[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 15.415985] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.094609] random: sshd: uninitialized urandom read (32 bytes read) [ 20.373768] random: sshd: uninitialized urandom read (32 bytes read) [ 21.152689] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.35' (ECDSA) to the list of known hosts. [ 26.574882] random: sshd: uninitialized urandom read (32 bytes read) 2018/07/09 22:26:54 fuzzer started [ 27.676392] random: cc1: uninitialized urandom read (8 bytes read) 2018/07/09 22:26:56 dialing manager at 10.128.0.26:44551 2018/07/09 22:26:59 syscalls: 1785 2018/07/09 22:26:59 code coverage: enabled 2018/07/09 22:26:59 comparison tracing: enabled 2018/07/09 22:26:59 setuid sandbox: enabled 2018/07/09 22:26:59 namespace sandbox: enabled 2018/07/09 22:26:59 fault injection: enabled 2018/07/09 22:26:59 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/07/09 22:26:59 net packed injection: enabled [ 32.740124] random: crng init done 22:27:56 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x163882) connect$pptp(0xffffffffffffffff, &(0x7f0000000100)={0x18, 0x2, {0x1, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x1e) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x0) syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) dup3(r1, r0, 0x0) 22:27:56 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") 22:27:56 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000100)={0x20003}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 22:27:56 executing program 4: perf_event_open(&(0x7f0000000040)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timer_create(0xfffffffffffffffd, &(0x7f0000000380)={0x0, 0x0, 0x1}, &(0x7f00000002c0)) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1) timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x989680}}, &(0x7f0000040000)) 22:27:56 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r1, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x9}, 0x1c) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f00000003c0)=[{0x10}], 0x10}, 0x0) 22:27:56 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(&(0x7f0000000200)='./bus\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, &(0x7f0000000d40)) 22:27:56 executing program 1: r0 = gettid() r1 = inotify_init1(0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) readv(r1, &(0x7f0000000440)=[{&(0x7f0000000380)=""/189, 0xbd}], 0x1) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") close(r1) openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x0, 0x0) tkill(r0, 0x1000000000016) 22:27:56 executing program 2: r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000002000010000000000000000000200000000000000000000f7030000000800040000000000da53438eeb303fb58881238e0ec441278653bf492247380d50a78db065cb2cbb1318a47149b3eb105dd3be27086acf65dcf824c6925a4bda757d17c931baad38c764461f2f1efdfc1c458193e1e73e865e1f4ca6a6972a8ac36d05ebf534c872466a761c464963d9a11d6cf0d78deb1df1deaaab62d5b096933ac49ceb062d2ecc8e92a8ceaf8038f03c390a6ff389dc79f8c1c3ef254eabac2f75000000"], 0x1}, 0x1}, 0x0) [ 89.280337] IPVS: ftp: loaded support on port[0] = 21 [ 89.332580] IPVS: ftp: loaded support on port[0] = 21 [ 89.348495] IPVS: ftp: loaded support on port[0] = 21 [ 89.373193] IPVS: ftp: loaded support on port[0] = 21 [ 89.413662] IPVS: ftp: loaded support on port[0] = 21 [ 89.422858] IPVS: ftp: loaded support on port[0] = 21 [ 89.434433] IPVS: ftp: loaded support on port[0] = 21 [ 89.436073] IPVS: ftp: loaded support on port[0] = 21 [ 91.007415] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.013814] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.036936] device bridge_slave_0 entered promiscuous mode [ 91.047985] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.054415] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.061669] device bridge_slave_0 entered promiscuous mode [ 91.070487] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.076839] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.086763] device bridge_slave_0 entered promiscuous mode [ 91.105412] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.111783] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.125957] device bridge_slave_0 entered promiscuous mode [ 91.133184] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.139541] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.150081] device bridge_slave_0 entered promiscuous mode [ 91.166481] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.173075] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.193072] device bridge_slave_0 entered promiscuous mode [ 91.201421] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.207770] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.217453] device bridge_slave_1 entered promiscuous mode [ 91.223819] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.230190] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.238525] device bridge_slave_1 entered promiscuous mode [ 91.245938] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.252301] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.261101] device bridge_slave_1 entered promiscuous mode [ 91.269665] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.276050] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.283576] device bridge_slave_0 entered promiscuous mode [ 91.291396] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.297754] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.304952] device bridge_slave_0 entered promiscuous mode [ 91.314577] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.320997] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.330961] device bridge_slave_1 entered promiscuous mode [ 91.338354] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.344734] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.354718] device bridge_slave_1 entered promiscuous mode [ 91.362897] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 91.371405] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 91.378390] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.384771] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.412716] device bridge_slave_1 entered promiscuous mode [ 91.419245] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 91.426466] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.432833] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.452692] device bridge_slave_1 entered promiscuous mode [ 91.460921] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 91.469996] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 91.482236] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 91.490523] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 91.497543] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.503933] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.534224] device bridge_slave_1 entered promiscuous mode [ 91.544866] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 91.559887] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 91.572556] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 91.587173] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 91.607328] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 91.633743] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 91.665067] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 91.708182] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 91.747663] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 91.774363] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 91.825416] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 91.857332] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 91.868656] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 91.926175] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 91.938313] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 91.947083] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 91.957500] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 91.968605] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 91.979410] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 92.031126] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 92.051611] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 92.107543] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 92.136289] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 92.152326] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 92.254374] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 92.403335] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 92.430328] team0: Port device team_slave_0 added [ 92.492096] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 92.509602] team0: Port device team_slave_0 added [ 92.526260] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 92.535472] team0: Port device team_slave_0 added [ 92.543412] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 92.554269] team0: Port device team_slave_0 added [ 92.560826] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 92.570285] team0: Port device team_slave_1 added [ 92.593541] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 92.611727] team0: Port device team_slave_1 added [ 92.624630] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 92.639783] team0: Port device team_slave_0 added [ 92.645064] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 92.655257] team0: Port device team_slave_0 added [ 92.662440] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 92.676540] team0: Port device team_slave_1 added [ 92.683524] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 92.691333] team0: Port device team_slave_0 added [ 92.709446] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 92.716399] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 92.727176] team0: Port device team_slave_1 added [ 92.739199] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 92.752196] team0: Port device team_slave_1 added [ 92.765437] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 92.772653] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 92.784877] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 92.792580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 92.801503] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 92.809655] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 92.816665] team0: Port device team_slave_1 added [ 92.824487] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 92.833241] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 92.841484] team0: Port device team_slave_0 added [ 92.847565] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 92.859082] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 92.865877] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 92.876511] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 92.896363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 92.910827] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 92.918378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 92.925952] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 92.933575] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 92.940789] team0: Port device team_slave_1 added [ 92.947226] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 92.954289] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 92.962300] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 92.975370] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 92.982213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 92.991309] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 93.004360] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 93.012841] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 93.020466] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 93.028865] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 93.044406] team0: Port device team_slave_1 added [ 93.057082] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 93.073142] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 93.081520] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 93.089250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 93.096830] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 93.104394] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 93.112542] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 93.119782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 93.127611] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 93.135822] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 93.144717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 93.152543] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 93.161752] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 93.168644] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 93.176360] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 93.185163] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 93.195478] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 93.202976] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 93.210857] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 93.230467] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 93.260541] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 93.271065] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 93.279392] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 93.287216] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 93.294576] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 93.302298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 93.309901] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 93.317493] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 93.324807] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 93.332386] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 93.342310] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 93.357203] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 93.366293] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 93.373695] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 93.389686] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 93.419479] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 93.431467] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 93.439600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 93.447528] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 93.455291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 93.464485] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 93.471889] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 93.479594] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 93.487592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 93.498845] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 93.506851] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 93.516275] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 93.524871] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 93.533697] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 93.543668] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 93.551352] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 93.564185] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 93.581469] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 93.613372] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 93.623284] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 93.632925] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 93.640559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 93.648472] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 93.656200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 93.663852] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 93.671779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 93.679789] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 93.687042] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 93.695231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 93.707943] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 93.717533] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 93.727467] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 93.750813] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 93.772599] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 93.786270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 94.513240] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.519640] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.526274] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.532635] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.555041] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 94.636208] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.642606] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.649233] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.655601] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.668336] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 94.685315] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.691696] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.698320] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.704675] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.730605] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 94.739370] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.745729] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.752335] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.758675] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.766415] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 94.781122] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 94.788723] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 94.796635] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 94.804284] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 94.819636] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.826000] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.832606] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.838943] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.879872] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 94.902429] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.908807] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.915431] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.921776] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.930330] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 94.943514] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.949885] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.956511] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.962867] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.002804] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 95.024810] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.031197] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.037813] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.044153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.070976] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 95.841255] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 95.854388] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 95.869953] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 95.877324] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 98.408628] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.619835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.636416] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.672992] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.723886] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.791609] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 98.818741] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.843112] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.863447] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.982520] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 98.999564] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 99.048716] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 99.117229] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 99.141588] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 99.152095] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 99.159773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 99.192660] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 99.234769] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 99.258767] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 99.371621] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 99.377822] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 99.390797] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 99.405967] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 99.412727] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 99.427059] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 99.441928] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 99.450069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 99.458280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 99.526340] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 99.532520] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 99.540373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 99.560397] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.628683] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 99.634871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 99.644686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 99.668141] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 99.676262] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 99.688390] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 99.719462] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 99.725878] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 99.739418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 99.754856] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.826276] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.945421] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.967383] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.056214] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.077110] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.113180] 8021q: adding VLAN 0 to HW filter on device team0 22:28:09 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000100)="025cc83d6d345f96362070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0x13, &(0x7f0000000040), 0x4) 22:28:09 executing program 2: 22:28:09 executing program 5: 22:28:09 executing program 2: [ 101.952149] syz-executor5 (6500) used greatest stack depth: 17152 bytes left 22:28:09 executing program 5: r0 = memfd_create(&(0x7f0000000200)='\x00', 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10, r0, 0x0) 22:28:09 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r1) r2 = creat(&(0x7f0000000700)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x6100) ftruncate(r2, 0x2081ff) r3 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r2, r4, &(0x7f0000d83ff8), 0x8000fffffffe) fallocate(r3, 0x10, 0x0, 0x400) 22:28:09 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") capget(&(0x7f0000000080)={0x19980330}, &(0x7f0000000100)) 22:28:09 executing program 6: r0 = socket$inet6(0xa, 0x803, 0x5) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000f68000)={@mcast1={0xff, 0x1, [], 0x1}, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f000089b000)=0xffffffffffffffff, 0x4) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") connect$inet6(r0, &(0x7f000000cfe4)={0xa, 0x0, 0x807}, 0x1c) sendmmsg(r0, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f0000000480), 0x0, &(0x7f0000000500)=[{0x10}], 0x10}}], 0x1, 0x0) [ 102.130073] capability: warning: `syz-executor5' uses 32-bit capabilities (legacy support in use) [ 102.307295] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16534 22:28:10 executing program 0: 22:28:10 executing program 2: pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000b40)=ANY=[@ANYBLOB="13"], 0x1) mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c}) vmsplice(r0, &(0x7f00000000c0)=[{&(0x7f0000000240)='P', 0x1}], 0x1, 0x0) 22:28:10 executing program 5: 22:28:10 executing program 4: 22:28:10 executing program 6: 22:28:10 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") 22:28:10 executing program 7: 22:28:10 executing program 1: 22:28:10 executing program 5: 22:28:10 executing program 7: 22:28:10 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8, 0x1b}]}, 0x28}, 0x1}, 0x0) read(r0, &(0x7f00000002c0)=""/71, 0xd) 22:28:10 executing program 1: pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) close(r0) socket$unix(0x1, 0x1, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000000)="eb9d63427abb1b872a44441beaa12f32", 0x10) 22:28:10 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=@getaddr={0x14, 0x16, 0x301}, 0x14}, 0x1}, 0x0) 22:28:10 executing program 6: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x3, 0x402) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000a40)='/dev/input/mice\x00', 0x0, 0x0) write$binfmt_elf32(r0, &(0x7f0000000040)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x20}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x2, 0x800}]}, 0x78) readv(r1, &(0x7f0000000400), 0x0) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000380)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) 22:28:10 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") [ 103.046270] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16549 22:28:10 executing program 5: r0 = memfd_create(&(0x7f0000000200)='\x00', 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xfffffffffffffffe, 0x5011, r0, 0x0) ftruncate(r0, 0x0) 22:28:10 executing program 7: open(&(0x7f0000000040)='./file0\x00', 0x42, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) write$P9_RLERRORu(r0, &(0x7f0000000380)=ANY=[], 0x0) [ 103.195826] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 103.222567] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 103.273760] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16526 [ 103.276686] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 22:28:11 executing program 2: 22:28:11 executing program 1: perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0xc4800) 22:28:11 executing program 4: 22:28:11 executing program 6: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x3, 0x402) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000a40)='/dev/input/mice\x00', 0x0, 0x0) write$binfmt_elf32(r0, &(0x7f0000000040)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x20}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x2, 0x800}]}, 0x78) readv(r1, &(0x7f0000000400), 0x0) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000380)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) 22:28:11 executing program 5: 22:28:11 executing program 7: 22:28:11 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") 22:28:11 executing program 0: 22:28:11 executing program 5: 22:28:11 executing program 0: perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000008c0)=""/246) preadv(r0, &(0x7f0000000540)=[{&(0x7f0000000400)=""/147, 0x93}], 0x1, 0x0) 22:28:11 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000100)="025cc83d6d345f96362070") perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000040), 0x3) 22:28:11 executing program 1: sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="6954688be9d7db01954f24a180faff1f00", @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\r\x00\x00\x00'], 0x2}, 0x1}, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x14104a, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000974fee)='/dev/input/event#\x00', 0x0, 0x101002) write$evdev(r0, &(0x7f0000000080)=[{{}, 0x1, 0x74, 0x2}, {}], 0xfcf2) sendfile(r1, r0, &(0x7f0000000000), 0x100000001) 22:28:11 executing program 4: 22:28:11 executing program 6: 22:28:11 executing program 2: [ 103.998243] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16545 22:28:11 executing program 5: 22:28:11 executing program 4: 22:28:11 executing program 6: 22:28:11 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") 22:28:11 executing program 7: 22:28:11 executing program 2: 22:28:11 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000000c0), 0x4) sendmsg$key(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x10, 0x0, 0x0, 0x2}, 0x10}, 0x1}, 0x0) sendmsg$key(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="020a0000020000000000000000000084"], 0x10}, 0x1}, 0x0) 22:28:11 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket(0xa, 0x1, 0x0) getsockopt$inet6_mreq(r1, 0x29, 0x1a, &(0x7f0000001400), &(0x7f0000000200)=0x14) 22:28:11 executing program 0: mkdir(&(0x7f0000000980)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r1 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) lseek(r1, 0x0, 0x2000000000000003) close(r0) [ 104.155764] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16544 22:28:11 executing program 4: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f000000a000)='./file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f00000007c0)) chroot(&(0x7f0000000040)='./file0\x00') perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x70024000, &(0x7f0000000180), &(0x7f0000000080), &(0x7f0000000000), &(0x7f0000000240)) 22:28:12 executing program 7: 22:28:12 executing program 6: 22:28:12 executing program 2: 22:28:12 executing program 5: 22:28:12 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") mremap(&(0x7f000000a000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000005000/0x2000)=nil) mremap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f000000a000/0x1000)=nil) 22:28:12 executing program 0: r0 = socket$inet6(0xa, 0x100000003, 0x80000000000006) sendto$inet6(r0, &(0x7f0000000000), 0xffa7, 0x0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0x0, 0x8}}, 0x1c) 22:28:12 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") 22:28:12 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_ifreq(r0, 0x8913, &(0x7f0000000700)={'ip6_vti0\x00', @ifru_addrs=@hci={0x1f}}) 22:28:12 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'lo\x00'}) sendmsg$nl_route(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="3400000014002799000000000000000002000000", @ANYBLOB="08000200e9ff0000f7ff00210000"], 0x2}, 0x1}, 0x0) 22:28:12 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f0000000380)="000000000000000000000000000000768e05f7c155ad7dc6947c573e5a69244e76382c0aa63d575ea3597f8b1728277ef76b30254d7ba92dcf978f1f81dc1b7f8f7b3451dada02ecb4f1ddcc8b5241da8945666e0073c25a6287c64dbea37a", 0x0) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000100)='\'', 0x1}], 0x1, 0x81806) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000240), 0x20000102000007) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) 22:28:12 executing program 2: pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) close(r0) socket$unix(0x1, 0x1, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000040)=0x2, 0x4) 22:28:12 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000180)='/dev/input/event#\x00', 0x0, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)}) dup2(r1, r0) [ 104.367998] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16533 22:28:12 executing program 7: r0 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x71}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={&(0x7f0000de2ff4)={0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000000)={0x14}, 0x14}, 0x1}, 0x0) dup2(r0, r1) 22:28:12 executing program 6: 22:28:12 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000180)='/dev/input/event#\x00', 0x0, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)}) dup2(r1, r0) 22:28:12 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000498000)={&(0x7f0000d55000)={0x10}, 0xc, &(0x7f00008b7ff0)={&(0x7f0000000080)={0x14, 0x2, 0x1, 0x800000001}, 0x14}, 0x1}, 0x0) 22:28:12 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000180)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0xffffffffffffffff}) [ 104.484106] print_req_error: I/O error, dev loop0, sector 0 [ 