31dd8d9412d93d4594d5d5731c9aaf627c37ade75afad704625c6fb86df207aa4caf7a73db4ba5cfdb6d2df86decd7f4f9855b4ef2da528f3a61e2bbe88a1f") nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) socket$kcm(0x29, 0x5, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socket$pppoe(0x18, 0x1, 0x0) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)) 2018/03/31 14:23:48 executing program 5 (fault-call:12 fault-nth:29): r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:48 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c", 0xca) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) [ 560.672247] FAULT_INJECTION: forcing a failure. [ 560.672247] name failslab, interval 1, probability 0, space 0, times 0 [ 560.683552] CPU: 1 PID: 6154 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 560.690823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 560.700169] Call Trace: [ 560.702754] dump_stack+0x194/0x24d [ 560.706384] ? arch_local_irq_restore+0x53/0x53 [ 560.711049] ? __save_stack_trace+0x7e/0xd0 [ 560.715376] should_fail+0x8c0/0xa40 2018/03/31 14:23:48 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x0, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 560.719097] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 560.724196] ? kasan_kmalloc+0xad/0xe0 [ 560.728095] ? kmem_cache_alloc_trace+0x136/0x740 [ 560.732933] ? __memcg_init_list_lru_node+0x169/0x270 [ 560.738117] ? __list_lru_init+0x544/0x750 [ 560.742350] ? sget_userns+0x6b1/0xe40 [ 560.746234] ? mount_fs+0x66/0x2d0 [ 560.749773] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 560.754525] ? do_mount+0xea4/0x2bb0 [ 560.758238] ? SyS_mount+0xab/0x120 [ 560.761861] ? do_syscall_64+0x281/0x940 [ 560.765924] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 2018/03/31 14:23:48 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x0, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 560.771284] ? find_held_lock+0x35/0x1d0 [ 560.775344] ? __lock_is_held+0xb6/0x140 [ 560.779415] ? check_same_owner+0x320/0x320 [ 560.783740] ? rcu_note_context_switch+0x710/0x710 [ 560.788679] should_failslab+0xec/0x120 [ 560.792651] kmem_cache_alloc_trace+0x4b/0x740 [ 560.797232] ? __kmalloc_node+0x33/0x70 [ 560.801204] ? __kmalloc_node+0x33/0x70 [ 560.805176] ? rcu_read_lock_sched_held+0x108/0x120 [ 560.810199] __memcg_init_list_lru_node+0x169/0x270 [ 560.815216] ? list_lru_add+0x7c0/0x7c0 2018/03/31 14:23:48 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x0, 0xe6, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 560.819185] ? __kmalloc_node+0x47/0x70 [ 560.823164] __list_lru_init+0x544/0x750 [ 560.827227] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 560.833113] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 560.838130] ? lockdep_init_map+0x9/0x10 [ 560.842189] sget_userns+0x6b1/0xe40 [ 560.845893] ? get_anon_bdev+0x2a0/0x2a0 [ 560.849953] ? destroy_unused_super.part.6+0xd0/0xd0 [ 560.855054] ? alloc_vfsmnt+0x762/0x9c0 [ 560.859026] ? path_lookupat+0x238/0xba0 [ 560.863091] ? mnt_free_id.isra.21+0x50/0x50 [ 560.867500] ? trace_hardirqs_off+0x10/0x10 2018/03/31 14:23:48 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x8, [0x8000, 0x4, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x18) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 560.871822] ? cap_capable+0x1b5/0x230 [ 560.875721] ? security_capable+0x8e/0xc0 [ 560.879865] ? get_anon_bdev+0x2a0/0x2a0 [ 560.883923] ? ns_capable_common+0xcf/0x160 [ 560.888238] ? get_anon_bdev+0x2a0/0x2a0 [ 560.892293] sget+0xd2/0x120 [ 560.895305] ? __get_fs_type+0x8a/0xc0 [ 560.899188] ? shmem_remount_fs+0x750/0x750 [ 560.903499] mount_nodev+0x37/0x100 [ 560.907125] shmem_mount+0x2c/0x40 [ 560.910666] mount_fs+0x66/0x2d0 [ 560.914034] vfs_kern_mount.part.26+0xc6/0x4a0 [ 560.918614] ? may_umount+0xa0/0xa0 2018/03/31 14:23:48 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x8, [0x8000, 0x4, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x18) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 560.922236] ? _raw_read_unlock+0x22/0x30 [ 560.926379] ? __get_fs_type+0x8a/0xc0 [ 560.930267] do_mount+0xea4/0x2bb0 [ 560.933796] ? __might_fault+0x110/0x1d0 [ 560.937849] ? copy_mount_string+0x40/0x40 [ 560.942082] ? check_same_owner+0x320/0x320 [ 560.946396] ? __check_object_size+0x8b/0x530 [ 560.950890] ? __might_sleep+0x95/0x190 [ 560.954853] ? kasan_check_write+0x14/0x20 [ 560.959079] ? _copy_from_user+0x99/0x110 [ 560.963223] ? memdup_user+0x5e/0x90 [ 560.966933] ? copy_mount_options+0x1f7/0x2e0 2018/03/31 14:23:49 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x8, [0x8000, 0x4, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x18) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 560.971429] SyS_mount+0xab/0x120 [ 560.974873] ? copy_mnt_ns+0xb30/0xb30 [ 560.978757] do_syscall_64+0x281/0x940 [ 560.982636] ? vmalloc_sync_all+0x30/0x30 [ 560.986781] ? _raw_spin_unlock_irq+0x27/0x70 [ 560.991271] ? finish_task_switch+0x1c1/0x7e0 [ 560.995764] ? syscall_return_slowpath+0x550/0x550 [ 561.000690] ? syscall_return_slowpath+0x2ac/0x550 [ 561.005614] ? prepare_exit_to_usermode+0x350/0x350 [ 561.010631] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 561.015992] ? trace_hardirqs_off_thunk+0x1a/0x1c 2018/03/31 14:23:49 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0x0, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 561.020834] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 561.026014] RIP: 0033:0x454e79 [ 561.029196] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 561.036902] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 [ 561.044160] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 561.051416] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 561.058678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 561.065937] R13: 00000000000003fa R14: 00000000006f8010 R15: 000000000000001d 2018/03/31 14:23:49 executing program 3: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r6, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:49 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c", 0xca) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:49 executing program 5 (fault-call:12 fault-nth:30): r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:49 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0x0, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:49 executing program 0: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000100)=r2, 0x4) ioctl$int_in(r1, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r4 = dup3(r1, r3, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r4, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r5 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r5, 0x0, 0xd2, &(0x7f000003affc), 0x3c) [ 561.189951] FAULT_INJECTION: forcing a failure. [ 561.189951] name failslab, interval 1, probability 0, space 0, times 0 [ 561.201293] CPU: 1 PID: 6199 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 561.208563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 561.217911] Call Trace: [ 561.220499] dump_stack+0x194/0x24d [ 561.224126] ? arch_local_irq_restore+0x53/0x53 [ 561.228791] ? __save_stack_trace+0x7e/0xd0 [ 561.233119] should_fail+0x8c0/0xa40 [ 561.236838] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 561.241941] ? kasan_kmalloc+0xad/0xe0 [ 561.245821] ? kmem_cache_alloc_trace+0x136/0x740 [ 561.250658] ? __memcg_init_list_lru_node+0x169/0x270 [ 561.255829] ? __list_lru_init+0x544/0x750 [ 561.260056] ? sget_userns+0x6b1/0xe40 [ 561.263931] ? mount_fs+0x66/0x2d0 [ 561.267449] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 561.272186] ? do_mount+0xea4/0x2bb0 [ 561.275882] ? SyS_mount+0xab/0x120 [ 561.279485] ? do_syscall_64+0x281/0x940 [ 561.283536] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 561.288888] ? find_held_lock+0x35/0x1d0 [ 561.292929] ? __lock_is_held+0xb6/0x140 [ 561.296977] ? check_same_owner+0x320/0x320 [ 561.301285] ? rcu_note_context_switch+0x710/0x710 [ 561.306206] should_failslab+0xec/0x120 [ 561.310166] kmem_cache_alloc_trace+0x4b/0x740 [ 561.314726] ? __kmalloc_node+0x33/0x70 [ 561.318680] ? __kmalloc_node+0x33/0x70 [ 561.322639] ? rcu_read_lock_sched_held+0x108/0x120 [ 561.327657] __memcg_init_list_lru_node+0x169/0x270 [ 561.332666] ? list_lru_add+0x7c0/0x7c0 [ 561.336622] ? __kmalloc_node+0x47/0x70 [ 561.340577] __list_lru_init+0x544/0x750 [ 561.344627] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 561.350500] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 561.355496] ? lockdep_init_map+0x9/0x10 [ 561.359536] sget_userns+0x6b1/0xe40 [ 561.363228] ? get_anon_bdev+0x2a0/0x2a0 [ 561.367278] ? destroy_unused_super.part.6+0xd0/0xd0 [ 561.372369] ? alloc_vfsmnt+0x762/0x9c0 [ 561.376320] ? path_lookupat+0x238/0xba0 [ 561.380357] ? mnt_free_id.isra.21+0x50/0x50 [ 561.384742] ? trace_hardirqs_off+0x10/0x10 [ 561.389053] ? cap_capable+0x1b5/0x230 [ 561.392925] ? security_capable+0x8e/0xc0 [ 561.397055] ? get_anon_bdev+0x2a0/0x2a0 [ 561.401098] ? ns_capable_common+0xcf/0x160 [ 561.405405] ? get_anon_bdev+0x2a0/0x2a0 [ 561.409448] sget+0xd2/0x120 [ 561.412444] ? __get_fs_type+0x8a/0xc0 [ 561.416318] ? shmem_remount_fs+0x750/0x750 [ 561.420624] mount_nodev+0x37/0x100 [ 561.424229] shmem_mount+0x2c/0x40 [ 561.427748] mount_fs+0x66/0x2d0 [ 561.431110] vfs_kern_mount.part.26+0xc6/0x4a0 [ 561.435679] ? may_umount+0xa0/0xa0 [ 561.439296] ? _raw_read_unlock+0x22/0x30 [ 561.443427] ? __get_fs_type+0x8a/0xc0 [ 561.447296] do_mount+0xea4/0x2bb0 [ 561.450826] ? __might_fault+0x110/0x1d0 [ 561.454875] ? copy_mount_string+0x40/0x40 [ 561.459088] ? check_same_owner+0x320/0x320 [ 561.463386] ? __check_object_size+0x8b/0x530 [ 561.467868] ? __might_sleep+0x95/0x190 [ 561.471834] ? kasan_check_write+0x14/0x20 [ 561.476063] ? _copy_from_user+0x99/0x110 [ 561.480203] ? memdup_user+0x5e/0x90 [ 561.483908] ? copy_mount_options+0x1f7/0x2e0 [ 561.488399] SyS_mount+0xab/0x120 [ 561.491841] ? copy_mnt_ns+0xb30/0xb30 [ 561.495725] do_syscall_64+0x281/0x940 [ 561.499605] ? vmalloc_sync_all+0x30/0x30 [ 561.503751] ? _raw_spin_unlock_irq+0x27/0x70 [ 561.508244] ? finish_task_switch+0x1c1/0x7e0 [ 561.512738] ? syscall_return_slowpath+0x550/0x550 [ 561.517657] ? syscall_return_slowpath+0x2ac/0x550 [ 561.522581] ? prepare_exit_to_usermode+0x350/0x350 [ 561.527592] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 561.532954] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 561.537795] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 561.542972] RIP: 0033:0x454e79 [ 561.546150] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 561.553853] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 [ 561.561118] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 561.568379] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 561.575644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 561.582905] R13: 00000000000003fa R14: 00000000006f8010 R15: 000000000000001e 2018/03/31 14:23:50 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff010000001100000000c3d876ff70366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa000000000000000000000000000000000000000000fc00000000000000009000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000700000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000280000000000000073797a3000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e728f16ca10a95a6f79b6deb1edde51a80e5a3738e7033597a348fefc2b52d1bca1949319f0ab386693b21c2dd90b9c72e1d10f65362adbb67022336d32b75ea85b24643e88918a459ed00a7e97b71c72000000000000053cd56a9327c4d4321863f4e71ccd404bfdffcaf0e389648c3e583ea73942086b07186923fb67f981211dde3c3a7b0a4ca6caaa274cee4a8de7e29f440f46fd"]}, 0x46e) syz_open_dev$sndseq(&(0x7f0000000140)='/dev/snd/seq\x00', 0x0, 0x101000) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f0000000680)=ANY=[@ANYBLOB="6e4874000000000000000000000000000000000000000000000000000000002005000000000000000000000000000000000000e4a715ea92f4c57e0000000000000000000000000000000000000000000000000000000000000000000000010000001f000000000000000000000000000000000000000000de97a4550515c8c73590ed36b422bf62bd9fc1a36978a6d7585269"], 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0xffffffffffffffff}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) r3 = syz_genetlink_get_family_id$fou(&(0x7f0000000380)='fou\x00') sendmsg$FOU_CMD_DEL(r2, &(0x7f00000005c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100008}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x38, r3, 0x210, 0x70bd25, 0x25dfdbff, {0x2}, [@FOU_ATTR_REMCSUM_NOPARTIAL={0x4, 0x5}, @FOU_ATTR_TYPE={0x8, 0x4, 0x2}, @FOU_ATTR_PORT={0x8, 0x1, 0x4e21}, @FOU_ATTR_AF={0x8, 0x2, 0xa}, @FOU_ATTR_PORT={0x8, 0x1, 0x4e23}]}, 0x38}, 0x1, 0x0, 0x0, 0x8044}, 0x4000) pipe2(&(0x7f0000000100)={0xffffffffffffffff}, 0xc0000) ioctl$VHOST_GET_VRING_BASE(r2, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r5 = socket$inet(0x2, 0x3, 0x2) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r4, 0x40bc5311, &(0x7f0000000480)={0x7, 0x1, 'client1\x00', 0xffffffff80000003, "f407082c90674901", "ac495c94e91e7557da416ee1bd5ce730a98df8f32d659e194eb883bcbc5b6ee0", 0x8000000000000000, 0x40}) setsockopt$inet_int(r5, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:50 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:50 executing program 5 (fault-call:12 fault-nth:31): r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:50 executing program 3: setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={0xffffffffffffffff}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r0, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r2, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r1, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r4 = dup3(r1, r3, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r4, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r2, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r5 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r5, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r5, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:50 