104.489897] Buffer I/O error on dev loop0, logical block 0, lost async page write [ 104.497594] print_req_error: I/O error, dev loop0, sector 8 [ 104.503332] Buffer I/O error on dev loop0, logical block 1, lost async page write [ 104.511030] print_req_error: I/O error, dev loop0, sector 16 [ 104.516852] Buffer I/O error on dev loop0, logical block 2, lost async page write [ 104.524621] print_req_error: I/O error, dev loop0, sector 24 22:28:12 executing program 2: r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) 22:28:12 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") [ 104.530442] Buffer I/O error on dev loop0, logical block 3, lost async page write [ 104.538113] print_req_error: I/O error, dev loop0, sector 32 [ 104.543948] Buffer I/O error on dev loop0, logical block 4, lost async page write [ 104.551615] print_req_error: I/O error, dev loop0, sector 40 [ 104.557434] Buffer I/O error on dev loop0, logical block 5, lost async page write [ 104.565105] print_req_error: I/O error, dev loop0, sector 48 [ 104.570931] Buffer I/O error on dev loop0, logical block 6, lost async page write [ 104.578599] print_req_error: I/O error, dev loop0, sector 56 22:28:12 executing program 6: perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_settime(0x0, &(0x7f0000000000)={0x0, 0x989680}) [ 104.584420] Buffer I/O error on dev loop0, logical block 7, lost async page write [ 104.592122] print_req_error: I/O error, dev loop0, sector 64 [ 104.598278] Buffer I/O error on dev loop0, logical block 8, lost async page write [ 104.605939] print_req_error: I/O error, dev loop0, sector 72 [ 104.611759] Buffer I/O error on dev loop0, logical block 9, lost async page write 22:28:12 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:12 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000180)='/dev/input/event#\x00', 0x0, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)}) dup2(r1, r0) [ 104.644772] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16532 22:28:12 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)=@ipv4_newaddr={0x20, 0x14, 0x389e63cafcc39927, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r1}, [@IFA_LOCAL={0x8, 0x2, @broadcast=0xffffffff}]}, 0x20}, 0x1}, 0x0) 22:28:12 executing program 0: bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6}, 0x14) r0 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000000380)="000000000000000000000000000000768e05f7c155ad7dc6947c573e5a69244e76382c0aa63d575ea3597f8b1728277ef76b30254d7ba92dcf978f1f81dc1b7f8f7b3451dada02ecb4f1ddcc8b5241da8945666e0073c25a6287c64dbea37a", 0x0) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") pwritev(0xffffffffffffffff, &(0x7f0000000340), 0x0, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) close(r0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000240), 0x0) [ 104.686147] syz-executor4 (6722) used greatest stack depth: 17024 bytes left 22:28:12 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") 22:28:12 executing program 4: 22:28:12 executing program 5: 22:28:12 executing program 6: 22:28:12 executing program 1: 22:28:12 executing program 2: 22:28:12 executing program 4: 22:28:12 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:12 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") 22:28:12 executing program 0: bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6}, 0x14) r0 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000000380)="000000000000000000000000000000768e05f7c155ad7dc6947c573e5a69244e76382c0aa63d575ea3597f8b1728277ef76b30254d7ba92dcf978f1f81dc1b7f8f7b3451dada02ecb4f1ddcc8b5241da8945666e0073c25a6287c64dbea37a", 0x0) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") pwritev(0xffffffffffffffff, &(0x7f0000000340), 0x0, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) close(r0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000240), 0x0) 22:28:12 executing program 5: 22:28:12 executing program 6: 22:28:12 executing program 2: 22:28:12 executing program 1: 22:28:12 executing program 4: 22:28:12 executing program 6: 22:28:12 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") 22:28:12 executing program 5: 22:28:12 executing program 1: 22:28:12 executing program 0: bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6}, 0x14) r0 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000000380)="000000000000000000000000000000768e05f7c155ad7dc6947c573e5a69244e76382c0aa63d575ea3597f8b1728277ef76b30254d7ba92dcf978f1f81dc1b7f8f7b3451dada02ecb4f1ddcc8b5241da8945666e0073c25a6287c64dbea37a", 0x0) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") pwritev(0xffffffffffffffff, &(0x7f0000000340), 0x0, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) close(r0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000240), 0x0) 22:28:12 executing program 2: 22:28:12 executing program 4: 22:28:12 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:12 executing program 5: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) io_setup(0x6, &(0x7f0000000080)=0x0) io_submit(r1, 0x1, &(0x7f00000003c0)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000300)="b40f0ccb0400000000000000ab693ed7ee103afdafd73a8adb392bd09667dd03986f8e1bfcc6929232c0ffa39575a7a72233cf032444d6aa188117e439cfb854a1ba0aa2d1c57a96", 0x48}]) 22:28:12 executing program 6: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) lsetxattr(&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=@known='user.syz\x00', &(0x7f0000000340)="00ad4284cf2db2702a3bf17b9f4492b2027e02bd40dbe8e941b9f85d5a96c9409bfac625a8adcbdb96dd0618822ef869e549c522b172e60c7b9dd7e963908fc5b79f590c30203653b1caa750baadc92b6af63b71ee03b1b16bebe18977ae2b6352bda7b086cc5d96787e820b8ee8d9914f439ae942aaa964f147ae08ff5f97d29fa77e6aa1c97cc846c02b573372191a174cdba16ecd2ccfd6d1521fb37d44e94d20bfb7e17cf012d0d0f50cad4fb15487deb01e30", 0xb5, 0x0) lsetxattr(&(0x7f0000000080)='./file0\x00', &(0x7f0000000000)=@known='user.syz\x00', &(0x7f0000000280)="00ad4284cf2db2702a3bf17b9f4492b2027e02bd40dbe8e941b9f85d5a96c9409bfac625a8adcbdb96dd0618822ef869e549c522b172e60c7b9dd7e963908fc5b79f590c30203653b1caa750baadc92b6af63b71ee03b1b16bebe18977ae2b6352bda7b086cc5d96787e820b8ee8d9914f439ae942aaa964f147ae08ff5f97d29fa77e6aa1c97cc846c02b573372191a174cdba16ecd2ccfd6d1521fb37d44e94d20bfb7e17cf012d0d0f50cad4fb15487deb01e30", 0xb5, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0) setsockopt$netlink_NETLINK_RX_RING(0xffffffffffffffff, 0x10e, 0x6, &(0x7f0000000140)={0x1, 0x0, 0x5}, 0xfffffffffffffe2b) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x7) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)) 22:28:12 executing program 1: unshare(0x20020000) mkdir(&(0x7f00001a3000)='./file0\x00', 0x0) mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000040)) mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000000980)='./file0\x00', &(0x7f00000003c0)='\x00\x00\x00\x00\x00', 0x100000, &(0x7f00000009c0)) syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x7, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000002c0)) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000480)={{{@in6=@ipv4={[], [], @dev}, @in=@rand_addr}}, {{@in6=@ipv4={[], [], @rand_addr}}, 0x0, @in=@broadcast}}, &(0x7f0000000180)=0xe8) getegid() perf_event_open(&(0x7f0000000700)={0x4, 0x70, 0x131a3836, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0xa20, 0xa, 0x0, 0x0, 0x5, 0x0, 0x7, 0x6, 0x7, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x533c, 0x6, 0xf2d, 0x6, 0x3, 0x502, 0x64c7, 0xfffffffffffffff9, 0xffffffff, 0x5, 0x0, 0x5, 0x0, @perf_config_ext={0x4, 0x7}, 0x10000, 0x100000000, 0xac9, 0x5, 0x0, 0x7, 0x100000000}, 0xffffffffffffffff, 0xe, 0xffffffffffffff9c, 0x2) fstat(0xffffffffffffff9c, &(0x7f0000000840)) dup2(0xffffffffffffff9c, 0xffffffffffffffff) syz_open_dev$dspn(&(0x7f00000009c0)='/dev/dsp#\x00', 0x5, 0x40000) syz_open_dev$adsp(&(0x7f0000000a00)='/dev/adsp#\x00', 0xe63b, 0x400200) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_dev$loop(&(0x7f0000000a80)='/dev/loop#\x00', 0x5, 0x400000) mkdir(&(0x7f0000000000)='./file1\x00', 0x0) poll(&(0x7f0000000080), 0x0, 0x400007f) rename(&(0x7f0000000300)='./file1\x00', &(0x7f0000000340)='./file0\x00') 22:28:12 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$fiemap(0xffffffffffffffff, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(0xffffffffffffffff, 0x1, &(0x7f0000000000)="a0040ad8") 22:28:12 executing program 2: r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}, {{&(0x7f0000000600)=@in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x1000}, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000780)="ea", 0x1}], 0x1}}], 0x2, 0x0) 22:28:12 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000058000)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff010000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000a00000000000000ff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000319cce9e2322b74841d4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff0220000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000669028f48629cb556f38741c46e232dcbcb485e5dc159bf430200f39ccd4ca93ddabd7bd9bba3df67d7e3b0fbed79c02cd47a351919d08e7c4555234fa587123a1df8a9cae0997109271cd96289605b2c6fc594bb8eb39843dd378cd96d67fcd03b4962c4fd00fed42ae77fed6cec21eaf077ae3040581bc4340a0470e607c4db1983d6797133777f6df3ba95a534909c91189d170a3f34dfb0a23ba2a44eb1532ce0d3df06148cbf8b89e6ff12851c3d8e42f9a878dea33ac2824463ab1e36b7fb6e25005b8f8b00c3a6e7d5d3ac71b6343711092630434a4256a9353a06597a14ca9d6f0ea4d2f7499"], 0x1) 22:28:12 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000180)='/dev/input/event#\x00', 0x0, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)}) dup2(r1, r0) [ 105.198024] hrtimer: interrupt took 23008 ns 22:28:13 executing program 5: 22:28:13 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$fiemap(0xffffffffffffffff, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(0xffffffffffffffff, 0x1, &(0x7f0000000000)="a0040ad8") 22:28:13 executing program 4: 22:28:13 executing program 6: 22:28:13 executing program 2: r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}, {{&(0x7f0000000600)=@in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x1000}, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000780)="ea", 0x1}], 0x1}}], 0x2, 0x0) 22:28:13 executing program 5: 22:28:13 executing program 0: 22:28:13 executing program 4: 22:28:13 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:13 executing program 6: 22:28:13 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$fiemap(0xffffffffffffffff, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(0xffffffffffffffff, 0x1, &(0x7f0000000000)="a0040ad8") 22:28:13 executing program 1: 22:28:13 executing program 2: r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}, {{&(0x7f0000000600)=@in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x1000}, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000780)="ea", 0x1}], 0x1}}], 0x2, 0x0) 22:28:13 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/igmp\x00') preadv(r1, &(0x7f0000001700)=[{&(0x7f00000006c0)=""/3, 0x3}, {&(0x7f0000000700)=""/4096, 0x1000}], 0x2, 0x0) 22:28:13 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f0000000380)="000000000000000000000000000000768e05f7c155ad7dc6947c573e5a69244e76382c0aa63d575ea3597f8b1728277ef76b30254d7ba92dcf978f1f81dc1b7f8f7b3451dada02ecb4f1ddcc8b5241da8945666e0073c25a6287c64dbea37a", 0x0) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000100)) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000100)='\'', 0x1}], 0x1, 0x81806) sendfile(r0, r0, &(0x7f0000000240), 0x20000102000007) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) 22:28:13 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f0000000380)="000000000000000000000000000000768e05f7c155ad7dc6947c573e5a69244e76382c0aa63d575ea3597f8b1728277ef76b30254d7ba92dcf978f1f81dc1b7f8f7b3451dada02ecb4f1ddcc8b5241da8945666e0073c25a6287c64dbea37a", 0x0) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, &(0x7f00000001c0)={0x4}) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f0000000400)={0x0, @in={{0x2, 0x0, @broadcast=0xffffffff}}, 0x0, 0x0, 0x5, 0x0, 0x2}, &(0x7f0000000200)=0x98) ioctl(r2, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000100)) pwritev(0xffffffffffffffff, &(0x7f0000000340), 0x0, 0x81806) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000240), 0x20000102000007) ioctl$TUNGETFILTER(0xffffffffffffffff, 0x801054db, &(0x7f00000000c0)) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) 22:28:13 executing program 6: 22:28:13 executing program 3: socket$inet6(0xa, 0x1000000000002, 0x0) r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r0, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r0, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r0, 0x1, &(0x7f0000000000)="a0040ad8") 22:28:13 executing program 7: bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:13 executing program 1: 22:28:14 executing program 5: 22:28:14 executing program 6: 22:28:14 executing program 0: 22:28:14 executing program 2: r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}, {{&(0x7f0000000600)=@in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x1000}, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000780)="ea", 0x1}], 0x1}}], 0x2, 0x0) [ 106.239158] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16528 22:28:14 executing program 4: 22:28:14 executing program 1: 22:28:14 executing program 7: bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:14 executing program 6: 22:28:14 executing program 5: 22:28:14 executing program 1: 22:28:14 executing program 4: 22:28:14 executing program 3: socket$inet6(0xa, 0x1000000000002, 0x0) r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r0, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r0, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r0, 0x1, &(0x7f0000000000)="a0040ad8") 22:28:14 executing program 0: 22:28:14 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r1, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x9}, 0x1c) write$binfmt_elf64(r1, &(0x7f0000000440)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}], "", [[], [], [], [], [], []]}, 0x678) 22:28:14 executing program 2: sendmmsg(0xffffffffffffffff, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}, {{&(0x7f0000000600)=@in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x1000}, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000780)="ea", 0x1}], 0x1}}], 0x2, 0x0) 22:28:14 executing program 6: r0 = memfd_create(&(0x7f0000000200)='\x00', 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x5011, r0, 0x0) io_pgetevents(0x0, 0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f0000000240)={&(0x7f00000001c0), 0x8}) 22:28:14 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = dup(r0) r2 = fcntl$dupfd(r1, 0x0, r1) connect(r2, &(0x7f0000000140)=@nl=@kern={0x10}, 0x80) 22:28:14 executing program 4: r0 = perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fstat(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") setresgid(r1, 0x0, 0x0) r3 = inotify_init1(0x0) fcntl$setown(r3, 0x8, 0xffffffffffffffff) fcntl$getownex(r3, 0x10, &(0x7f0000000080)={0x0, 0x0}) ptrace$setopts(0x4206, r4, 0x0, 0x0) 22:28:14 executing program 7: bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) [ 106.490545] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16538 22:28:14 executing program 0: r0 = memfd_create(&(0x7f0000000200)='\x00', 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10, r0, 0x0) 22:28:14 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) syz_emit_ethernet(0x1, &(0x7f0000000700)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd60c22df704011100fe800000000000000000000000000000fe8000000000000000000000000000aa00004e200401000087ae00ca83452b00b32def4f1142b6793bb530f9b20e90aa25d5c2b9431efd840a07c1922833b2c789aefbbaee9f63cbab38a8acfb8dba0595ecb683e74ea2bc44a7aee9c52e18ca01c06a5c354712b8b1ff75f45ba55a3487c83849023d37e037d2d3e3e842e9ba099e9ed8775d1173d8e78335aa65d58f54c1d78d4fce897cfefa24b7f268f90be76c7f4e1bfe4d84a869353e931c3732afea55697618a1318ecb657b34172b93fd59d7988d43630cf81e976a0ea01fd8b2547ab593bc605c985f56664b84ed3c9f90ffb666e030c794e2d2d5070af38d83dc275da88cfe6910b2ded59f6c008af5d247237eceb14857c1d7c3ee32e729d9793040f8f4e432eb875a89fe31cbed117f0e76643797169fba3dac3f377d145ce97980ba626da7a279e698a9e040a22d63c535f0ee06adb59e9e06ad7295e6601f3a5fe9b581975993c6c775734212bccb26288d42a672c965d40e80d0e1908f04425a60a08241378ec7ff88315de073b64c5f9647e51732be46988e0948f12e6c560bedbece811bca501d4389dbfe20e4df5160cd7324c0670c7b3e8980b061e31b1c8461d6f7a63f9e9fd24326924c076e01631a0b9703a6106accfaa064075fa1f16e16c5171b6a324e8642b2ab76618b824110c312ab12d9f65d6a980634a6a7cba8bf89e01a91259f446232476a1c490982636b78d1300befab1a2f6e8261e07336c5692db37bb7d3cebf4a942b62f2fa6cceb7e488aa02b2e52c6f82bd3792845fff41cce52e0469d14821ce11491864860c11421a92dae3152eb23106a0c679d2b1f0a9809b56abdcf893f9531508f24e64ec911fd8e8b3c8fd2291f1a7b910222c38533d4caadac9acd194be7e53549c1719bdf668887a0e19db83b5356f8f7d93cbef1ef3505dcc40d0d2a02a2745ab518979b9c3774babfe8e70ead767c7a00289b8cc6e51d1a957548270cb3f5064961a88f61b34f9442d78ae5a8551713f9afb4269d689f9adb6b4a902a637184f7f899efe9fa0ddb45cd1076c4eeeda09baa0aea767f6b57486492951ca8dc20dcfc9cc5f56768073b3f4c2c9f543324a4fd0b8bc7b95e232bf85bf222394fa4336ab4087d7ad2dc85afa6eb79ad2624c4be6c674ee98fce9a51786b7cc2b5044de114d36d2690e13bcedf96590c7d5aeb8040b74c4d6a5aa38a7c1f0857522f4f968795056b9a7034dc3444784f9486b575e44dec3216d72845500e63297d7197961e7e593ea3411001d1d47ba42d70e7af8e91246c02d7e37ff0eb60abebc37dd00315b4fbb09e77a6b5f7e8441818ebcfafecf622731f1db8a11fa2de8e30d808bedbfee104b3b1100f5094675521da07dd2a28be7e486b325a0f0e6d75116be1bbc2aa20deb64a6e4e7b824b12d009e6f1802f5a8e31559b125d71d00a5684fbde4668f5af1eb4ca04fa7"], &(0x7f0000001780)) 22:28:14 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="025cc83d6d345f8f762070") r1 = socket(0x2, 0x3, 0x100000001) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='ip_vti0\x00', 0x10) sendto$inet(r1, &(0x7f0000000080), 0xff45, 0x0, &(0x7f00000000c0)={0x2, 0x0, @loopback=0x7f000001}, 0x10) 22:28:14 executing program 2: r0 = socket$inet6(0xa, 0x0, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}, {{&(0x7f0000000600)=@in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x1000}, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000780)="ea", 0x1}], 0x1}}], 0x2, 0x0) 22:28:14 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4) connect$inet6(r0, &(0x7f0000000080)={0xa}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x13a) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100)={0x303, 0x33}, 0x28) sendmsg(r0, &(0x7f0000001340)={&(0x7f00000001c0)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "3d086bfbef6ceccebd8b96edf863ccf3bee36de82beb7232265849e62938fbfbdea2e1ca32691724bfffaaaaddf9c9047f6581cb5830b89d16a4507a735121"}, 0x1ee, &(0x7f0000000000), 0x0, &(0x7f0000000140), 0x8a}, 0x0) r1 = accept4$inet(0xffffffffffffff9c, &(0x7f0000000000)={0x0, 0x0, @multicast2}, &(0x7f0000000140)=0x10, 0x800) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000240)='tls\x00'}, 0x10) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000002c0)={0x0, 0x9b37}, &(0x7f0000000300)=0x8) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r2, 0x84, 0x79, &(0x7f0000000340)={r3, 0xfff, 0x7ff}, 0x8) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r2, 0x80dc5521, &(0x7f0000001380)=""/4096) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000180)=[{0x3, 0x2}, {0x4}, {0x4}], 0x3) 22:28:14 executing program 3: socket$inet6(0xa, 0x1000000000002, 0x0) r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r0, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r0, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r0, 0x1, &(0x7f0000000000)="a0040ad8") 22:28:14 executing program 7: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:14 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x400080, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(r1, 0x40045731, &(0x7f0000000180)=0x8) connect$inet6(r0, &(0x7f0000000080)={0xa}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000140)='tls\x00', 0xe1) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f0000000240), &(0x7f0000000280)=0x4) socketpair$inet6(0xa, 0x6, 0x400, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r3, 0x84, 0x13, &(0x7f0000000040)=0x5, 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000100)={0x303, 0x33}, 0x28) ioctl$PERF_EVENT_IOC_ID(r1, 0x80082407, &(0x7f00000002c0)) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r2, 0x894b, &(0x7f00000001c0)) r4 = fcntl$dupfd(r0, 0x0, r0) recvmsg(r4, &(0x7f0000000440)={&(0x7f0000000340)=@sco, 0x80, &(0x7f00000002c0)}, 0x40010141) 22:28:14 executing program 0: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) bind$llc(r0, &(0x7f0000000040)={0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @link_local={0x1, 0x80, 0xc2}}, 0x10) listen(r0, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x40100, 0x0) accept4$packet(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f00000000c0)=0x14, 0x80000) setsockopt$inet6_mreq(r1, 0x29, 0x15, &(0x7f0000000100)={@mcast1={0xff, 0x1, [], 0x1}, r2}, 0x14) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000200)=""/61, 0x3d}], 0x1) 22:28:14 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f00000000c0)="295ee1311f16f477671070") r3 = accept4(r0, &(0x7f0000975000)=@can, &(0x7f0000000080)=0xfffffffffffffe43, 0x0) sendmmsg(r3, &(0x7f0000000c00), 0x70967c17166daa5c, 0x0) recvmsg(r1, &(0x7f00000016c0)={&(0x7f00000000c0)=@rc, 0x80, &(0x7f0000000440), 0x0, &(0x7f0000001640)=""/112, 0x70}, 0x0) recvmsg$kcm(r3, &(0x7f0000002700)={&(0x7f00000001c0)=@sco, 0x80, &(0x7f0000001500), 0x0, &(0x7f0000001580)=""/185, 0xb9}, 0x0) write(r1, &(0x7f0000000840), 0xff98) 22:28:14 executing program 5: mkdir(&(0x7f0000000080)='./file1\x00', 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x101000, 0x0) recvmsg$kcm(r0, &(0x7f0000001740)={0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000180)=""/230, 0xe6}, {&(0x7f0000000280)=""/185, 0xb9}, {&(0x7f00000000c0)}, {&(0x7f0000000100)=""/63, 0x3f}, {&(0x7f00000003c0)=""/4096, 0xfffffffffffffee3}, {&(0x7f00000013c0)=""/12, 0xc}, {&(0x7f0000001400)=""/2, 0x2}, {&(0x7f0000001440)=""/71, 0x47}, {&(0x7f00000014c0)=""/217, 0xd9}], 0x9, &(0x7f0000001680)=""/183, 0xb7, 0x3}, 0x20) ioctl$RTC_PLL_GET(r0, 0x80207011, &(0x7f0000001a40)) r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mknodat(r1, &(0x7f00000018c0)='./file2\x00', 0x0, 0xfffffffe) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f0000001a80)={0x3, [0x81, 0x1ff, 0x8]}, &(0x7f0000001ac0)=0xa) socketpair$inet6_dccp(0xa, 0x6, 0x0, &(0x7f0000001b00)) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000002000)={{{@in6, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in=@loopback}}, &(0x7f0000001dc0)=0x1da) fstat(r2, &(0x7f0000001900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = accept4(r0, &(0x7f0000001980)=@generic, &(0x7f0000001a00)=0x80, 0x800) r6 = dup(r5) clock_gettime(0x0, &(0x7f0000001800)={0x0, 0x0}) ppoll(&(0x7f00000017c0)=[{r5, 0xa400}, {r5}, {r6, 0x401}, {r5, 0x180}, {r0, 0x8000}], 0x5, &(0x7f0000001840)={r7, r8+10000000}, &(0x7f0000001880)={0xa57}, 0x8) fchownat(r0, &(0x7f0000001780)='./file0\x00', r3, r4, 0x1000) fcntl$notify(r1, 0x402, 0x80000040) renameat2(r1, &(0x7f0000000340)='./file0\x00', r1, &(0x7f0000000380)='./file1\x00', 0x2) setsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000140)={0x0, 0x3c0, 0x9, 0x682, 0x6, 0x1, 0x6, 0x3, 0x5, 0x6, 0x1}, 0xb) 22:28:14 executing program 2: r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}, {{&(0x7f0000000600)=@in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x1000}, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000780)="ea", 0x1}], 0x1}}], 0x2, 0x0) [ 106.671415] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16528 22:28:14 executing program 7: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:14 executing program 3: ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r0, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r0, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r0, 0x1, &(0x7f0000000000)="a0040ad8") 22:28:14 executing program 6: bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x1, 0x5, &(0x7f0000346fc8)=ANY=[@ANYBLOB="18000000000000000000000000000000af100000000b7dec24000000000000009584118635000000"], &(0x7f0000f6bffb)='GPL\x00', 0xfffffffffffffffc, 0xfb, &(0x7f00001a7f05)=""/251}, 0x48) 22:28:14 executing program 1: r0 = socket$inet6(0xa, 0x5, 0x2) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r2, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r2, 0x0) fadvise64(r2, 0x0, 0x3, 0x4) remap_file_pages(&(0x7f0000007000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00009b4fd0)={0x4, 0x0, &(0x7f0000009ff0)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f0000009000)}) r3 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r3, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x11, r7, 0x0) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000001040)={0x6, 0x0, [{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}]}) ioctl$KVM_RUN(r7, 0xae80, 0x0) connect$inet(r4, &(0x7f0000000180)={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) r8 = socket(0xa, 0x1, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r8, 0x0, 0x2a, &(0x7f0000000040)={0x2, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x88) setsockopt$inet_mreqn(r4, 0x0, 0x20, &(0x7f00000002c0)={@empty, @local={0xac, 0x14, 0x14, 0xaa}}, 0x1) setsockopt$inet6_IPV6_ADDRFORM(r8, 0x29, 0x1, &(0x7f0000000000)=0x2, 0x4) r9 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x46806dd6dd3af57c, 0x0) ioctl$PIO_UNIMAPCLR(r9, 0x4b68, &(0x7f00000001c0)={0x401, 0x9, 0x24}) r10 = dup(r3) ioctl$PERF_EVENT_IOC_ID(r10, 0x80082407, &(0x7f0000000100)) 22:28:14 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000080)={0x9, 0xffffffffffffffff, 0x0, 0xffffffffffffffff}) fcntl$dupfd(r1, 0x0, r1) 22:28:14 executing program 0: io_setup(0x100000000, &(0x7f0000000000)=0x0) prctl$setendian(0x14, 0x2) io_destroy(r0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="000000000000000000000000000000000000000000000000e0e51532000000000200880126000100000064000000000127008e030c00650000006400000000030d00f0043100c90000006400000000043200422020002d010000d306000055aa", 0x60, 0x1a0}]) 22:28:14 executing program 2: r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f0000000600)=@in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x1000}, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000780)="ea", 0x1}], 0x1}}], 0x1, 0x0) 22:28:14 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6100) pwrite64(r1, &(0x7f0000003000)="8c60641f25aede75a9ec352c51937beb9ad0a63217553aed2f1bac999911f6cd0ca86aaa8f4da209a1de9aa26002be45d746e9ae892cf9821a6136ce44c89589087937a1df0572d19f9e99cc358ace108e666462ec1282702c8447eabeb90e6e53214ea0e484dffdc3a3451db5b1f1c2197fe0066decaffb3380d20c13f3866d2114370e4fdb0991ab6b812ff27d1601637757ca24e698bfc55d0e175ee440f42b29354990d06baff85e6e707916a5b4312a9ba58b19108d0e2a9ec2dd42b43613c92d83c56bbb65c235eaca6689862f1dbdad40bf8d727f62489d5945754d3f0201257c047c6288106bf9df7448c0901d95a9ca25c4eaaa91e4eed238ff85215b6fef45e640a078904c15f21973fd72f26f9ffeabc652c16ec1b5dae2e93c31361c6983abdbef51ef4c33666a97602ff17fe1584e711a60f5a56690a4534d0dc28c700f12d7fcf9a6a382a02afdb4df845840d512da69025a2fc63fe4fe261c1bb2c7a238395a4503376ee08892a55bb9862f7f170f6b5718ddd2a4a29c5afd7083310d3038b48bd851eab32ffabcd9c42ee4d8ba4656b3bbe020505e7b40138673defd31b3c8d64abdccd6a14bdd59731ee3ef5158e6b93ff5770d9ef74808c70209878861166eea474f15f7b2807645bf3bd1f79caa4b95ec7d87b830a4f9d7f6b1f9220148391b4bd975aa17abb0bb500d2bb0aeaac213be8badb4cd1e70", 0x200, 0x0) mknodat(r1, &(0x7f0000000000)='./file0\x00', 0x1, 0x8) ioctl$int_in(r1, 0x5421, &(0x7f0000000080)=0x8) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r1, 0x10e, 0x8, &(0x7f0000000040)=0x8, 0x4) 22:28:14 executing program 3: ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r0, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r0, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r0, 0x1, &(0x7f0000000000)="a0040ad8") 22:28:14 executing program 7: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:14 executing program 2: r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0), 0x0, &(0x7f0000000540)}}, {{&(0x7f0000000600)=@in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x1000}, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000780)="ea", 0x1}], 0x1}}], 0x2, 0x0) [ 106.885306] ldm_validate_privheads(): Disk read failed. [ 106.890853] loop0: p1 p2 p3 p4 [ 106.894162] loop0: partition table partially beyond EOD, truncated 22:28:14 executing program 4: ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r0, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r0, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r0, 0x1, &(0x7f0000000000)="a0040ad8") [ 106.927399] mmap: syz-executor1 (7037) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 106.966376] loop0: p1 start 1 is beyond EOD, truncated [ 106.971752] loop0: p2 start 101 is beyond EOD, truncated 22:28:14 executing program 4: ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r0, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r0, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r0, 0x1, &(0x7f0000000000)="a0040ad8") 22:28:14 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) [ 106.978175] loop0: p3 start 201 is beyond EOD, truncated [ 106.983658] loop0: p4 start 301 is beyond EOD, truncated [ 106.992333] binder: 7035:7037 ioctl c0306201 209b4fd0 returned -14 [ 107.063535] ldm_validate_privheads(): Disk read failed. [ 107.065481] binder: 7035:7074 ioctl c0306201 209b4fd0 returned -14 [ 107.069045] loop0: p1 p2 p3 p4 [ 107.078586] loop0: partition table partially beyond EOD, truncated [ 107.101304] loop0: p1 start 1 is beyond EOD, truncated [ 107.106780] loop0: p2 start 101 is beyond EOD, truncated [ 107.112270] loop0: p3 start 201 is beyond EOD, truncated [ 107.117749] loop0: p4 start 301 is beyond EOD, truncated 22:28:15 executing program 5: r0 = socket$unix(0x1, 0x4000000001, 0x0) getsockopt$sock_timeval(r0, 0x1, 0x0, &(0x7f0000000080), &(0x7f00000000c0)=0x10) r1 = socket(0x2, 0x5, 0x0) setsockopt$inet_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000300)='tls\x00', 0x4) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffff9c, 0x84, 0x22, &(0x7f0000000000)={0x1, 0x202, 0x20a, 0x4, 0x0}, &(0x7f0000000040)=0x10) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000100)={r2, 0x100000000002}, &(0x7f0000000200)=0xffffff02) getsockopt$bt_l2cap_L2CAP_CONNINFO(r1, 0x6, 0x2, &(0x7f0000000180), &(0x7f00000001c0)=0x6) getpeername$packet(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000000240)=0x14) r4 = gettid() syz_open_procfs(r4, &(0x7f0000000340)='personality\x00') ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f0000000280)={@dev={0xfe, 0x80, [], 0x17}, @mcast1={0xff, 0x1, [], 0x1}, @remote={0xfe, 0x80, [], 0xbb}, 0x9, 0x9255, 0x3, 0x400, 0x9, 0x0, r3}) 22:28:15 executing program 6: r0 = open(&(0x7f0000000200)='./file0\x00', 0x400, 0x10) r1 = accept4$packet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000000180)=0x14, 0x80000) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000001c0)='ifb0\x00', 0x10) r2 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_udp_int(r2, 0x11, 0xb, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$inet6_mtu(r2, 0x29, 0x17, &(0x7f0000000240)=0x7, 0x4) accept4$inet6(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, @mcast1}, &(0x7f0000000040)=0x1c, 0x80000) setsockopt$inet6_buf(r2, 0x29, 0x1c, &(0x7f00000000c0)="915497d45ce000df050000005fdf14577add283b", 0x14) 22:28:15 executing program 3: ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r0, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r0, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r0, 0x1, &(0x7f0000000000)="a0040ad8") 22:28:15 executing program 2: r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)}], 