executing program 2: nanosleep(&(0x7f0000000240), &(0x7f0000000280)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) socket$kcm(0x29, 0x7, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000010000/0x1000)=nil, 0x1000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)) 2018/03/31 14:23:50 executing program 4: sendmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x6, 0x20000) sendmsg$unix(r1, &(0x7f0000000480)={&(0x7f0000000240)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f00000003c0)=[{&(0x7f00000002c0)="90bc06759de1e547969f47355c7845894d326b8a094fa099887f6ac171eca243856301d7240d6a97ae7988213eaf8ae3b8351a8043b98eaf7014d80bf14df53cacd5807d2503a9acc16bf9e26893c9a9c49e6ac4e4ef33ae15bb920e23337b055cfea75defb810a2cdb31bd8307fc98be8372513e0207ed206c30e546b1a075a4643e110b03cf57d645951fd476877bde0e7a60f0c64b6e83c73104ac64bafc54ca812f092c61c4c6e4d0d299e5c6a19f13d1c", 0xb3}], 0x1, &(0x7f0000000680)=ANY=[@ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="20000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="eb610000371a9369860cfc6d216768bc4fe24a39353ac1fef7687dd6fee8a8378d560c2888c9560b1ad6c63d"], 0x34, 0x84}, 0x40) r2 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x400, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r2, 0x0, 0x482, &(0x7f00000005c0)=""/136, &(0x7f00000001c0)=0x88) socket$inet6(0xa, 0x0, 0x0) r3 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r3, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) listen(r3, 0x80001003) r4 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r4, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) readv(r4, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/11, 0x37}], 0x100000000000019c) close(r1) accept(r3, 0x0, &(0x7f0000efaffc)) sendmmsg(r4, &(0x7f00000000c0)=[{{&(0x7f0000000240)=@ax25={0x3, {"aba998cfc95797"}}, 0x80, &(0x7f00000016c0), 0x0, &(0x7f0000001740)}}], 0x198, 0x0) socket$can_raw(0x1d, 0x3, 0x1) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x8, 0x200, 0x20000800}) ioctl(r2, 0x2285, &(0x7f0000007000)='S') getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f00000004c0)={{{@in=@dev, @in6=@local}}, {{@in=@remote}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000180)=0xe8) getsockname$unix(r2, &(0x7f0000000040), &(0x7f0000000100)=0x6e) ioctl$TCSBRK(r2, 0x5409, 0x1ff800000) 2018/03/31 14:23:50 executing program 7: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$inet6(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, @mcast1}, &(0x7f00000000c0)=0x1c) 2018/03/31 14:23:50 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0x0, 0x7, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) [ 562.137368] FAULT_INJECTION: forcing a failure. [ 562.137368] name failslab, interval 1, probability 0, space 0, times 0 [ 562.149252] CPU: 1 PID: 6243 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 562.156525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 562.165874] Call Trace: [ 562.168458] dump_stack+0x194/0x24d [ 562.172086] ? arch_local_irq_restore+0x53/0x53 [ 562.176749] should_fail+0x8c0/0xa40 [ 562.180439] ? __list_lru_init+0x352/0x750 [ 562.184651] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 562.189732] ? perf_trace_lock+0xd6/0x900 [ 562.193859] ? trace_hardirqs_off+0x10/0x10 [ 562.198159] ? print_irqtrace_events+0x270/0x270 [ 562.202893] ? find_held_lock+0x35/0x1d0 [ 562.206930] ? __lock_is_held+0xb6/0x140 [ 562.210977] ? check_same_owner+0x320/0x320 [ 562.215275] ? lock_downgrade+0x980/0x980 [ 562.219401] ? rcu_note_context_switch+0x710/0x710 [ 562.224304] ? find_held_lock+0x35/0x1d0 [ 562.228346] should_failslab+0xec/0x120 [ 562.232295] __kmalloc+0x63/0x760 [ 562.235726] ? lock_downgrade+0x980/0x980 [ 562.239850] ? register_shrinker+0x10e/0x2d0 [ 562.244234] ? trace_event_raw_event_module_request+0x320/0x320 [ 562.250273] register_shrinker+0x10e/0x2d0 [ 562.254482] ? prepare_kswapd_sleep+0x1f0/0x1f0 [ 562.259126] ? memcpy+0x45/0x50 [ 562.262383] sget_userns+0xbbf/0xe40 [ 562.266068] ? get_anon_bdev+0x2a0/0x2a0 [ 562.270111] ? destroy_unused_super.part.6+0xd0/0xd0 [ 562.275193] ? alloc_vfsmnt+0x762/0x9c0 [ 562.279143] ? mnt_free_id.isra.21+0x50/0x50 [ 562.283528] ? trace_hardirqs_off+0x10/0x10 [ 562.287826] ? cap_capable+0x1b5/0x230 [ 562.291690] ? security_capable+0x8e/0xc0 [ 562.295812] ? get_anon_bdev+0x2a0/0x2a0 [ 562.299850] ? ns_capable_common+0xcf/0x160 [ 562.304146] ? get_anon_bdev+0x2a0/0x2a0 [ 562.308183] sget+0xd2/0x120 [ 562.311175] ? __get_fs_type+0x8a/0xc0 [ 562.315042] ? shmem_remount_fs+0x750/0x750 [ 562.319336] mount_nodev+0x37/0x100 [ 562.322938] shmem_mount+0x2c/0x40 [ 562.326464] mount_fs+0x66/0x2d0 [ 562.329808] vfs_kern_mount.part.26+0xc6/0x4a0 [ 562.334365] ? may_umount+0xa0/0xa0 [ 562.337974] ? _raw_read_unlock+0x22/0x30 [ 562.342095] ? __get_fs_type+0x8a/0xc0 [ 562.345965] do_mount+0xea4/0x2bb0 [ 562.349479] ? __might_fault+0x110/0x1d0 [ 562.353516] ? copy_mount_string+0x40/0x40 [ 562.357724] ? check_same_owner+0x320/0x320 [ 562.362026] ? __check_object_size+0x8b/0x530 [ 562.366501] ? __might_sleep+0x95/0x190 [ 562.370456] ? kasan_check_write+0x14/0x20 [ 562.374665] ? _copy_from_user+0x99/0x110 [ 562.378792] ? memdup_user+0x5e/0x90 [ 562.382481] ? copy_mount_options+0x1f7/0x2e0 [ 562.386951] SyS_mount+0xab/0x120 [ 562.390379] ? copy_mnt_ns+0xb30/0xb30 [ 562.394760] do_syscall_64+0x281/0x940 [ 562.398622] ? vmalloc_sync_all+0x30/0x30 [ 562.402747] ? _raw_spin_unlock_irq+0x27/0x70 [ 562.407219] ? finish_task_switch+0x1c1/0x7e0 [ 562.411688] ? syscall_return_slowpath+0x550/0x550 [ 562.416591] ? syscall_return_slowpath+0x2ac/0x550 [ 562.421496] ? prepare_exit_to_usermode+0x350/0x350 [ 562.426493] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 562.431833] ? trace_hardirqs_off_thunk+0x1a/0x1c 2018/03/31 14:23:50 executing program 3: setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={0xffffffffffffffff}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r0, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r2, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r1, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r4 = dup3(r1, r3, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r4, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r2, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r5 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r5, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r5, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) [ 562.436652] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 562.441817] RIP: 0033:0x454e79 [ 562.444982] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 562.452676] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 [ 562.459919] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 562.467162] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 562.474409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 562.481655] R13: 00000000000003fa R14: 