0x1, &(0x7f0000000540)}}, {{&(0x7f0000000600)=@in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x1000}, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000780)="ea", 0x1}], 0x1}}], 0x2, 0x0) 22:28:15 executing program 4: ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r0, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r0, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r0, 0x1, &(0x7f0000000000)="a0040ad8") 22:28:15 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:15 executing program 0: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f00000004c0)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) ptrace(0x8, r1) ptrace(0x4207, r1) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000000)) r3 = syz_genetlink_get_family_id$fou(&(0x7f00000000c0)='fou\x00') write$P9_RAUTH(r2, &(0x7f00000001c0)={0x14, 0x67, 0x1, {0xc, 0x0, 0x3}}, 0x14) sendmsg$FOU_CMD_ADD(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r3, 0x8, 0x70bd2b, 0x25dfdbfd, {0x1}, [@FOU_ATTR_PORT={0x8, 0x1, 0x4e24}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000010}, 0x0) ptrace(0x9, r1) syz_extract_tcp_res$synack(&(0x7f0000000000), 0x1, 0x0) 22:28:15 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x1, &(0x7f0000000180)="000000e57bb7ccf1f0ddb194b7bf679ece56adcd2d2bf276640d3122e5bdcdfc41cb8dfc2025eeed3a3201b4fedc951577a756afe0dd9d01") r1 = socket$inet6(0xa, 0x2, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000300)='/dev/zero\x00', 0x0, 0x0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x4}, 0x1c) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f000014f000)={&(0x7f00003c7ff4)={0x10}, 0xc, &(0x7f00000bfff0)={&(0x7f0000000200)=ANY=[@ANYBLOB="b8000000190001000000000000000000ff010000000000000000000000000001e000000100000000000a00000000000000000000000000000000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000220000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001b069cbfaa0ee26424f700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0xb8}, 0x1}, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000001c0)=0x0) ptrace(0x11, r3) setsockopt$inet6_opts(r1, 0x29, 0x0, &(0x7f0000000100)=@srh={0x3b, 0xc, 0x4, 0x6, 0x4, 0x20, 0x9, [@ipv4={[], [0xff, 0xff], @remote={0xac, 0x14, 0x14, 0xbb}}, @mcast2={0xff, 0x2, [], 0x1}, @dev={0xfe, 0x80, [], 0x1e}, @loopback={0x0, 0x1}, @loopback={0x0, 0x1}, @remote={0xfe, 0x80, [], 0xbb}]}, 0x68) setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x13, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}, 0x88) 22:28:15 executing program 2: r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) 22:28:15 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:15 executing program 5: r0 = socket(0x5, 0x0, 0x1) ioctl$sock_inet_SIOCGIFNETMASK(r0, 0x891b, &(0x7f0000000040)={"65713fab0f9117e54aac68888700", {0x2, 0x4e21}}) 22:28:15 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000080)=ANY=[@ANYBLOB="110000000000000000000000020000000000000000000000000000000000914fce0000000000000000000000000000000000000000000000000000e911d58f59583e03c5d000de8c30e7a01e"]) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x20080, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r2, 0x6, 0x3, &(0x7f0000000040)=0x40, 0x4) 22:28:15 executing program 6: r0 = socket$inet6(0xa, 0x1000000001002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r1, &(0x7f0000002000)=@ethernet, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000002fd8)={'vcan0\x00', 0x0}) sendmsg$can_bcm(r1, &(0x7f0000000000)={&(0x7f0000004000)={0x1d, r2}, 0x10, &(0x7f0000002ff0)={&(0x7f000000ef80)=ANY=[@ANYBLOB="04000000020800000000000020000000", @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="00000000010000000000000000000000790eaada477f17eb046695eea58af88d0ba3b8f5ca34f33a9a82d81e455bc6ca3479893215467e3bb85ea1247aafde2b17277187bd8fc023bb972d19343108b0"], 0x80}, 0x1}, 0x0) [ 107.852862] EXT4-fs warning: 4 callbacks suppressed [ 107.852884] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16534 [ 107.876330] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16550 22:28:15 executing program 2: r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) 22:28:15 executing program 4: perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f0000000080)=0xc) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffff9c, 0x84, 0x1d, &(0x7f0000000140)={0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000180)=0x1c) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f00000001c0)={r0, 0x0, 0xab}, 0x8) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000280)='/proc/self/net/pfkey\x00', 0x4000, 0x0) 22:28:15 executing program 3: r0 = socket$inet6(0xa, 0x0, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") 22:28:15 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/ip_vs\x00') r1 = socket$inet(0x2, 0x4000000000000001, 0x0) sendfile(r1, r0, &(0x7f0000000200)=0x8f, 0x80000003) accept4$llc(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000000040)=0x10, 0x80000) 22:28:15 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x0, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:15 executing program 6: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000380)=ANY=[@ANYBLOB="f219946d9efe08e52cfddcc5cc33e8314e6d8a09376782b11d4e76f0db81e5f104daffb90c26151d45f4109f837c7155aa3db21d5d3ed2015037e8bdbe4d9bb413f4560c6c80a2fbcce1d447285320d4654027b1272c80340bb02efe7319fb24bfe098de980f0e13edc7fc36c00ba2a3ab0660ede95a852d627430d5"], &(0x7f0000000340)=0x1) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_open_dev$amidi(&(0x7f00000000c0)='/dev/amidi#\x00', 0x80000000, 0x100) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x8588, 0x6763, 0x2, 0x3, 0xffff}, &(0x7f0000000100)=0x98) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r2, 0x84, 0x73, &(0x7f0000000140)={r3, 0xc3, 0x30, 0x6, 0x80}, &(0x7f0000000200)=0x18) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socket(0xa, 0x1, 0x0) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="4626262c8523bf012cf6") syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000180)="66baf80cb8e00f5786ef66bafc0c66b8004066ef660f6d7d23c4e3d15f8db2000000000f4d983a8c00000fc71bb9800000c00f3235000100000f30dbc5660f73d1008fc97812c70f20c035000001000f22c0"}], 0x0, 0x0, &(0x7f00000000c0), 0xfffffffffffffa0) ioctl$KVM_RUN(r4, 0xae80, 0x0) pipe2(&(0x7f0000000000), 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000040)={0x0, 0x117000}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 22:28:15 executing program 2: r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) 22:28:15 executing program 1: shmget(0x1, 0x4000, 0x10c0, &(0x7f0000ffc000/0x4000)=nil) r0 = shmget$private(0x0, 0x4000, 0x20, &(0x7f0000ffc000/0x4000)=nil) shmctl$IPC_INFO(r0, 0x3, &(0x7f0000000340)=""/155) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x10000, 0x0) ioctl$VHOST_SET_LOG_BASE(r1, 0x4008af04, &(0x7f0000000080)=&(0x7f00000000c0)) 22:28:15 executing program 4: r0 = socket$inet(0x2, 0xf, 0x3e52) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000180)=[@in6={0xa, 0x4e23, 0x279ac358, @mcast2={0xff, 0x2, [], 0x1}, 0x3}, @in6={0xa, 0x4e23, 0x7, @remote={0xfe, 0x80, [], 0xbb}, 0xdbd}, @in={0x2, 0x4e20, @loopback=0x7f000001}, @in6={0xa, 0x4e24, 0x5, @local={0xfe, 0x80, [], 0xaa}, 0x9}, @in6={0xa, 0x4e20, 0x6, @remote={0xfe, 0x80, [], 0xbb}, 0xff}, @in={0x2, 0x4e21, @loopback=0x7f000001}, @in6={0xa, 0x4e22, 0x400, @local={0xfe, 0x80, [], 0xaa}, 0x40}, @in6={0xa, 0x4e22, 0x8, @loopback={0x0, 0x1}, 0x8}, @in={0x2, 0x4e22, @local={0xac, 0x14, 0x14, 0xaa}}, @in6={0xa, 0x4e22, 0x220cc971, @remote={0xfe, 0x80, [], 0xbb}, 0x7}], 0xf4) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffff9c, 0x84, 0x1a, &(0x7f0000000000)={0x0, 0xd9, "c78bc870377405a17c3ac8c6321920ed49bc28b561e318bcc2d7c8987944ea8dd052e74088e7f683b1f5c2d2863dddb9b1711815335821580f70401f66685bd585dddb79ff6d11344c82a4011da3f02abfd0e6861886e8a494d1b49a4708c2daea3ef503fcc6ec723502f77695396d342c308c9a38684ce6d02720015f61d961b8bfc95080044620384d25f5c9d2f4c6f4b7e6ebad84bc1bb24213d6b7cfe86ce57ea6ab14b13e06134d13e7363153d3951512144d0b0aa15a6e6bd3f60cfe3808b1bb64f6bfec515571b8dc1d7a53ce095f0cd85057c7ac05"}, &(0x7f0000000100)=0xe1) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000140)=@sack_info={r1, 0x7, 0x2}, 0xc) [ 108.115127] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16517 [ 108.182657] device bridge_slave_1 left promiscuous mode [ 108.188166] bridge0: port 2(bridge_slave_1) entered disabled state 22:28:16 executing program 0: r0 = perf_event_open(&(0x7f0000000080)={0x8000000002, 0x70, 0x3e5, 0x0, 0xd5, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x9, 0x20}, 0x0, 0x0, 0x1383, 0x0, 0x80000}, 0x0, 0x0, 0xffffffffffffffff, 0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) fcntl$getown(r0, 0x9) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000ec0)=@broute={'broute\x00', 0x20, 0x2, 0x2a8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000b80], 0x0, &(0x7f0000000b40), &(0x7f0000000b80)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000030000000000000000007465616d5f736c6176655f3000000000677265300000000000000000000000007465616d30000000000000000000000069703667726530000000000000000000000000000000000000000000ffffffffffff0000000000000000a0000000a0000000d000000073746174650000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff01000000110000005200000000007465616d5f736c6176655f31000000006272696467655f736c6176655f30000065727370616e30000000000000000000626f6e645f736c6176655f3100000000aaaaaaaaaaaa000000000000aaaaaaaaaa000000000000000000b0000000000100004801000071756f746100000000c726e76544ddfd3500000000000000000000000000000018000000000000000000000000000000000000000000000000000000000000006c6f6700000000000000000000000000000000000000000000000000000000002800000000000000001e039bad61a8458141b5ef4154fbe9b98ce0f386973f3a8bb3c911bcacd70000000000000000005241544545535400000000000000000000000000000000000000000000000000270000000000000073797a3000000000000000000000000000000000000000000000000000000000"]}, 0x320) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x503000, 0x0) bind$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0xebc, {0x4, 0x4, 0x1, 0x6, 0x800, 0x8e}, 0x1, 0x3cd}, 0xe) 22:28:16 executing program 4: r0 = add_key(&(0x7f0000001680)='asymmetric\x00', &(0x7f0000001700)={0x73, 0x79, 0x7a}, 0x0, 0x0, 0xfffffffffffffffc) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) keyctl$instantiate_iov(0x14, r0, &(0x7f0000000480)=[{&(0x7f0000000000)="77e020ad8b7027d3022342b143e51cb2f47a87fdf5f0f6107bf4f9d0b01b5ef5b9a0073113eec2a7c6d06945d1743e5f47decbeab86f8f470682170a0e6828", 0x3f}, {&(0x7f0000000040)="e8df63166d97b16a5fd34c23e7535c25d64174fea906e2a3876a4145aac5ecc5d6c7bd7e9ecc09ebffa4c64fa6e306d11a8a530644eb37da43c1eeaa294962d2b086f48ab265779c16a86604945f5cb26307801c0d7eb9c7a4c3f25344e91bbb44d6d723fd1b4e0a55f080926aff80badb5f7c2e10d391ddbef1ecda6dee284450bcd75a8ea19a603dc632196f58c86f4c830061f7131bfa9c3299107afb449ab435c98f987f8f09eeb08518fa92863732991bbd87e6f973efd2ae359c70f1652146d7a8ee6d12f45272bb81fbaa15d4b04d", 0xd2}, {&(0x7f0000000140)="bbfdc10b6a7029826a051d115654e9b6b4b946917f3a1908fd4053bf8b94cd26cad4ad544a8d84f81488151617c738d036163b5cb8c01e1e5c7b0f8a043bb2f82b80abff756a74a69253275232d4797caf656ad96374bb96b762a1093f2996c7ddaaa45a43c650ccd8f4000ab4c551b0797c5dd3f4ca278b469eaf17b6f781e512d87c9edbbc241880b13cf95814ebc1f957f003a212edac3dc21bfef6ee563c2d2a7c1a23d31d48831e8e501501a226079465ebf20cd595855c8320b3ecd63b899d7a89663253db691e76696483c55fec848df5360be60abb", 0xe9}, {&(0x7f0000000240)="000000001c6d2a60", 0x8}, {&(0x7f0000000280)="04e1bcd18355c5c517eec69903c0d3a30768d4c6677cc4aeac829102c6c3e2a3baec5177e4b9ba1b61d34fdf8341d14c6b7ae4a69e52f8045f0f8dccbe3ae6e24bb2078d17cffcaf894ccd99253d975eeb59404f31a19913d477afdf2ea1c1a604b9d0bd9bf2efabb1c7231ffe82cf4227ad59c34447a2da30ca6a73c0e05ed33324d7f4ad1c4110703c8489847175c38898c50a373cded59f7dc13fc083dfebfed98fb39a7098f7190def7cc342dc7127e00c6cdcd7123acc1294c7dcfb786de45897712988f1c6b46cf50836157bbeea22c42c89f0a9db6907e6123e6fa8ace1b7ffdee82e33", 0xe7}, {&(0x7f0000000380)="7688a101399032cc36e73ac5d1da70e5a0d2dda54c32b9285f2af4d7f04c296f33a537bc74b56a68964bbb523d31244246fe992ae17fc590e2d6c3eeaccc81850610329c2601a9d6d35caa4054063e1bc3ca62fa7dde04e67bf4dfea38072eceefa80d5bc728976863ac9a134e0296cb47d4b393982d6a0d21f5b14196c3dfeb7c661df223f3336185b47bd270a33d008a8320e10aed406ba9185fe1559df7c3e77f23ba515f99ed", 0xfffffebe}, {&(0x7f0000000440)="17486ca8d6de96075937d8bc034881ac4d204d53a50d6fb4d77a1d3ba0091c350ac2", 0x22}], 0x375, r0) 22:28:16 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) sync() ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket(0x11, 0xb, 0x3) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'bridge0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000100), 0x0, 0x0, &(0x7f0000000140)={0x11, 0x6558, r2, 0x1, 0x0, 0x6, @link_local={0x1, 0x80, 0xc2}}, 0x14) ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, &(0x7f0000000000)={'ifb0\x00', {0x2, 0x4e23, @remote={0xac, 0x14, 0x14, 0xbb}}}) 22:28:16 executing program 3: r0 = socket$inet6(0xa, 0x0, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") 22:28:16 executing program 2 (fault-call:1 fault-nth:0): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) 22:28:16 executing program 5: r0 = socket$vsock_stream(0x28, 0x1, 0x0) rseq(&(0x7f0000000040)={0x0, 0x0, 0x0, 0x7}, 0x20, 0x0, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x5, 0x200100) r2 = inotify_add_watch(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x2000008) inotify_rm_watch(r1, r2) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x28, 0x6, &(0x7f0000000180)={{{@in=@rand_addr, @in6=@mcast2}}, {{}, 0x0, @in=@rand_addr}}, &(0x7f0000000000)=0x21d) 22:28:16 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x0, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) [ 108.237161] device bridge_slave_0 left promiscuous mode [ 108.242683] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.300422] FAULT_INJECTION: forcing a failure. [ 108.300422] name failslab, interval 1, probability 0, space 0, times 1 [ 108.313105] CPU: 0 PID: 7184 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 108.321432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 108.330782] Call Trace: [ 108.333465] dump_stack+0x1c9/0x2b4 [ 108.337105] ? dump_stack_print_info.cold.2+0x52/0x52 [ 108.342306] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 108.347162] should_fail.cold.4+0xa/0x11 [ 108.351233] ? perf_trace_lock+0x920/0x920 [ 108.355478] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 108.360587] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 108.365442] ? perf_trace_lock+0x920/0x920 [ 108.369682] ? trace_hardirqs_on+0x10/0x10 [ 108.373934] ? sctp_get_port_local+0x24b/0x1570 [ 108.378611] ? lock_downgrade+0x8f0/0x8f0 [ 108.382768] ? lock_release+0xa30/0xa30 [ 108.386758] ? lock_acquire+0x1e4/0x540 [ 108.390738] ? sctp_get_port_local+0x4a2/0x1570 [ 108.395416] __should_failslab+0x124/0x180 [ 108.399662] should_failslab+0x9/0x14 [ 108.400763] IPVS: ftp: loaded support on port[0] = 21 [ 108.403464] kmem_cache_alloc+0x47/0x760 [ 108.403482] ? kasan_check_write+0x14/0x20 [ 108.403499] ? do_raw_spin_lock+0xc1/0x200 [ 108.421153] sctp_get_port_local+0xbb0/0x1570 [ 108.425643] ? sctp_unhash+0x10/0x10 [ 108.429346] ? lock_downgrade+0x8f0/0x8f0 [ 108.433488] ? __check_object_size+0x9d/0x5f2 [ 108.437977] ? lock_acquire+0x1e4/0x540 [ 108.441937] ? inet_autobind+0x1f/0x1a0 [ 108.445901] ? lock_release+0xa30/0xa30 [ 108.449863] ? kasan_check_read+0x11/0x20 [ 108.454001] sctp_get_port+0x12b/0x1b0 [ 108.457881] ? sctp_get_port_local+0x1570/0x1570 [ 108.462622] ? trace_hardirqs_on+0xd/0x10 [ 108.466757] ? __local_bh_enable_ip+0x161/0x230 [ 108.471427] inet_autobind+0xbd/0x1a0 [ 108.475215] inet_sendmsg+0x4c9/0x690 [ 108.479004] ? copy_msghdr_from_user+0x340/0x580 [ 108.483752] ? ipip_gro_receive+0x100/0x100 [ 108.488064] ? move_addr_to_kernel.part.20+0x100/0x100 [ 108.493339] ? security_socket_sendmsg+0x94/0xc0 [ 108.498078] ? ipip_gro_receive+0x100/0x100 [ 108.502389] sock_sendmsg+0xd5/0x120 [ 108.506092] ___sys_sendmsg+0x51d/0x930 [ 108.510074] ? __check_object_size+0x9d/0x5f2 [ 108.514558] ? copy_msghdr_from_user+0x580/0x580 [ 108.519301] ? lock_acquire+0x1e4/0x540 [ 108.523281] ? __fget_light+0x2f7/0x440 [ 108.527253] ? fget_raw+0x20/0x20 [ 108.530722] ? proc_fail_nth_write+0x9e/0x210 [ 108.535206] ? proc_cwd_link+0x1d0/0x1d0 [ 108.539275] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 108.544810] ? sockfd_lookup_light+0xc5/0x160 [ 108.549303] __sys_sendmmsg+0x240/0x6f0 [ 108.553275] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 108.557585] ? fsnotify_first_mark+0x350/0x350 [ 108.562155] ? __fsnotify_parent+0xcc/0x420 [ 108.566474] ? fsnotify+0x14e0/0x14e0 [ 108.570274] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 108.575794] ? fput+0x130/0x1a0 [ 108.579059] ? ksys_write+0x1ae/0x260 [ 108.582845] ? __ia32_sys_read+0xb0/0xb0 [ 108.586901] __x64_sys_sendmmsg+0x9d/0x100 [ 108.591125] do_syscall_64+0x1b9/0x820 [ 108.595005] ? finish_task_switch+0x1d3/0x870 [ 108.599494] ? syscall_return_slowpath+0x5e0/0x5e0 [ 108.604420] ? syscall_return_slowpath+0x31d/0x5e0 [ 108.609337] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 108.614351] ? prepare_exit_to_usermode+0x291/0x3b0 [ 108.619354] ? perf_trace_sys_enter+0xb10/0xb10 [ 108.624017] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 108.628853] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 108.634026] RIP: 0033:0x455e29 22:28:16 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) close(r0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000f05000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000001f3a)="ad56b6c5820faeb995298992ea54c7beef9f5d56534c90c2", 0x18) r2 = accept$alg(r0, 0x0, 0x0) io_setup(0x1, &(0x7f0000e4b000)=0x0) io_submit(r3, 0x1, &(0x7f0000bd9fe0)=[&(0x7f0000617fc0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f000007d000)="b3", 0x1}]) fcntl$notify(r0, 0x402, 0x9) 22:28:16 executing program 5: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000080)="2957e1311f16f477671070") r1 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r1, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbff}, 0xc) bind$netlink(r1, &(0x7f0000000100)={0x10, 0x0, 0x2, 0xfffffffffffffffe}, 0xc) 22:28:16 executing program 4: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f00000000c0)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff, 0x1}) ptrace(0x4207, r1) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='vmnet1\x00', 0xffffffffffffff9c}, 0x10) ioctl$KVM_S390_UCAS_UNMAP(r2, 0x4018ae51, &(0x7f0000000140)={0x2, 0x100000001, 0x101}) getpeername$netlink(r2, &(0x7f0000000180), &(0x7f00000001c0)=0xc) ptrace$setregset(0x4209, r1, 0x20000000, &(0x7f0000000080)) getsockopt$IPT_SO_GET_INFO(r2, 0x0, 0x40, &(0x7f0000000200)={'mangle\x00'}, &(0x7f0000000280)=0x54) [ 108.637196] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 108.656494] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 108.664188] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 108.671440] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 [ 108.678692] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 108.685954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 108.693206] R13: 00000000004c111c R14: 00000000004d1558 R15: 0000000000000000 22:28:16 executing program 2 (fault-call:1 fault-nth:1): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) [ 108.729575] team0 (unregistering): Port device team_slave_1 removed [ 108.768162] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16522 22:28:16 executing program 4: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000017c0)='/proc/sys/net/ipv4/vs/pmtu_disc\x00', 0x2, 0x0) accept$packet(0xffffffffffffffff, &(0x7f0000001800)={0x0, 0x0, 0x0}, &(0x7f0000001840)=0x14) fcntl$setstatus(r0, 0x4, 0x400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001880)={'bridge_slave_1\x00', r1}) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$inet_sctp(0x2, 0x5, 0x84, &(0x7f0000001780)) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000040)='./file0\x00', 0x1, 0xa, &(0x7f0000001600)=[{&(0x7f0000000080)="7a20a9b98a037aaf4ef0f0b4eaeaf13629e73dd018d6ea5c126dd5af2d78243530f0d9131a8491e0d774663c35d3e2e75d2d05456f617c7f2ce0d4c6", 0x3c}, {&(0x7f0000000100)="8d8b05104f6a0661b35758ba4f4fb7b1d95afd0650b33d5ea034ab4bf4c839e7451c3122ab302d97cf37a75c89d0deeeb961271dbd", 0x35, 0x100000001}, {&(0x7f0000000240)="d9d1fdb2cf269bcd3238f2f705dff44092b7a7360a3ab11ebc82d990899111006fbd1655433857e106ce102354e2dad4c132f40a6943ecee5842e74ffd614c6220980e26f7fe3817094ca4f9113c2d6351947089f9f601f16e76264516d39c3e46c575009c9ca775b397e52f9582ac4bdda359f27ebc3bad7b8c03a8c1b4429a0351617ab6082fe06291e63c58596ae4ec024bfb1a9e2bd658559b22a9dc4915e50d1a33673f4b7c211887233f17c4c4df886e22fd5661832b0ab8f32ccc17a9a5d609f987cb7671af1b53e17d9d817c5d3cee3bcba7c8dab264", 0xda, 0x1}, {&(0x7f0000000340)="2f3af0b90728ecae5d0f0587389c0ef88fdc88eadce779f65fc3c6c43945c9523a1274b2984da483da42066c6f25c50e55ac41a0f0d0b11eed1342df3770890da0730d452dcd21304276d3392976cd3418b829bf2b21cf5e3b3da7cd269d638721e18048b077b3a0c5d35f22f0077e826de3bd83faa1117287310f5c40f70ba0c2e5c47970ad40c4eaa02c8432404eac395af73d1bf818f11461283f71a438a7040937fe61abd5bc11eb9e661b9521", 0xaf, 0x6}, {&(0x7f0000000400)="df96b8418030fb89af3e217d62c175ea7645c50125ff8a6750b1e503f5e3016ee7ebac4cd5ef1facc7c8de2d292bc155c4bfaf172a208c7fc6f180ddece669b2de8d061f5c41e0157a4ebef77ee6a7c6cf227829a254382aa22f0ad81678c0d1de1249c1cbe5b4b4b1c1442880b59c04607959ced32a02f90d27b0af6718ba22fac923b0bb16cd1a8fd9c1a88a39cda5011f1b244fc69a38f2c0d9c4524d6742341ed56ea01708e4746b966dfffe46f14ecdff8bd20cdf7483263365109be26fce3503833e0f22624ae258536a968caa966e43aa7a29143c34389e58691bceb422cbfd46c430b5154340be6950af3b7572da1ebf25847c214c78f9d9f914a1424d992efef83a9cc868f842d946b74845def79f05e57a4138b7128fb6eeebba6cec67b33b276b155d038ff8ab79f67f9d155c9e44320484a15912a681871caa7e91723a3c1ad2e241c261f5d13f679c72e2bff09806999a397f5f3bc1427a0046f1a57acec4c5fe1473b71418f34adf001d5a336148ee25cc7875a0cc96a2b3f266e4a46487c756ce11b7cc86b9619f85986c793f049d946a9c0c36fe96c604746edcd280a88f7ed80ca1ef13b40b558f2fe27be5732750a5f36dfb72f6e9da2d6a442cc2529646243ed56046dac3342f1452104589ab7e4828583704940b865d5bb55b57ed5a6185c541d81265af499bd5530e741afe5a2ce3775876930fdb5c44d1155b67f2ab1984d39adb5941c518f6ed5e015e1b2ba446eb652596cab2e957517ed11542ba394457d5757a675c68acb0525367ab9e55abb0c852a3b61178b60671006c717628da0016afb9857d55544d8425da80ee786303998622860d7c089b0170c801234a78a1dd9d82b865778bb6a6a0cd4e2d4ec659ba0afcf5b9c7ebcaa60951689bec9456a2caf858f778b115fbcf8513461cc09294b96c23137e129f8bd581e5b20fb95b03b5e53e8dd496e60575d4e1ba2007177a058c74dc33a278a447ca27dc016638957b2792ee3ba7c31300ec548f544bee85c85e94e52ef93702cb5c57c50e21e901c23d61b1877d76d9ab1e889253459f052b5fccf17db9aac1ae8b22e2cf9879e55874d9002929435de76846672e40b839ab763bb1934df9719d11817e75869f3ed0bb237448579bfcf9fb2a7fef71e2af3e91481b7f34a9f617841dc1e19669191802de2c8453d4c69784e992c2a1d4d910c45ac7cbef824c7d6077495770a5dce03d6bccec73a8a0e7eb0a3ada5d0857cb893d2451df3ef2cd0be3ab31debe0434007c93ce248a0ed80dd50af4ff3bd829e6a2d688eaeb5115a26755097eb563d3200996f63d0237916f1b1e326ff41c462fe5847e7910b5ca3ad3f52dd81c2f6d506c75f98dd6daed36eff3547607052c1ddb84541f4b289ac84223a10b18753f29fd197e9b72770768f1c1621b58e8978942d620644ff6823b9c609ef534b3b936b45c2160358f35d6dbc7d63c93ebdb414f076a6e5606af7eae6aa504a1fe136eaa6bc5e55e3ffb488fc9a6cebda3d3dc4180cffdb3f2ea535cb045304af414eddae4f1d2421d1115de4aa459eedfad28dd3a7055682f2d8a2f0316963caf33518973bdb94d84aa988b1b9042d6ca72aaef54233df279b62aa6437e32327dd133e6a6d10231925979a93957e1a711a7ea11f449d5968a7b4983fee4f516ea92af64f72ad66f102c9690e0b80c173b86592d869e913f730093926696d44d929fff955d0f3520b182196722bc8793262b62093461c333df2c55d1dc88ab18d1fd841553366a1a1aadae0e5fe333a0d1e2633d7b2b1d2648f8ec1a017bbd1f0dcdd516166d0769c4cb64f5bc68b66f3a3f2e13e8fe9a047d5a5cb2dd2d0ed20f136e308aae2e8157f3040e03b6948a695ca753d964fde8299b520e9eeb90cf80e1358ec9fd46d75f1072e6aff5e4367654e1df579e9c94f1a933f8aee21e3f465486280764b4b3509873f15e44cecfe8266f021cc1b72aeb952b1701a12f80a785961f38acbe39eb74e0a996b561e1710e1a4f65da7bf94916763a8bcfc0fbc013851695481d9b2d0f65db46a0b8cf26afec7630e6ad22ec71a3e0e8505de8f779f12619f94632265f0ace6cc39e2b191cdd23e73c4d27edbc65c599007b8bc726a8f6d858ebd20ced025fc6dcc38442b89f5b9e3e21bc30bd150317dd999774f2ebf934b92e55b8b7140b4d7070da663db35a95907dbc34ff9e59239484e5dd8baca40d76d575f1b34a5006533513fe2deff385a9fa571c1f3527af0ece09c99359c0d174d674ef918d1470ba43796709230bae2d4c3d5a9aadd285a52a98f0ac093d01b7d42cc9c785fbceea760a1b88a38e9375bbbb63cf47de9763e5cce257d0dac8011ff6253325f5bdcf5fd35483c716ef3560b1233fd190efc60055f65fe9ff40371d990a5ef5c0dfe5bda0a8e8f1c087ebb14dc8b73e69f2dddd680378386034e93431cd85fcbf702a26285ba269464956ecc0e850054d4d9ef51cfd4c0283f5e96ee08166669e1c7aa78c33b1389d3faeef764e55710144bcf2ae16f21c978675ad32e8c74df5bb24f4d51dce1f7198c5f9a1564c4a7aa221be027965d31169cbb02f3e4e67c116aa27ab114095e005d0a9b4a1478526d9b26c061183434229efc41505ca2e950be2afa0eb2dd1d5ecef9b1f6cdbac8e902ed951473d203a78b6971108be8f6a3b3b1565d71ec0f13c9cbc518626796229ddbd861d89b82e3dc2f713ae67dd4a942bed4f2989aaaa3ec5e948927841c3e04e9fdfb489129114350cbfc195258186d3fd76aad83f419dddcb0e423e57a3a3fd2404f42f11f8253c9f02e63ca99dadc1acc68e727a5421eb1420c7f99cfd60a0abcdadf1c1a2f30890d735c9fa9b03ae80662b179c675e70e2b7f6f8a1f26edc7567a0b9c8cee55d491c85b331b7a1fc8b195e02684d7e33989aa38ca73546190dec4f0ff4396bdef81f00601ab63d404dd71e5688ba4db7f39eeca41300c29136efd2b9366d38f1a3b6a1a4a64c039d36aebfb0dee2804aabf4d21bcd4673a47a2392d726058f1a4554d781e7faff00083f8ffa97b5caf672cc10a718b3ffbf20f2f083c3cd671112ad04d17780b55ef1bcb30c7c3dd737191332e48e8d596335b7e2834a7c1f153ad9da208cb27e23c707e9d795c1bf607267596f68aa26b06bed23b31540f8710995d6c839268e19073f8c98bda46ee0f802d12d1a4100928e8f1d5e4d435640e23953ecee5acdc073ff517508b0d753b9b316075ae962030477c51416dd9f7b09ed16ecb880d82b7d1e50917950ba96ab12d4c41c23947f648e9196639d36b365651fa04b17606d41698eb8563e90579fe17006ae6755335d4a2420da7da3bb9774045342307a691d6aa10b56761b2867f10b12a5eb08f54c4ca0dc4864572d7d94bb2011896a687997f1b249becb88bc9ba021fb891bbd0281a4620c01807a25b01a78692e5e276b32338564c89e11c5b4f589f850332265023ff74fa52d9b4d1ede617a9970080321e4b459366cba35a7b486ae1ce057750e4409110e7756727b25e9d9a3e53b16430ce3a452ddb5c290bb502a62034b9f25c845c6fa6666f3a669ae77ae6deee1b719c8098c08408975b295b0cea96d9f278964071ce6e4127b493c88e0bd5f7aae4f0455b4ba6b8a4c2b6d8f5c7efc30714d618a9e8d5998914f7e62c9e44145f2010beb84894ad32d5ebc9eacb70b3aef5b4f5a4946202fd5aa6ba1b116d59a8862c08838ee86728e6ca645b10df0d1be2369d93cd36544eda43cca47e7930eaa4f0929c798f0c82121625657a27754c8a7e5ecb49dc3a8bcfbbbd839c9689521d82d1c59b9741812552d782bbf94163eec69f39cba41c767589bd5fbee69d024b21ed9cff0d9902039aca7ed3eea2b96f80ab9e851b10f0c289b81ae1ce8970409dcbedb05e92383233d9cd863062e06c7cfb10c63ef63c76132d1e0c0f407533245839e327f7a268bf83cd011a2a5c43a634428a2431963953e472ef2707489ff1f25c67d594b6ceab2e6ae91294d9d6165454e25c400601464941d75863bbd0a0a05f87f855b6abe69bf635c72d162514e4e42c56c8427194d176c6c2a0b8c656300329c00d446dc055504b51a4d5f9c799d27b3f873887a25271ddc8a0e224f9cba93d27e7819b2c1605fc64c219f41b2a75f7afe56e7c26d7ab6c4e4e0e281fd237c0c3da419c3aa232d6c27b3b942b2abbf1550e81d65985ef394ddfeb74942e00ec42232d37afd87ddf03bb57100fb8331fd6e6e4b404a351255b8811c4942c984710d4daf2d24249c6c1f6a3b6615de3f562b9a3dfb8c6bfaffcf39618b2b984f1e29a358515983040225f6474a81ebb039809e58880592acd815c38978939ab1e3d7eaceea445b2786677fb992112e9d1defd47155c455cceaa76d598106b72203e854bcb13fc6976915ab0402d1056c5e732cc51835182c513e29ea2a5bdb57824ee136bcca1cc0d90c5295f16c7fe617af7b1e8265e613642fc89c64f22d57933e449ef60981a61a0dfb5b83da3b47ed6b10c797148b44a10c3f22ab2d3731aa4e2bb5a4601931c2ffd43b32dc466a9d3b134f85655b3a0306af1579cbeb994588df55c3aa496be4669b2121237eb474090fd71044446e71ffe5057b29c21c21c58f8fae97a2d88aa980280135f767481aca496b055dee0501414368826f97b36e3def6b74b72b8f160d25cb7ec85290e590fbf42754726dd349a9662351db8acaa0d8042ff2d09603abbc94327cec63f2e4136a6bf278101d6c899651ec33874073f8aff29db9d318ae342932121a1166b0b6ef821f868c7168de4a856f37ebd899b8bd54062acff603644e6f847e9a9bb2777503f90e304e9651b41732fd3f631b66d06913783cb1cd2901aa41531c949e59028a27f72c56ca066689d2bacd49d5ce315677e8b7726e9171fa6ffc9d2f754502bbcc865cce8b399f320fe36a7282ef54da69115450664c8f17f39f91b911597bebc825f5f288ebbedbb75132ed23c29970a30bbb929f27b823893c1a77ad52fc284d66bd6a8c022625b203a4ed348df38f33ca16b8ba83f5134284e89c8ba287c9674c088ecd5768ab8d8d74c3b90bf97b0445ad23454aa5ea554e4af815e1233a4148881820f5fe5eb7eef9b0a211378f085e987a58d29e7490425e227d6e841bed9d880c7a3960c1823044b4bf0110738622ac83b9b3603536a9b78a3121bd4f01df3f93807bf8e921685585699dbbd12b8076b0072862e3b44fed14d4712b2636fe1faa0b4e2fb8cc443c70504f98c922910dd75bccd76bf5312dfa0eee044983c826e15d99ec4c52f24b7e65310f1e7ba693ae637da51f192693e59104543aedcd401ceccb3fbc6f86ddd6570763fd91e333f14e0cc5f923a4bd42b4bad624b54517fbb54a54ef54348a452c51b216590f6591a6bfdf6c8f4f3fb73cb9f24fc936d1c5ce344ee1ad880dc7f14f4dd0344bb3a4b0ee7ae75f0297849bc94f3dea76459329c17467067714da87c378c513cbf20941212af6c5ff09c3fa0e17957d0e5fd9bdc1550e0b44b19c12e8e23b467cb3953245b828141216d5b0b32864e5f3f5f62d1fd7b111c17358623651b02097e3eb4f14ad75d5845a3998d309ad493b9de3399e794f163c90600c8363c8df0916cedf348142d3deabec2640d2b84faf0276b6a55247a3e10ac7b2cb430a7352bf2945ac0971cbed8dfdf5db35092dacf429001894d81c5889af4c616d68b22a7f0d46ee7580108b1a7c2f5a928bf4bd39fdf7b49597b4f1ed92", 0x1000, 0x9}, {&(0x7f0000001400)="b7868c2645c4ebf163008a2f0c7f9db6ddf1ca46f1ee50f9c2c1a791945c601d8738125d4b41803f411e206c3a16f6293e3c8f6fca313892efba463439f349a508e4bae1e4fea420efc12c84ecc52bd0367f0b6746ddf969ec3e51ed9e4b6094c71a5db3d59893f3e03c3e9a", 0x6c, 0xc134}, {&(0x7f0000001480)="b689d6d0e0a92e2daa92173b40d20a2c005bb98939857093f8a8af03e04e736464cf35fd4bd062110ce2b5f6b5d8120a92755e0dcf909e5165671691083ff6037317936aee36", 0x46, 0x1ff}, {&(0x7f00000001c0)="db89f15a6b3be9701b44eab3e540a53e952ad92072f7", 0x16, 0x7}, {&(0x7f0000001500)="5cfc5262fb4828096d5d207788a366d2d48a5c76a642c44cfb6bccc724b51c029594cacf208bc9e2ebfc8015309417334d1520797397b63670c9329a4e87253064416e70650b14e3df53c6fccc8229a13a7304511abac85d1599268469cbf92a1a8c485468edd6f6d5a4741d58ef3861a0be2e0fd039322f651c12de9b45d59162dd3eead3d52d392129f8433d67813259954eac948320a0bad28b8c6be5963bf3bb6f67", 0xa4, 0x101}, {&(0x7f00000015c0)="e718a3ef2540fcb53a10a31435414db14a845feab1f0240b4438646e932f0b6365e0206cbb73b80be61e4e431170f6", 0x2f, 0x40}], 0x1, &(0x7f0000001700)={[{@iocharset={'iocharset', 0x3d, 'cp869'}, 0x2c}, {@iocharset={'iocharset', 0x3d, 'iso8859-4'}, 0x2c}, {@iocharset={'iocharset', 0x3d, 'koi8-r'}, 0x2c}, {@rodir='rodir', 0x2c}, {@uni_xlate='uni_xlate=1', 0x2c}]}) sendmsg$nl_route_sched(r2, &(0x7f0000000180)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000140)={&(0x7f0000000200)=@gettaction={0x18, 0x32, 0x301, 0x0, 0x0, {}, [@action_gd=@TCA_ACT_TAB={0x4, 0x1}]}, 0x18}, 0x1}, 0x0) [ 108.778351] team0 (unregistering): Port device team_slave_0 removed 22:28:16 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x0, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:16 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) close(r0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-des3_ede-asm\x00'}, 0x58) r2 = socket$inet6_dccp(0xa, 0x6, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r2, 0x29, 0x2a, &(0x7f0000000000)={0x7f, {{0xa, 0x4e24, 0x3, @mcast1={0xff, 0x1, [], 0x1}, 0x5}}}, 0x88) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000001f3a)="ad56b6c5820faeb995298992ea54c7beef9f5d56534c90c2", 0x18) r3 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r3, &(0x7f0000000200)=[{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000000c0)="502da457d6d9e3097bdc90ddf3247273e876b18d6f21768bfc170b27166eaf3f0bc8fdd0cacef007a17678c0143294b50c7bfa14b51945b044dd9fbd00f3d4e31c5146268b602264e7", 0x49}], 0x1, &(0x7f0000000000)}], 0x1, 0x8841) recvmsg(r3, &(0x7f0000b2f000)={&(0x7f00008e8000)=@nfc, 0x10, &(0x7f0000030fa0)=[{&(0x7f000009f000)=""/87, 0x2009f057}], 0x1, &(0x7f0000590000)}, 0x0) [ 108.806192] FAULT_INJECTION: forcing a failure. [ 108.806192] name