00000000006f8010 R15: 000000000000001f 2018/03/31 14:23:50 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:50 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x8, [0x8000, 0x4, 0xe6, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x18) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:50 executing program 0: socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="0000000000c3110a4ba2289d370000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d455200006dfa686700000000000000000000000000000000002800000000006000000000010073797ada82ecae57ca30000000000000000000000d00000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000009269743000000000000000000000000069666230000300000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d001000069703600b4bddf5f0800000000000000000000000000000000000008000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000200000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000007000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2"]}, 0x3e3) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380), &(0x7f0000000880)=0x8) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040), 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f00000001c0)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) pipe2(&(0x7f0000000240)={0xffffffffffffffff}, 0x80000) ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r3) accept$nfc_llcp(r3, 0x0, &(0x7f0000000100)) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000480)=@filter={'filter\x00', 0xe, 0x5, 0x1118, [0x0, 0x200013c0, 0x200013f0, 0x20001818], 0x0, &(0x7f0000000140), &(0x7f00000013c0)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x5, 0x10, 0xe9ff, 'erspan0\x00', 'ipddp0\x00', 'vlan0\x00', 'bcsh0\x00', @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [0xff, 0x0, 0x0, 0x0, 0xff], @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xd}, [0xff, 0xff, 0xff, 0xff, 0x0, 0xff], 0x70, 0xa0, 0xd8}, [@common=@NFQUEUE0={'NFQUEUE\x00', 0x8, {{0x20}}}]}, @common=@dnat={'dnat\x00', 0x10, {{@empty, 0xfffffffffffffffc}}}}, {{{0x9, 0x5e, 0x75, 'eql\x00', 'teql0\x00', 'ipddp0\x00', 'gre0\x00', @random="588b8c17edb0", [0x0, 0xff, 0xff, 0xc6a384392d867ffa, 0xff], @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [0xff, 0xff, 0xff, 0x51abdadd74784d66, 0x0, 0xff], 0x2a8, 0x2a8, 0x320, [@bpf0={'bpf\x00', 0x210, {{0x2a, [{0x3, 0xa453, 0x3ff, 0x165a}, {0x5, 0x81, 0xffff, 0x8}, {0x895, 0x8495, 0x7ff, 0x1000}, {0x3, 0x8, 0x101, 0xc7}, {0x80000000, 0x3, 0x3, 0x5}, {0x1, 0x7, 0x5a80, 0xf2dd}, {0x451, 0x7ff, 0x5, 0x7fffffff}, {0x10000, 0x1ff, 0x1, 0x9}, {0x1e, 0x3, 0x3, 0x9}, {0x0, 0x25a, 0xad5, 0x9}, {0x4, 0x1, 0x4, 0xe31a}, {0xa1, 0x400, 0x2, 0x1}, {0x1, 0x0, 0x1, 0xfffffffffffff57a}, {0xfff, 0x9, 0xdd, 0xf1b}, {0x80, 0x7c18, 0x775b30f5, 0x4}, {0x200000, 0x1, 0x6, 0x1}, {0x0, 0xff, 0x9, 0x4}, {0x2, 0x0, 0x8, 0x257}, {0x6, 0x8, 0x6, 0x7}, {0x80000001, 0x7, 0x800, 0x100000000}, {0x0, 0x4, 0x3, 0x1}, {0x4, 0x100000000, 0x8, 0x2}, {0x1f, 0x7, 0x0, 0x1f}, {0x4, 0x14, 0x1, 0x8}, {0x7, 0x100000001, 0x1, 0xc000000000000000}, {0xfffffffffffffff9, 0x47, 0x7f800000000000, 0x3}, {0x2, 0x10001, 0xc3}, {0x6, 0xfffffffffffffe00, 0x9, 0x1}, {0x1, 0x80, 0x8001, 0xfa}, {0x800, 0x100000001, 0x1, 0x3}, {0x6, 0xffff, 0xfffffffffffffff9, 0x2}, {0x5, 0xef0, 0xfffffffffffffffc, 0x9}, {0x9, 0xbd5, 0xb7, 0x7}, {0xffffffffffffffff, 0xffff, 0xc6, 0x10000}, {0x3, 0x1, 0xb939, 0x6}, {0x9c, 0x3, 0xfffffffffffffba4, 0xfff}, {0x6, 0x9, 0x1b4, 0x9}, {0xfffffffffffffe01, 0x2, 0x5d, 0x9}, {0x80000001, 0x7, 0x4, 0x401}, {0x3, 0x5d, 0x400, 0xca}, {0x8e, 0x4, 0x8, 0x4}, {0x5b, 0xfffffffffffffffd, 0x10000, 0x2}, {0x7, 0x26, 0x1f, 0x565d}, {0x5, 0x80000001, 0x2, 0x56}, {0x8, 0x10000, 0x3ff, 0x3f}, {0xa04a, 0xc04, 0xfffffffffffffffc}, {0x1ff, 0x65, 0x950}, {0x10000, 0x6, 0x4, 0xc5}, {0x3, 0x9, 0x7fffffff, 0x3ff}, {0x6, 0x7, 0x0, 0x6}, {0x7, 0x78, 0x5, 0x1}, {0x8, 0x40, 0xcae, 0x7}, {0xefd, 0x5, 0x1, 0x3e7}, {0x10001, 0xffff, 0x2, 0x17fbb538}, {0x80, 0x20, 0x9, 0x75}, {0x6, 0x297, 0x8, 0x3}, {0x3, 0x1, 0xeb38, 0x5}, {0x7fffffff, 0x2, 0xa9, 0x10000}, {0x4, 0xf9dd, 0x8, 0xffffffff}, {0x65, 0x3, 0x9, 0x7}, {0x2, 0x3ff, 0x75, 0x2}, {0x9, 0xc51d, 0x5, 0x8}, {0x7, 0x100, 0x7, 0x100000001}, {0x100000000, 0x4f9ab3f6, 0x800, 0x7ff}], 0x200}}}]}}, @common=@nflog={'nflog\x00', 0x50, {{0x0, 0xfffffffffffffffa, 0x3, 0x0, 0x0, "a97d6e851ba7432a304e852747c0048fdf74e6c6cc38c7a35a8c36da86ca2aebdd8ddc4bb638187330be09c570cbbdc65f8e6383e14c89c1ab819fb9bb4fd41d"}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff, 0x2, [{{{0xb, 0x18, 0x9200, 'tunl0\x00', 'gretap0\x00', 'lo\x00', 'nr0\x00', @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [0x0, 0xff], @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [0xff, 0x0, 0xff, 0x0, 0x0, 0xff], 0x938, 0x9b0, 0xa00, [@among={'among\x00', 0x8a0, {{0x7, 0x0, 0x0, {[0x3, 0xf000000000000000, 0x4, 0xfffffffffffffffc, 0x6ee0c7d7, 0x5, 0x3, 0xfffffffffffff000, 0xffffffff, 0x8, 0x66b, 0x3, 0x800, 0x68, 0x9, 0x6b, 0x7, 0xfffffffffffffffa, 0x8, 0xfffffffffffffff9, 0x100000001, 0x40, 0x80, 0x5, 0x5, 0x7, 0x9, 0xffffffff, 0xffffffff, 0x3, 0xfff, 0xffff, 0x4, 0x1, 0x3, 0xbb2e, 0x6, 0x1f, 0xe9e5, 0x2, 0x7, 0x8000, 0x20, 0x1c, 0x9, 0x98, 0x5, 0x6, 0x4, 0xd92, 0xe6ad, 0x80000001, 0x2, 0xadbb, 0x7, 0x6, 0x3, 0x6, 0x80000000, 0x4, 0x9, 0x7, 0x80, 0x9516, 0x6, 0xff, 0x6, 0x1800000, 0x3f, 0xfffffffffffffff9, 0x4e, 0x4, 0xd410, 0x7, 0x40, 0x1, 0x0, 0x7, 0x9, 0x1496a000, 0xfffffffffffffffa, 0x2, 0x200, 0x9, 0x8a82, 0x69, 0x2, 0x10000, 0x10001, 0x8b7d, 0x0, 0x6, 0x7fffffff, 0x5, 0x2000000000000, 0x400, 0x8000, 0x2, 0x8, 0xcae8, 0x200, 0x9, 0x6, 0x7, 0x1f, 0xffffffff, 0x316c0000000, 0x7fffffff, 0xdaea, 0x7fffffff, 0x4, 0x6, 0x6, 0x100000000, 0x39e9, 0x9, 0x401, 0x7, 0x80000000, 0x7, 0x8, 0x4, 0x8382b84c000, 0x7, 0x9, 0x5391e04c, 0x7, 0xc780, 0xfffffffffffffffd, 0x26, 0x8, 0x2, 0x40, 0x3, 0x2, 0x4, 0x6, 0x3, 0x7, 0xfffffffffffffffb, 0x6, 0x1, 0x7, 0x9, 0xe5b, 0x0, 0x0, 0x120000, 0x7, 0xff, 0x5, 0x0, 0x2000000000000000, 0x3, 0x7, 0x101, 0x7, 0x80000001, 0x2000000000000000, 0xfff, 0x9, 0x1, 0xffffffff, 0x3, 0x7ef, 0x2df, 0x5, 0x0, 0x8, 0x1, 0x9, 0x100000001, 0x3de, 0x0, 0x1, 0x8, 0x1fe, 0x4208, 0x3, 0x6, 0x96, 0x97, 0x0, 0x81, 0xab79, 0x8000, 0x4, 0x9, 0x101, 0x5, 0x7fff, 0x81, 0xffff, 0x3, 0x6, 0x0, 0x8, 0x0, 0xffffffff, 0x9, 0x4, 0x0, 0x7, 0x2, 0x0, 0x800, 0x1, 0x8, 0x8000, 0x200, 0x1f, 0x8, 0x80000001, 0x54d, 0x3, 0x35035ff5, 0x6ec, 0x7ff, 0x1, 0xffffffff80000000, 0x81, 0x9, 0x4, 0x80000000, 0x53ff, 0x9, 0x1000, 0x8, 0x0, 0x800, 0x8, 0xffffffffffff736a, 0x81, 0x6, 0x9, 0x3, 0x3f, 0x80000001, 0x3, 0xfff, 0x800, 0xfd, 0x4, 0xf7dc, 0x6a0, 0xffff, 0x3, 0x4, 0x4, 0x0, 0x2, 0xe127, 0xfffffffffffffeff, 0x3c2, 0x9464, 0x1, 0x8], 0x8, [{[0xffffffff, 0x8001], @broadcast=0xffffffff}, {[0x3, 0x1ff], @dev={0xac, 0x14, 0x14, 0xd}}, {[0x10001, 0x8]}, {[0x0, 0x8], @rand_addr=0x5}, {[0x2, 0x7fffffff], @broadcast=0xffffffff}, {[0x6, 0xfffffffffffffe00], @remote={0xac, 0x14, 0x14, 0xbb}}, {[0x0, 0xfffffffffffffff9], @rand_addr=0x2}, {[0x1, 