failslab, interval 1, probability 0, space 0, times 0 [ 108.817473] CPU: 0 PID: 7206 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 108.825787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 108.835134] Call Trace: [ 108.837734] dump_stack+0x1c9/0x2b4 [ 108.841372] ? dump_stack_print_info.cold.2+0x52/0x52 [ 108.846571] should_fail.cold.4+0xa/0x11 [ 108.850634] ? fault_create_debugfs_attr+0x1f0/0x1f0 22:28:16 executing program 3: r0 = socket$inet6(0xa, 0x0, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") [ 108.855734] ? is_bpf_text_address+0xae/0x170 [ 108.860236] ? lock_downgrade+0x8f0/0x8f0 [ 108.864389] ? lock_release+0xa30/0xa30 [ 108.868367] ? lock_acquire+0x1e4/0x540 [ 108.872347] ? sctp_get_port_local+0xeee/0x1570 [ 108.877017] ? lock_downgrade+0x8f0/0x8f0 [ 108.881172] ? kasan_check_read+0x11/0x20 [ 108.885321] ? do_raw_spin_unlock+0xa7/0x2f0 [ 108.889728] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 108.894318] ? kasan_check_write+0x14/0x20 [ 108.898554] ? sctp_get_port_local+0xf23/0x1570 [ 108.903221] ? trace_hardirqs_on+0xd/0x10 [ 108.907373] ? __local_bh_enable_ip+0x161/0x230 [ 108.912045] ? sctp_get_port_local+0xf39/0x1570 [ 108.916716] ? lock_acquire+0x1e4/0x540 [ 108.920689] ? sctp_bind_addr_match+0x2a5/0x420 [ 108.925359] __should_failslab+0x124/0x180 [ 108.929598] should_failslab+0x9/0x14 [ 108.933399] kmem_cache_alloc_trace+0x4b/0x780 [ 108.937986] sctp_add_bind_addr+0x101/0x4b0 [ 108.942312] ? sctp_bind_addr_free+0x20/0x20 [ 108.946724] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 108.952262] ? sctp_v6_available+0x12b/0x300 [ 108.956675] ? sctp_inet6_bind_verify+0xb2/0x500 [ 108.961432] sctp_do_bind+0x30d/0x5f0 [ 108.965240] sctp_autobind+0x16d/0x1f0 [ 108.969128] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 108.973709] ? sctp_do_bind+0x5f0/0x5f0 [ 108.977686] ? sctp_get_port_local+0xf23/0x1570 [ 108.982353] ? trace_hardirqs_on+0xd/0x10 [ 108.986500] ? sctp_endpoint_is_peeled_off+0xf1/0x130 [ 108.991691] sctp_sendmsg_new_asoc+0xcc6/0x1200 [ 108.996354] ? lock_acquire+0x1e4/0x540 [ 109.000323] ? sctp_sendmsg+0x1278/0x1d90 [ 109.004466] ? sctp_autobind+0x1f0/0x1f0 [ 109.008523] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 109.013109] ? kasan_check_write+0x14/0x20 [ 109.017342] ? lock_sock_nested+0x9f/0x120 [ 109.021575] ? trace_hardirqs_on+0xd/0x10 [ 109.025720] ? __local_bh_enable_ip+0x161/0x230 [ 109.030475] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 109.036012] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 109.041202] sctp_sendmsg+0x18a2/0x1d90 [ 109.045178] ? do_raw_spin_unlock+0xa7/0x2f0 [ 109.049584] ? sctp_id2assoc+0x3e0/0x3e0 [ 109.053642] ? _raw_spin_unlock_bh+0x30/0x40 [ 109.058052] ? __release_sock+0x3a0/0x3a0 [ 109.062203] inet_sendmsg+0x1a1/0x690 [ 109.066009] ? copy_msghdr_from_user+0x340/0x580 [ 109.070763] ? ipip_gro_receive+0x100/0x100 [ 109.075085] ? move_addr_to_kernel.part.20+0x100/0x100 [ 109.080365] ? security_socket_sendmsg+0x94/0xc0 [ 109.085118] ? ipip_gro_receive+0x100/0x100 [ 109.089437] sock_sendmsg+0xd5/0x120 [ 109.093153] ___sys_sendmsg+0x51d/0x930 [ 109.097126] ? __check_object_size+0x9d/0x5f2 [ 109.101621] ? copy_msghdr_from_user+0x580/0x580 [ 109.106384] ? lock_acquire+0x1e4/0x540 [ 109.110360] ? __fget_light+0x2f7/0x440 [ 109.114331] ? fget_raw+0x20/0x20 [ 109.117787] ? proc_fail_nth_write+0x9e/0x210 [ 109.122277] ? proc_cwd_link+0x1d0/0x1d0 [ 109.126338] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 109.131877] ? sockfd_lookup_light+0xc5/0x160 [ 109.136373] __sys_sendmmsg+0x240/0x6f0 [ 109.140350] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 109.144669] ? fsnotify_first_mark+0x350/0x350 [ 109.149252] ? __fsnotify_parent+0xcc/0x420 [ 109.153572] ? fsnotify+0x14e0/0x14e0 [ 109.157377] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 109.162903] ? fput+0x130/0x1a0 [ 109.166174] ? ksys_write+0x1ae/0x260 [ 109.169968] ? __ia32_sys_read+0xb0/0xb0 [ 109.174028] __x64_sys_sendmmsg+0x9d/0x100 [ 109.178265] do_syscall_64+0x1b9/0x820 [ 109.182137] ? finish_task_switch+0x1d3/0x870 [ 109.186618] ? syscall_return_slowpath+0x5e0/0x5e0 [ 109.191534] ? syscall_return_slowpath+0x31d/0x5e0 [ 109.196461] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 109.201473] ? prepare_exit_to_usermode+0x291/0x3b0 [ 109.206479] ? perf_trace_sys_enter+0xb10/0xb10 [ 109.211133] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 109.215978] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 109.221151] RIP: 0033:0x455e29 [ 109.224320] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 109.243588] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 109.251280] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 109.258706] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 [ 109.265960] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 109.273211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 109.280466] R13: 00000000004c111c R14: 00000000004d1558 R15: 0000000000000001 [ 109.299279] FAT-fs (loop4): invalid media value (0xa5) 22:28:17 executing program 2 (fault-call:1 fault-nth:2): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) [ 109.304640] FAT-fs (loop4): Can't find a valid FAT filesystem [ 109.316397] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 109.342067] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 109.371246] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16523 [ 109.378411] bond0 (unregistering): Released all slaves [ 109.399312] FAULT_INJECTION: forcing a failure. [ 109.399312] name failslab, interval 1, probability 0, space 0, times 0 [ 109.410593] CPU: 1 PID: 7229 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 109.418904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 109.428255] Call Trace: [ 109.430855] dump_stack+0x1c9/0x2b4 [ 109.434499] ? dump_stack_print_info.cold.2+0x52/0x52 [ 109.439686] ? is_bpf_text_address+0xd7/0x170 [ 109.444189] ? kernel_text_address+0x79/0xf0 [ 109.448590] should_fail.cold.4+0xa/0x11 [ 109.452633] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 109.457728] ? save_stack+0xa9/0xd0 [ 109.461338] ? save_stack+0x43/0xd0 [ 109.464955] ? kasan_kmalloc+0xc4/0xe0 [ 109.468834] ? kmem_cache_alloc_trace+0x152/0x780 [ 109.473662] ? sctp_add_bind_addr+0x101/0x4b0 [ 109.478141] ? sctp_do_bind+0x30d/0x5f0 [ 109.482095] ? sctp_autobind+0x16d/0x1f0 [ 109.486148] ? sctp_sendmsg_new_asoc+0xcc6/0x1200 [ 109.490974] ? sctp_sendmsg+0x18a2/0x1d90 [ 109.495191] ? inet_sendmsg+0x1a1/0x690 [ 109.499148] ? sock_sendmsg+0xd5/0x120 [ 109.503021] ? ___sys_sendmsg+0x51d/0x930 [ 109.507171] ? __sys_sendmmsg+0x240/0x6f0 [ 109.511309] ? __x64_sys_sendmmsg+0x9d/0x100 [ 109.515704] ? do_syscall_64+0x1b9/0x820 [ 109.519751] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 109.525102] ? lock_downgrade+0x8f0/0x8f0 [ 109.529233] ? lock_acquire+0x1e4/0x540 [ 109.533214] ? fs_reclaim_acquire+0x20/0x20 [ 109.537529] ? lock_downgrade+0x8f0/0x8f0 [ 109.541661] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 109.546236] ? check_same_owner+0x340/0x340 [ 109.550545] ? __local_bh_enable_ip+0x161/0x230 [ 109.555199] ? rcu_note_context_switch+0x730/0x730 [ 109.560110] ? sctp_get_port_local+0xf39/0x1570 [ 109.564764] __should_failslab+0x124/0x180 [ 109.568984] should_failslab+0x9/0x14 [ 109.572769] kmem_cache_alloc_trace+0x2cb/0x780 [ 109.577520] ? kmem_cache_alloc_trace+0x318/0x780 [ 109.582469] sctp_association_new+0x127/0x2290 [ 109.587048] ? memcpy+0x45/0x50 [ 109.590326] ? sctp_add_bind_addr+0x3ae/0x4b0 [ 109.594804] ? sctp_trans_elect_best+0x3d0/0x3d0 [ 109.599546] ? sctp_bind_addr_free+0x20/0x20 [ 109.603943] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 109.609466] ? sctp_v6_available+0x12b/0x300 [ 109.613856] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 109.619374] ? sctp_v6_to_sk_saddr+0xef/0x250 [ 109.623862] ? sctp_do_bind+0x3e5/0x5f0 [ 109.627821] ? sctp_autobind+0x16d/0x1f0 [ 109.631865] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 109.636428] ? sctp_do_bind+0x5f0/0x5f0 [ 109.640384] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 109.645557] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 109.650731] ? security_sctp_bind_connect+0x99/0xc0 [ 109.655744] sctp_sendmsg_new_asoc+0x39e/0x1200 [ 109.660407] ? lock_acquire+0x1e4/0x540 [ 109.664366] ? sctp_sendmsg+0x1278/0x1d90 [ 109.668499] ? sctp_autobind+0x1f0/0x1f0 [ 109.672549] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 109.677124] ? kasan_check_write+0x14/0x20 [ 109.681348] ? lock_sock_nested+0x9f/0x120 [ 109.685586] ? trace_hardirqs_on+0xd/0x10 [ 109.689742] ? __local_bh_enable_ip+0x161/0x230 [ 109.694402] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 109.699930] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 109.705122] sctp_sendmsg+0x18a2/0x1d90 [ 109.709089] ? do_raw_spin_unlock+0xa7/0x2f0 [ 109.713481] ? sctp_id2assoc+0x3e0/0x3e0 [ 109.717541] ? _raw_spin_unlock_bh+0x30/0x40 [ 109.721937] ? __release_sock+0x3a0/0x3a0 [ 109.726082] inet_sendmsg+0x1a1/0x690 [ 109.729870] ? copy_msghdr_from_user+0x340/0x580 [ 109.734610] ? ipip_gro_receive+0x100/0x100 [ 109.738926] ? move_addr_to_kernel.part.20+0x100/0x100 [ 109.744198] ? security_socket_sendmsg+0x94/0xc0 [ 109.748937] ? ipip_gro_receive+0x100/0x100 [ 109.753254] sock_sendmsg+0xd5/0x120 [ 109.756974] ___sys_sendmsg+0x51d/0x930 [ 109.760940] ? __check_object_size+0x9d/0x5f2 [ 109.765417] ? copy_msghdr_from_user+0x580/0x580 [ 109.770169] ? lock_acquire+0x1e4/0x540 [ 109.774129] ? __fget_light+0x2f7/0x440 [ 109.779047] ? fget_raw+0x20/0x20 [ 109.782492] ? proc_fail_nth_write+0x9e/0x210 [ 109.786968] ? proc_cwd_link+0x1d0/0x1d0 [ 109.791035] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 109.796565] ? sockfd_lookup_light+0xc5/0x160 [ 109.801055] __sys_sendmmsg+0x240/0x6f0 [ 109.805030] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 109.809354] ? fsnotify_first_mark+0x350/0x350 [ 109.813923] ? __fsnotify_parent+0xcc/0x420 [ 109.818226] ? fsnotify+0x14e0/0x14e0 [ 109.822033] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 109.827569] ? fput+0x130/0x1a0 [ 109.830833] ? ksys_write+0x1ae/0x260 [ 109.834614] ? __ia32_sys_read+0xb0/0xb0 [ 109.838669] ? syscall_slow_exit_work+0x500/0x500 [ 109.843498] __x64_sys_sendmmsg+0x9d/0x100 [ 109.847734] do_syscall_64+0x1b9/0x820 [ 109.851622] ? finish_task_switch+0x1d3/0x870 [ 109.856104] ? syscall_return_slowpath+0x5e0/0x5e0 [ 109.861023] ? syscall_return_slowpath+0x31d/0x5e0 [ 109.865951] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 109.870957] ? prepare_exit_to_usermode+0x291/0x3b0 [ 109.875958] ? perf_trace_sys_enter+0xb10/0xb10 [ 109.880622] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 109.885464] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 109.890636] RIP: 0033:0x455e29 [ 109.893801] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 109.912933] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 109.920636] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 109.927885] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 [ 109.935134] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 109.942385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 109.949643] R13: 00000000004c111c R14: 00000000004d1558 R15: 0000000000000002 [ 109.971192] FAT-fs (loop4): invalid media value (0xa5) [ 109.971572] tc_dump_action: action bad kind [ 109.976535] FAT-fs (loop4): Can't find a valid FAT filesystem [ 110.449819] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.456179] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.463108] device bridge_slave_0 entered promiscuous mode [ 110.489611] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.495981] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.502860] device bridge_slave_1 entered promiscuous mode [ 110.521671] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 110.540688] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 110.590998] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 110.611600] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 110.684934] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 110.691919] team0: Port device team_slave_0 added [ 110.709478] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 110.716460] team0: Port device team_slave_1 added [ 110.734236] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 110.754229] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 110.774157] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 110.793919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 110.947555] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.953926] bridge0: port 2(bridge_slave_1) entered forwarding state [ 110.960514] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.966859] bridge0: port 1(bridge_slave_0) entered forwarding state [ 111.517285] 8021q: adding VLAN 0 to HW filter on device bond0 [ 111.572493] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 111.627940] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 111.634100] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 111.641342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 111.696482] 8021q: adding VLAN 0 to HW filter on device team0 22:28:19 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) modify_ldt$read(0x0, &(0x7f00000004c0)=""/201, 0xc9) r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x810, r1, 0x0) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x19, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000838f"], 0x100, 0x0, &(0x7f0000000180)="7bc3929e8cf01b0aa1c61805b812ee34d0bbe05ac11b4ce43b717bbd23c03a0fa43c5b6532c29890952072cf79d7435944af00c7204a77d158d0d4dcaf267520e43de8923aea2f81337ab7ba2e00953ab020140086f00a5f6a994add8abcf3a24229fcc421ce36fb108c9633c45b3c76457ff8c00af125aea1a75db830e5f63300c1755066535d1633d8c7b9c2b83f06b3792d8f06a2f66b356edad76a6357d9da209afcb7cf154c61a999f6f76c82052a143089648fce9f9524c28df2541225bf81685ec060e71791d994ba7adfb7f61af24bbfd09b0d0e960fb8e3e62c25bb344f8b483112f804043bc690c5e3cb54899db4a4916ae61eff15db85d42d6cd368b2f352b78c654e24b62fdcdf67974ea5409879339bf0e35c1db3a9d00be717f7db2af5c263cb1ca4c496be02f3700b251c192ee0a897808815f50fd2d15a1bc0e5d1dbae"}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000300)=0xc) r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000740)='/dev/sequencer2\x00', 0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f0000000880)={{{@in=@loopback, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in6=@mcast2}}, &(0x7f0000000600)=0xe8) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0x2, &(0x7f0000000380)=0x3, 0x4) setreuid(r3, r5) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f0000000000)=[@register_looper={0x630b}], 0x1, 0x0, &(0x7f0000000140)="06"}) 22:28:19 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x6, 0x0, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:19 executing program 2 (fault-call:1 fault-nth:3): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) 22:28:19 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") 22:28:19 executing program 1: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cuse\x00', 0x46080, 0x0) getsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000100), &(0x7f0000000240)=0x10) symlink(&(0x7f0000000600)='./file0\x00', &(0x7f0000000140)='./file0\x00') r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x80, 0x0) futimesat(r1, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={{0x0, 0x2710}, {0x77359400}}) lgetxattr(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@known='system.posix_acl_access\x00', &(0x7f0000000200)=""/55, 0x37) 22:28:19 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") socket$inet6(0xa, 0x80000, 0xfffffffffffffff9) r1 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x1) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4", 0xa9824f69d1376637, 0x10800a}) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sequencer2\x00', 0x4400, 0x0) 22:28:19 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x80000003e1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000b32fff)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = dup2(r1, r0) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000080)={0x3, 0x1, 0x9}) 22:28:19 executing program 4: r0 = memfd_create(&(0x7f00000001c0)="00b3b048ce82a2a07e9084ae49551929af77c7a382729a32dbec840c634bf4c5f3cd37307691f30a0f5abfe3cfeba863493580bac222c4fcb0a0ddb8e1633f2ebe2f", 0x2) write(r0, &(0x7f0000000040)="16", 0x1) sendfile(r0, r0, &(0x7f0000001000), 0xffff) fcntl$addseals(r0, 0x409, 0x8) fsetxattr(r0, &(0x7f0000000240)=@random={'security.', "00b3b048ce82a2a07e9084ae49551929af77c7a382729a32dbec840c634bf4c5f3cd37307691f30a0f5abfe3cfeba863493580bac222c4fcb0a0ddb8e1633f2ebe2f"}, &(0x7f0000000080)='^trustedvboxnet0)vboxnet0\x00', 0x1a, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") clone(0x0, &(0x7f0000000500), &(0x7f0000000540), &(0x7f0000000140), &(0x7f0000000180)) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f00000002c0)={'ip6_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) [ 112.015706] cannot load conntrack support for proto=7 [ 112.025540] cannot load conntrack support for proto=7 22:28:19 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x6, 0x0, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) [ 112.067846] FAULT_INJECTION: forcing a failure. [ 112.067846] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 112.079685] CPU: 0 PID: 7512 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 112.087700] binder_alloc: 7520: binder_alloc_buf, no vma [ 112.087997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 112.093503] binder: 7520:7521 transaction failed 29189/-3, size 0-0 line 2967 [ 112.102767] Call Trace: [ 112.102797] dump_stack+0x1c9/0x2b4 22:28:19 executing program 6: getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, &(0x7f0000000040), &(0x7f0000000080)=0x4) ioctl(0xffffffffffffffff, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r0 = socket$netlink(0x10, 0x3, 0x4) bind$netlink(r0, &(0x7f0000000000)={0x10}, 0xc) write(r0, &(0x7f0000fa8000)="2300000014000707030e0000120f0a0811000100f5fe0012ff000000078a151f750800", 0x23) [ 112.102815] ? dump_stack_print_info.cold.2+0x52/0x52 [ 112.102838] should_fail.cold.4+0xa/0x11 [ 112.102854] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 112.102870] ? lock_acquire+0x1e4/0x540 [ 112.102881] ? is_bpf_text_address+0xae/0x170 [ 112.102893] ? trace_hardirqs_on+0x10/0x10 [ 112.102904] ? lock_release+0xa30/0xa30 [ 112.102921] ? kasan_check_read+0x11/0x20 [ 112.102938] ? rcu_is_watching+0x8c/0x150 [ 112.102959] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 112.160228] ? is_bpf_text_address+0xd7/0x170 [ 112.164714] ? kernel_text_address+0x79/0xf0 [ 112.169112] ? __kernel_text_address+0xd/0x40 [ 112.173594] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 112.179120] ? should_fail+0x246/0xd86 [ 112.182995] ? __save_stack_trace+0x8d/0xf0 [ 112.187306] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 112.192401] __alloc_pages_nodemask+0x36e/0xdb0 [ 112.197068] ? save_stack+0xa9/0xd0 [ 112.200682] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 112.205688] ? sctp_add_bind_addr+0x101/0x4b0 [ 112.210170] ? sctp_autobind+0x16d/0x1f0 [ 112.214214] ? sctp_sendmsg_new_asoc+0xcc6/0x1200 [ 112.219055] ? sctp_sendmsg+0x18a2/0x1d90 [ 112.223192] ? inet_sendmsg+0x1a1/0x690 [ 112.227153] ? sock_sendmsg+0xd5/0x120 [ 112.231029] ? ___sys_sendmsg+0x51d/0x930 [ 112.235183] ? __sys_sendmmsg+0x240/0x6f0 [ 112.239319] ? do_syscall_64+0x1b9/0x820 [ 112.243378] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 112.248732] ? lock_downgrade+0x8f0/0x8f0 [ 112.252870] ? lock_acquire+0x1e4/0x540 [ 112.256829] ? fs_reclaim_acquire+0x20/0x20 [ 112.261136] ? lock_downgrade+0x8f0/0x8f0 [ 112.265270] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 112.269849] ? lock_release+0xa30/0xa30 [ 112.273812] ? check_same_owner+0x340/0x340 [ 112.278125] cache_grow_begin+0x91/0x710 [ 112.282177] kmem_cache_alloc_trace+0x6a5/0x780 [ 112.286832] ? kmem_cache_alloc_trace+0x318/0x780 [ 112.291668] sctp_association_new+0x127/0x2290 [ 112.296237] ? memcpy+0x45/0x50 [ 112.299505] ? sctp_add_bind_addr+0x3ae/0x4b0 [ 112.303988] ? sctp_trans_elect_best+0x3d0/0x3d0 [ 112.308731] ? sctp_bind_addr_free+0x20/0x20 [ 112.313128] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 112.318650] ? sctp_v6_available+0x12b/0x300 [ 112.323049] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 112.328582] ? sctp_v6_to_sk_saddr+0xef/0x250 [ 112.333065] ? sctp_do_bind+0x3e5/0x5f0 [ 112.337032] ? sctp_autobind+0x16d/0x1f0 [ 112.341080] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 112.345646] ? sctp_do_bind+0x5f0/0x5f0 [ 112.349607] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 112.354782] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 112.359960] ? security_sctp_bind_connect+0x99/0xc0 [ 112.364965] sctp_sendmsg_new_asoc+0x39e/0x1200 [ 112.369619] ? lock_acquire+0x1e4/0x540 [ 112.373577] ? sctp_sendmsg+0x1278/0x1d90 [ 112.377729] ? sctp_autobind+0x1f0/0x1f0 [ 112.381774] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 112.386344] ? kasan_check_write+0x14/0x20 [ 112.390565] ? lock_sock_nested+0x9f/0x120 [ 112.394785] ? trace_hardirqs_on+0xd/0x10 [ 112.398923] ? __local_bh_enable_ip+0x161/0x230 [ 112.403581] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 112.409113] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 112.414291] sctp_sendmsg+0x18a2/0x1d90 [ 112.418260] ? do_raw_spin_unlock+0xa7/0x2f0 [ 112.422659] ? sctp_id2assoc+0x3e0/0x3e0 [ 112.426707] ? _raw_spin_unlock_bh+0x30/0x40 [ 112.431103] ? __release_sock+0x3a0/0x3a0 [ 112.435245] inet_sendmsg+0x1a1/0x690 [ 112.439032] ? copy_msghdr_from_user+0x340/0x580 [ 112.443774] ? ipip_gro_receive+0x100/0x100 [ 112.448091] ? move_addr_to_kernel.part.20+0x100/0x100 [ 112.453378] ? security_socket_sendmsg+0x94/0xc0 [ 112.458119] ? ipip_gro_receive+0x100/0x100 [ 112.462426] sock_sendmsg+0xd5/0x120 [ 112.466136] ___sys_sendmsg+0x51d/0x930 [ 112.470095] ? __check_object_size+0x9d/0x5f2 [ 112.474579] ? copy_msghdr_from_user+0x580/0x580 [ 112.479324] ? lock_acquire+0x1e4/0x540 [ 112.483303] ? __fget_light+0x2f7/0x440 [ 112.487274] ? fget_raw+0x20/0x20 [ 112.490724] ? proc_fail_nth_write+0x9e/0x210 [ 112.495206] ? proc_cwd_link+0x1d0/0x1d0 [ 112.499260] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 112.504784] ? sockfd_lookup_light+0xc5/0x160 [ 112.509267] __sys_sendmmsg+0x240/0x6f0 [ 112.513244] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 112.517558] ? fsnotify_first_mark+0x350/0x350 [ 112.522124] ? __fsnotify_parent+0xcc/0x420 [ 112.526433] ? fsnotify+0x14e0/0x14e0 [ 112.530229] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 112.535752] ? fput+0x130/0x1a0 [ 112.539020] ? ksys_write+0x1ae/0x260 [ 112.542807] ? __ia32_sys_read+0xb0/0xb0 [ 112.546859] __x64_sys_sendmmsg+0x9d/0x100 [ 112.551081] do_syscall_64+0x1b9/0x820 [ 112.554954] ? finish_task_switch+0x1d3/0x870 [ 112.559435] ? syscall_return_slowpath+0x5e0/0x5e0 [ 112.564362] ? syscall_return_slowpath+0x31d/0x5e0 [ 112.569279] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 112.574280] ? prepare_exit_to_usermode+0x291/0x3b0 [ 112.579282] ? perf_trace_sys_enter+0xb10/0xb10 [ 112.583938] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 112.588773] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 112.593977] RIP: 0033:0x455e29 [ 112.597151] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 112.616433] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 112.624475] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 112.631729] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 [ 112.638985] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 112.646250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 112.653515] R13: 00000000004c111c R14: 00000000004d1558 R15: 0000000000000003 22:28:20 executing program 1: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x420080, 0x0) getsockopt$EBT_SO_GET_INIT_ENTRIES(r0, 0x0, 0x83, &(0x7f0000000180)={'filter\x00', 0x0, 0x3, 0xb5, [], 0x7, &(0x7f0000000040)=[{}, {}, {}, {}, {}, {}, {}], &(0x7f00000000c0)=""/181}, &(0x7f0000000200)=0x78) clock_adjtime(0xfffffffffffffffb, &(0x7f0000f74f98)) 22:28:20 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vcs\x00', 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000380)={r1, &(0x7f0000000200)="7795dc743cb540bd91302cf86aac2c70a43044738e4aa44eb2a0a0434d85625446ce839931652cc0bf60ca4077202ed880b863f15fd170f22d01921d9ed052284e0268cd95adbe10926184ce", &(0x7f00000002c0)="5d5e91b74efa60d832119de2b4abfb6ba3694eb9f966d73a24b51992fbada2baf105fab6d33a39bdcd902a6c90feafc7b32e6d745e8801db9b1bfbc426a62d9f8ff6d550f7907a37e16f8fc0619568c991cb1a920e65c330736c2b769320bc8dccfb28cdbbdd47d3e55d227fb3c08aff85cc7731e27fc68cfbbd68e960d441f7c7e2050cae8c2abf64bc43711aa6736b45a300fd5e10b40e0e2dd510bd5a373a09e089"}, 0x20) r2 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000400)={0x8000}, 0x4) ioctl$TCSETS(r3, 0x40045431, &(0x7f00003b9fdc)) r4 = syz_open_pts(r3, 0x2) r5 = fcntl$dupfd(r3, 0x0, r3) ioctl$TUNGETVNETHDRSZ(r5, 0x800454d7, &(0x7f0000000180)) dup3(r4, r3, 0x0) r6 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x1000, 0x400) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r6, 0x29, 0xd2, &(0x7f0000000100)={{0xa, 0x4e20, 0x40, @dev={0xfe, 0x80, [], 0xf}, 0x80}, {0xa, 0x4e20, 0xfffffffffffff001, @local={0xfe, 0x80, [], 0xaa}, 0x4}, 0x7, [0x99, 0x2, 0x1, 0xfffffffffffff4fd, 0x3, 0x8071, 0x80, 0x1]}, 0x5c) write(r3, &(0x7f0000c34fff), 0xffffff0b) write(r3, &(0x7f0000000040), 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/sequencer2\x00', 0x900, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f00000000c0)) tkill(r2, 0x1000000000016) 22:28:20 executing program 5: r0 = socket(0x11, 0x80002, 0x0) bind$packet(r0, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}}, 0x14) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x80006, &(0x7f0000000240)="295ee1311f16f477671070") syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2c, 0x0, @local={0xfe, 0x80, [], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, &(0x7f00000002c0)) 22:28:20 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x6, 0x0, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) [ 112.677920] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16546 [ 112.699112] binder: 7520:7521 ERROR: BC_REGISTER_LOOPER called without request 22:28:20 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") 22:28:20 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000040)={0xffffffff}, 0x13f, 0xb}}, 0x20) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f0000000200)={0x5, 0x10, 0xfa00, {&(0x7f0000000480), r1, 0x2}}, 0x18) [ 112.824409] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16540 [ 112.893430] binder: BINDER_SET_CONTEXT_MGR already set [ 112.900782] binder: 7520:7559 ioctl 40046207 0 returned -16 [ 112.901875] binder_alloc: 7520: binder_alloc_buf, no vma [ 112.912042] binder: 7520:7560 transaction failed 29189/-3, size 0-0 line 2967 [ 112.929674] binder: 7520:7560 ERROR: BC_REGISTER_LOOPER called without request 22:28:20 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x6, 0x4, 0x0, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:20 executing program 2 (fault-call:1 fault-nth:4): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) 22:28:20 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup3(r0, r0, 0x80000) execveat(r1, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180)=[&(0x7f0000000040)='\x00', &(0x7f0000000080)='\x00', &(0x7f00000000c0)=')-cpusetppp0%\x00', &(0x7f0000000100)='\x00', &(0x7f0000000140)='\x00'], &(0x7f00000002c0)=[&(0x7f00000001c0)='\x00', &(0x7f0000000240)='}\x00', &(0x7f0000000280)='\x00'], 0x900) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000200)={@ipv4={[], [0xff, 0xff]}}, 0x14) 22:28:20 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x9) r1 = open(&(0x7f0000000080)='./file0\x00', 0x200540, 0x2) ioctl(r1, 0x8912, &(0x7f0000000640)="025cc8764b07dce422e14cf09c9615d8ffc695ad8c53608e1feabbcd01e872d5d1bf0100000000000000eb556b7848d0f48a66f366b897466c35e9d3f5fa16de5c86e94dfdf4a1e0bd1595f839de35771a787d2e90d2afd7874c93acb4a58bbbc255829a4529cac5e37966a43dc99e14b4f199502349caff6f680f36074d24f55fa60116b3a523b244ce03d86fd03682e2e60baf17a60fb1020a64b0df76f3d4ef9bbb8c189aef278026bad812f67de7615b14a7acf688b5ab28a9c90943f2b3857c6e96d5026aca6250ec103e0e746ea00b9983903bddd0a8f0bf79e8aacd367232a06175dfa404bc751c9a7e762c6177fe0597387b571f72833445ff0f15b0d973a3032a85296200f20c8744fbb5312c5fc9c3b9cc4a52725fa68b92582b6818131b5505693cd72283069dfe0548f0d3da88a8200e2b40d725400fefe23d9e59450f31a953d4f29872dad6249189056fcad9c38f1a72fcdb3ae7a832320faeb3f1c7c5c82422cf7b34df47908c351148a1d32babea6963a18bdf3ba9c73ffcbfd6933177122894018fab000025d862ae00000000a9378f06e655123787d6d71cda2dade652b3ba98324ef9537544bcaf41a909850a65ad8b0251e1deb76bf573") getsockopt$inet6_udp_int(r0, 0x11, 0x64, &(0x7f0000000100), &(0x7f00000000c0)=0x4) r2 = getpgrp(0xffffffffffffffff) r3 = getuid() stat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000200)={r2, r3, r4}, 0xc) fsetxattr(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="ee31e78c0a6f0b24d82e2e62747264732e0000000000"], &(0x7f0000000040)="2570726f63403a5d73656c6670726f6327278e2c00", 0x15, 0x1) 22:28:20 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") 22:28:20 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000080)) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000f00)=@broute={'broute\x00', 0x20, 0x3, 0xd98, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000140], 0x0, &(0x7f0000000040), &(0x7f0000000140)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x1d, 0x0, 0x0, 'bcsh0\x00', 'bcsh0\x00', 'ifb0\x00', 'veth1_to_bond\x00', @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [0x0, 0x0, 0x0, 0xff], @empty, [0x0, 0x3, 0x0, 0xff], 0x918, 0x918, 0x948, [@mark_m={'mark_m\x00', 0x18, {{0x0, 0x0, 0x0, 0x3}}}, @among={'among\x00', 0x840, {{0x0, 0x0, 0x0, {[], 0x2, [{[], @dev={0xac, 0x14, 0x14}}, {}]}, {[], 0x1, [{}]}}}}]}}, @common=@CONNSECMARK={'CONNSECMARK\x00', 0x8, {{0x1}}}}, {{{0x11, 0x62, 0x0, 'bpq0\x00', 'bond_slave_0\x00', 'irlan0\x00', 'erspan0\x00', @empty, [0x0, 0xdd52ae7126d58f9a, 0xfc, 0x0, 0x0, 0xff], @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [0xff, 0x0, 0xff, 0x0, 0xff, 0xff], 0x1d8, 0x228, 0x2a0, [@connbytes={'connbytes\x00', 0x18, {{0x7, 0x7, 0x2, 0x1}}}, @comment={'comment\x00', 0x100}]}, [@common=@log={'log\x00', 0x28, {{0x7, "25d2bbe1c89e38b61fbeac94a9b40f45ffc862e5531fee5f7c3624149c39"}}}]}, @common=@NFLOG={'NFLOG\x00', 0x50, {{0x200, 0x3, 0x3, 0x1, 0x0, "0f735519c402bc96f137dd70f05e95f6cdaec6f15f241946c3de865c5780a7660fde758d79e008fc7bc3cd6a84a1e492bca522f907386727efde6951cb67d56a"}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff, 0x1, [{{{0xb, 0x10, 0x891f, 'rose0\x00', 'ip_vti0\x00', 'ipddp0\x00', 'team0\x00', @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [0x0, 0x35c91edd3c3b3024, 0x0, 0xff, 0xff], @empty, [0x0, 0x0, 0xff, 0xff, 0xff], 0xa8, 0xa8, 0x120, [@realm={'realm\x00', 0x10, {{0x8, 0x6, 0x1}}}]}}, @common=@nflog={'nflog\x00', 0x50, {{0x100000001, 0x800, 0x6, 0x0, 0x0, "c5a1a4fdafcad6dadaf74185b129137c18203ee6aba7431fdf586ca0416cefd650d11bd3950b08288da05f19ac1512957f9bb95241456722e4e0e857415585ac"}}}}]}]}, 0xe10) getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f00000000c0), &(0x7f0000000100)=0x4) r1 = dup2(r0, r0) write$P9_RSYMLINK(r1, &(0x7f0000000000)={0x14, 0x11, 0x2, {0x0, 0x2, 0x8}}, 0x14) 22:28:20 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x6, 0x4, 0x0, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) [ 113.061019] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16531 [ 113.203483] FAULT_INJECTION: forcing a failure. [ 113.203483] name failslab, interval 1, probability 0, space 0, times 0 [ 113.214750] CPU: 0 PID: 7595 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 113.223071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 113.232422] Call Trace: [ 113.235022] dump_stack+0x1c9/0x2b4 [ 113.238660] ? dump_stack_print_info.cold.2+0x52/0x52 [ 