0x9e], @local={0xac, 0x14, 0x14, 0xaa}}]}, {[0x10000, 0x100, 0x4, 0x0, 0x2, 0x1, 0x4, 0x0, 0x2, 0x8, 0x10000, 0x7fffffff, 0x100, 0x181c, 0x0, 0x3, 0x200, 0x7fffffff, 0x0, 0x200, 0x6, 0x1, 0xfe00000000000000, 0x6, 0xff, 0x432, 0x3d, 0x0, 0x1000, 0x4, 0x1, 0xffffffff80000001, 0xffffffff80000000, 0x4, 0x9be0, 0x0, 0x4, 0x56f7, 0x7, 0x6, 0x1, 0xbb1c, 0x100000000, 0x4, 0x6, 0x4e, 0x8d1e, 0x0, 0x5b, 0x3, 0x1, 0x6b4b0149, 0x2, 0x5, 0x4d0ab210, 0x1f, 0x0, 0xb4d, 0x4, 0x1, 0x1, 0x3, 0xb9, 0x7, 0x3, 0x0, 0x0, 0x3, 0xfff, 0x6, 0x6ab5, 0x9, 0x7, 0x1, 0x8, 0x4, 0x7, 0x5, 0x7f, 0x8, 0x5, 0x6, 0x6, 0x1, 0x6, 0x1, 0x6, 0x401, 0x8b, 0x20, 0xff, 0xed, 0x9e, 0x1, 0xffffffffffffffff, 0xfff, 0xe202, 0x100, 0x4, 0x1, 0x3, 0x1f5ff5a4, 0x7ff, 0xe1, 0x7ff, 0x100, 0xff, 0x0, 0xfd, 0x6, 0x5, 0x2, 0x40, 0x6, 0x8, 0x3ff, 0x80000000, 0x9d8, 0x5, 0x800, 0xffff, 0x3ff, 0x5, 0xbb70000000, 0x9, 0x2, 0x20, 0x8, 0xffffffff, 0x7, 0x6, 0x6, 0x7, 0x7, 0x100000001, 0x9, 0x9, 0x1, 0x7, 0x1, 0x4, 0x8, 0xf6f, 0xffffffff, 0x669, 0x367, 0xfffffffffffffff2, 0x6, 0xfffffffffffffffd, 0x2, 0x10000000000000, 0x100000001, 0x3f, 0x4e1e, 0x81, 0x221, 0x2, 0x3ff, 0x9, 0x95f, 0x1000, 0x800, 0x2, 0x2, 0x7, 0x0, 0x1, 0x0, 0x2ae6, 0x5, 0x8, 0x5, 0x1000, 0x2, 0x35, 0xffff, 0x5, 0x9, 0x791e, 0x3, 0x6, 0x3740a392, 0xfffffffffffffffa, 0x4, 0x800, 0x9, 0x101, 0x3, 0x10000, 0x3, 0x40, 0xc4, 0x7f, 0x1000, 0x33, 0xce, 0x401, 0x4, 0x10000, 0x5c1, 0x5, 0x15, 0xac, 0x7, 0x3, 0xff, 0x7fff, 0x2, 0x9, 0xf460, 0x40, 0x3, 0x5, 0x2, 0x2, 0x0, 0x3, 0xffffffff, 0x482, 0x9, 0x8, 0x14d463c1, 0x3f, 0x9, 0x34e6, 0x7e8, 0x698, 0x2, 0x1, 0x0, 0x81, 0x7f, 0xcb6b, 0x7, 0x0, 0x8, 0x7, 0x20, 0x35, 0x8268, 0x5, 0x7, 0x1, 0x401, 0x8, 0x8, 0x2, 0x10001, 0x3, 0x101, 0x1, 0x4, 0x100000001, 0x9, 0x400, 0xfffffffffffffffb, 0x8], 0x3, [{[0x8, 0x18d], @dev={0xac, 0x14, 0x14, 0x13}}, {[0x7fff, 0xc51], @broadcast=0xffffffff}, {[0x6, 0xfff], @multicast1=0xe0000001}]}}}}]}, [@common=@nflog={'nflog\x00', 0x50, {{0x5, 0x1, 0x2, 0x0, 0x0, "aeeb3920f8ee6df703604f0cf06b7982e1b8b5551d7b600bc49c2f68e94ed356c51b7fa66bc564e76f0740f6be12869a421afffd0a96fe7ba8727b89ada277a0"}}}]}, @common=@LED={'LED\x00', 0x28, {{'syz1\x00', 0x1, 0x1ff, 0xc661}}}}, {{{0x13, 0x40, 0x4, 'syzkaller0\x00', 'syzkaller1\x00', 'ip6tnl0\x00', 'ip6tnl0\x00', @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [0x0, 0xff, 0x0, 0xff, 0x0, 0xff], @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [0xff, 0xff, 0xff], 0xc0, 0xf0, 0x140, [@ipvs={'ipvs\x00', 0x28, {{@ipv4=@loopback=0x7f000001, [0x0, 0x0, 0x0, 0xffffff00], 0x4e24, 0x4, 0x4, 0x4e21, 0x8, 0x20}}}]}, [@common=@STANDARD={'\x00', 0x8, {0xfffffffffffffffb}}]}, @common=@LED={'LED\x00', 0x28, {{'syz0\x00', 0x1, 0x4, 0xffffffff}}}}]}, {0x0, '\x00', 0x4, 0xfffffffffffffffe, 0x1, [{{{0x9, 0x52, 0x890e, 'gre0\x00', 'bcsh0\x00', 'bcsh0\x00', 'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xf}, [0xff, 0xff, 0xff, 0xff, 0xff], @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [0x0, 0x0, 0x0, 0xff, 0xff, 0xff], 0x70, 0xe8, 0x120}, [@common=@RATEEST={'RATEEST\x00', 0x20, {{'syz1\x00', 0x8000, 0x8}}}, @common=@redirect={'redirect\x00', 0x8, {{0xffffffffffffffff}}}]}, @common=@dnat={'dnat\x00', 0x10, {{@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x1a}, 0x10}}}}]}]}, 0x1190) ioctl$VHOST_GET_VRING_BASE(r2, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) socket$inet_dccp(0x2, 0x6, 0x0) r4 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r4, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:50 executing program 5 (fault-call:12 fault-nth:32): r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:50 executing program 3: setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={0xffffffffffffffff}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r0, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r2, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r1, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r4 = dup3(r1, r3, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r4, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r2, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r5 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r5, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r5, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) [ 562.687347] FAULT_INJECTION: forcing a failure. [ 562.687347] name failslab, interval 1, probability 0, space 0, times 0 [ 562.698654] CPU: 0 PID: 6280 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 562.705927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 562.715282] Call Trace: [ 562.717881] dump_stack+0x194/0x24d [ 562.721525] ? arch_local_irq_restore+0x53/0x53 [ 562.726216] should_fail+0x8c0/0xa40 [ 562.729940] ? fault_create_debugfs_attr+0x1f0/0x1f0 2018/03/31 14:23:50 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x8, [0x8000, 0x4, 0xe6, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x18) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:50 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) [ 562.735044] ? up_read+0x40/0x40 [ 562.738435] ? find_held_lock+0x35/0x1d0 [ 562.742503] ? __lock_is_held+0xb6/0x140 [ 562.746587] ? check_same_owner+0x320/0x320 [ 562.750922] ? rcu_note_context_switch+0x710/0x710 [ 562.755861] ? alloc_vfsmnt+0x762/0x9c0 [ 562.759854] should_failslab+0xec/0x120 [ 562.763835] kmem_cache_alloc_trace+0x4b/0x740 [ 562.768436] ? cap_capable+0x1b5/0x230 [ 562.772339] shmem_fill_super+0x9a/0xa10 [ 562.776406] ? get_anon_bdev+0x2a0/0x2a0 [ 562.780480] ? shmem_remount_fs+0x750/0x750 [ 562.784808] ? get_anon_bdev+0x2a0/0x2a0 [ 562.788873] ? sget+0xda/0x120 [ 562.792071] ? shmem_remount_fs+0x750/0x750 [ 562.796398] mount_nodev+0x59/0x100 [ 562.800037] shmem_mount+0x2c/0x40 [ 562.803583] mount_fs+0x66/0x2d0 [ 562.806959] vfs_kern_mount.part.26+0xc6/0x4a0 [ 562.811528] ? may_umount+0xa0/0xa0 [ 562.815138] ? _raw_read_unlock+0x22/0x30 [ 562.819269] ? __get_fs_type+0x8a/0xc0 [ 562.823141] do_mount+0xea4/0x2bb0 [ 562.826668] ? __might_fault+0x110/0x1d0 [ 562.830727] ? copy_mount_string+0x40/0x40 [ 562.834948] ? check_same_owner+0x320/0x320 [ 562.839253] ? __check_object_size+0x8b/0x530 [ 562.843741] ? __might_sleep+0x95/0x190 [ 562.847715] ? kasan_check_write+0x14/0x20 [ 562.851939] ? _copy_from_user+0x99/0x110 [ 562.856085] ? memdup_user+0x5e/0x90 [ 562.859787] ? copy_mount_options+0x1f7/0x2e0 [ 562.864285] SyS_mount+0xab/0x120 [ 562.867730] ? copy_mnt_ns+0xb30/0xb30 [ 562.871613] do_syscall_64+0x281/0x940 [ 562.875494] ? vmalloc_sync_all+0x30/0x30 [ 562.879635] ? _raw_spin_unlock_irq+0x27/0x70 [ 562.884121] ? finish_task_switch+0x1c1/0x7e0 [ 562.888606] ? syscall_return_slowpath+0x550/0x550 [ 562.893520] ? syscall_return_slowpath+0x2ac/0x550 [ 562.898443] ? prepare_exit_to_usermode+0x350/0x350 [ 562.903443] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 562.908791] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 562.913631] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 562.918808] RIP: 0033:0x454e79 [ 562.921975] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 562.929661] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 2018/03/31 14:23:50 executing program 3: r0 = socket$inet(0x2, 0x0, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r6, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) [ 562.936909] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 562.944161] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 562.951416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 562.958666] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000020 2018/03/31 14:23:51 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x8, [0x8000, 0x4, 0xe6, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x18) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:51 executing program 0: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000001380)={0x0}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00'}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c30", 0x49) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) r5 = perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000640)={r1, @in6={{0xa, 0x4e23, 0x80, @loopback={0x0, 0x1}, 0x7}}, 0x8, 0x725, 0x4, 0x7, 0x9}, &(0x7f00000001c0)=0x98) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) dup2(r2, r5) r6 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r3, 0x40505331, &(0x7f0000000100)={{0x81, 0x8000}, {0xfa1, 0x401}, 0x5, 0x4a6c8499e2d12fb3, 0x4}) ioctl$SNDRV_CTL_IOCTL_PVERSION(r6, 0x80045500, &(0x7f0000000480)=""/232) r7 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r7, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r8 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r8, 0x0, 0xd2, &(0x7f000003affc), 0xfffffffffffffe7e) 2018/03/31 14:23:51 executing program 4: sendmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000000380)=[{&(0x7f00000006c0)="00aa932f01006e00cf960802e0001400000000ed0000170cf2a576c022b5b095b53cc4635bbfd469f3a17c1845d4621e8026dcf3f0765f9c0a7ba0c0bebcc43e7e66686818d741f128dc74749b5f23e4d3e42c5743618d20f2f418365363a4b0270468a5888992424f007ec405aae67bc29b96d1338db317e1b3e55ed459ed85424263b26f7d28d83594bb5e8ebc07b907fa1d93bec6fbd086906198ebd3d123f8e646f2b59635aed921961631d0a88196bedf46c1cb421b2c60d39fe57701cc0b3d8b3fb2e0c1ef512f97742ecbf44d", 0xd0}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x6, 0x20000) sendmsg$unix(r1, &(0x7f0000000480)={&(0x7f0000000240)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f00000003c0)=[{&(0x7f00000002c0)="90bc06759de1e547969f47355c7845894d326b8a094fa099887f6ac171eca243856301d7240d6a97ae7988213eaf8ae3b8351a8043b98eaf7014d80bf14df53cacd5807d2503a9acc16bf9e26893c9a9c49e6ac4e4ef33ae15bb920e23337b055cfea75defb810a2cdb31bd8307fc98be8372513e0207ed206c30e546b1a075a4643e110b03cf57d645951fd476877bde0e7a60f0c64b6e83c73104ac64bafc54ca812f092c61c4c6e4d0d299e5c6a19f13d1c", 0xb3}], 0x1, &(0x7f0000000400)=ANY=[@ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="20000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="eb610000"], 0x34, 0x84}, 0x40) r2 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x400, 0x0) socket$inet6(0xa, 0x0, 0x0) r3 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r3, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) listen(r3, 0x80001003) r4 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r4, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) readv(r4, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/11, 0x37}], 0x100000000000019c) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000005c0)={{{@in=@multicast2, @in=@multicast2}}, {{@in6=@mcast1}, 0x0, @in6}}, &(0x7f00000001c0)=0xe8) close(r4) r5 = accept(r3, 0x0, &(0x7f0000efaffc)) setsockopt$bt_BT_SNDMTU(r5, 0x112, 0xc, &(0x7f0000000440)=0x800, 0x2) sendmmsg(r4, &(0x7f00000000c0)=[{{&(0x7f0000000240)=@ax25={0x3, {"aba998cfc95797"}}, 0x80, &(0x7f00000016c0), 0x0, &(0x7f0000001740)}}], 0x198, 0x0) socket$can_raw(0x1d, 0x3, 0x1) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x3, 0x0, 0x8, 0x200, 0x20000800}) ioctl(r2, 0x2285, &(0x7f0000007000)='S') r6 = semget(0x3, 0x5, 0x162) semctl$GETALL(r6, 0x0, 0xd, &(0x7f00000007c0)=""/66) getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f00000004c0)={{{@in=@dev, @in6=@local}}, {{@in=@remote}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000180)=0xe8) getsockname$unix(r2, &(0x7f0000000040), &(0x7f0000000100)=0x6e) ioctl$TCSBRK(r1, 0x5409, 0xffff) 2018/03/31 14:23:51 executing program 1: r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x3e2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af10c5d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e3a08e9473a3a1d2298334f9db84cf5ab9567a83fa4a10672b3fb6a6ae54e3ceac406c24e66a91a3eaad57a2bf39157fa4540f79136b6c8acb0de192e053b31f320ba41c27b466abf47490388223a6cd3b394ab00f8d125151bdbeca8dcda9c5ea1298f4794291024870a689600000000000000000000000000"]}, 0x45a) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adf", 0xdf) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:51 executing program 3: r0 = socket$inet(0x2, 0x0, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f00000013c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d455200000000000000000000000000000000ee00000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e00ec37f039a0415243b5b30412a1745159f26b1ce29a7df0c5b8e54c61c3d453365e37d57720b452446f6df38235d9584482b9e5ce9ce63a351ad16da8b10ffcf9644ffdb8401b74083166d3de165997b862f03a42b96d3dc7a33869baa4efde41e9d20230e6bbd962b8bcfc0ba3dc2f559497301ac8ac092f2c41f46b0ee413ff19228225494efb23e0efd3d764916a6b72b6bc21e4ae9cbe91e0110beb79f51d3bc29bafdbeb19076d29e07bde5ff5ebc9e35e8fdf07b656d66762d48881ccc8b0d09d03700640f217f87bb807f13234e7b51ea90abf1278682a8aea7b3f12e9e38446b5222dea0960d93e7557d047fd42e9b3b5b7841cd698f7541f"]}, 0x4eb) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x20000, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000540)={0x2, &(0x7f0000000500)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f532860ebc37adfb22bc8b51d248b", 0xe6) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000480)='./control\x00', 0x104) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000380)='tls\x00', 0x4) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) setsockopt$inet_mreq(r6, 0x0, 0x27, &(0x7f00000001c0)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) 2018/03/31 14:23:51 executing program 2: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) r0 = socket$kcm(0x29, 0x7, 0x0) mmap(&(0x7f000013a000/0x2000)=nil, 0x2000, 0x3, 0x8031, r0, 0x0) r1 = syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x0, 0x40c02) setsockopt$inet6_dccp_buf(r1, 0x21, 0x8d, &(0x7f00000003c0)="bcbe7bc4e3e7306933e0ebf424bb0c18f67b1d1f70152dba3becb06b05d1f94171beeb7ab86b2f95c0c385f0bed967232d9c154efaac", 0x36) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) readv(r0, &(0x7f0000000340)=[{&(0x7f00000002c0)=""/93, 0x5d}], 0x1) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) r2 