113.243858] ? is_bpf_text_address+0xae/0x170 [ 113.248357] ? lock_downgrade+0x8f0/0x8f0 [ 113.252509] should_fail.cold.4+0xa/0x11 [ 113.256572] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 113.261680] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 113.266354] ? is_bpf_text_address+0xd7/0x170 [ 113.270859] ? __kernel_text_address+0xd/0x40 [ 113.275353] ? unwind_get_return_address+0x61/0xa0 [ 113.280284] ? __save_stack_trace+0x8d/0xf0 [ 113.284613] ? lock_acquire+0x1e4/0x540 [ 113.288590] ? fs_reclaim_acquire+0x20/0x20 [ 113.292918] ? lock_downgrade+0x8f0/0x8f0 [ 113.297074] ? sctp_sendmsg_new_asoc+0x39e/0x1200 [ 113.301923] ? check_same_owner+0x340/0x340 [ 113.306244] ? __x64_sys_sendmmsg+0x9d/0x100 [ 113.310655] ? do_syscall_64+0x1b9/0x820 [ 113.314721] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 113.320083] ? rcu_note_context_switch+0x730/0x730 [ 113.325014] __should_failslab+0x124/0x180 [ 113.329254] should_failslab+0x9/0x14 [ 113.333055] kmem_cache_alloc_trace+0x2cb/0x780 [ 113.337725] ? fs_reclaim_acquire+0x20/0x20 [ 113.342047] ? lock_downgrade+0x8f0/0x8f0 [ 113.346204] sctp_auth_shkey_create+0xda/0x2a0 [ 113.350787] ? sctp_auth_key_put+0x30/0x30 [ 113.355031] ? kasan_unpoison_shadow+0x35/0x50 [ 113.359618] ? kasan_kmalloc+0xc4/0xe0 [ 113.363511] sctp_auth_asoc_copy_shkeys+0x2e8/0x400 [ 113.368530] ? sctp_auth_destroy_keys+0x400/0x400 [ 113.373373] ? memset+0x31/0x40 [ 113.376653] ? sctp_stream_alloc_out+0x127/0x1b0 [ 113.381409] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 113.386950] ? sctp_stream_interleave_init+0x69/0xa0 [ 113.392053] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 113.397589] ? sctp_stream_init+0x212/0x3b0 [ 113.401915] sctp_association_new+0x1793/0x2290 [ 113.406586] ? sctp_trans_elect_best+0x3d0/0x3d0 [ 113.411338] ? sctp_bind_addr_free+0x20/0x20 [ 113.415751] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 113.421286] ? sctp_v6_available+0x12b/0x300 [ 113.425699] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 113.431235] ? sctp_v6_to_sk_saddr+0xef/0x250 [ 113.435728] ? sctp_do_bind+0x3e5/0x5f0 [ 113.439721] ? sctp_autobind+0x16d/0x1f0 [ 113.443782] ? sctp_do_bind+0x5f0/0x5f0 [ 113.447761] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 113.452952] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 113.458140] ? security_sctp_bind_connect+0x99/0xc0 [ 113.463160] sctp_sendmsg_new_asoc+0x39e/0x1200 [ 113.467834] ? lock_acquire+0x1e4/0x540 [ 113.471806] ? sctp_sendmsg+0x1278/0x1d90 [ 113.475960] ? sctp_autobind+0x1f0/0x1f0 [ 113.480018] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 113.484603] ? kasan_check_write+0x14/0x20 [ 113.488840] ? lock_sock_nested+0x9f/0x120 [ 113.493074] ? trace_hardirqs_on+0xd/0x10 [ 113.497222] ? __local_bh_enable_ip+0x161/0x230 [ 113.501891] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 113.507430] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 113.512622] sctp_sendmsg+0x18a2/0x1d90 [ 113.516594] ? do_raw_spin_unlock+0xa7/0x2f0 [ 113.521004] ? sctp_id2assoc+0x3e0/0x3e0 [ 113.525067] ? _raw_spin_unlock_bh+0x30/0x40 [ 113.529473] ? __release_sock+0x3a0/0x3a0 [ 113.533625] inet_sendmsg+0x1a1/0x690 [ 113.537426] ? copy_msghdr_from_user+0x340/0x580 [ 113.542182] ? ipip_gro_receive+0x100/0x100 [ 113.546508] ? move_addr_to_kernel.part.20+0x100/0x100 [ 113.551790] ? security_socket_sendmsg+0x94/0xc0 [ 113.556550] ? ipip_gro_receive+0x100/0x100 [ 113.560873] sock_sendmsg+0xd5/0x120 [ 113.564585] ___sys_sendmsg+0x51d/0x930 [ 113.568557] ? __check_object_size+0x9d/0x5f2 [ 113.573056] ? copy_msghdr_from_user+0x580/0x580 [ 113.577829] ? lock_acquire+0x1e4/0x540 [ 113.581812] ? __fget_light+0x2f7/0x440 [ 113.585785] ? fget_raw+0x20/0x20 [ 113.589259] ? proc_fail_nth_write+0x9e/0x210 [ 113.589276] ? proc_cwd_link+0x1d0/0x1d0 [ 113.597822] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 113.603363] ? sockfd_lookup_light+0xc5/0x160 [ 113.607861] __sys_sendmmsg+0x240/0x6f0 [ 113.611838] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 113.616166] ? fsnotify_first_mark+0x350/0x350 [ 113.620744] ? __fsnotify_parent+0xcc/0x420 [ 113.625066] ? fsnotify+0x14e0/0x14e0 [ 113.628876] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 113.634424] ? fput+0x130/0x1a0 [ 113.637706] ? ksys_write+0x1ae/0x260 [ 113.641506] ? __ia32_sys_read+0xb0/0xb0 [ 113.645585] __x64_sys_sendmmsg+0x9d/0x100 [ 113.649840] do_syscall_64+0x1b9/0x820 [ 113.653758] ? syscall_return_slowpath+0x5e0/0x5e0 [ 113.658736] ? syscall_return_slowpath+0x31d/0x5e0 [ 113.661120] netlink: 'syz-executor1': attribute type 21 has an invalid length. [ 113.663688] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 113.663702] ? prepare_exit_to_usermode+0x291/0x3b0 [ 113.663719] ? perf_trace_sys_enter+0xb10/0xb10 [ 113.685717] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 113.690823] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 113.696000] RIP: 0033:0x455e29 [ 113.699175] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 113.718449] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 113.726146] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 113.733409] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 [ 113.740663] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 113.747918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 22:28:20 executing program 4: r0 = memfd_create(&(0x7f00000001c0)="00b3b048ce82a2a07e9084ae49551929af77c7a382729a32dbec840c634bf4c5f3cd37307691f30a0f5abfe3cfeba863493580bac222c4fcb0a0ddb8e1633f2ebe2f", 0x2) write(r0, &(0x7f0000000040)="16", 0x1) sendfile(r0, r0, &(0x7f0000001000), 0xffff) fcntl$addseals(r0, 0x409, 0x8) fsetxattr(r0, &(0x7f0000000240)=@random={'security.', "00b3b048ce82a2a07e9084ae49551929af77c7a382729a32dbec840c634bf4c5f3cd37307691f30a0f5abfe3cfeba863493580bac222c4fcb0a0ddb8e1633f2ebe2f"}, &(0x7f0000000080)='^trustedvboxnet0)vboxnet0\x00', 0x1a, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") clone(0x0, &(0x7f0000000500), &(0x7f0000000540), &(0x7f0000000140), &(0x7f0000000180)) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f00000002c0)={'ip6_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) 22:28:20 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r3, 0x4008ae8a, &(0x7f0000000340)=ANY=[@ANYBLOB="01920000000000000100009663800000000000000013"]) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047"}], 0x0, 0x0, &(0x7f0000000080), 0x0) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"]) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000140)={0x7b, 0x0, [0xc0010140]}) 22:28:20 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x0, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") 22:28:20 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0xffffffffff7fffff, 0x4000}, 0x0, 0x0, 0xffffffffffffffff, 0x1) r0 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x0, 0xc001) ioctl$sock_inet_SIOCSIFPFLAGS(r0, 0x8934, &(0x7f0000000080)={'ip6_vti0\x00', 0x8}) 22:28:21 executing program 6: r0 = socket$unix(0x1, 0x4000000001, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, "e91f7189591e9233614b00"}, 0xc) listen(r1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) connect(r2, &(0x7f0000931ff4)=@un=@file={0x1, "e91f7189591e9233614b00"}, 0xc) connect(r0, &(0x7f0000987ff4)=@un=@file={0x1, "e91f7189591e9233614b00"}, 0xc) listen(r2, 0x5) 22:28:21 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x6, 0x4, 0x0, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:21 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070") r1 = socket$netlink(0x10, 0x3, 0x0) r2 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x8, 0x628080) ioctl$BLKRRPART(r2, 0x125f, 0x0) sendmsg$nl_route(r1, &(0x7f000001bfc8)={&(0x7f0000db4000)={0x10}, 0xc, &(0x7f00006bcff0)={&(0x7f000075b000)=@ipv6_newroute={0x2c, 0x18, 0x301, 0x0, 0x0, {0xa}, [@RTA_ENCAP_TYPE={0x8, 0x15, 0x7}, @RTA_ENCAP={0x8, 0x16, @nested={0x4, 0x1}}]}, 0x2c}, 0x1}, 0x0) 22:28:21 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x0, 0x1, &(0x7f0000001fe8)=ANY=[@ANYBLOB="e98525df803a836667"], &(0x7f0000000000)="73797a6b616c6c65720079a992a8b54a138a2b15e5a5e3834727c92e7da99f989fe05b08b789f58457b5e8c54a81998cb1f68103d880c4f0cd8d3015884af5", 0x0, 0xc3, &(0x7f0000009f3d)=""/195}, 0x48) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000340)={{{@in6, @in=@rand_addr, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in6=@loopback}}, &(0x7f0000000440)=0xe8) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x5, &(0x7f0000001fd8)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x3000000, 0x25}, [@ldst={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffb0}], {0x95}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f0000000240)=""/195, 0x0, 0x0, [], r1, 0x7}, 0x119) 22:28:21 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x0, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") [ 113.755181] R13: 00000000004c111c R14: 00000000004d1558 R15: 0000000000000004 [ 113.780839] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16549 [ 113.789137] netlink: 'syz-executor1': attribute type 1 has an invalid length. 22:28:21 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xae80, &(0x7f00000000c0)={0x1229}) getsockopt$inet_sctp_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000000), &(0x7f0000000040)=0xb) r3 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x100000001, 0x0) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000100)={0x0, 0xffffffffffffffe0, 0x6, [0x55df4dfb, 0xb45a, 0x4, 0x0, 0x8000, 0x2]}, &(0x7f0000000180)=0x14) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f00000001c0)={r4, 0x8}, &(0x7f0000000200)=0x8) 22:28:21 executing program 2 (fault-call:1 fault-nth:5): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) 22:28:21 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0) socket$bt_hidp(0x1f, 0x3, 0x6) socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = openat$cgroup_int(r0, &(0x7f0000000040)='hugetlb.2MB.max_usage_in_bytes\x00', 0x2, 0x0) fcntl$notify(r2, 0x402, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x0) fchmod(r1, 0x4) 22:28:21 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x8010000000000084) sendto$inet6(r0, &(0x7f0000000000)="e2", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x3fff, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x2}, 0x1c) listen(r0, 0xffffffffffffff7f) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000240)=@routing, 0x8) openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x400000, 0x0) accept(r0, &(0x7f00000000c0)=@can, &(0x7f0000000280)=0xfd31) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000080)=0x2, 0x4) alarm(0x8) [ 113.903005] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16524 [ 113.939018] FAULT_INJECTION: forcing a failure. [ 113.939018] name failslab, interval 1, probability 0, space 0, times 0 [ 113.950304] CPU: 0 PID: 7634 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 113.958622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 113.967969] Call Trace: [ 113.970547] dump_stack+0x1c9/0x2b4 [ 113.974176] ? dump_stack_print_info.cold.2+0x52/0x52 [ 113.979356] should_fail.cold.4+0xa/0x11 [ 113.983403] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 113.988490] ? kasan_kmalloc+0xc4/0xe0 [ 113.992364] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 113.997200] ? inet_sendmsg+0x1a1/0x690 [ 114.001162] ? sock_sendmsg+0xd5/0x120 [ 114.005037] ? __sys_sendmmsg+0x240/0x6f0 [ 114.009181] ? __x64_sys_sendmmsg+0x9d/0x100 [ 114.013574] ? do_syscall_64+0x1b9/0x820 [ 114.017623] ? perf_trace_lock+0x920/0x920 [ 114.021846] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 114.027379] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 114.032208] ? perf_trace_lock+0x920/0x920 [ 114.036433] ? lock_acquire+0x1e4/0x540 [ 114.040397] ? sctp_bind_addr_state+0x292/0x480 [ 114.045060] ? lock_downgrade+0x8f0/0x8f0 [ 114.049194] __should_failslab+0x124/0x180 [ 114.053415] should_failslab+0x9/0x14 [ 114.057200] kmem_cache_alloc_trace+0x4b/0x780 [ 114.061770] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 114.066950] sctp_add_bind_addr+0x101/0x4b0 [ 114.071255] ? sctp_bind_addr_free+0x20/0x20 [ 114.075650] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 114.080824] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 114.086343] ? sctp_v4_scope+0x19b/0x1c0 [ 114.090387] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 114.095564] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 114.100566] sctp_copy_local_addr_list+0x499/0x690 [ 114.105485] ? sctp_defaults_init+0xe70/0xe70 [ 114.109966] ? get_random_bytes+0x34/0x40 [ 114.114098] ? sctp_association_new+0x1aab/0x2290 [ 114.118942] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 114.124117] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 114.129638] sctp_copy_one_addr+0x5d/0x170 [ 114.133857] ? sctp_copy_one_addr+0x5d/0x170 [ 114.138267] sctp_bind_addr_copy+0x173/0x47c [ 114.142664] ? sctp_copy_one_addr+0x170/0x170 [ 114.147145] ? sctp_autobind+0x16d/0x1f0 [ 114.151191] ? sctp_do_bind+0x5f0/0x5f0 [ 114.155148] sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 114.160668] ? security_sctp_bind_connect+0x99/0xc0 [ 114.165678] sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 114.170330] ? lock_acquire+0x1e4/0x540 [ 114.174285] ? sctp_sendmsg+0x1278/0x1d90 [ 114.178431] ? sctp_autobind+0x1f0/0x1f0 [ 114.182475] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 114.187046] ? kasan_check_write+0x14/0x20 [ 114.191265] ? lock_sock_nested+0x9f/0x120 [ 114.195485] ? trace_hardirqs_on+0xd/0x10 [ 114.199616] ? __local_bh_enable_ip+0x161/0x230 [ 114.204268] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 114.209792] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 114.214965] sctp_sendmsg+0x18a2/0x1d90 [ 114.218921] ? do_raw_spin_unlock+0xa7/0x2f0 [ 114.223314] ? sctp_id2assoc+0x3e0/0x3e0 [ 114.227360] ? _raw_spin_unlock_bh+0x30/0x40 [ 114.231756] ? __release_sock+0x3a0/0x3a0 [ 114.235892] inet_sendmsg+0x1a1/0x690 [ 114.239679] ? copy_msghdr_from_user+0x340/0x580 [ 114.244417] ? ipip_gro_receive+0x100/0x100 [ 114.248725] ? move_addr_to_kernel.part.20+0x100/0x100 [ 114.253998] ? security_socket_sendmsg+0x94/0xc0 [ 114.258749] ? ipip_gro_receive+0x100/0x100 [ 114.263057] sock_sendmsg+0xd5/0x120 [ 114.266784] ___sys_sendmsg+0x51d/0x930 [ 114.270757] ? __check_object_size+0x9d/0x5f2 [ 114.275251] ? copy_msghdr_from_user+0x580/0x580 [ 114.280000] ? lock_acquire+0x1e4/0x540 [ 114.283976] ? __fget_light+0x2f7/0x440 [ 114.287932] ? fget_raw+0x20/0x20 [ 114.291375] ? proc_fail_nth_write+0x9e/0x210 [ 114.295854] ? proc_cwd_link+0x1d0/0x1d0 [ 114.299902] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 114.305420] ? sockfd_lookup_light+0xc5/0x160 [ 114.309911] __sys_sendmmsg+0x240/0x6f0 [ 114.313876] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 114.318182] ? fsnotify_first_mark+0x350/0x350 [ 114.322748] ? __fsnotify_parent+0xcc/0x420 [ 114.327055] ? fsnotify+0x14e0/0x14e0 [ 114.330863] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 114.336383] ? fput+0x130/0x1a0 [ 114.339644] ? ksys_write+0x1ae/0x260 [ 114.343428] ? __ia32_sys_read+0xb0/0xb0 [ 114.347477] __x64_sys_sendmmsg+0x9d/0x100 [ 114.351697] do_syscall_64+0x1b9/0x820 [ 114.355570] ? finish_task_switch+0x1d3/0x870 [ 114.360047] ? syscall_return_slowpath+0x5e0/0x5e0 [ 114.364970] ? syscall_return_slowpath+0x31d/0x5e0 [ 114.369882] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 114.374880] ? prepare_exit_to_usermode+0x291/0x3b0 [ 114.379879] ? perf_trace_sys_enter+0xb10/0xb10 [ 114.384532] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 114.389363] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 114.394535] RIP: 0033:0x455e29 [ 114.397702] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 114.416902] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 114.424604] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 114.431855] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 [ 114.439106] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 114.446359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 22:28:22 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$sndseq(r0, &(0x7f0000011fd2), 0xfff6) accept4$llc(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000000080)=0x10, 0x800) fallocate(r0, 0x8, 0x0, 0x8000) 22:28:22 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x0, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") [ 114.453618] R13: 00000000004c111c R14: 00000000004d1558 R15: 0000000000000005 22:28:22 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x0, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) [ 114.532107] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16539 22:28:22 executing program 4: syz_emit_ethernet(0x56, &(0x7f0000015e15)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @local={[0xaa, 0xaa, 0xaa, 0xaa], 0xffffffffffffffff}, [], {@canfd={0xd, {{0x4, 0x1, 0x2, 0x10001}, 0x19, 0x1, 0x0, 0x0, "2bb533657faca9ae806279d12b45e2d945f4b80f5e8932271241deec1ddec488e68a866b655bf0e82de474d4bb2b962ff04b1e5d38fcb3832c2430d924cfeffb"}}}}, 0x0) 22:28:22 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x10, 0x3, 0x80000000) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x80, 0x0) sendmsg(r0, &(0x7f0000000200)={&(0x7f0000000140)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e22, @local={0xac, 0x14, 0x14, 0xaa}}, 0x3, 0x3, 0x1, 0x3}}, 0x80, &(0x7f00000001c0)=[{&(0x7f00000000c0)="545a108eb17eadc7d2ffb49358fc4a5b6d8783268d004602a8d7003c260a0da72cfaffcb835114e09693f9a7ea1f99753e6dc499962e88961edbfdbb", 0x3c}], 0x1, &(0x7f00000002c0)=[{0x100, 0x10d, 0x0, "75c16e144c6dc2c35c645f67c7669e021e08beee938a8d26fa916616077ec2eefa73a0e4f4afb5760da06cab8566845e2f19083227f260e9ab01d49fb43caa2ab360ed883fd6de8b5d78cb46ca126bb4f084081d0f2a4931a225823e684a0b34f41cd745cbdecfdae67afde4c73184bcd4a771a42b73d83ef9dd2a9c4fe9ec8278135c3fcec498b7abd7494b211d7bd8fc62d80d84fd3a17733f097b432df2d0ab066ae85e52b754001d649565e9c87d386899253231ad70289f69686bf3eb35ee81aece7ac473dbf169024163426c17e016d3532ad814ab8b04770c8e8b3b8b49548ab6b7a71b7d0485404435"}, {0x18, 0x116, 0x0, "4b0c3f67b6"}, {0x90, 0x101, 0x7f, "444f75b86f5653525c453477443ad5f06ad7d38b76314c856b10f75583aec8bc88f23cba53c57efeef84178ae06cd3346ba192a583c6a9a000597c02e195bcab3d801c880898d5a0d307077d10916d4b376b140ac07aa0091d3c96ba152b359bfbe2f2f225ff6aff203b017e811f01f6f29977df8d18e85637a54b5b20"}, {0x100, 0x10a, 0x3f, "1a0b3ecc0b19b5ca3934cf7001dbd1812f7b2df73f8b85677c61371220c4b434ef71290887fe10f1fda748e74b5d528d9d329866fb7f51f1771a06c4cc5f1fa1c0756aaa81001abba4875bf73d63b88888ec6e20a9ca9de403747ffb982ef2b51d977876c1cf7156287d07d4a8967c56bead0fb8994594e7c1a73b4793520ecf0489c43c8e254f3d0cf5ce2380415608e6b4417ed2b2c25917f8d7198e1e084cc1911a04fdb0a8c7880c44509bea5877a6daa4b0001fda98cd02d01b3ca2a1a65b3e7ee028131a3ff9aa8c09fdca06e9ed40cacbd975f1d5139e091629c8388e9da7c9bcb5a7914ca37a"}, {0xa0, 0x6, 0x7fff, "228cac7c591dd50fa6211a7d2a053407221aedf33190fec41a055e29f1e9ca2a83e5fc944b9f846185e3ee915ac55f99650dc4d0c66c6b063c9bf9ffce4004ef02fbf5b82f2b05bcf3cef7b9100bd660d9a9ed406106883ddfbb5f6f840d2256584965ddc20233f39f3bc50d85268594e8d3182730674fa79f99db13704ecc77de3406bc1145840c112fa2"}, {0x48, 0x18b, 0x10001, "1501dc4ac8fda02df82790a04e61e5049615a932bec9ec0ad729cfe7a2336363e2a8bf0469ad980882f0ecfd7ad8d7d3aa4701e79688"}, {0x98, 0x11, 0x2, "9219b88fad81904fd554905f8f6f63fb60511c622e21b70e06ae665bace62a7f47754ea39f94fd4d6b7d631a3edf34f8a66b9790d40b5ad1e45f56f74e0efea19cb8472273f92ce7cac3ce586e0fb9999699bbd865316efa5c98cf1c68a8565ffe018f002b2715da8bce0109a6c3b9916b713cbc34004cc224f0f8ed8e300eb81da44a069d04"}], 0x428, 0x20000001}, 0x4000000) syz_open_pts(r2, 0x20000) sendmsg(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="240000005e0007241dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000001100ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 22:28:22 executing program 2 (fault-call:1 fault-nth:6): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) 22:28:22 executing program 0: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x45e5db81ae6db139, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000002c0)={0x0, 0x4}, &(0x7f0000000380)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000400)={0x2, 0xff, 0x2, 0x7, 0x8, 0x40, 0x0, 0x7fffffff, 0x0}, &(0x7f0000000440)=0x20) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f00000003c0)={r1, 0x6}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000080)=r2, 0x4) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x88440, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={r2, 0xac, &(0x7f0000000580)=[@in={0x2, 0x4e21, @local={0xac, 0x14, 0x14, 0xaa}}, @in6={0xa, 0x4e22, 0x200, @ipv4={[], [0xff, 0xff], @multicast2=0xe0000002}, 0x3}, @in6={0xa, 0x4e24, 0x0, @mcast1={0xff, 0x1, [], 0x1}, 0x1}, @in6={0xa, 0x4e20, 0x1, @local={0xfe, 0x80, [], 0xaa}, 0xe61f}, @in6={0xa, 0x4e23, 0x3f, @empty, 0x8000}, @in6={0xa, 0x4e23, 0x4, @remote={0xfe, 0x80, [], 0xbb}, 0x8000}, @in={0x2, 0x4e21, @local={0xac, 0x14, 0x14, 0xaa}}]}, &(0x7f0000000640)=0x10) ioctl$VHOST_GET_FEATURES(r3, 0x8008af00, &(0x7f0000000340)) getresuid(&(0x7f0000000300)=0x0, &(0x7f00000001c0), &(0x7f0000000200)) ioctl$KDSKBSENT(r3, 0x4b49, &(0x7f0000000480)="a619dd49afbd59004d6fe4674420edc878ab1560c9db048dbd601ed49ad0aa11ea4a1abb0a92cc443c18808bdb1431f64269c759871b13fb07702e001ca32ba9139dcddc26d0e5371d24ed068d32b2efc2e354ab08ea0af26fda0fd4666754795af7e1eddd8c26e4c6b08a412ba81439ced5fd3bcf6d2ca2c3892662e2e82745ca48289b481c59524f1296a6f5e7ec1f03765be0e264b77168e3494e8d854b3c6e7c3c46a01be598343c39e75b38155e867c977a91959ef35593a2fe5580a2f39141edcd9e2e3bafc99d45c9175e196fe34c432ca6bed005763217cc605139bca57d20dcfc27b7e8fbb2ec2e3c3c279c225295e6") getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0, 0x0}, &(0x7f0000000280)=0xc) fchownat(r0, &(0x7f0000000140)='./file0\x00', r4, r5, 0x3fd) syz_open_dev$sndpcmp(&(0x7f0000000180)='/dev/snd/pcmC#D#p\x00', 0x3, 0x284000) 22:28:22 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="025cc83d6d345f8f762070") r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x200000, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000080)=0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r1, 0xc1105518, &(0x7f0000000440)={{0x4, 0x2, 0x3, 0x1000, '\x00', 0x7}, 0x4, 0x20000200, 0x2, r2, 0x5, 0x100000000000, 'syz1\x00', &(0x7f0000000280)=[')posix_acl_accesskeyring\x00', "e83779d80efa45bb7f48bebc95870bd0cd39bd2830ee47afe7b33fc778bde252c50d2e", '(\\{({\x00', '-\x00', '/dev/snd/seq\x00'], 0x51, [], [0xff, 0x7, 0x8]}) r3 = memfd_create(&(0x7f0000000400)="e83779d80efa45bb7f48bebc95870bd0cd39bd2830ee47afe7b33fc778bde252c50d2e", 0x0) r4 = syz_open_dev$sndseq(&(0x7f0000042ff3)='/dev/snd/seq\x00', 0x0, 0x20002) r5 = dup2(r4, r3) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x0, 0x0, "7175657565310000000000000000313b0000000000000000000000000000000000000000060000000000ccbf7ddd00"}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5334, &(0x7f00000001c0)={0xf48b, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f0000000300)={0x2, 0x401, 0x92, 'queue0\x00', 0x8}) write$sndseq(r3, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0xffffff76) 22:28:22 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x0, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:22 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) poll(&(0x7f0000000000)=[{r0}], 0x1, 0xffffffffffffffc0) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0x0) r2 = syz_open_dev$vcsa(&(0x7f00000000c0)='/dev/vcsa#\x00', 0xcd, 0xa400) r3 = syz_genetlink_get_family_id$team(&(0x7f0000000180)='team\x00') getsockopt$inet_pktinfo(0xffffffffffffff9c, 0x0, 0x8, &(0x7f00000001c0)={0x0, @multicast1, @rand_addr}, &(0x7f0000000200)=0xc) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'team_slave_1\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000380)={'team0\x00', 0x0}) getpeername$packet(0xffffffffffffff9c, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, &(0x7f0000000580)=0x14) recvmmsg(r1, &(0x7f0000000c40)=[{{&(0x7f00000005c0)=@can={0x0, 0x0}, 0x80, &(0x7f0000000b80)=[{&(0x7f0000000640)=""/244, 0xf4}, {&(0x7f0000000740)=""/245, 0xf5}, {&(0x7f0000000840)=""/248, 0xf8}, {&(0x7f0000000940)=""/244, 0xf4}, {&(0x7f0000000a40)=""/128, 0x80}, {&(0x7f0000000ac0)=""/138, 0x8a}], 0x6, &(0x7f0000000c00)=""/25, 0x19, 0xffffffffffffffc4}, 0xcf0e}], 0x1, 0x40000101, &(0x7f0000000c80)={0x0, 0x989680}) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000cc0)={0x0, @remote, @multicast2}, &(0x7f0000000d00)=0xc) accept4(r1, &(0x7f0000000d40)=@xdp={0x0, 0x0, 0x0}, &(0x7f0000000dc0)=0x80, 0x80800) getsockname$packet(0xffffffffffffffff, &(0x7f0000000e40)={0x0, 0x0, 0x0}, &(0x7f0000000e80)=0x14) sendmsg$TEAM_CMD_PORT_LIST_GET(r2, &(0x7f00000011c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x88100}, 0xc, &(0x7f0000001180)={&(0x7f0000000ec0)={0x284, r3, 0x200, 0x70bd2c, 0x25dfdbfb, {0x3}, [{{0x8, 0x1, r4}, {0xb8, 0x2, [{0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8, 0x3, 0xb}, {0x8, 0x4, 0x5}}, {0x8, 0x6, r5}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r6}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x7}}}]}}, {{0x8, 0x1, r7}, {0x1a8, 0x2, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x4}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x4}}, {0x8, 0x6, r8}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r9}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x1f}}}, {0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8, 0x3, 0x5}, {0x10, 0x4, 'broadcast\x00'}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, r10}}, {0x8, 0x7}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, r11}}}]}}]}, 0x284}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000) read(r0, &(0x7f0000000040)=""/81, 0x51) dup3(r0, r1, 0x0) 22:28:22 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)) r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") [ 114.716135] FAULT_INJECTION: forcing a failure. [ 114.716135] name failslab, interval 1, probability 0, space 0, times 0 [ 114.727661] CPU: 1 PID: 7674 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 114.736023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 114.745414] Call Trace: [ 114.748014] dump_stack+0x1c9/0x2b4 [ 114.751652] ? dump_stack_print_info.cold.2+0x52/0x52 [ 114.756844] ? __kernel_text_address+0xd/0x40 [ 114.761346] ? unwind_get_return_address+0x61/0xa0 [ 114.766276] should_fail.cold.4+0xa/0x11 [ 114.770340] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 114.775441] ? save_stack+0xa9/0xd0 [ 114.779058] ? save_stack+0x43/0xd0 [ 114.782675] ? kasan_kmalloc+0xc4/0xe0 [ 114.786550] ? kmem_cache_alloc_trace+0x152/0x780 [ 114.791382] ? sctp_add_bind_addr+0x101/0x4b0 [ 114.795862] ? sctp_copy_local_addr_list+0x499/0x690 [ 114.800951] ? sctp_copy_one_addr+0x5d/0x170 [ 114.805347] ? sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 114.811043] ? sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 114.815874] ? sctp_sendmsg+0x18a2/0x1d90 [ 114.820014] ? inet_sendmsg+0x1a1/0x690 [ 114.823975] ? sock_sendmsg+0xd5/0x120 [ 114.827857] ? ___sys_sendmsg+0x51d/0x930 [ 114.831989] ? __sys_sendmmsg+0x240/0x6f0 [ 114.836128] ? __x64_sys_sendmmsg+0x9d/0x100 [ 114.840526] ? do_syscall_64+0x1b9/0x820 [ 114.844575] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 114.849931] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 114.855459] ? _extract_crng+0x23b/0x320 [ 114.859510] ? lock_acquire+0x1e4/0x540 [ 114.863470] ? _crng_backtrack_protect+0x108/0x150 [ 114.868385] ? lock_downgrade+0x8f0/0x8f0 [ 114.872535] ? lock_acquire+0x1e4/0x540 [ 114.876509] ? sctp_bind_addr_state+0x292/0x480 [ 114.881176] ? lock_downgrade+0x8f0/0x8f0 [ 114.885322] ? kasan_unpoison_shadow+0x35/0x50 [ 114.889903] __should_failslab+0x124/0x180 [ 114.894128] should_failslab+0x9/0x14 [ 114.897916] kmem_cache_alloc_trace+0x4b/0x780 [ 114.902487] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 114.907673] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 114.912677] sctp_add_bind_addr+0x101/0x4b0 [ 114.916990] ? sctp_bind_addr_free+0x20/0x20 [ 114.921390] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 114.926567] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 114.932092] ? sctp_v4_scope+0x19b/0x1c0 [ 114.936152] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 114.941350] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 114.946356] sctp_copy_local_addr_list+0x499/0x690 [ 114.951276] ? sctp_defaults_init+0xe70/0xe70 [ 114.955761] ? get_random_bytes+0x34/0x40 [ 114.959898] ? sctp_association_new+0x1aab/0x2290 [ 114.964735] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 114.969912] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 114.975451] sctp_copy_one_addr+0x5d/0x170 [ 114.979676] ? sctp_copy_one_addr+0x5d/0x170 [ 114.984073] sctp_bind_addr_copy+0x173/0x47c [ 114.988480] ? sctp_copy_one_addr+0x170/0x170 [ 114.992961] ? sctp_autobind+0x16d/0x1f0 [ 114.997279] ? sctp_do_bind+0x5f0/0x5f0 [ 115.001261] sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 115.006785] ? security_sctp_bind_connect+0x99/0xc0 [ 115.011799] sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 115.016455] ? lock_acquire+0x1e4/0x540 [ 115.020413] ? sctp_sendmsg+0x1278/0x1d90 [ 115.024553] ? sctp_autobind+0x1f0/0x1f0 [ 115.028598] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 115.033172] ? kasan_check_write+0x14/0x20 [ 115.037393] ? lock_sock_nested+0x9f/0x120 [ 115.041613] ? trace_hardirqs_on+0xd/0x10 [ 115.045765] ? __local_bh_enable_ip+0x161/0x230 [ 115.050421] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 115.055945] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 115.061121] sctp_sendmsg+0x18a2/0x1d90 [ 115.065082] ? do_raw_spin_unlock+0xa7/0x2f0 [ 115.069481] ? sctp_id2assoc+0x3e0/0x3e0 [ 115.073545] ? _raw_spin_unlock_bh+0x30/0x40 [ 115.077944] ? __release_sock+0x3a0/0x3a0 [ 115.082087] inet_sendmsg+0x1a1/0x690 [ 115.085874] ? copy_msghdr_from_user+0x340/0x580 [ 115.090614] ? ipip_gro_receive+0x100/0x100 [ 115.094922] ? move_addr_to_kernel.part.20+0x100/0x100 [ 115.100190] ? security_socket_sendmsg+0x94/0xc0 [ 115.104931] ? ipip_gro_receive+0x100/0x100 [ 115.109240] sock_sendmsg+0xd5/0x120 [ 115.112941] ___sys_sendmsg+0x51d/0x930 [ 115.116900] ? __check_object_size+0x9d/0x5f2 [ 115.121386] ? copy_msghdr_from_user+0x580/0x580 [ 115.126128] ? lock_acquire+0x1e4/0x540 [ 115.130095] ? __fget_light+0x2f7/0x440 [ 115.134055] ? fget_raw+0x20/0x20 [ 115.137504] ? proc_fail_nth_write+0x9e/0x210 [ 115.141985] ? proc_cwd_link+0x1d0/0x1d0 [ 115.146042] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 115.151567] ? sockfd_lookup_light+0xc5/0x160 [ 115.156052] __sys_sendmmsg+0x240/0x6f0 [ 115.160024] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 115.164334] ? fsnotify_first_mark+0x350/0x350 [ 115.168900] ? __fsnotify_parent+0xcc/0x420 [ 115.173208] ? fsnotify+0x14e0/0x14e0 [ 115.177009] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 115.182533] ? fput+0x130/0x1a0 [ 115.185799] ? ksys_write+0x1ae/0x260 [ 115.189586] ? __ia32_sys_read+0xb0/0xb0 [ 115.193650] __x64_sys_sendmmsg+0x9d/0x100 [ 115.197878] do_syscall_64+0x1b9/0x820 [ 115.201751] ? finish_task_switch+0x1d3/0x870 [ 115.206234] ? syscall_return_slowpath+0x5e0/0x5e0 [ 115.211166] ? syscall_return_slowpath+0x31d/0x5e0 [ 115.216084] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 115.221090] ? prepare_exit_to_usermode+0x291/0x3b0 [ 115.226095] ? perf_trace_sys_enter+0xb10/0xb10 [ 115.230750] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 115.235583] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 115.240758] RIP: 0033:0x455e29 [ 115.243927] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 115.263207] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 115.270911] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 115.278165] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 [ 115.285423] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 115.292676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 115.299927] R13: 00000000004c111c R14: 00000000004d1558 R15: 0000000000000006 [ 115.319106] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16549 22:28:23 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r0, &(0x7f00000004c0)={&(0x7f0000000040)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10, &(0x7f0000000140)=[{&(0x7f00000001c0)='W', 0x1}], 0x1, &(0x7f0000000400)=ANY=[@ANYBLOB="00000000000000000000000000e1ff000000000000000000000000000000", @ANYRES32=0x0], 0x30}, 0x48040) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x200800, 0x0) openat$random(0xffffffffffffff9c, &(0x7f0000000180)='/dev/urandom\x00', 0x0, 0x0) ioctl$TIOCLINUX6(r1, 0x541c, &(0x7f0000000080)={0x6, 0xb7}) accept$packet(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f0000000100)=0x14) 22:28:23 executing program 1: mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = socket(0x2, 0x2, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000000eff4)) r2 = add_key(&(0x7f0000000000)='asymmetric\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a, 0x1}, &(0x7f0000000080)="312a261658795fd155b6c152b5737ea048b4cc18fc459f48bc1f9d95a0df72b6a7bc2c43669ecb915598c6567ce06e6779d9196a054e816d500006aef64e22be6e0ce6cde054fdd9a0e9bc1972be1e7425929d555d93e33db75a021670a08ac0c9087d538400b89e50c20f35ba99fafd1445eb278230cfe2fee23d6a78bb5af0bef823fa1e293b433e5fa260f2da54fae503c703fb19b7639c82a9182ffc486f4e6de2bb72bf7f2837902ca7f4e4ca821c1aa4834aa3a52a0bc0308c2578d8e4b09d7446ac061e5f3ebec730a339734e379d0bce641236dba571f3c753787b9d2008b7ce39319489f2b3b2c5069a15cb1ede2116e6cb48c4b055d2578e41", 0xfe, 0xfffffffffffffffa) keyctl$setperm(0x5, r2, 0x1000) socket$pptp(0x18, 0x1, 0x2) epoll_wait(r1, &(0x7f000000affb)=[{}], 0x1, 0xfffffffffffffff8) shutdown(r0, 0x100000000100001) shutdown(r0, 0x8000000000002) 22:28:23 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000000)={0x1, 0x9, 0x0, 0x5, 0x9, 0x8, 0x10000, 0x1581, 0x0}, &(0x7f0000000040)=0x20) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000080)={0x0, 0x1b, "02a8dd6a71057d86b0a5dfe7f7d99303a5cddb00aee96846e1d1e9"}, &(0x7f00000000c0)=0x23) getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000140)={r1, 0x9, 0x2, 0x9, 0x3ff, 0x1, 0x6, 0x6, {r2, @in6={{0xa, 0x4e23, 0x7f, @dev={0xfe, 0x80, [], 0x1d}, 0x5}}, 0x10000, 0x2, 0x800, 0x1, 0x6}}, &(0x7f0000000200)=0xb0) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000240)=ANY=[@ANYRES32=0x0, @ANYBLOB="0080909836afd2e6e8f53b1594afbd36bf012000"], 0x8) 22:28:23 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)) r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") 22:28:23 executing program 2 (fault-call:1 fault-nth:7): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) 22:28:23 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x0, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:23 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)) r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") [ 115.454791] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16549 [ 115.477907] FAULT_INJECTION: forcing a failure. [ 115.477907] name failslab, interval 1, probability 0, space 0, times 0 [ 115.489195] CPU: 1 PID: 7710 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 22:28:23 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d34") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") [ 115.497506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 115.506856] Call Trace: [ 115.509457] dump_stack+0x1c9/0x2b4 [ 115.509600] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16546 [ 115.513093] ? dump_stack_print_info.cold.2+0x52/0x52 [ 115.513112] ? __kernel_text_address+0xd/0x40 [ 115.513136] ? unwind_get_return_address+0x61/0xa0 [ 115.537312] should_fail.cold.4+0xa/0x11 [ 115.541377] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 115.546486] ? save_stack+0xa9/0xd0 [ 115.550114] ? save_stack+0x43/0xd0 22:28:23 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d34") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") [ 115.551382] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16546 [ 115.553743] ? kasan_kmalloc+0xc4/0xe0 [ 115.553759] ? kmem_cache_alloc_trace+0x152/0x780 [ 115.553788] ? sctp_add_bind_addr+0x101/0x4b0 [ 115.576551] ? sctp_copy_local_addr_list+0x499/0x690 [ 115.581644] ? sctp_copy_one_addr+0x5d/0x170 [ 115.586053] ? sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 115.591765] ? sctp_sendmsg_new_asoc+0x3c4/0x1200 22:28:23 executing program 6: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e22, @rand_addr=0x7fffffff}, 0x10) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockname$inet(r1, &(0x7f0000000000)={0x0, 0x0, @broadcast}, &(0x7f00000000c0)=0x10) ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f0000000040)={0x0, {0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, {0x2, 0xfffffffffffffffe, @multicast2=0xe0000002}, {0x2, 0x0, @broadcast=0xffffffff}, 0x40}) 22:28:23 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x6) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000000)=0x2, 0x4) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = memfd_create(&(0x7f00000000c0)="70726f63ae6d696d655f74797065776c616e316e6f64657600", 0x6) getsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f0000000040), &(0x7f0000000080)=0x4) fcntl$addseals(r1, 0x409, 0x8) 22:28:23 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d34") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") [ 115.594917] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16546 [ 115.596605] ? sctp_sendmsg+0x18a2/0x1d90 [ 115.596620] ? inet_sendmsg+0x1a1/0x690 [ 115.596634] ? sock_sendmsg+0xd5/0x120 [ 115.596651] ? ___sys_sendmsg+0x51d/0x930 [ 115.622343] ? __sys_sendmmsg+0x240/0x6f0 [ 115.626491] ? __x64_sys_sendmmsg+0x9d/0x100 [ 115.630902] ? do_syscall_64+0x1b9/0x820 [ 115.634964] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 115.640330] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 115.645920] ? _extract_crng+0x23b/0x320 [ 115.649991] ? lock_acquire+0x1e4/0x540 22:28:23 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x626) ioctl(r0, 0x8912, &(0x7f0000000500)="025cc83d6d345f8f762070") r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r1, 0x40000000af01, &(0x7f0000000140)) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x4000, 0x80) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000240)={0x0, @in6={{0xa, 0x4e23, 0x1, @local={0xfe, 0x80, [], 0xaa}, 0x70000000}}, [0x1de9, 0x3ff, 0x200, 0x8, 0xd3, 0x5, 0x0, 0x7, 0x1, 0x10000, 0x200, 0x80000000, 0x0, 0x7, 0x3e4]}, &(0x7f00000000c0)=0x100) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f0000000540)={r3, @in={{0x2, 0x4e21, @local={0xac, 0x14, 0x14, 0xaa}}}}, &(0x7f0000000100)=0x168) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000001640)={0x4, 0x0, [{0x3000, 0xa2, &(0x7f0000000340)=""/162}, {0x3000, 0x1d, &(0x7f0000000000)=""/29}, {0x1f000, 0x1000, &(0x7f0000001800)=""/4096}, {0x0, 0x92, &(0x7f0000000400)=""/146}]}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000200)) [ 115.653978] ? _crng_backtrack_protect+0x108/0x150 [ 115.658916] ? lock_downgrade+0x8f0/0x8f0 [ 115.663066] ? lock_acquire+0x1e4/0x540 [ 115.667044] ? sctp_bind_addr_state+0x292/0x480 [ 115.671712] ? lock_downgrade+0x8f0/0x8f0 [ 115.675865] ? kasan_unpoison_shadow+0x35/0x50 [ 115.680453] __should_failslab+0x124/0x180 [ 115.684694] should_failslab+0x9/0x14 [ 115.688504] kmem_cache_alloc_trace+0x4b/0x780 [ 115.693089] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 115.698286] ? __sanitizer_cov_trace_cmp4+0x16/0x20 22:28:23 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f76") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") [ 115.703300] sctp_add_bind_addr+0x101/0x4b0 [ 115.705959] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16540 [ 115.707616] ? sctp_bind_addr_free+0x20/0x20 [ 115.707632] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 115.707647] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 115.707663] ? sctp_v4_scope+0x19b/0x1c0 [ 115.707677] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 115.707695] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 115.747302] sctp_copy_local_addr_list+0x499/0x690 [ 115.752256] ? sctp_defaults_init+0xe70/0xe70 [ 115.756760] ? get_random_bytes+0x34/0x40 [ 115.760912] ? sctp_association_new+0x1aab/0x2290 [ 115.765757] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 115.770945] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 115.776486] sctp_copy_one_addr+0x5d/0x170 [ 115.780743] ? sctp_copy_one_addr+0x5d/0x170 [ 115.785151] sctp_bind_addr_copy+0x173/0x47c [ 115.789563] ? sctp_copy_one_addr+0x170/0x170 [ 115.794055] ? sctp_autobind+0x16d/0x1f0 [ 115.798122] ? sctp_do_bind+0x5f0/0x5f0 [ 115.802113] sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 115.807646] ? security_sctp_bind_connect+0x99/0xc0 [ 115.812656] sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 115.817339] ? lock_acquire+0x1e4/0x540 [ 115.817354] ? sctp_sendmsg+0x1278/0x1d90 [ 115.817373] ? sctp_autobind+0x1f0/0x1f0 [ 115.817388] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 115.817407] ? kasan_check_write+0x14/0x20 [ 115.817424] ? lock_sock_nested+0x9f/0x120 [ 115.817438] ? trace_hardirqs_on+0xd/0x10 [ 115.817454] ? __local_bh_enable_ip+0x161/0x230 [ 115.817471] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 115.817488] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 115.817504] sctp_sendmsg+0x18a2/0x1d90 [ 115.817516] ? do_raw_spin_unlock+0xa7/0x2f0 [ 115.817533] ? sctp_id2assoc+0x3e0/0x3e0 [ 115.817550] ? _raw_spin_unlock_bh+0x30/0x40 [ 115.817564] ? __release_sock+0x3a0/0x3a0 [ 115.817585] inet_sendmsg+0x1a1/0x690 [ 115.817601] ? copy_msghdr_from_user+0x340/0x580 [ 115.817613] ? ipip_gro_receive+0x100/0x100 [ 115.817627] ? move_addr_to_kernel.part.20+0x100/0x100 [ 115.817645] ? security_socket_sendmsg+0x94/0xc0 [ 115.817657] ? ipip_gro_receive+0x100/0x100 [ 115.817671] sock_sendmsg+0xd5/0x120 [ 115.817685] ___sys_sendmsg+0x51d/0x930 [ 115.817702] ? __check_object_size+0x9d/0x5f2 [ 115.817718] ? copy_msghdr_from_user+0x580/0x580 [ 115.817733] ? lock_acquire+0x1e4/0x540 [ 115.817751] ? __fget_light+0x2f7/0x440 [ 115.817764] ? fget_raw+0x20/0x20 [ 115.817786] ? proc_fail_nth_write+0x9e/0x210 [ 115.817799] ? proc_cwd_link+0x1d0/0x1d0 [ 115.817817] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 115.817830] ? sockfd_lookup_light+0xc5/0x160 [ 115.817845] __sys_sendmmsg+0x240/0x6f0 [ 115.817864] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 115.817879] ? fsnotify_first_mark+0x350/0x350 [ 115.817892] ? __fsnotify_parent+0xcc/0x420 [ 115.817905] ? fsnotify+0x14e0/0x14e0 [ 115.817926] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 115.817940] ? fput+0x130/0x1a0 [ 115.817953] ? ksys_write+0x1ae/0x260 [ 115.817967] ? __ia32_sys_read+0xb0/0xb0 [ 115.817986] __x64_sys_sendmmsg+0x9d/0x100 [ 115.818003] do_syscall_64+0x1b9/0x820 [ 115.818016] ? finish_task_switch+0x1d3/0x870 [ 115.818032] ? syscall_return_slowpath+0x5e0/0x5e0 [ 115.818047] ? syscall_return_slowpath+0x31d/0x5e0 [ 115.818062] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 115.818076] ? prepare_exit_to_usermode+0x291/0x3b0 [ 115.818090] ? perf_trace_sys_enter+0xb10/0xb10 [ 115.818111] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 115.818129] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 115.818139] RIP: 0033:0x455e29 [ 115.818143] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 115.818368] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 22:28:23 executing program 6: socket$inet6(0xa, 0x0, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f76") r0 = socket(0x11, 0x3, 0x0) bind$packet(r0, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}}, 0x14) recvfrom$packet(r0, &(0x7f0000000080)=""/233, 0xe9, 0x0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}}, 0x701000) ioctl$sock_bt(r0, 0x10000000008907, &(0x7f00000004c0)) getsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000240), &(0x7f0000000380)=0xc) r1 = syz_open_dev$dspn(&(0x7f00000003c0)='/dev/dsp#\x00', 0x47, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f00000001c0)='cpuacct.stat\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r2, 0x40bc5311, &(0x7f00000002c0)={0x3, 0x2, 'client0\x00', 0x6, "96dd95b16ce479f4", "b5ab5f668b31b3a1150267bb42ae3f98c5622f1773bcc125c223d483aea3cc13", 0x7, 0x9}) getresuid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000180)) 22:28:23 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) io_setup(0x80, &(0x7f0000000140)=0x0) io_pgetevents(r1, 0x1, 0x1, &(0x7f00000000c0)=[{}], &(0x7f0000000100)={0x77359400}, 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0xfffffffffffffffe, 0x100000000000031, 0xffffffffffffffff, 0x0) r3 = memfd_create(&(0x7f0000000000)='system\x00', 0x2) clock_gettime(0xa, &(0x7f0000000180)={0x0, 0x0}) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r3, 0x28, 0x6, &(0x7f0000000080)={r4, r5/1000+10000}, 0x10) tkill(r0, 0x16) 22:28:23 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f76") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") [ 115.818383] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 115.818391] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 [ 115.818399] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 115.818406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 115.818414] R13: 00000000004c111c R14: 00000000004d1558 R15: 0000000000000007 22:28:24 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x3a) r1 = fcntl$dupfd(r0, 0x0, r0) getsockname$packet(0xffffffffffffff9c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f00000000c0)=0x14) r3 = accept4(r0, &(0x7f0000000100)=@pppol2tpv3={0x0, 0x0, {0x0, 0xffffffffffffffff, {0x0, 0x0, @rand_addr}}}, &(0x7f0000000180)=0x80, 0x80800) bind$xdp(r1, &(0x7f00000001c0)={0x2c, 0x3, r2, 0x5, r3}, 0x10) setsockopt$inet6_MRT6_ADD_MFC(r0, 0x3a, 0xcc, &(0x7f0000000240)={{0xa, 0x2, 0x41, @remote={0xfe, 0x80, [], 0xbb}}, {0xa, 0x100000, 0x0, @dev={0xfe, 0x80, [], 0x11}, 0x6}, 0x7fff, [0x0, 0x7f, 0x0, 0x1, 0x0, 0x0, 0x0, 0x400000]}, 0x5c) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000200)=0x2000, 0x4) 22:28:24 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000100)='$\'\x00', 0xffffffffffffff9c}, 0x10) connect$llc(r1, &(0x7f00000001c0)={0x1a, 0x12e, 0x1ff, 0x8ac, 0x20, 0x2a, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}}, 0x10) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'salsa20-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2ff9c256c2dd5ab68406964076832352df25316fbf1b141c8a8810d6119aa5", 0x1) r2 = accept$alg(r0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000007100)=[{{&(0x7f0000006700)=@rc={0x1f}, 0x80, &(0x7f0000006a00)=[{&(0x7f0000006900)='H', 0x1}], 0x1, &(0x7f0000006a40)}}], 0x1, 0x0) recvmsg(r2, &(0x7f0000001200)={&(0x7f0000000000)=@vsock={0x0, 0x0, 0x0, @hyper}, 0x80, &(0x7f00000011c0)=[{&(0x7f0000001140)=""/78, 0xfffffe06}], 0x1}, 0x0) 22:28:24 executing program 7 (fault-call:1 fault-nth:0): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:24 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000000)={0x800000000000008, 0xfffffffffffffff8}) ioctl$KVM_RUN(r2, 0xae80, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000080)={{{@in6=@mcast1, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in=@multicast2}}, &(0x7f0000000180)=0xe8) ioprio_set$uid(0x3, r3, 0x7) syz_mount_image$gfs2(&(0x7f00000001c0)='gfs2\x00', &(0x7f0000000200)='./file0\x00', 0x1, 0x2, &(0x7f00000003c0)=[{&(0x7f0000000240)="2c3630d62dccfea01164bd8fd827437af0dc77a0639e527b2e6680b446d80d4f077fefbac6eb0022fe98bd3c6982fdff3e8e7e971e037e3a81ed8dc951436268a59804f5ad7454", 0x47, 0xe494}, {&(0x7f00000002c0)="b84df78b9d8a2a976859817f3254d6548c263fcb9f31d57fc8a30d71baec90ddcade42ca985c87d76fe4b3cb5865ed9a78de3165d1860c211bad1ceeac27d14cc4633ff8818bb04be4ae664ebb4319e13338bc4d5b9cc463a08bdaa140a6dd4c92fdf62cf914dab9ce50d44fc192cad70acc0250586dbf005d9244267add462dc298b937ee53261019fdde766516efcbad858b7aa8a129d6a79be107b87f7c59529e1e58cfd20c456a498bcb174f0754c146d386fde39e3721c6531457229ab4b8cbbba30ae55538bc2150dd52d4873344653c00226fd869b2", 0xd9, 0x8}], 0x40008, &(0x7f0000000400)={[{@norgrplvb='norgrplvb', 0x2c}, {@suiddir='suiddir', 0x2c}]}) 22:28:24 executing program 2 (fault-call:1 fault-nth:8): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) 22:28:24 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f76") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") [ 116.290637] FAULT_INJECTION: forcing a failure. [ 116.290637] name failslab, interval 1, probability 0, space 0, times 0 [ 116.300933] FAULT_INJECTION: forcing a failure. [ 116.300933] name failslab, interval 1, probability 0, space 0, times 0 [ 116.301992] CPU: 0 PID: 7772 Comm: syz-executor7 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 116.321442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 116.330792] Call Trace: [ 116.333384] dump_stack+0x1c9/0x2b4 [ 116.337019] ? dump_stack_print_info.cold.2+0x52/0x52 [ 116.342223] should_fail.cold.4+0xa/0x11 [ 116.346295] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 116.351407] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 116.356949] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 116.362048] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 116.367585] ? _kstrtoull+0x188/0x250 [ 116.371389] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 116.376925] ? _atomic_dec_and_lock+0x22a/0x360 [ 116.381594] ? _atomic_dec_and_lock_irqsave+0x3e0/0x3e0 [ 116.386960] ? lock_acquire+0x1e4/0x540 [ 116.390932] ? fs_reclaim_acquire+0x20/0x20 [ 116.395250] ? lock_downgrade+0x8f0/0x8f0 [ 116.399407] ? check_same_owner+0x340/0x340 [ 116.403723] ? perf_trace_lock_acquire+0x4f9/0x9a0 [ 116.408653] ? rcu_note_context_switch+0x730/0x730 [ 116.413589] __should_failslab+0x124/0x180 [ 116.417825] should_failslab+0x9/0x14 [ 116.421625] kmem_cache_alloc_node_trace+0x26f/0x770 [ 116.426727] ? bpf_map_init_from_attr+0x2e0/0x2e0 [ 116.431577] __kmalloc_node+0x33/0x70 [ 116.435376] bpf_map_area_alloc+0x3f/0x90 [ 116.439520] array_map_alloc+0x24e/0x600 [ 116.443586] ? perf_event_fd_array_get_ptr+0x260/0x260 [ 116.448860] map_create+0x39b/0x1020 [ 116.452591] ? lock_downgrade+0x8f0/0x8f0 [ 116.456739] ? bpf_map_new_fd+0x70/0x70 [ 116.460713] ? lock_release+0xa30/0xa30 [ 116.464688] ? __check_object_size+0x9d/0x5f2 [ 116.469200] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 116.474739] __x64_sys_bpf+0x303/0x510 [ 116.478634] ? bpf_prog_get+0x20/0x20 [ 116.482456] do_syscall_64+0x1b9/0x820 [ 116.486337] ? syscall_slow_exit_work+0x500/0x500 [ 116.491177] ? syscall_return_slowpath+0x5e0/0x5e0 [ 116.496116] ? syscall_return_slowpath+0x31d/0x5e0 [ 116.501050] ? prepare_exit_to_usermode+0x291/0x3b0 [ 116.506076] ? perf_trace_sys_enter+0xb10/0xb10 [ 116.510744] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 116.515595] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 116.520781] RIP: 0033:0x455e29 [ 116.523961] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 116.543431] RSP: 002b:00007f56e30ebc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 116.551139] RAX: ffffffffffffffda RBX: 00007f56e30ec6d4 RCX: 0000000000455e29 [ 116.558405] RDX: 000000000000002c RSI: 0000000020000040 RDI: 0c00000000000000 [ 116.565669] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 116.572933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 116.580195] R13: 00000000004bbb20 R14: 00000000004c8d50 R15: 0000000000000000 22:28:24 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c) listen(r0, 0x14040004) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r2, 0x84, 0x4, &(0x7f0000000100)=0x4, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r2, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}], 0x1c) sendto$inet6(r2, &(0x7f00000007fa)="97", 0x1, 0x0, &(0x7f00006f9000)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c) getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000040)={0x4, [0x7, 0x1, 0x6, 0x1]}, &(0x7f0000000080)=0xc) 22:28:24 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f7620") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") [ 116.587497] CPU: 1 PID: 7780 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 116.596064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 116.605411] Call Trace: [ 116.608006] dump_stack+0x1c9/0x2b4 [ 116.611646] ? dump_stack_print_info.cold.2+0x52/0x52 [ 116.616842] ? __kernel_text_address+0xd/0x40 [ 116.621340] ? unwind_get_return_address+0x61/0xa0 [ 116.626276] should_fail.cold.4+0xa/0x11 [ 116.630345] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 116.635454] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 116.640300] ? save_stack+0xa9/0xd0 [ 116.643928] ? save_stack+0x43/0xd0 [ 116.647556] ? kasan_kmalloc+0xc4/0xe0 [ 116.651451] ? perf_trace_lock+0x920/0x920 [ 116.655689] ? sctp_sendmsg+0x18a2/0x1d90 [ 116.659845] ? sock_sendmsg+0xd5/0x120 [ 116.663736] ? ___sys_sendmsg+0x51d/0x930 [ 116.667890] ? __sys_sendmmsg+0x240/0x6f0 [ 116.672047] ? __x64_sys_sendmmsg+0x9d/0x100 [ 116.676466] ? do_syscall_64+0x1b9/0x820 [ 116.680530] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 116.685899] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 22:28:24 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f7620") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") [ 116.691440] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 116.696292] ? perf_trace_lock+0x920/0x920 [ 116.700533] ? lock_acquire+0x1e4/0x540 [ 116.704513] ? sctp_bind_addr_state+0x292/0x480 [ 116.709186] ? lock_downgrade+0x8f0/0x8f0 [ 116.713343] __should_failslab+0x124/0x180 [ 116.717582] should_failslab+0x9/0x14 [ 116.721384] kmem_cache_alloc_trace+0x4b/0x780 [ 116.725973] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 116.731165] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 116.736186] sctp_add_bind_addr+0x101/0x4b0 22:28:24 executing program 1: r0 = socket(0xa, 0x3, 0x6) r1 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x59c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x40001, 0x0) ioctl$KVM_X86_SET_MCE(r2, 0x4040ae9e, &(0x7f0000000080)={0x400000000000000, 0xf000, 0x3f5f8040, 0xa, 0x8}) r3 = dup3(r0, r1, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x4) [ 116.740513] ? sctp_bind_addr_free+0x20/0x20 [ 116.744927] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 116.750123] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 116.755665] ? sctp_v4_scope+0x19b/0x1c0 [ 116.759732] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 116.764926] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 116.769948] sctp_copy_local_addr_list+0x499/0x690 [ 116.774884] ? sctp_defaults_init+0xe70/0xe70 [ 116.779381] ? get_random_bytes+0x34/0x40 [ 116.783527] ? sctp_association_new+0x1aab/0x2290 22:28:24 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_open_dev$midi(&(0x7f0000008740)='/dev/midi#\x00', 0x80, 0x4000) setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000008780), 0x4) sendmsg$nl_netfilter(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000008700)=ANY=[@ANYBLOB="102ddd207450aebf6ae160f7aec0fb"], 0x7}, 0x1}, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000300)='/dev/full\x00', 0x460001, 0x0) getsockopt$inet_tcp_buf(r2, 0x6, 0x1d, &(0x7f0000008b40)=""/182, &(0x7f0000008c00)=0xb6) recvmmsg(r0, &(0x7f0000008480)=[{{&(0x7f0000000100)=@nl=@unspec, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000040)=""/53}, {&(0x7f0000000180)=""/171}, {&(0x7f0000000240)=""/84}], 0x0, &(0x7f0000000340)=""/135, 0x0, 0x20}, 0x5c}, {{&(0x7f0000000400)=@nfc, 0x0, &(0x7f0000000680)=[{&(0x7f0000000480)=""/190}, {&(0x7f0000000540)=""/50}, {&(0x7f0000000c80)=""/4096}, {&(0x7f0000000580)=""/254}], 0x0, &(0x7f00000006c0)=""/253, 0x0, 0x1f7b2942}, 0x101}, {{&(0x7f00000007c0)=@pppol2tpv3in6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @mcast1}}}, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000840)=""/235}, {&(0x7f0000000940)=""/181}, {&(0x7f0000000a00)=""/82}, {&(0x7f0000000a80)=""/133}], 0x0, &(0x7f0000000b80)=""/145}, 0x3}, {{&(0x7f0000001c80)=@generic, 0x0, &(0x7f0000001d40)=[{&(0x7f0000001d00)=""/18}], 0x0, &(0x7f0000001d80)=""/104}, 0x2}, {{&(0x7f0000001e00)=@pppol2tpv3in6, 0x0, &(0x7f0000004000)=[{&(0x7f0000001e80)=""/4096}, {&(0x7f0000002e80)=""/39}, {&(0x7f0000002ec0)=""/124}, {&(0x7f0000002f40)=""/88}, {&(0x7f0000002fc0)=""/4096}, {&(0x7f0000003fc0)=""/29}], 0x0, &(0x7f0000004080)=""/137, 0x0, 0xffffffffffff1f99}, 0x8000}, {{&(0x7f0000004140)=@nfc_llcp, 0x0, &(0x7f00000046c0)=[{&(0x7f00000041c0)=""/46}, {&(0x7f0000004200)=""/240}, {&(0x7f0000004300)=""/120}, {&(0x7f0000004380)=""/73}, {&(0x7f0000004400)=""/88}, {&(0x7f0000004480)=""/211}, {&(0x7f0000004580)=""/59}, {&(0x7f00000045c0)=""/239}], 0x0, &(0x7f0000004740)=""/35, 0x0, 0x3}, 0x8000}, {{&(0x7f0000004780)=@pppoe={0x0, 0x0, {0x0, @link_local}}, 0x0, &(0x7f0000004880)=[{&(0x7f0000004800)=""/119}], 0x0, &(0x7f00000048c0)=""/130, 0x0, 0x7}, 0x2}, {{&(0x7f0000004980)=@alg, 0x0, &(0x7f0000004cc0)=[{&(0x7f0000004a00)=""/216}, {&(0x7f0000004b00)=""/139}, {&(0x7f0000004bc0)=""/22}, {&(0x7f0000004c00)=""/160}], 0x0, 0x0, 0x0, 0x3}, 0x4}, {{&(0x7f0000004d00)=@llc={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x0, &(0x7f0000007100)=[{&(0x7f0000004d80)=""/20}, {&(0x7f0000004dc0)=""/229}, {&(0x7f0000004ec0)=""/67}, {&(0x7f0000004f40)=""/4096}, {&(0x7f0000005f40)=""/46}, {&(0x7f0000005f80)=""/7}, {&(0x7f0000005fc0)=""/26}, {&(0x7f0000006000)=""/4096}, {&(0x7f0000007000)=""/148}, {&(0x7f00000070c0)=""/15}], 0x0, 0x0, 0x0, 0x63e8}, 0x80000000}, {{&(0x7f00000071c0)=@in6={0x0, 0x0, 0x0, @remote}, 0x0, &(0x7f00000083c0)=[{&(0x7f0000007240)=""/170}, {&(0x7f0000007300)=""/4096}, {&(0x7f0000008300)=""/152}], 0x0, &(0x7f0000008400)=""/119, 0x0, 0x316}, 0x1}], 0x281, 0x2, &(0x7f0000000c40)={0x77359400}) 22:28:24 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f7620") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") [ 116.788377] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 116.793571] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 116.799112] sctp_copy_one_addr+0x5d/0x170 [ 116.803349] ? sctp_copy_one_addr+0x5d/0x170 [ 116.807759] sctp_bind_addr_copy+0x173/0x47c [ 116.812174] ? sctp_copy_one_addr+0x170/0x170 [ 116.816673] ? sctp_autobind+0x16d/0x1f0 [ 116.820730] ? sctp_do_bind+0x5f0/0x5f0 [ 116.824694] sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 116.830219] ? security_sctp_bind_connect+0x99/0xc0 [ 116.835224] sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 116.839878] ? lock_acquire+0x1e4/0x540 [ 116.843837] ? sctp_sendmsg+0x1278/0x1d90 [ 116.847970] ? sctp_autobind+0x1f0/0x1f0 [ 116.852021] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 116.856589] ? kasan_check_write+0x14/0x20 [ 116.860827] ? lock_sock_nested+0x9f/0x120 [ 116.865045] ? trace_hardirqs_on+0xd/0x10 [ 116.869180] ? __local_bh_enable_ip+0x161/0x230 [ 116.873835] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 116.879355] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 116.884530] sctp_sendmsg+0x18a2/0x1d90 [ 116.888488] ? do_raw_spin_unlock+0xa7/0x2f0 [ 116.892884] ? sctp_id2assoc+0x3e0/0x3e0 [ 116.896932] ? _raw_spin_unlock_bh+0x30/0x40 [ 116.901324] ? __release_sock+0x3a0/0x3a0 [ 116.905461] inet_sendmsg+0x1a1/0x690 [ 116.909245] ? copy_msghdr_from_user+0x340/0x580 [ 116.913985] ? ipip_gro_receive+0x100/0x100 [ 116.918294] ? move_addr_to_kernel.part.20+0x100/0x100 [ 116.923558] ? security_socket_sendmsg+0x94/0xc0 [ 116.928299] ? ipip_gro_receive+0x100/0x100 [ 116.932605] sock_sendmsg+0xd5/0x120 [ 116.936304] ___sys_sendmsg+0x51d/0x930 [ 116.940263] ? __check_object_size+0x9d/0x5f2 [ 116.944744] ? copy_msghdr_from_user+0x580/0x580 [ 116.949483] ? lock_acquire+0x1e4/0x540 [ 116.953458] ? __fget_light+0x2f7/0x440 [ 116.957416] ? fget_raw+0x20/0x20 [ 116.960859] ? proc_fail_nth_write+0x9e/0x210 [ 116.965341] ? proc_cwd_link+0x1d0/0x1d0 [ 116.969389] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 116.974910] ? sockfd_lookup_light+0xc5/0x160 [ 116.979390] __sys_sendmmsg+0x240/0x6f0 [ 116.983350] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 116.987656] ? fsnotify_first_mark+0x350/0x350 [ 116.992218] ? __fsnotify_parent+0xcc/0x420 [ 116.996521] ? fsnotify+0x14e0/0x14e0 [ 117.000313] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 117.005835] ? fput+0x130/0x1a0 [ 117.009100] ? ksys_write+0x1ae/0x260 [ 117.012884] ? __ia32_sys_read+0xb0/0xb0 [ 117.016930] ? syscall_slow_exit_work+0x500/0x500 [ 117.021757] __x64_sys_sendmmsg+0x9d/0x100 [ 117.025976] do_syscall_64+0x1b9/0x820 [ 117.029850] ? finish_task_switch+0x1d3/0x870 [ 117.034332] ? syscall_return_slowpath+0x5e0/0x5e0 [ 117.039245] ? syscall_return_slowpath+0x31d/0x5e0 [ 117.044157] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 117.049158] ? prepare_exit_to_usermode+0x291/0x3b0 [ 117.054160] ? perf_trace_sys_enter+0xb10/0xb10 [ 117.058823] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 117.063664] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 117.068837] RIP: 0033:0x455e29 [ 117.072005] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 117.091201] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 117.098894] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 117.106144] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 [ 117.113398] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 117.120648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 117.127898] R13: 00000000004c111c R14: 00000000004d1558 R15: 0000000000000008 22:28:24 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000200)={0x8, 0x34a, 0xfffffffffffffffb, 0x0, 0x10000, 0x6, 0x608, 0x6, 0x400, 0x6, 0xfffffffffffffffd, 0xffffffffffffff39, 0x0, 0x5, 0x0, 0x5, 0x401, 0x6b, 0x8000}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000a000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f0000000000)="0f20d86635080000000f22d866b9120400000f320f01dfbaf80c66b8b0f20d8166efbafc0c66b80400000066ef0f20d86635200000000f22d86600ef66b8810000000f23c00f21f8663500000f000f23f8b82d010f00d0f08246f4000f07", 0x5e}], 0x1, 0x0, &(0x7f0000000140), 0x0) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000080)={0x4}) prctl$setname(0xf, &(0x7f00000001c0)='vboxnet0*\x00') ioctl$KVM_RUN(r2, 0xae80, 0x0) fsetxattr(r0, &(0x7f0000000140)=@random={'os2.', '+\x00'}, &(0x7f0000000180)='systemposix_acl_accesswlan1\x00', 0x1c, 0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000100)='sessionid\x00') ioctl$TIOCGPTPEER(r3, 0x5441, 0x1ff) 22:28:25 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x81000000000890d, &(0x7f0000000140)="5226472bf4687e3fbb9e4f") r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x3}, 0x1c) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0xe, &(0x7f0000000100), 0x36b) 22:28:25 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(0xffffffffffffffff, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") 22:28:25 executing program 7 (fault-call:1 fault-nth:1): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:25 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x7, 0x7fffd) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x4, &(0x7f00000000c0)={0xffffffff}, 0x13f, 0x1009}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r2, &(0x7f0000000140)={0x4, 0x8, 0xfa00, {r3, 0x5}}, 0x10) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000)='lo\x00', 0x10) getsockopt$IP_VS_SO_GET_SERVICES(r2, 0x0, 0x482, &(0x7f0000000180)=""/207, &(0x7f0000000280)=0xcf) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) 22:28:25 executing program 2 (fault-call:1 fault-nth:9): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) 22:28:25 executing program 1: r0 = socket(0xa, 0x3, 0x6) r1 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x59c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x40001, 0x0) ioctl$KVM_X86_SET_MCE(r2, 0x4040ae9e, &(0x7f0000000080)={0x400000000000000, 0xf000, 0x3f5f8040, 0xa, 0x8}) r3 = dup3(r0, r1, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x4) 22:28:25 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_PIT2(r1, 0x4068aea3, &(0x7f00000001c0)) r2 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xfffffffffffffffe, 