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x6ba, 0x10000) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000140)={0x0, 0x6, 0x5}, &(0x7f0000000200)=0x8) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000240)={r3, 0x3e00000000000000}, &(0x7f0000000280)=0x8) ioctl$TUNSETNOCSUM(r2, 0x400454c8, 0x0) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_X86_SET_MCE(r4, 0x4040ae9e, &(0x7f0000000080)={0x8200000000000000, 0xf000, 0xffffffffffffffff, 0x2, 0x12}) 2018/03/31 14:23:51 executing program 5 (fault-call:12 fault-nth:33): r0 = socket$inet(0x2, 0xfffffffffffffffc, 0x5) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000008c0)=@broute={'broute\x00', 0x20, 0x2, 0x376, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f0000000240), &(0x7f0000000bc0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006970366772657461703000000000000073797a5f74756e000000000000000000697036746e6c3000000000000000000073797a5f74756e0000000000000000000180c200000000000000ff00aaaaaaaaaabb00000000000000007000000070000000c000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000000000010073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000000000000000073797a6b616c6c65723000000000000074756e6c3000000000000000000000007369743000000000000000000000000069666230000000000000000000000000000000000000000000000000ffffffffffff00000000000000003001000080010000d0010000697036000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000ffffac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c696d69740000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000000000000000000069a99baa000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000fed326c82e6d884cae77d70815c954cff56c89a822ad167956e28b975c89cdf10bae5bc5bb3db709fd3688b24bea076af1045d14cfaa4bf892af33375652fc63890ba8234f1b5bd2eb89aa3054f4035fc7e853035a7e"]}, 0x3ee) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000b00)={r0}) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f00000005c0)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000001380)={0x0, 0x8b}, &(0x7f0000000880)=0x8) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vhost-net\x00', 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./control\x00', 0x0, 0x10}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x4000) setsockopt$packet_buf(r3, 0x107, 0x16, &(0x7f0000000080)="b4751628b34e3f25a2da5acf4a7bce8ac8682f168e92424391eda938dbd0f6ad2d49f80c85b26d7ab7c82b071ee9218e5bb30e9d645611671eac963e409b82baa6897fe19b0baf8c309074709f26183b77637f6007e729b0385cf82fbed82a135cde675ad7bf5966d850f61b0c1c0103ba5df8f40e5810324d0078538d78d16f7846cc2c58b03f1a8ca8b58116d2303fc04dbefbb20a7d1ef5770ebe87bf33cc3e154df31c21806aa2be3b2e2f4a472bdbc540e2f86fa6d0967ab77bd8f7cf8f755b88eea15e1ed07d9c031e9fd58878756360ff24ea627f", 0xd8) ioctl$int_in(r2, 0x40000000af01, &(0x7f0000c97ff8)) perf_event_open(&(0x7f000001d000)={0x2, 0x78, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000082f000)='./control\x00', 0x0) mount(&(0x7f00000003c0)='./control\x00', &(0x7f0000000400)='./control\x00', &(0x7f0000000440)='tmpfs\x00', 0x0, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r5 = dup3(r2, r4, 0x80000) pipe2(&(0x7f0000000240), 0x80000) ioctl$VHOST_GET_VRING_BASE(r5, 0xc008af12, &(0x7f0000000340)) getsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000180)=0x35b7, &(0x7f0000000200)=0x1) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r6, 0x0, 0xd2, &(0x7f000003affc), 0x3c) 2018/03/31 14:23:51 executing program 6: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f000000f000)="240000001a00030207fffd946fa283bc04eee6d87986c49727008568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/enforce\x00', 0x20202, 0x0) fallocate(r1, 0x1, 0x82a, 0x3) fallocate(r1, 0x0, 0x19e5, 0x80008) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000000c0)='h', 0x1}], 0x1, 0x0) fallocate(r1, 0x3, 0x0, 0x4c02) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000080)) pwritev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="bae73b56416df3589724a1739a1fe8179881d13cfa6c8f8747eb2e98f145ee683897c242f11fba1f14eb59bcccae5f33", 0x30}], 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001700)={0xffffffffffffffff}) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000001740)=0x8, &(0x7f0000001780)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x4e21, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x8000000000, 0x1f}, 0xd) getsockopt$sock_int(r0, 0x1, 0x608b90af4ca45eb4, &(0x7f0000000200), &(0x7f0000000140)=0x4) ioctl$sock_ifreq(0xffffffffffffffff, 0x899e, &(0x7f0000000400)={'syz_tun\x00', @ifru_settings={0x38, 0x100000000, @te1=&(0x7f00000003c0)={0x2, 0x343, 0x8, 0x9}}}) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000240)={0x7, 0x3ff, 0x3}) shutdown(0xffffffffffffffff, 0x1) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000340)={r3, 0x8, 0x9, [0x8000, 0x4, 0xe6, 0x0, 0x2, 0x6, 0xfffffffffffffc00, 0xfffffffffffffff8, 0x1]}, &(0x7f0000000380)=0x1a) recvmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@can, 0x80, &(0x7f0000000580), 0x0, &(0x7f00000000c0)=""/77, 0x4d}, 0x0) 2018/03/31 14:23:51 executing program 7: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)) nanosleep(&(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00005bfff0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8001, &(0x7f0000000040)=0xfffffffffffff030, 0x9, 0x0) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x1, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) socketpair(0x0, 0x0, 0x2, &(0x7f0000000000)) [ 563.555580] FAULT_INJECTION: forcing a failure. [ 563.555580] name failslab, interval 1, probability 0, space 0, times 0 [ 563.567392] CPU: 0 PID: 6331 Comm: syz-executor5 Not tainted 4.16.0-rc7+ #373 [ 563.574675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 563.584038] Call Trace: [ 563.586639] dump_stack+0x194/0x24d [ 563.590279] ? arch_local_irq_restore+0x53/0x53 [ 563.594974] should_fail+0x8c0/0xa40 [ 563.598704] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 563.603811] ? memset+0x31/0x40 [ 563.607102] ? perf_trace_lock+0x4d6/0x900 [ 563.611334] ? find_held_lock+0x35/0x1d0 [ 563.615391] ? __lock_is_held+0xb6/0x140 [ 563.619465] ? check_same_owner+0x320/0x320 [ 563.623788] ? rcu_note_context_switch+0x710/0x710 [ 563.628730] should_failslab+0xec/0x120 [ 563.632703] kmem_cache_alloc+0x47/0x760 [ 563.636758] ? shmem_reserve_inode+0xbf/0x100 [ 563.641238] ? lock_downgrade+0x980/0x980 [ 563.645374] ? print_irqtrace_events+0x270/0x270 [ 563.650119] ? shmem_destroy_callback+0xa0/0xa0 [ 563.654780] shmem_alloc_inode+0x1b/0x40 [ 563.658835] alloc_inode+0x65/0x180 [ 563.662454] new_inode_pseudo+0x69/0x190 [ 563.666512] ? prune_icache_sb+0x1a0/0x1a0 [ 563.670731] ? lock_release+0xa40/0xa40 [ 563.674691] ? mark_held_locks+0xaf/0x100 [ 563.678826] new_inode+0x1c/0x40 [ 563.682184] shmem_get_inode+0xe1/0x920 [ 563.686148] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 563.691157] ? shmem_fh_to_dentry+0x150/0x150 [ 563.695648] ? mark_held_locks+0xaf/0x100 [ 563.699790] ? __raw_spin_lock_init+0x1c/0x100 [ 563.704379] ? prandom_u32_state+0x13/0x180 [ 563.708699] ? prandom_bytes_state+0x89/0x120 [ 563.713185] ? __lockdep_init_map+0xe4/0x650 [ 563.717585] shmem_fill_super+0x6ae/0xa10 [ 563.721716] ? shmem_remount_fs+0x750/0x750 [ 563.726028] ? get_anon_bdev+0x2a0/0x2a0 [ 563.730078] ? sget+0xda/0x120 [ 563.733251] ? __get_fs_type+0x8a/0xc0 [ 563.737141] ? shmem_remount_fs+0x750/0x750 [ 563.741442] mount_nodev+0x59/0x100 [ 563.745065] shmem_mount+0x2c/0x40 [ 563.748600] mount_fs+0x66/0x2d0 [ 563.751964] vfs_kern_mount.part.26+0xc6/0x4a0 [ 563.756542] ? may_umount+0xa0/0xa0 [ 563.760164] ? _raw_read_unlock+0x22/0x30 [ 563.764304] ? __get_fs_type+0x8a/0xc0 [ 563.768195] do_mount+0xea4/0x2bb0 [ 563.771727] ? __might_fault+0x110/0x1d0 [ 563.775793] ? copy_mount_string+0x40/0x40 [ 563.780022] ? check_same_owner+0x320/0x320 [ 563.784338] ? __check_object_size+0x8b/0x530 [ 563.788824] ? __might_sleep+0x95/0x190 [ 563.792784] ? kasan_check_write+0x14/0x20 [ 563.797006] ? _copy_from_user+0x99/0x110 [ 563.801156] ? memdup_user+0x5e/0x90 [ 563.804854] ? copy_mount_options+0x1f7/0x2e0 [ 563.809342] SyS_mount+0xab/0x120 [ 563.812785] ? copy_mnt_ns+0xb30/0xb30 [ 563.816653] do_syscall_64+0x281/0x940 [ 563.820526] ? vmalloc_sync_all+0x30/0x30 [ 563.824654] ? _raw_spin_unlock_irq+0x27/0x70 [ 563.829130] ? finish_task_switch+0x1c1/0x7e0 [ 563.833631] ? syscall_return_slowpath+0x550/0x550 [ 563.838559] ? syscall_return_slowpath+0x2ac/0x550 [ 563.843489] ? prepare_exit_to_usermode+0x350/0x350 [ 563.848509] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 563.853871] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 563.858708] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 563.863886] RIP: 0033:0x454e79 [ 563.867071] RSP: 002b:00007fa1b21a7c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 563.874779] RAX: ffffffffffffffda RBX: 00007fa1b21a86d4 RCX: 0000000000454e79 [ 563.882043] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 00000000200003c0 [ 563.889300] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 563.896556] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017 [ 563.903802] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000021 [ 563.912579] kasan: CONFIG_KASAN_INLINE enabled [ 563.917668] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 563.925073] general protection fault: 0000 [#1] SMP KASAN [ 563.930591] Dumping ftrace buffer: [ 563.934103] (ftrace buffer empty) [ 563.937793] Modules linked in: [ 563.940962] CPU: 1 PID: 6347 Comm: syz-executor6 Not tainted 4.16.0-rc7+ #373 [ 563.948204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 563.957538] RIP: 0010:shmem_unused_huge_count+0x8e/0x100 [ 563.962961] RSP: 0018:ffff8801af13f3f8 EFLAGS: 00010206 [ 563.968297] RAX: dffffc0000000000 RBX: 1ffff10035e27e80 RCX: ffffffff8193ee17 [ 563.975544] RDX: 0000000000000021 RSI: ffffc900074eb000 RDI: 0000000000000108 [ 563.982798] RBP: ffff8801af13f478 R08: ffff8801d8b51e58 R09: 1ffff10035e27e69 [ 563.990050] R10: ffff8801af13f310 R11: 0000000000000001 R12: 0000000000000000 [ 563.997294] R13: dffffc0000000000 R14: ffff88017c61b1f0 R15: 0000000000000000 [ 564.004548] FS: 00007f6dc6f7d700(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000 [ 564.012759] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 564.018614] CR2: ffffffffff600400 CR3: 00000001b93bf004 CR4: 00000000001606e0 [ 564.025869] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 564.033113] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 564.040444] Call Trace: [ 564.043022] ? shmem_free_inode+0xc0/0xc0 [ 564.047161] ? _raw_spin_unlock+0x22/0x30 [ 564.051291] ? list_lru_count_one+0x163/0x1f0 [ 564.055771] ? shmem_free_inode+0xc0/0xc0 [ 564.059898] super_cache_count+0x96/0x280 [ 564.064033] shrink_slab.part.46+0x30c/0xe80 [ 564.068421] ? throttle_direct_reclaim+0x890/0x890 [ 564.073337] ? __lock_is_held+0xb6/0x140 [ 564.077383] ? current_may_throttle+0x210/0x210 [ 564.082040] ? mem_cgroup_iter+0x2f0/0xbd0 [ 564.086258] ? shrink_active_list+0x15e0/0x15e0 [ 564.090901] ? mem_cgroup_nr_lru_pages+0x80/0x80 [ 564.095630] ? print_irqtrace_events+0x270/0x270 [ 564.100370] shrink_slab+0x9d/0xb0 [ 564.103892] shrink_node+0x51e/0xf70 [ 564.107590] ? shrink_node_memcg+0x1690/0x1690 [ 564.112144] ? get_monotonic_coarse64+0x470/0x470 [ 564.116966] ? __queue_work+0x5b4/0x1230 [ 564.121013] ? lock_downgrade+0x980/0x980 [ 564.125142] do_try_to_free_pages+0x383/0x1020 [ 564.129701] ? rcu_pm_notify+0xc0/0xc0 [ 564.133560] ? shrink_node+0xf70/0xf70 [ 564.137421] try_to_free_mem_cgroup_pages+0x44d/0xb40 [ 564.142588] ? try_to_free_pages+0x9c0/0x9c0 [ 564.146984] ? cgroup_file_notify+0x5e/0x70 [ 564.151288] ? lock_downgrade+0x980/0x980 [ 564.155425] ? lock_release+0xa40/0xa40 [ 564.159377] ? lock_release+0xa40/0xa40 [ 564.163324] ? kernfs_get+0xe1/0x130 [ 564.167013] ? do_raw_spin_trylock+0x190/0x190 [ 564.171585] ? _raw_spin_unlock_irqrestore+0x31/0xc0 [ 564.176675] ? trace_hardirqs_on+0xd/0x10 [ 564.180804] reclaim_high.constprop.64+0x1e2/0x330 [ 564.185709] ? mem_cgroup_from_task+0x1e0/0x1e0 [ 564.190361] ? exit_to_usermode_loop+0x8c/0x2f0 [ 564.195005] mem_cgroup_handle_over_high+0x8d/0x130 [ 564.199998] exit_to_usermode_loop+0x242/0x2f0 [ 564.204560] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 564.210077] ? fput+0xd2/0x140 [ 564.213248] ? SyS_fallocate+0x6a/0x90 [ 564.217114] do_syscall_64+0x6ec/0x940 [ 564.220983] ? vmalloc_sync_all+0x30/0x30 [ 564.225107] ? _raw_spin_unlock_irq+0x27/0x70 [ 564.229575] ? finish_task_switch+0x1c1/0x7e0 [ 564.234041] ? syscall_return_slowpath+0x550/0x550 [ 564.238947] ? syscall_return_slowpath+0x2ac/0x550 [ 564.243858] ? prepare_exit_to_usermode+0x350/0x350 [ 564.248854] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 564.254206] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 564.259035] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 564.264196] RIP: 0033:0x454e79 [ 564.267359] RSP: 002b:00007f6dc6f7cc68 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 564.275049] RAX: 0000000000000000 RBX: 00007f6dc6f7d6d4 RCX: 0000000000454e79 [ 564.282306] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000014 [ 564.289564] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 564.296812] R10: 0000000000004c02 R11: 0000000000000246 R12: 00000000ffffffff [ 564.304073] R13: 000000000000007d R14: 00000000006f2c58 R15: 0000000000000000 [ 564.311326] Code: c1 e8 03 42 80 3c 28 00 75 6f 4d 8b a4 24 80 06 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d bc 24 08 01 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 5e 48 8d 7d a8 48 ba 00 00 00 00 00 fc ff df 49 [ 564.330483] RIP: shmem_unused_huge_count+0x8e/0x100 RSP: ffff8801af13f3f8 [ 564.337454] ---[ end trace fc712ecef23c80b8 ]--- [ 564.342217] Kernel panic - not syncing: Fatal exception [ 564.348015] Dumping ftrace buffer: [ 564.351531] (ftrace buffer empty) [ 564.355231] Kernel Offset: disabled [ 564.358833] Rebooting in 86400 seconds..