0x12000) setsockopt$inet_sctp_SCTP_NODELAY(r2, 0x84, 0x3, &(0x7f0000000080)=0x7, 0x4) [ 117.461924] FAULT_INJECTION: forcing a failure. [ 117.461924] name failslab, interval 1, probability 0, space 0, times 0 [ 117.473228] CPU: 1 PID: 7832 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 117.481537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 117.490876] Call Trace: [ 117.493459] dump_stack+0x1c9/0x2b4 [ 117.497076] ? dump_stack_print_info.cold.2+0x52/0x52 [ 117.502267] ? __kernel_text_address+0xd/0x40 [ 117.506757] ? unwind_get_return_address+0x61/0xa0 [ 117.511688] should_fail.cold.4+0xa/0x11 [ 117.515734] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 117.520834] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 117.525662] ? save_stack+0xa9/0xd0 [ 117.529282] ? save_stack+0x43/0xd0 [ 117.532895] ? kasan_kmalloc+0xc4/0xe0 [ 117.536770] ? perf_trace_lock+0x920/0x920 [ 117.540991] ? sctp_sendmsg+0x18a2/0x1d90 [ 117.545126] ? sock_sendmsg+0xd5/0x120 [ 117.548997] ? ___sys_sendmsg+0x51d/0x930 [ 117.553136] ? __sys_sendmmsg+0x240/0x6f0 [ 117.557266] ? __x64_sys_sendmmsg+0x9d/0x100 [ 117.561660] ? do_syscall_64+0x1b9/0x820 [ 117.565709] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 117.571064] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 117.576590] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 117.581421] ? perf_trace_lock+0x920/0x920 [ 117.585645] ? lock_acquire+0x1e4/0x540 [ 117.589604] ? sctp_bind_addr_state+0x292/0x480 [ 117.594259] ? lock_downgrade+0x8f0/0x8f0 [ 117.598393] __should_failslab+0x124/0x180 [ 117.602620] should_failslab+0x9/0x14 [ 117.606417] kmem_cache_alloc_trace+0x4b/0x780 [ 117.610998] ? __sctp_v6_cmp_addr+0x1d9/0x530 [ 117.615485] sctp_add_bind_addr+0x101/0x4b0 [ 117.619791] ? sctp_bind_addr_free+0x20/0x20 [ 117.624187] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 117.629362] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 117.634537] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 117.639539] sctp_copy_local_addr_list+0x499/0x690 [ 117.644456] ? sctp_defaults_init+0xe70/0xe70 [ 117.648954] ? get_random_bytes+0x34/0x40 [ 117.653086] ? sctp_association_new+0x1aab/0x2290 [ 117.657929] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 117.663111] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 117.668645] sctp_copy_one_addr+0x5d/0x170 [ 117.672862] ? sctp_copy_one_addr+0x5d/0x170 [ 117.677256] sctp_bind_addr_copy+0x173/0x47c [ 117.681651] ? sctp_copy_one_addr+0x170/0x170 [ 117.686129] ? sctp_autobind+0x16d/0x1f0 [ 117.690173] ? sctp_do_bind+0x5f0/0x5f0 [ 117.694136] sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 117.699659] ? security_sctp_bind_connect+0x99/0xc0 [ 117.704659] sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 117.709323] ? lock_acquire+0x1e4/0x540 [ 117.713283] ? sctp_sendmsg+0x1278/0x1d90 [ 117.717418] ? sctp_autobind+0x1f0/0x1f0 [ 117.721891] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 117.726461] ? kasan_check_write+0x14/0x20 [ 117.730680] ? lock_sock_nested+0x9f/0x120 [ 117.734897] ? trace_hardirqs_on+0xd/0x10 [ 117.739031] ? __local_bh_enable_ip+0x161/0x230 [ 117.743683] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 117.749204] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 117.754381] sctp_sendmsg+0x18a2/0x1d90 [ 117.758340] ? do_raw_spin_unlock+0xa7/0x2f0 [ 117.762733] ? sctp_id2assoc+0x3e0/0x3e0 [ 117.766779] ? _raw_spin_unlock_bh+0x30/0x40 [ 117.771174] ? __release_sock+0x3a0/0x3a0 [ 117.775312] inet_sendmsg+0x1a1/0x690 [ 117.779100] ? copy_msghdr_from_user+0x340/0x580 [ 117.783838] ? ipip_gro_receive+0x100/0x100 [ 117.788142] ? move_addr_to_kernel.part.20+0x100/0x100 [ 117.793410] ? security_socket_sendmsg+0x94/0xc0 [ 117.798149] ? ipip_gro_receive+0x100/0x100 [ 117.802457] sock_sendmsg+0xd5/0x120 [ 117.806157] ___sys_sendmsg+0x51d/0x930 [ 117.810117] ? __check_object_size+0x9d/0x5f2 [ 117.814597] ? copy_msghdr_from_user+0x580/0x580 [ 117.819337] ? lock_acquire+0x1e4/0x540 [ 117.823299] ? __fget_light+0x2f7/0x440 [ 117.827258] ? fget_raw+0x20/0x20 [ 117.830704] ? proc_fail_nth_write+0x9e/0x210 [ 117.835183] ? proc_cwd_link+0x1d0/0x1d0 [ 117.839233] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 117.844756] ? sockfd_lookup_light+0xc5/0x160 [ 117.849237] __sys_sendmmsg+0x240/0x6f0 [ 117.853214] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 117.857524] ? fsnotify_first_mark+0x350/0x350 [ 117.862092] ? __fsnotify_parent+0xcc/0x420 [ 117.866397] ? fsnotify+0x14e0/0x14e0 [ 117.870190] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 117.875709] ? fput+0x130/0x1a0 [ 117.878972] ? ksys_write+0x1ae/0x260 [ 117.882759] ? __ia32_sys_read+0xb0/0xb0 [ 117.886811] ? syscall_slow_exit_work+0x500/0x500 [ 117.891639] __x64_sys_sendmmsg+0x9d/0x100 [ 117.895857] do_syscall_64+0x1b9/0x820 [ 117.899729] ? finish_task_switch+0x1d3/0x870 [ 117.904218] ? syscall_return_slowpath+0x5e0/0x5e0 [ 117.909132] ? syscall_return_slowpath+0x31d/0x5e0 [ 117.914046] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 117.919048] ? prepare_exit_to_usermode+0x291/0x3b0 [ 117.924049] ? perf_trace_sys_enter+0xb10/0xb10 [ 117.928702] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 117.933531] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 117.938704] RIP: 0033:0x455e29 [ 117.941871] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 117.961076] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 117.968768] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 117.976020] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 [ 117.983270] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 117.990519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 117.997781] R13: 00000000004c111c R14: 00000000004d1558 R15: 0000000000000009 22:28:25 executing program 6: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) close(r0) r1 = memfd_create(&(0x7f0000000140)="000000008c00000000000000000000", 0x0) pwritev(r1, &(0x7f0000000080)=[{&(0x7f00000000c0)="a8", 0x1}], 0x1, 0x81003) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r0, 0x0) pipe2(&(0x7f0000000000), 0x800) madvise(&(0x7f0000004000/0x2000)=nil, 0x2000, 0x9) 22:28:25 executing program 5: mkdir(&(0x7f0000000300)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x2000004, 0x32, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x1}, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e4c000)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = creat(&(0x7f0000000140)='./control/file0\x00', 0x0) setsockopt$IP_VS_SO_SET_TIMEOUT(r2, 0x0, 0x48a, &(0x7f00000000c0)={0x502e, 0x854c, 0x8001}, 0xc) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f0000000040)='./control/file0\x00') pivot_root(&(0x7f00000002c0)='./control\x00', &(0x7f0000000380)='./control\x00') ioctl$IOC_PR_PREEMPT_ABORT(r2, 0x401870cc, &(0x7f0000000000)={0x7ff, 0x3, 0xf23, 0xaf0}) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x2200) rename(&(0x7f00000001c0)='./control/file0\x00', &(0x7f0000000200)='./control\x00') close(r1) 22:28:25 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:25 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(0xffffffffffffffff, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") [ 118.025086] sock: process `syz-executor6' is using obsolete setsockopt SO_BSDCOMPAT 22:28:25 executing program 4: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000040), 0x0, &(0x7f0000000240)=ANY=[]) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RUNLINKAT(r1, &(0x7f0000000040)={0xffffffffffffffca, 0x4d}, 0x7) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000540)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_9p2000='version=9p2000', 0x2c}]}}) write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0) write$P9_RREADDIR(r1, &(0x7f00000003c0)={0x49, 0x29, 0x1, {0x0, [{{}, 0x0, 0x0, 0x7, './file0'}, {{}, 0x0, 0x0, 0x7, './file0'}]}}, 0x49) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) syz_fuse_mount(&(0x7f0000000280)='./file0/file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 22:28:25 executing program 2 (fault-call:1 fault-nth:10): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) [ 118.120708] FAT-fs (loop4): bogus number of reserved sectors [ 118.126612] FAT-fs (loop4): Can't find a valid FAT filesystem [ 118.164699] FAULT_INJECTION: forcing a failure. [ 118.164699] name failslab, interval 1, probability 0, space 0, times 0 [ 118.175999] CPU: 0 PID: 7871 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 118.184319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 118.193668] Call Trace: [ 118.196266] dump_stack+0x1c9/0x2b4 [ 118.199906] ? dump_stack_print_info.cold.2+0x52/0x52 [ 118.205110] ? __kernel_text_address+0xd/0x40 [ 118.209611] ? unwind_get_return_address+0x61/0xa0 [ 118.214550] should_fail.cold.4+0xa/0x11 [ 118.218619] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 118.223730] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 118.228578] ? save_stack+0xa9/0xd0 [ 118.232208] ? save_stack+0x43/0xd0 [ 118.235842] ? kasan_kmalloc+0xc4/0xe0 [ 118.239739] ? perf_trace_lock+0x920/0x920 [ 118.243980] ? sctp_sendmsg+0x18a2/0x1d90 [ 118.248134] ? sock_sendmsg+0xd5/0x120 [ 118.252035] ? ___sys_sendmsg+0x51d/0x930 [ 118.256190] ? __sys_sendmmsg+0x240/0x6f0 [ 118.260341] ? __x64_sys_sendmmsg+0x9d/0x100 [ 118.264752] ? do_syscall_64+0x1b9/0x820 [ 118.268822] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 118.274198] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 118.279745] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 118.284601] ? perf_trace_lock+0x920/0x920 [ 118.288846] ? lock_acquire+0x1e4/0x540 [ 118.292823] ? sctp_bind_addr_state+0x292/0x480 [ 118.297495] ? lock_downgrade+0x8f0/0x8f0 [ 118.301651] __should_failslab+0x124/0x180 [ 118.305905] should_failslab+0x9/0x14 [ 118.309713] kmem_cache_alloc_trace+0x4b/0x780 22:28:25 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") accept4$vsock_stream(r0, &(0x7f0000000180)={0x28, 0x0, 0x2710, @any=0xffffffff}, 0x10, 0x80000) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$EVIOCGABS0(r3, 0x80184540, &(0x7f00000002c0)=""/81) sendmmsg$unix(r1, &(0x7f0000005240)=[{&(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000540), 0x0, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [r3]}], 0x18}], 0x4924924924926c2, 0x0) setsockopt$IP_VS_SO_SET_DEL(r3, 0x0, 0x484, &(0x7f0000000080)={0x4, @local={0xac, 0x14, 0x14, 0xaa}, 0x4e23, 0x4, 'wlc\x00', 0x11, 0x793, 0x1}, 0x2c) setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f0000000000)={@local={0xac, 0x14, 0x14, 0xaa}, @multicast2=0xe0000002, 0x0, 0x6, [@empty, @loopback=0x7f000001, @empty, @empty, @rand_addr=0x7fffffff, @empty]}, 0x28) ioctl$sock_SIOCINQ(r3, 0x541b, &(0x7f0000000040)) read(r2, &(0x7f00000001c0)=""/68, 0x44) mount$9p_unix(&(0x7f0000000380)='./file0/file0\x00', &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)='9p\x00', 0x1, &(0x7f0000000440)={'trans=unix,', {[{@noextend='noextend', 0x2c}, {@privport='privport', 0x2c}, {@version_L='version=9p2000.L', 0x2c}, {@privport='privport', 0x2c}, {@afid={'afid', 0x3d, 0x2d65}, 0x2c}]}}) io_setup(0x7f, &(0x7f00000004c0)=0x0) io_getevents(r4, 0x3, 0x5, &(0x7f0000000500)=[{}, {}, {}, {}, {}], 0x0) socket$unix(0x1, 0x5, 0x0) 22:28:25 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EVIOCGKEY(r1, 0x80404518, &(0x7f0000000400)=""/223) r2 = socket$inet6_dccp(0xa, 0x6, 0x0) connect(r2, &(0x7f0000000080)=@vsock={0x28, 0x0, 0xffffffff, @hyper}, 0x80) connect(r2, &(0x7f0000000580)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}}, 0x80) syslog(0x0, 0x0, 0x0) r3 = dup3(r2, r2, 0x80000) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000500)={0x0, 0xfff}, &(0x7f0000000540)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000600)={r4, @in={{0x2, 0x4e22, @local={0xac, 0x14, 0x14, 0xaa}}}, [0x4, 0x3, 0x8, 0x3ff, 0x3ff, 0x8, 0x7, 0x98df, 0x2, 0x8, 0x8, 0xc67e, 0x1, 0x0, 0xff47]}, &(0x7f0000000700)=0x100) r5 = add_key$user(&(0x7f0000000100)='user\x00', &(0x7f0000000140)={0x73, 0x79, 0x7a, 0x3}, &(0x7f0000000180)="42ff71accf8875a2427a30f9b04b7d3415f544fab7c08ef2661896e69795bd5a4d035414589130ba283cfb2a734d121633deb23c817056a832b212b5c902b6ee566bccf11f0ee8f67bf7100c0c2a1652da5ba72f08a4dac51c118a47a6a204921c7ff0", 0x63, 0xfffffffffffffffc) r6 = add_key(&(0x7f0000000200)='trusted\x00', &(0x7f0000000240)={0x73, 0x79, 0x7a, 0x1}, &(0x7f0000000280)="f7ea606a940fd5c714b25414ad9e120374870c04bea5eadf440a8cb09e569bec321ad20f1465450325b83750711d70ec9612d00e7559d9723efe90ce27538b6e14503261c48792f045f67e16bee965ef7484862c39d8667ffff23cfc1c", 0x5d, 0xfffffffffffffffe) keyctl$link(0x8, r5, r6) mknod$loop(&(0x7f00000003c0)='./file0\x00', 0x1000, 0x0) bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x911, {0x5, 0x66, 0xde, 0x8001, 0x8, 0x3}, 0x9, 0xb}, 0xe) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r3, 0xc08c5336, &(0x7f0000000300)={0xc965, 0x0, 0x4, 'queue0\x00', 0x9}) 22:28:25 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x2, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x2) setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r2, 0x84, 0xc, &(0x7f0000000080), 0x4) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0xd}, 0x1c) setsockopt$inet6_opts(r1, 0x29, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="9c1793ef9df1e91c00b0f6b1f2a5acd2f4ee3ef524ccc25831f6187336d119ece0ff0a7c7ef780f40eae924df7b24b12682ec5144696c050c21e2097e8ca3ae27c667d52be524062df57757b1ad936a9ed381b7b58eb1c631f8fc3e5cd60eb75c096449af18870f4f5a8812f5c7016a3ddb88053933d1b40de8045a6d268333206dd071307bf65ad360e6b9a2d2bc0393739871d27e1312f2e91a765682d8d324d2bba9e7c4f0c056f2feb6254d22b31215bdcd017b25177acc830e7ce913f79d0a4842ed7d81af900e0e550b343feb03bcc8b268b3b72faf5307be174c8503796a5d04c2ad64f09e14cb36069ecebfbf4645080a3afb7457fcb023a8ec51c21de889f868495511ee972ab054e17000000"], 0x8) sendmmsg(r1, &(0x7f00000002c0), 0x4000000000002c7, 0x0) 22:28:26 executing program 1: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) r1 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0xaf, 0x2000) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffff}, 0x117}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000100)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e23, 0x100000000, @loopback={0x0, 0x1}, 0x200}, r2}}, 0x30) fcntl$getownex(r0, 0x10, &(0x7f00000000c0)={0x0, 0x0}) prctl$setptracer(0x59616d61, r3) ptrace$setopts(0x4206, r3, 0x0, 0x0) 22:28:26 executing program 1: socketpair(0x8000000000001e, 0x1, 0x0, &(0x7f000000dff8)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r0, &(0x7f0000000000)=[{&(0x7f0000317fa3)="b5c5242e283536f05dfcf3c925d43c6cf1eb17fde04dfbf2b3", 0x19}], 0x10000287) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x100010, r1, 0x2a) write(r0, &(0x7f0000805000)="346bd71b3c015b53c0833e97df6312f9b0659db5b29837caa9", 0x19) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000785000), 0x4) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000040)=0x7, 0x4) writev(r0, &(0x7f000063e000)=[{&(0x7f0000a66000)="da", 0x1}], 0x1) sendmmsg$alg(r0, &(0x7f0000236fc8), 0x0, 0x0) 22:28:26 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) connect$netlink(r0, &(0x7f0000000040)=@unspec, 0xc) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000280)='/dev/dsp\x00', 0x684180, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000300)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000008c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80001}, 0xc, &(0x7f0000000880)={&(0x7f0000000340)=@deltfilter={0x510, 0x2d, 0x500, 0x70bd2b, 0x25dfdbfb, {0x0, r2, {0xf, 0xffff}, {0xe, 0x5}, {0x9}}, [@TCA_RATE={0x8, 0x5, {0x8000, 0x400}}, @TCA_RATE={0x8, 0x5, {0x9, 0x400}}, @TCA_CHAIN={0x8, 0xb, 0x10000}, @TCA_RATE={0x8, 0x5, {0x345, 0x4}}, @TCA_RATE={0x8, 0x5, {0x5e01, 0x6}}, @TCA_RATE={0x8, 0x5, {0x1f, 0x9}}, @TCA_CHAIN={0x8, 0xb, 0x6570000}, @filter_kind_options=@f_basic={{0xc, 0x1, 'basic\x00'}, {0x4a0, 0x2, [@TCA_BASIC_ACT={0x94, 0x3, @m_gact={0x90, 0x9, {{0xc, 0x1, 'gact\x00'}, {0x34, 0x2, [@TCA_GACT_PARMS={0x18, 0x2, {0x1, 0x4, 0x0, 0xa1, 0x3}}, @TCA_GACT_PARMS={0x18, 0x2, {0xb5, 0x0, 0x20000000, 0xfffffffffffffffa, 0x6}}]}, {0x48, 0x6, "483ef6f0d055b58f9576d18ccbf8924a368b836bccb0d782a9777466e32dc494e2b2563fa84c40361924d8b49b917f7e8ca32c76d7c4b9be0a5821b384c2f47489"}}}}, @TCA_BASIC_POLICE={0x408, 0x4, @TCA_POLICE_RATE={0x404, 0x2, [0x7fffffff, 0x0, 0x2, 0xfffffffffffffffe, 0x1000, 0x6, 0x1, 0x8, 0x4, 0x100000000, 0x5, 0xd9, 0xff, 0x3, 0x1f, 0x9, 0x81, 0x6, 0x9, 0xf0, 0x1ff, 0x1, 0x1, 0x0, 0x3, 0xfffffffffffffff7, 0x81, 0x10000, 0x10000, 0x80, 0x1ff, 0x15, 0xffffffffffffff00, 0x7, 0xa74, 0xffffffffffffd374, 0x7ff, 0x9, 0x7, 0x0, 0xff, 0x3, 0x67c9, 0x8, 0x1, 0x8000, 0x8000000000, 0x1, 0x0, 0x5, 0xffffffffffffffff, 0x1, 0x8, 0x1f, 0x7d, 0x10001, 0x80000001, 0x0, 0x0, 0x400, 0x6, 0x6, 0x6, 0x3, 0xffff, 0xc115, 0xfe, 0x8, 0x2, 0xc0, 0x7f, 0x5, 0x1, 0x4, 0xafb, 0x3, 0x81, 0x7fff, 0xffffffff, 0x3, 0x0, 0x1, 0x84, 0x0, 0x2, 0x3, 0x0, 0x2, 0x4c6d, 0x9, 0x1000, 0x8, 0xffff, 0x40, 0x5, 0x7, 0x1ff, 0xa4, 0x4, 0x10e, 0x0, 0x4, 0xdf, 0x3, 0x40, 0x3, 0x0, 0x100000000, 0xffffffffffffff79, 0xffff, 0x0, 0x9, 0x6, 0x47, 0x10000, 0x40, 0x6, 0x20, 0x62, 0x7, 0x6, 0x2, 0xaed, 0x8, 0x3f, 0xfffffffffffffeff, 0x1, 0x100, 0xffffffff, 0x9, 0x8, 0x1, 0x4, 0x8, 0x15e3, 0x80, 0x5, 0x9, 0x474fd54e, 0x10000, 0x2, 0x0, 0x7, 0x6, 0x171, 0x3ff, 0x100, 0x2, 0x8000000000, 0x2, 0x5, 0x1, 0x8001, 0x8, 0xffffffff, 0x9, 0x0, 0x7, 0x0, 0x7, 0x9, 0x5, 0x8000000000, 0x100, 0x5, 0xf8, 0x1, 0x6, 0x5, 0x7, 0x4, 0x5, 0x0, 0x8001, 0x1ff, 0xae6, 0x0, 0x8, 0x8, 0x0, 0xffffffffffffff54, 0x800, 0xd8, 0x10001, 0x9, 0x2b67, 0x7, 0x8, 0x22f, 0xffffffffffff8000, 0xab, 0x3, 0x5, 0x0, 0x7, 0x1ff, 0x6, 0x7, 0x1, 0x6, 0xff, 0x0, 0x8000, 0x0, 0x1, 0x2, 0x9, 0x6, 0xba78, 0x8000, 0x3e, 0x7fff, 0x3, 0x8, 0x14e, 0x0, 0x9, 0xb47, 0x3ff, 0x7f, 0x5, 0x1f, 0x8, 0x1, 0x4, 0x1, 0x5, 0x86, 0x1c1, 0x4, 0xfffffffffffffffc, 0x80000000, 0x100, 0x528, 0x20, 0x3, 0x8, 0x7fff, 0x41, 0x5, 0x401, 0x4, 0x1, 0xfff, 0xb5e, 0xe1d1, 0x3, 0x800, 0x7d, 0x0, 0x2, 0xfffffffffffeffff, 0x7, 0xff, 0x8, 0xffffffffffff0000]}}]}}, @TCA_CHAIN={0x8, 0xb, 0x200000}]}, 0x510}, 0x1, 0x0, 0x0, 0x41}, 0x801) sendmsg$nl_generic(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0x7c, 0x40, 0x208, 0x70bd27, 0x25dfdbfe, {}, [@generic="3e186c6a6c055aba2aeac8832e8375fe6ed0c9a4ab6a8a9d9ffdf760e7f476b85fad4831d300217b1669a854cafddd7bcdc26fd6f2d39cab71ded332a072c029cb7e0c2639004848f7e0689bc9cfc532a589bbc92d07820a78f3699774e0529541f1d9bd9c"]}, 0x7c}, 0x1, 0x0, 0x0, 0x4000800}, 0xc040) connect$l2tp(r1, &(0x7f0000000240)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x4e21, @broadcast=0xffffffff}, 0x2, 0x0, 0x0, 0x4}}, 0x55b) write$P9_RLERROR(r1, &(0x7f0000000140)={0x12, 0x7, 0x2, {0x9, '/dev/dsp\x00'}}, 0x12) ioctl$int_in(r1, 0x5473, &(0x7f0000000200)=0x727aab66) ioctl$TIOCGSID(r1, 0x5429, &(0x7f00000002c0)=0x0) ioprio_set$pid(0x1, r3, 0x7) [ 118.314307] ? __sctp_v6_cmp_addr+0x1d9/0x530 [ 118.318817] sctp_add_bind_addr+0x101/0x4b0 [ 118.323146] ? sctp_bind_addr_free+0x20/0x20 [ 118.327554] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 118.332754] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 118.337952] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 118.342975] sctp_copy_local_addr_list+0x499/0x690 [ 118.347912] ? sctp_defaults_init+0xe70/0xe70 [ 118.352411] ? get_random_bytes+0x34/0x40 [ 118.356565] ? sctp_association_new+0x1aab/0x2290 22:28:26 executing program 6: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000240)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_PIE_ON(r0, 0x7005) read$eventfd(r0, &(0x7f0000000000), 0x8) ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}) 22:28:26 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(0xffffffffffffffff, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") [ 118.361438] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 118.366623] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 118.371116] FAT-fs (loop4): bogus number of reserved sectors [ 118.372167] sctp_copy_one_addr+0x5d/0x170 [ 118.372183] ? sctp_copy_one_addr+0x5d/0x170 [ 118.372199] sctp_bind_addr_copy+0x173/0x47c [ 118.372217] ? sctp_copy_one_addr+0x170/0x170 [ 118.378007] FAT-fs (loop4): Can't find a valid FAT filesystem [ 118.382211] ? sctp_autobind+0x16d/0x1f0 [ 118.382229] ? sctp_do_bind+0x5f0/0x5f0 [ 118.409347] sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 118.414886] ? security_sctp_bind_connect+0x99/0xc0 [ 118.419908] sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 118.424582] ? lock_acquire+0x1e4/0x540 [ 118.428558] ? sctp_sendmsg+0x1278/0x1d90 [ 118.432713] ? sctp_autobind+0x1f0/0x1f0 [ 118.436777] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 118.441355] ? kasan_check_write+0x14/0x20 [ 118.445583] ? lock_sock_nested+0x9f/0x120 [ 118.449805] ? trace_hardirqs_on+0xd/0x10 [ 118.453940] ? __local_bh_enable_ip+0x161/0x230 [ 118.458597] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 118.464126] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 118.469303] sctp_sendmsg+0x18a2/0x1d90 [ 118.473262] ? do_raw_spin_unlock+0xa7/0x2f0 [ 118.477660] ? sctp_id2assoc+0x3e0/0x3e0 [ 118.481708] ? _raw_spin_unlock_bh+0x30/0x40 [ 118.486105] ? __release_sock+0x3a0/0x3a0 [ 118.490259] inet_sendmsg+0x1a1/0x690 [ 118.494047] ? copy_msghdr_from_user+0x340/0x580 [ 118.498788] ? ipip_gro_receive+0x100/0x100 [ 118.503095] ? move_addr_to_kernel.part.20+0x100/0x100 [ 118.508364] ? security_socket_sendmsg+0x94/0xc0 [ 118.513104] ? ipip_gro_receive+0x100/0x100 [ 118.517414] sock_sendmsg+0xd5/0x120 [ 118.521115] ___sys_sendmsg+0x51d/0x930 [ 118.525078] ? __check_object_size+0x9d/0x5f2 [ 118.529561] ? copy_msghdr_from_user+0x580/0x580 [ 118.534301] ? lock_acquire+0x1e4/0x540 [ 118.538269] ? __fget_light+0x2f7/0x440 [ 118.542228] ? fget_raw+0x20/0x20 [ 118.545679] ? proc_fail_nth_write+0x9e/0x210 [ 118.550172] ? proc_cwd_link+0x1d0/0x1d0 [ 118.554224] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 118.559744] ? sockfd_lookup_light+0xc5/0x160 [ 118.564229] __sys_sendmmsg+0x240/0x6f0 [ 118.568194] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 118.572500] ? fsnotify_first_mark+0x350/0x350 [ 118.577068] ? __fsnotify_parent+0xcc/0x420 [ 118.581376] ? fsnotify+0x14e0/0x14e0 [ 118.585171] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 118.590691] ? fput+0x130/0x1a0 [ 118.593964] ? ksys_write+0x1ae/0x260 [ 118.597752] ? __ia32_sys_read+0xb0/0xb0 [ 118.601806] __x64_sys_sendmmsg+0x9d/0x100 [ 118.606031] do_syscall_64+0x1b9/0x820 [ 118.609904] ? finish_task_switch+0x1d3/0x870 [ 118.614384] ? syscall_return_slowpath+0x5e0/0x5e0 [ 118.619299] ? syscall_return_slowpath+0x31d/0x5e0 [ 118.624213] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 118.629215] ? prepare_exit_to_usermode+0x291/0x3b0 [ 118.634215] ? perf_trace_sys_enter+0xb10/0xb10 [ 118.638870] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 118.643707] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 118.648880] RIP: 0033:0x455e29 22:28:26 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snapshot\x00', 0x4000, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000003c0)=[{0x8, 0x7ff}, {0x6, 0x7}, {0xb, 0x2}, {0x4, 0x401}, {0x2, 0x9}, {0x4, 0x400}, {0xf, 0x8000}, {0x4, 0x8}, {0x8, 0x101}, {0xf, 0x2}], 0xa) ioctl(r0, 0x2, &(0x7f0000000540)="7405000000498761000000f4f3c1a7287eac3e0700000000000000a657bc29dfa1be650711e71f9ede608873f39b1115203c516e2ae2566913b90212c700000000000000079d44dd1319359bf059f4612c467fbc1b613b3df01540bbe1c3220da01c9d5c44a4c9926bc57a6deacfb6310aa921ac40f9d70dd3ad6dd3786297689409ea9597893b98b239be9551f7067a67017ced56d0f2886172eff8df1fc623a0afcd96eff5ca1a8df3ed78bbe28cd70939f8ac25ff0ea10800000000000000e3cf42db8950cd1bed17967c5c849d784dd276caed13eef126c68db5b9dca2234c8df8228c224b36db09abc9834a29ccc1838e574b561289b8faba718302bf58368230895bacb5469f5ae71c0104000000000000a4de355e54df63817d3c541ea65e7e247159a9893bc2ddf5c27fe86d0ca1") socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f00000001c0)) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000680)={{{@in=@rand_addr, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}}}, &(0x7f0000000480)=0xe8) recvfrom$packet(r1, &(0x7f0000000440)=""/11, 0xb, 0x40000120, &(0x7f00000004c0)={0x11, 0x1d, r2, 0x1, 0x1, 0x6, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x10}}, 0x14) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1, 0x31, 0xffffffffffffffff, 0x0) r3 = dup3(r0, r0, 0x0) ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f0000000240)={0x0, 0xff, 0x81, &(0x7f0000000200)=0x401}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000080)=0xc) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f00000002c0)={0x0, 0xd49}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r3, 0x84, 0x7c, &(0x7f0000000340)={r5, 0x4, 0x3b}, &(0x7f0000000380)=0x8) wait4(r4, &(0x7f00000000c0), 0x21000001, &(0x7f0000000100)) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x7, &(0x7f0000000040), 0x4) clock_adjtime(0x0, &(0x7f0000000c80)) [ 118.652052] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 118.671334] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 118.679037] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 118.686288] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 [ 118.693541] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 118.700806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 118.708057] R13: 00000000004c111c R14: 00000000004d1558 R15: 000000000000000a 22:28:26 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") 22:28:26 executing program 2 (fault-call:1 fault-nth:11): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) [ 118.815914] FAULT_INJECTION: forcing a failure. [ 118.815914] name failslab, interval 1, probability 0, space 0, times 0 [ 118.823603] EXT4-fs warning: 6 callbacks suppressed [ 118.823617] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16536 [ 118.827212] CPU: 1 PID: 7913 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 118.850094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 118.859441] Call Trace: [ 118.862044] dump_stack+0x1c9/0x2b4 [ 118.865686] ? dump_stack_print_info.cold.2+0x52/0x52 [ 118.870876] ? __kernel_text_address+0xd/0x40 [ 118.875369] ? unwind_get_return_address+0x61/0xa0 [ 118.880297] should_fail.cold.4+0xa/0x11 [ 118.884352] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 118.889461] ? save_stack+0xa9/0xd0 [ 118.893074] ? save_stack+0x43/0xd0 [ 118.896689] ? kasan_kmalloc+0xc4/0xe0 [ 118.900566] ? kmem_cache_alloc_trace+0x152/0x780 [ 118.905405] ? sctp_add_bind_addr+0x101/0x4b0 [ 118.909886] ? sctp_copy_local_addr_list+0x499/0x690 [ 118.914972] ? sctp_copy_one_addr+0x5d/0x170 [ 118.919364] ? sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 118.925058] ? sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 118.929889] ? sctp_sendmsg+0x18a2/0x1d90 [ 118.934029] ? inet_sendmsg+0x1a1/0x690 [ 118.937994] ? sock_sendmsg+0xd5/0x120 [ 118.941870] ? ___sys_sendmsg+0x51d/0x930 [ 118.946013] ? __sys_sendmmsg+0x240/0x6f0 [ 118.950155] ? __x64_sys_sendmmsg+0x9d/0x100 [ 118.954548] ? do_syscall_64+0x1b9/0x820 [ 118.958596] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 118.963944] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 118.969466] ? _extract_crng+0x23b/0x320 [ 118.973513] ? lock_acquire+0x1e4/0x540 [ 118.977470] ? _crng_backtrack_protect+0x108/0x150 [ 118.982386] ? lock_downgrade+0x8f0/0x8f0 [ 118.986525] ? lock_acquire+0x1e4/0x540 [ 118.990492] ? sctp_bind_addr_state+0x292/0x480 [ 118.995142] ? lock_downgrade+0x8f0/0x8f0 [ 118.999271] ? kasan_unpoison_shadow+0x35/0x50 [ 119.003839] __should_failslab+0x124/0x180 [ 119.008158] should_failslab+0x9/0x14 [ 119.011955] kmem_cache_alloc_trace+0x4b/0x780 [ 119.016528] ? __sctp_v6_cmp_addr+0x1d9/0x530 [ 119.022337] sctp_add_bind_addr+0x101/0x4b0 [ 119.026650] ? sctp_bind_addr_free+0x20/0x20 [ 119.031050] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 119.036232] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 119.041415] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 119.046421] sctp_copy_local_addr_list+0x499/0x690 [ 119.051338] ? sctp_defaults_init+0xe70/0xe70 [ 119.055832] ? get_random_bytes+0x34/0x40 [ 119.059977] ? sctp_association_new+0x1aab/0x2290 [ 119.064814] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 119.069987] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 119.075520] sctp_copy_one_addr+0x5d/0x170 [ 119.079761] ? sctp_copy_one_addr+0x5d/0x170 [ 119.084172] sctp_bind_addr_copy+0x173/0x47c [ 119.088567] ? sctp_copy_one_addr+0x170/0x170 [ 119.093045] ? sctp_autobind+0x16d/0x1f0 [ 119.097088] ? sctp_do_bind+0x5f0/0x5f0 [ 119.101143] sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 119.106676] ? security_sctp_bind_connect+0x99/0xc0 [ 119.111675] sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 119.116336] ? lock_acquire+0x1e4/0x540 [ 119.120291] ? sctp_sendmsg+0x1278/0x1d90 [ 119.124434] ? sctp_autobind+0x1f0/0x1f0 [ 119.128484] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 119.133059] ? kasan_check_write+0x14/0x20 [ 119.137275] ? lock_sock_nested+0x9f/0x120 [ 119.141507] ? trace_hardirqs_on+0xd/0x10 [ 119.145644] ? __local_bh_enable_ip+0x161/0x230 [ 119.150301] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 119.155839] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 119.161018] sctp_sendmsg+0x18a2/0x1d90 [ 119.164983] ? do_raw_spin_unlock+0xa7/0x2f0 [ 119.169374] ? sctp_id2assoc+0x3e0/0x3e0 [ 119.173416] ? _raw_spin_unlock_bh+0x30/0x40 [ 119.177811] ? __release_sock+0x3a0/0x3a0 [ 119.181952] inet_sendmsg+0x1a1/0x690 [ 119.185746] ? copy_msghdr_from_user+0x340/0x580 [ 119.190505] ? ipip_gro_receive+0x100/0x100 [ 119.194830] ? move_addr_to_kernel.part.20+0x100/0x100 [ 119.200112] ? security_socket_sendmsg+0x94/0xc0 [ 119.204858] ? ipip_gro_receive+0x100/0x100 [ 119.209161] sock_sendmsg+0xd5/0x120 [ 119.212858] ___sys_sendmsg+0x51d/0x930 [ 119.216818] ? __check_object_size+0x9d/0x5f2 [ 119.221307] ? copy_msghdr_from_user+0x580/0x580 [ 119.226057] ? lock_acquire+0x1e4/0x540 [ 119.230023] ? __fget_light+0x2f7/0x440 [ 119.233990] ? fget_raw+0x20/0x20 [ 119.237432] ? proc_fail_nth_write+0x9e/0x210 [ 119.241917] ? proc_cwd_link+0x1d0/0x1d0 [ 119.245964] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 119.251481] ? sockfd_lookup_light+0xc5/0x160 [ 119.255959] __sys_sendmmsg+0x240/0x6f0 [ 119.259916] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 119.264217] ? fsnotify_first_mark+0x350/0x350 [ 119.268777] ? __fsnotify_parent+0xcc/0x420 [ 119.273081] ? fsnotify+0x14e0/0x14e0 [ 119.276883] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 119.282402] ? fput+0x130/0x1a0 [ 119.285676] ? ksys_write+0x1ae/0x260 [ 119.289468] ? __ia32_sys_read+0xb0/0xb0 [ 119.293514] __x64_sys_sendmmsg+0x9d/0x100 [ 119.297733] do_syscall_64+0x1b9/0x820 [ 119.301602] ? finish_task_switch+0x1d3/0x870 [ 119.306077] ? syscall_return_slowpath+0x5e0/0x5e0 [ 119.310994] ? syscall_return_slowpath+0x31d/0x5e0 [ 119.315912] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 119.320927] ? prepare_exit_to_usermode+0x291/0x3b0 [ 119.325942] ? perf_trace_sys_enter+0xb10/0xb10 [ 119.330601] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 119.335439] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 119.340703] RIP: 0033:0x455e29 [ 119.343879] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 22:28:27 executing program 5: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x2, 0x28001) syslog(0x5, 0x0, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000040)) write$evdev(r0, &(0x7f00000000c0)=[{{0x77359400}, 0x1, 0x80, 0x2}, {{0x77359400}}], 0x30) [ 119.363027] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 119.370716] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 119.377964] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 [ 119.385213] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 119.392464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 119.399723] R13: 00000000004c111c R14: 00000000004d1558 R15: 000000000000000b 22:28:27 executing program 1: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x40}) r1 = getpid() sched_setattr(r1, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x1}, 0x0) r2 = accept4(0xffffffffffffffff, &(0x7f0000000180)=@in={0x0, 0x0, @broadcast}, &(0x7f0000000200)=0x80, 0x80800) setsockopt$inet_dccp_int(r2, 0x21, 0x14, &(0x7f0000000240)=0x4, 0x4) mknod(&(0x7f0000000100)='./file0\x00', 0x1040, 0x0) open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) read(r0, &(0x7f0000000000)=""/128, 0x80) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000004fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) 22:28:27 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0xe7d6a25b8eabbd82, &(0x7f0000000100)={@dev, @empty, 0x0}, &(0x7f0000000140)=0xc) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/mixer\x00', 0x200800, 0x0) bind$xdp(r0, &(0x7f0000001500)={0x2c, 0x3, r1, 0x2a, r2}, 0x10) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = gettid() ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r2, 0xc1105511, &(0x7f0000000300)={{0x6, 0x2, 0x75, 0x2, 'syz0\x00', 0x1ff}, 0x2, 0x3, 0x8, r4, 0x4, 0x6, 'syz1\x00', &(0x7f0000000000)=['/dev/mixer\x00', '/dev/mixer\x00', '/dev/mixer\x00', '/dev/mixer\x00'], 0x2c, [], [0x7fffffff, 0x7, 0x4, 0x9]}) sendmsg$nl_generic(r3, &(0x7f0000000200)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000013ff1)={&(0x7f00000002c0)={0x1c, 0x28, 0x10000000000005, 0x0, 0x0, {0x1}, [@nested={0x8, 0x0, [@generic='\v@']}]}, 0x1c}, 0x1}, 0x0) 22:28:27 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000002000000, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:27 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x3, 0x402) r1 = syz_open_dev$mice(&(0x7f0000000300)='/dev/input/mice\x00', 0x0, 0x0) read(r1, &(0x7f0000000200)=""/163, 0xbfd20bc6359fd527) write$binfmt_elf32(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="7f454c4600000000000000000000000002000100810000009c"], 0x18) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x80000001, 0x5, &(0x7f0000001740)=[{&(0x7f0000000140)="e469d50578608d8dbb1d7c9ac876ed7b5c8ed5307f4e494abfb2bd822cfba841b963b3ea93694b98590ee8286fdb5f4e4f94b24dcf32fdf2696ab54d442cbc4f9c5152c022d1", 0x46, 0x5}, {&(0x7f0000000540)="eb5155a336f711f19157c927a10d2d77d94fffd27d066ed40abdef95c89f5920ae1846984f1e3827533677e0d971e202356b5f6b8ac32c115753e004dbec629f6c4d3c1b92aabebbbadbe98cb665473544bb2bd01fa056f51640daeb3bdec43f24e0d506770a23fbab9f6d7eeb8de37bc1e272e78ac2ef4abed900ed39e20016168ca54a8869d69277dddd20af6c55df1545964ec58b2931231d32fcaa7ef721e8d3b717def9dd09c639e4f9f7906d739f1398724f6b4d92cfaf627d9889bbf0072a65bc7dc47eb44b01501c79d1d131583f852996bb0f21194a4808d6767d5cc12d48147e2d19a7ea8a09b0750e5e98cefac1", 0xf3, 0x7fffffff}, {&(0x7f0000000640)="756fe8ab85a7e508b3a73dfffcf0a030338514208a8d884c25644b127b652f178faab450a4eb9ea9ed7ebb57c60d17e76101dd1528187b4456aeb82867ec5c6e46dbdfa75531884e276228f553a554a401e9d98012a3765b94ee68b6cf487d01b2cce504355083c8959f5a04af75881f4c1468cc08a6dec61779cb829a9fd975028794f9a6bd26b5510fb0ff70cd902266f69323081096485c7a2e970f365beb0180f6816fa7754df727987c632e72483af523a4083bcfa590e7b5293833a00bccd6453562a7a195a21c44bee4fecfb43300481f9b6b0091e16f69800700ab6089930fdd8ff1d82c066b74341ab7b6255265a86ef6f5da04ccda304f078626b94a26361ef0e7923d39a75037eb4edad6edc5762c2e451f2bed1c7d43785c7d2eeb5101afe8017b04a8b43a7c92caae7ad74268367da094e0635031a5ea2f59af416fea05850477c993eb6105f89aea4fd7b0912deb82edd8ea79b4e817240d1442c90ecc6c64f81a928b005a482711a5a2bffa5dde854f56469b0e2f0f6d651de8eb6d887a21ed771636b1f3d5d016b94f746a962f111d923f143bc257c3ae94fe5359328f564db2db0638e951ea20e8a167c72bc52ad3456c987d8d92a4095e8418b962c8e810d51d9b0bb0d4d8a01ef75ab9c1f7441a881f650c8f7cbdffbdee16005e3628104a194a46fcf8e5ddcb0ff5e8eff2d48826f19295a55738e9b3cfd05cca57c9adf2e2c6b83915416a20b0da94aabd0380048da4f5e2079bb0586f7780663458aadba9b29b318f7aad9aa7bc2333072887a59a64c45b95dd12b7514dc0c5f8aae8a85e916ad98f7439092550ce83d480c612154eddc7c3025260bfc05c16d5d08aa07f2879b1d9b855419a57ea985af4b01d7fde9e7cbf783ea15057109e487d2f3dd401f2d43c2655c71fc60196a0f6654426ce5f19e0323e5d952f1bbfc8b76045f467098f67ab68af7dd7d46bd506b2e1a143bd0831cfecd2b5876cfd7b48f368e5c79d2d031ac45573ece4c209a7ae284ee81ea54fae4ea3a68b53607e1df96b98cf647d5d0de065b4813a096fcc706cc447e1553354d0de4c067658976822804d8a0ef9d4ca8124a8f3756405266f3eda98f0f16db64d37f6f60ff7525e982320d262d9e1d650e459b7961cd134e98c4b1232a3313ada362db799b325e0548e110e98de134c03651cfabbb7bbd2afb5838fe0725fb52e83305b6ebe6a66beffb96585c8159dd9402635ec8a5cf4fc78bdfc6bf10e56e640929c07d29ad6f958d2b95a31466ef215e4b88d8d3fdd5d928e06a6dd0496d5963609cb869a18bff92f87d457b3ca81160d265c0741b58f4bbea95021b474c0aa788ba440d0cd20446da19e052f43758e92afe44a83cb9e3a04f3f6ac9a6837ad41e0745fe3f61fc45e00dbf47566679d17102282729cb0397fd492bc400ba1deb90db4ca60bc7f4b73fd303340533c724614313c826aae8f18cb17a09ede29053d61563d4d16fc8ddae549c4ca0ed54591b0b7073b6ce7b7882d61df97e0943efb5a16cc44e27e02d6910f2b880e06ea2c16a68c87ad064620a6b4f017fdffd33679c4138168c4927c3cc8f6b3cad6de5ec5052bc1ea6a4ba4af488c64c6f648b7a79c20e306cfa52a582dfa6cbcf08dfcb6cf0efb227c94bd9615f00f59254462a47e86382786bc23f8df35513e9ffae7048c9f06612ad4470c4f975a062b40d66a3c31d7cc560f73375b29d909b55b026324fe3581eba0220c1e5e7d6ee5c6e5a24e2dc7b309733bf7c733d2f02f567343771556483a4593be19bb26b4c4fccd32cfeb3ad2e1a5a18964fa68a9ba1fb68d798ad0129e218f300661032c26f1f9b312ad8476d39356b5f91aba62339cf122245fe5fc3e4b75f88a997218b17bd1e410362535d78087edaabeec784649c036638599b54e4349b8e6427f59ed52f0a36e3df5a92d54d02f9f88bb9821a8c6abdeca39f1a79e2a6c2d35ad0101ccd46ebc578a5a0d8b1d06882963b4ab4f004ec36d55cc921bb85cfc5f3546f21d459669f4ef4fb08da35575283c12bf423e1e5c3958e7dc094b046b3feb80c2cf5655c3f706c560e43accd5643534465176c3f59926d444130bdf296980bf4948f70936bfd52edabe597c3e64cd7084c97f73308d0a25469779e2d4cbc9a88766603fc9122e15416acd6715cd86a8cad2222a3911a0ca1d9f4ef1aa186e295433ab5ace4958f1570cc32e3636a579bbb9a1defd957923b0d8864d619483f20f757d6682075604c09d4c51ed0000dab5c88bf46782d2d56e56551aa9ebc98e56ff567500c3421901c2417aec2695bbcb346622dff1a8a3384620e8cf3d67e49d5e0a1ce92be0367e81847330f7448246927c8c75f8c3721296b87ee52009f8f2a7a9161a084fd3cf69acc788846d3b311f33eb23f1a2f696d03357468c263ce5f5bb0331dda21d79584514fb1e09c15f20955c8184e2701004938259392b2b7dfef812e4d8a0f6796e6c39d99525714d46fec71831e151c297546f6d4dbef3b4e66efdf968b590e26a905818260a69a36e6beddfd07359ea89771cff70d3b1e9a03c5f5c11ddf6d991d7a91b842124845696d05903cb44917918e18cb3a48a3fa05bef0bc5488296eccf4e813484b24983b8f47cd850914a545c650c13b4c4d783fb5bdfa255b37a0fe0b914119484ad0d8dcfffd0d6e03a91f247dcf053bcacc5e778cf64677b368ffb19038aa09b818e802e7cce271f82f47a0e0da30ff5fd17778dc29a2d9bf39a83633dd2985041b3dd0d9cb4bd9e171922930907de5b8d22c2a229189bd04a6600d3e0012447e4aba19acd6bce49bca3c5734aa81f0b8e348e51b40cdff0fc2e0b1cacbdedd77b7d4cbc7f39a4321132cb68980fdc188e92dd68bc078192df65ecc998a95f7d35f205ca37524f919a2d6efb9704a6cc39f9c42ee4e595d43e25554c8135a41a035f6331f982e62209e47000139b436b6d7c60cd902e32a502ebf6564659232853bf148b7d16eb8e190fcfa31a4bdc0b19a9c28207aaee92fb17bc713393bc7e96faad356c7f6c7253c9018bd1833ae8b759675b1957c12decfdbf297d81690e754da3e40e49871853bddc5dad867db010fef50235d2d3e8bdce45670f0d7ec5be890bdf1094709cf148b42c4e0760ef4f9729ddd1decdbf6058930eb99fc2a98ff444a293d2bbd3166b4ecf1147e6c1a5eec88ac5ada24ccb4017f66a8e2b669e0bc00449787ff186b5adf13db6b5e07e259467c5cf0d749cbdfa53ed064a0d37c27e00595ffd176313bd3356bee54472f1f536a7d96fc9eadf416a1aa1c605ecce5546b2c656a6d9d2a8af86ad612118fc71470a99786091751e4a95380c90b16c4379fe7280f53c565a63a4044cd70fc2bc0ef432a6cdf8a967e7ca24b47f7a8496a1537b04d91b7234bce20744a51fd25a09474a7646032a731c0ff3a8bf3f4e2ac15ee49b53a705de4bdc220ba9afd13daeaa57cb1e05230c5e913239c633c9f371da86631d3c1934527bc3d15648b9e4ea826548eaacd201c93ee38b0efcdc6728aea7bf0850539f6ffe0d5c6f6e766d1406fb4ef2631284515ab1e26750261c4459edcc2440464f24997a83287d1699829e7713728b0918eac3d606f7945b32311b836e248dbe50035acb61d830fa64a818f42f487d63e69d347a05caf0148bc2a276232c6daf528c1339ad543a7a1f0a5392b652d4e4ef546c7484dc9f65b8f181afcb89925cdeb65972509b228fd400807f04605a2920f20d038182ca148cf36043c440fa67a4ffeb71f0ee783fb27b87e94f42fe71bfb6f1862148048304538b2d6d802a732a86b8535e153b9f1bbaef90899e3e9d5c25a5004b5f68c35dbac495e6e42dd4c726a96e3e5270f54cfb1cc9185f35f98b67e537416750f6ef516aeed79cb4ad5ed34c79cb4368643780806fd4ac050f7c1df0681bd2bc125b7b5d8e13a2b03f7032d8d761f366452852172cd589f286ae5e32183f41b289f6a9170f1405bb403567f224c6568fbd380410e942cf7d20cd0aa31d74f1cc749cf87ad4c845b4cc32f8e51b3cabb8b89e517044c2ef6c84a5bd1a3ea04b60fa7f6982d2833c0782d62c0b2255020234cc7ec18e2368478cb0cbbda380885ea18f2e5f7e966773185c76b1f348f473c04b34cdd00dae203cd2bfa0b177dcbcce856542dd8f2914a720466452a83a4476ca0eec048dfef649bdc0bec5e310817f191a2c7085c6f498010029f1d85a2125d151ed6b62df8e95bb914a5eedb8d707979f7620a233d16ab56d6f2add613aaaff369ce034dbc627ca6ec6f4380b92922596641cc27cb1e45b593ffc12caa3fac106d228ac19c5bc9e0264119e94bd5ab703d87a4a12a326d82921036e88fb9674780e60fac0d7bc0a744a7d32c332f6e6e6accff193231d90cc17008ce3673988a2f3c8c62b58391e8da9c8838cd1d5fdf73e3c680335bca93f379e671d62f97d1de195450f46206d99031119ea5d3565e8012fb2b02798900b961f7bb082c349a8228ec714ca5ab591f1b7bd3808ff83edaaf0fc7a5e73c8e5f84d06b157dcd8d9f7f92f640d03fb8dbae82f48a0fd674bbeb88e205bd40017320f61069f567f9a9931d0e0ef158b0f04ab73a36fae193295b1ac5d463395a7033b4c66f789821e88c662a1a49120a6f49172e1e43ffd8a6309605f4ef1ad83c1240a73abae4c1527eeba011a0e0900598b5b7b8e00b5859bb80ddaed8ce24770a2640e8a0955d4ccf0d97f0b2e8ebe61636bbe7eeae8de67e6fcae6e368f56ed15c19b286a776756817bf7a2a03a803533d249f5c3b5e630076a766bc86bf6650bbbead2fa28142413c65a8ae31adb5877df19a658a2942df69a00507c875fbeca68a8a8963975d143ff30d1f4a234280b1048241ebbc37cebd47be0fd529bad2d6276f1a751f3326de069fe0431e324989966abd6455bac7b3637e6e33007af10eb327c6c7b28dae120d5ac0b9fbdbbb297bfa82f84df18309844f84c8b3c024ca0e763bbe2e602a260cd9a19f236587a1708357defc5fc18ef7748c5d784f99ccbb658af4eea8ff10856a90cb26c48a5358bf2c4c87986adb4af991b0e33f232e67da16052a2f1fe979c70a91e2da55e5b3b1522a8ccf46f24abeac09bfde83ec5a6697e2184bf9bc1c3d539a4554b2521532d4d01db8419fd2ddbfef97a7d48fd7543b6c9870fdd202f3309cad007039f78448afe008f6e256981620d3cdfc600dbb01bd0b1f527b672bd5af0d1dcf18d9a9f8f7de545c3d6224d61c1ba34b5ef7782adc1ae8b43162cb4ff8bfb6330ba344cee9f8f309a711625a84468818cb6fc6028f427f0f18b7c57537d3418c8fa4967e2557c588d91486d3d1736dc36621982f1d7a76ee044639eaedd7df3c085a9e7e6a98dd7fe1cbf4063feeb845e2c6fe40e56e7be2b7cfd7b4352916d29e56bb3bffb0ca21d11632ba924e47ba9acd4e1725e62aa578ea4c4252b13de65d5552bba92e7549e5cdecf05502168f1c453c5974031925710c83c0a678f8e5a20a9e56709848e20fb10b483bc667a5599cc017a6328ca3f1a173be5fe5305d8c38c76f93c64401cb80dbc15513a736c112a819a5ecbf168ee31970f216ea04a857fc698f93797f1d525a84db1dde79e8cb50516f6d467c0ba79c287e1f6ee06fee43a3793f2b5f6ba82f520f5f0061e1a8c2f7402c3a3f6f5fbf940839ce061a55d5403bd221d8bf2dbf8dfb33bfe8071a2dfa15827c057bd623d10724041ec7f87373eb55392435b2561f04a8baa5637765038", 0x1000, 0x8}, {&(0x7f00000001c0)="c4724623841dc5d7462a690262f46363e1ab4a01a2585b62d82ee8", 0x1b, 0xfffffffffffffffa}, {&(0x7f0000001640)="66df971268540366527792439b87f050622e607e4d38110ea1948ab56bf6f7c23ba89c80fafad1b45c3c4981cf588d138f612c5a117858345198759677a41c67ef040cafe18c90caf3ead67feeb4334a18f186eb5664ecc99b2e63d8b928b7da42f699cfa7274c2a66533a1514d8f1330c09ac65f0effde71db9d358b5ab5e4da2fc0308f1b90306f27aed64ed9678bc025e3fec7c429b04bea2cfd525ed8cbff1fdf4a6975f162e759132c960765e077c6263e03c567825b4b249d4fdaf35e8b08f2d8b1b10325d879d", 0xca, 0x40}], 0x80010, &(0x7f00000002c0)={[{@nodots='nodots', 0x2c}, {@nodots='nodots', 0x2c}]}) write$binfmt_elf64(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600000000000000000040000000000000000000e902000004008b00000040000000000000000000000000000000010000000000380000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000cf9b97d1b315680a2fc40935722e3302810aaaf553e2c8f69d312793fc5120e4fd93af030a0e3e0c69cf3a63598072de71282ded4467bae64272537876a32ed59509a86bc34264d2de28263d8083d14966081ae6d2d9cfd7594008fa7fbb0030a52d38a4e3600860d8d2f03a0000000000000000000000000000"], 0x78) ioctl$EVIOCGPHYS(r0, 0x80404507, &(0x7f0000000440)=""/209) mq_timedreceive(r1, &(0x7f0000000000)=""/60, 0x324, 0x3, 0x0) 22:28:27 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f00000000c0)={'lo\x00@\x00', 0x101}) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000200)='/dev/uinput\x00', 0x400400, 0x0) getsockname$packet(0xffffffffffffff9c, &(0x7f0000000380)={0x0, 0x0, 0x0}, &(0x7f00000003c0)=0x14) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000004c0)={{{@in, @in=@dev={0xac, 0x14, 0x14, 0x1c}, 0x4e21, 0x0, 0x4e21, 0x200, 0xa, 0x80, 0x80, 0x1, r3, r4}, {0x8, 0x9, 0xa3bd, 0x3cf, 0x53, 0xb543, 0x2, 0x4}, {0x7, 0x5, 0x1, 0x100}, 0x1, 0x6e6bb0, 0x2}, {{@in=@loopback=0x7f000001, 0x4d6, 0x32}, 0xa, @in6=@loopback={0x0, 0x1}, 0x3506, 0x3, 0x3, 0x7, 0x10000, 0x5, 0x7}}, 0xe8) r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rfkill\x00', 0x10000, 0x0) sysfs$1(0x1, &(0x7f00000005c0)='lo\x00') ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000180)=0x0) write$cgroup_pid(r5, &(0x7f00000001c0)=r6, 0x12) setsockopt$inet_mreqsrc(r1, 0x0, 0x27, &(0x7f0000000040)={@multicast2=0xe0000002, @loopback=0x7f000001, @loopback=0x7f000001}, 0xc) setsockopt$inet_mreqn(r1, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'lo\x00'}) getsockopt$inet_mreqsrc(r1, 0x0, 0x0, &(0x7f0000000080)={@rand_addr, @rand_addr, @remote}, &(0x7f0000000100)=0xc) close(r1) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r5, 0x84, 0x73, &(0x7f0000000240)={0x0, 0x2, 0x30, 0x2, 0x3}, &(0x7f0000000280)=0x18) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r2, 0x84, 0x1a, &(0x7f0000000600)=ANY=[@ANYRES32=r7, @ANYBLOB="5000000092ba12849d957ea6736b7451960227e512dd2ee32a78c9cad256d598b8027bfd118ed3c22194d0e294b880bb46a4fd8b5cea1ad06218a6c4a4b839dc41e7cf233c6cdf1457da8f54b7072f48316bab0273e8f8eacce0d0b4510f46a6bc00d65c781652a9c4cc1af22c1e8e278332afb5d877b1df300236c8e688fe3c82e7c831291fba80af6baf67d115af25186f51ed905194a48cbe3595c4a832a66f4139494f4073b4d92fc368"], &(0x7f0000000340)=0x58) 22:28:27 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") 22:28:27 executing program 2 (fault-call:1 fault-nth:12): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) 22:28:27 executing program 6: openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x8000, 0x0) r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000100)="025cc83d6d345f8f762070") syz_mount_image$ceph(&(0x7f0000000140)='ceph\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x0, &(0x7f0000000500)='(eth1\x00') 22:28:27 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") [ 119.535423] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16546 [ 119.535980] FAULT_INJECTION: forcing a failure. [ 119.535980] name failslab, interval 1, probability 0, space 0, times 0 [ 119.547086] device lo entered promiscuous mode [ 119.556342] CPU: 0 PID: 7947 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 119.556356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 119.578591] Call Trace: [ 119.581302] dump_stack+0x1c9/0x2b4 22:28:27 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000200100, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) [ 119.585116] ? dump_stack_print_info.cold.2+0x52/0x52 [ 119.590321] ? __kernel_text_address+0xd/0x40 [ 119.594821] ? unwind_get_return_address+0x61/0xa0 [ 119.599756] should_fail.cold.4+0xa/0x11 [ 119.603828] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 119.608937] ? save_stack+0xa9/0xd0 [ 119.612567] ? save_stack+0x43/0xd0 [ 119.616192] ? kasan_kmalloc+0xc4/0xe0 [ 119.620084] ? kmem_cache_alloc_trace+0x152/0x780 [ 119.624927] ? sctp_add_bind_addr+0x101/0x4b0 [ 119.629424] ? sctp_copy_local_addr_list+0x499/0x690 [ 119.634528] ? sctp_copy_one_addr+0x5d/0x170 [ 119.638933] ? sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 119.644633] ? sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 119.649461] ? sctp_sendmsg+0x18a2/0x1d90 [ 119.653596] ? inet_sendmsg+0x1a1/0x690 [ 119.657568] ? sock_sendmsg+0xd5/0x120 [ 119.661444] ? ___sys_sendmsg+0x51d/0x930 [ 119.665595] ? __sys_sendmmsg+0x240/0x6f0 [ 119.669729] ? __x64_sys_sendmmsg+0x9d/0x100 [ 119.674124] ? do_syscall_64+0x1b9/0x820 [ 119.678174] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 119.683527] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 119.689069] ? _extract_crng+0x23b/0x320 [ 119.693121] ? lock_acquire+0x1e4/0x540 [ 119.697081] ? _crng_backtrack_protect+0x108/0x150 [ 119.701994] ? lock_downgrade+0x8f0/0x8f0 [ 119.706134] ? lock_acquire+0x1e4/0x540 [ 119.710094] ? sctp_bind_addr_state+0x292/0x480 [ 119.714750] ? lock_downgrade+0x8f0/0x8f0 [ 119.718884] ? kasan_unpoison_shadow+0x35/0x50 [ 119.723452] __should_failslab+0x124/0x180 [ 119.727688] should_failslab+0x9/0x14 [ 119.731473] kmem_cache_alloc_trace+0x4b/0x780 [ 119.736042] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 119.741228] ? __sanitizer_cov_trace_cmp2+0x18/0x20 [ 119.746238] sctp_add_bind_addr+0x101/0x4b0 [ 119.750551] ? sctp_bind_addr_free+0x20/0x20 [ 119.754947] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 119.760121] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 119.765644] ? sctp_v4_scope+0x19b/0x1c0 [ 119.769690] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 119.774866] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 119.779892] sctp_copy_local_addr_list+0x499/0x690 [ 119.784809] ? sctp_defaults_init+0xe70/0xe70 [ 119.789302] ? get_random_bytes+0x34/0x40 [ 119.793446] ? sctp_association_new+0x1aab/0x2290 [ 119.798291] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 119.803468] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 119.809009] sctp_copy_one_addr+0x5d/0x170 [ 119.813234] ? sctp_copy_one_addr+0x5d/0x170 [ 119.817637] sctp_bind_addr_copy+0x173/0x47c [ 119.822037] ? sctp_copy_one_addr+0x170/0x170 [ 119.826518] ? sctp_autobind+0x16d/0x1f0 [ 119.830563] ? sctp_do_bind+0x5f0/0x5f0 [ 119.834524] sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 119.840045] ? security_sctp_bind_connect+0x99/0xc0 [ 119.845054] sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 119.849708] ? lock_acquire+0x1e4/0x540 [ 119.853683] ? sctp_sendmsg+0x1278/0x1d90 [ 119.857821] ? sctp_autobind+0x1f0/0x1f0 [ 119.861866] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 119.866439] ? kasan_check_write+0x14/0x20 [ 119.870661] ? lock_sock_nested+0x9f/0x120 [ 119.874879] ? trace_hardirqs_on+0xd/0x10 [ 119.879015] ? __local_bh_enable_ip+0x161/0x230 [ 119.883670] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 119.889191] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 119.894367] sctp_sendmsg+0x18a2/0x1d90 [ 119.898328] ? do_raw_spin_unlock+0xa7/0x2f0 [ 119.902727] ? sctp_id2assoc+0x3e0/0x3e0 [ 119.906780] ? _raw_spin_unlock_bh+0x30/0x40 [ 119.911174] ? __release_sock+0x3a0/0x3a0 [ 119.915319] inet_sendmsg+0x1a1/0x690 [ 119.919104] ? copy_msghdr_from_user+0x340/0x580 [ 119.923844] ? ipip_gro_receive+0x100/0x100 [ 119.928153] ? move_addr_to_kernel.part.20+0x100/0x100 [ 119.933417] ? security_socket_sendmsg+0x94/0xc0 [ 119.938156] ? ipip_gro_receive+0x100/0x100 [ 119.942462] sock_sendmsg+0xd5/0x120 [ 119.946162] ___sys_sendmsg+0x51d/0x930 [ 119.950134] ? __check_object_size+0x9d/0x5f2 [ 119.954617] ? copy_msghdr_from_user+0x580/0x580 [ 119.959369] ? lock_acquire+0x1e4/0x540 [ 119.963337] ? __fget_light+0x2f7/0x440 [ 119.967308] ? fget_raw+0x20/0x20 [ 119.970758] ? proc_fail_nth_write+0x9e/0x210 [ 119.975244] ? proc_cwd_link+0x1d0/0x1d0 [ 119.979297] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 119.984819] ? sockfd_lookup_light+0xc5/0x160 [ 119.989302] __sys_sendmmsg+0x240/0x6f0 [ 119.993270] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 119.997578] ? fsnotify_first_mark+0x350/0x350 [ 120.002144] ? __fsnotify_parent+0xcc/0x420 [ 120.006449] ? fsnotify+0x14e0/0x14e0 [ 120.010248] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 120.015768] ? fput+0x130/0x1a0 [ 120.019033] ? ksys_write+0x1ae/0x260 [ 120.022821] ? __ia32_sys_read+0xb0/0xb0 [ 120.026878] __x64_sys_sendmmsg+0x9d/0x100 [ 120.031106] do_syscall_64+0x1b9/0x820 [ 120.034982] ? finish_task_switch+0x1d3/0x870 [ 120.039463] ? syscall_return_slowpath+0x5e0/0x5e0 [ 120.044381] ? syscall_return_slowpath+0x31d/0x5e0 [ 120.049298] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 120.054304] ? prepare_exit_to_usermode+0x291/0x3b0 [ 120.059307] ? perf_trace_sys_enter+0xb10/0xb10 [ 120.063963] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 120.068797] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 120.073976] RIP: 0033:0x455e29 [ 120.077148] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 120.096422] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 120.104118] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 120.111371] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 [ 120.118622] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 120.125874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 22:28:27 executing program 2 (fault-call:1 fault-nth:13): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) [ 120.133127] R13: 00000000004c111c R14: 00000000004d1558 R15: 000000000000000c [ 120.142588] device lo left promiscuous mode 22:28:27 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000400000, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) [ 120.222254] FAULT_INJECTION: forcing a failure. [ 120.222254] name failslab, interval 1, probability 0, space 0, times 0 [ 120.233574] CPU: 0 PID: 7968 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 120.241880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 120.251230] Call Trace: [ 120.253821] dump_stack+0x1c9/0x2b4 [ 120.257450] ? dump_stack_print_info.cold.2+0x52/0x52 [ 120.262638] ? __kernel_text_address+0xd/0x40 [ 120.267136] ? unwind_get_return_address+0x61/0xa0 [ 120.272071] should_fail.cold.4+0xa/0x11 [ 120.276130] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 120.281243] ? save_stack+0xa9/0xd0 [ 120.284868] ? save_stack+0x43/0xd0 [ 120.288490] ? kasan_kmalloc+0xc4/0xe0 [ 120.292376] ? kmem_cache_alloc_trace+0x152/0x780 [ 120.297235] ? sctp_add_bind_addr+0x101/0x4b0 [ 120.301754] ? sctp_copy_local_addr_list+0x499/0x690 [ 120.306863] ? sctp_copy_one_addr+0x5d/0x170 [ 120.311269] ? sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 120.316986] ? sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 120.321848] ? sctp_sendmsg+0x18a2/0x1d90 [ 120.325986] ? inet_sendmsg+0x1a1/0x690 [ 120.329954] ? sock_sendmsg+0xd5/0x120 [ 120.333830] ? ___sys_sendmsg+0x51d/0x930 [ 120.337963] ? __sys_sendmmsg+0x240/0x6f0 [ 120.342096] ? __x64_sys_sendmmsg+0x9d/0x100 [ 120.346491] ? do_syscall_64+0x1b9/0x820 [ 120.350537] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 120.355904] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 120.361427] ? _extract_crng+0x23b/0x320 [ 120.365478] ? lock_acquire+0x1e4/0x540 [ 120.369441] ? _crng_backtrack_protect+0x108/0x150 [ 120.374358] ? lock_downgrade+0x8f0/0x8f0 [ 120.378499] ? lock_acquire+0x1e4/0x540 [ 120.382459] ? sctp_bind_addr_state+0x292/0x480 [ 120.387117] ? lock_downgrade+0x8f0/0x8f0 [ 120.391254] ? kasan_unpoison_shadow+0x35/0x50 [ 120.395823] __should_failslab+0x124/0x180 [ 120.400048] should_failslab+0x9/0x14 [ 120.403838] kmem_cache_alloc_trace+0x4b/0x780 [ 120.408410] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 120.413586] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 120.418589] sctp_add_bind_addr+0x101/0x4b0 [ 120.422899] ? sctp_bind_addr_free+0x20/0x20 [ 120.427295] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 120.432474] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 120.438004] ? sctp_v4_scope+0x19b/0x1c0 [ 120.442057] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 120.447236] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 120.452251] sctp_copy_local_addr_list+0x499/0x690 [ 120.457168] ? sctp_defaults_init+0xe70/0xe70 [ 120.461653] ? get_random_bytes+0x34/0x40 [ 120.465789] ? sctp_association_new+0x1aab/0x2290 [ 120.470623] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 120.475802] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 120.481325] sctp_copy_one_addr+0x5d/0x170 [ 120.485543] ? sctp_copy_one_addr+0x5d/0x170 [ 120.489946] sctp_bind_addr_copy+0x173/0x47c [ 120.494341] ? sctp_copy_one_addr+0x170/0x170 [ 120.498820] ? sctp_autobind+0x16d/0x1f0 [ 120.502868] ? sctp_do_bind+0x5f0/0x5f0 [ 120.506842] sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 120.512366] ? security_sctp_bind_connect+0x99/0xc0 [ 120.517371] sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 120.522029] ? lock_acquire+0x1e4/0x540 [ 120.525988] ? sctp_sendmsg+0x1278/0x1d90 [ 120.530139] ? sctp_autobind+0x1f0/0x1f0 [ 120.534188] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 120.538776] ? kasan_check_write+0x14/0x20 [ 120.543001] ? lock_sock_nested+0x9f/0x120 [ 120.547225] ? trace_hardirqs_on+0xd/0x10 [ 120.551361] ? __local_bh_enable_ip+0x161/0x230 [ 120.556020] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 120.561542] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 120.566721] sctp_sendmsg+0x18a2/0x1d90 [ 120.570678] ? do_raw_spin_unlock+0xa7/0x2f0 [ 120.575076] ? sctp_id2assoc+0x3e0/0x3e0 [ 120.579126] ? _raw_spin_unlock_bh+0x30/0x40 [ 120.583531] ? __release_sock+0x3a0/0x3a0 [ 120.587674] inet_sendmsg+0x1a1/0x690 [ 120.591459] ? copy_msghdr_from_user+0x340/0x580 [ 120.596208] ? ipip_gro_receive+0x100/0x100 [ 120.600517] ? move_addr_to_kernel.part.20+0x100/0x100 [ 120.605783] ? security_socket_sendmsg+0x94/0xc0 [ 120.610520] ? ipip_gro_receive+0x100/0x100 [ 120.614829] sock_sendmsg+0xd5/0x120 [ 120.618529] ___sys_sendmsg+0x51d/0x930 [ 120.622500] ? __check_object_size+0x9d/0x5f2 [ 120.626984] ? copy_msghdr_from_user+0x580/0x580 [ 120.631729] ? lock_acquire+0x1e4/0x540 [ 120.635697] ? __fget_light+0x2f7/0x440 [ 120.639657] ? fget_raw+0x20/0x20 [ 120.643107] ? proc_fail_nth_write+0x9e/0x210 [ 120.647587] ? proc_cwd_link+0x1d0/0x1d0 [ 120.651649] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 120.657174] ? sockfd_lookup_light+0xc5/0x160 [ 120.661655] __sys_sendmmsg+0x240/0x6f0 [ 120.665620] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 120.669931] ? fsnotify_first_mark+0x350/0x350 [ 120.674494] ? __fsnotify_parent+0xcc/0x420 [ 120.678803] ? fsnotify+0x14e0/0x14e0 [ 120.682601] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 120.688122] ? fput+0x130/0x1a0 [ 120.691388] ? ksys_write+0x1ae/0x260 [ 120.695180] ? __ia32_sys_read+0xb0/0xb0 [ 120.699236] __x64_sys_sendmmsg+0x9d/0x100 [ 120.703460] do_syscall_64+0x1b9/0x820 [ 120.707332] ? finish_task_switch+0x1d3/0x870 [ 120.711828] ? syscall_return_slowpath+0x5e0/0x5e0 [ 120.716743] ? syscall_return_slowpath+0x31d/0x5e0 [ 120.721657] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 120.726660] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 120.732180] ? prepare_exit_to_usermode+0x291/0x3b0 [ 120.737181] ? perf_trace_sys_enter+0xb10/0xb10 [ 120.741839] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 120.746672] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 120.751846] RIP: 0033:0x455e29 [ 120.755019] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 22:28:28 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000000000)=ANY=[@ANYBLOB="1925003b515af40371bbb77863ca9cbb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000000), 0x1000000000000040) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 120.774517] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 120.782212] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 120.789465] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 [ 120.796716] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 120.803970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 120.811225] R13: 00000000004c111c R14: 00000000004d1558 R15: 000000000000000d 22:28:28 executing program 2 (fault-call:1 fault-nth:14): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) 22:28:28 executing program 4: r0 = socket(0x10, 0x3, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x2000, 0x80) ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000000)=0x0) sched_setattr(r2, &(0x7f0000000100)={0x30, 0x7, 0x0, 0x80, 0x1, 0x1, 0x5, 0x7a}, 0x0) acct(0x0) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/autofs\x00', 0x10400, 0x0) ioctl$GIO_SCRNMAP(r3, 0x4b40, &(0x7f0000000180)=""/37) clock_nanosleep(0x3, 0x1, &(0x7f00000001c0), &(0x7f0000000240)) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2400000019000104000000000000000002200000ff0000000000000008000100ac141400884d7d36cdf7593ca7f838e8a425894cb08bb1dbe7f22b090c9a693996a61d040778b1cff5429d211e61fdc7518333a8834fa0e1dca01194ad2002dcf57d8122136f57be483151be41913756b6d2f87fc36b42ac11bf08e9641c64c6c8c622b703825bbe1399216ef46143f1d4cbfb00a2897f65e8d9da8df8e7fe523a3373a874b2e8aa5514c7d5f17abbc0115f0753c9c1e6f6420748baaa697274493f7d9892a3ceca3d965a99cbcd4c98eb9d014e342825cbfc66681f44ffbab37d462ee82973458808ab1b2cc3b0474155"], 0x24}, 0x1}, 0x0) [ 120.826542] device lo entered promiscuous mode [ 120.826915] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16527 [ 120.847184] ceph: device name is missing path (no : separator in /dev/loop6) [ 120.867341] device lo left promiscuous mode 22:28:28 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") [ 120.920850] FAULT_INJECTION: forcing a failure. [ 120.920850] name failslab, interval 1, probability 0, space 0, times 0 [ 120.932187] CPU: 1 PID: 7983 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 120.940498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 120.949848] Call Trace: [ 120.952427] dump_stack+0x1c9/0x2b4 [ 120.956041] ? dump_stack_print_info.cold.2+0x52/0x52 [ 120.961216] ? __kernel_text_address+0xd/0x40 [ 120.965694] ? unwind_get_return_address+0x61/0xa0 [ 120.970610] should_fail.cold.4+0xa/0x11 [ 120.974663] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 120.979753] ? save_stack+0xa9/0xd0 [ 120.983360] ? save_stack+0x43/0xd0 [ 120.986969] ? kasan_kmalloc+0xc4/0xe0 [ 120.990837] ? kmem_cache_alloc_trace+0x152/0x780 [ 120.995663] ? sctp_add_bind_addr+0x101/0x4b0 [ 121.000145] ? sctp_copy_local_addr_list+0x499/0x690 [ 121.005229] ? sctp_copy_one_addr+0x5d/0x170 [ 121.009622] ? sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 121.015317] ? sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 121.020147] ? sctp_sendmsg+0x18a2/0x1d90 [ 121.024278] ? inet_sendmsg+0x1a1/0x690 [ 121.028235] ? sock_sendmsg+0xd5/0x120 [ 121.032104] ? ___sys_sendmsg+0x51d/0x930 [ 121.036235] ? __sys_sendmmsg+0x240/0x6f0 [ 121.040365] ? __x64_sys_sendmmsg+0x9d/0x100 [ 121.044757] ? do_syscall_64+0x1b9/0x820 [ 121.048800] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 121.054150] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 121.059672] ? _extract_crng+0x23b/0x320 [ 121.063721] ? lock_acquire+0x1e4/0x540 [ 121.067679] ? _crng_backtrack_protect+0x108/0x150 [ 121.072591] ? lock_downgrade+0x8f0/0x8f0 [ 121.076727] ? lock_acquire+0x1e4/0x540 [ 121.080686] ? sctp_bind_addr_state+0x292/0x480 [ 121.085353] ? lock_downgrade+0x8f0/0x8f0 [ 121.089487] ? kasan_unpoison_shadow+0x35/0x50 [ 121.094063] __should_failslab+0x124/0x180 [ 121.098285] should_failslab+0x9/0x14 [ 121.102069] kmem_cache_alloc_trace+0x4b/0x780 [ 121.106638] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 121.111811] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 121.116811] sctp_add_bind_addr+0x101/0x4b0 [ 121.121119] ? sctp_bind_addr_free+0x20/0x20 [ 121.125521] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 121.130693] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 121.136214] ? sctp_v4_scope+0x19b/0x1c0 [ 121.140270] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 121.145443] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 121.150442] sctp_copy_local_addr_list+0x499/0x690 [ 121.155353] ? sctp_defaults_init+0xe70/0xe70 [ 121.159832] ? get_random_bytes+0x34/0x40 [ 121.163965] ? sctp_association_new+0x1aab/0x2290 [ 121.168804] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 121.173976] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 121.179496] sctp_copy_one_addr+0x5d/0x170 [ 121.183716] ? sctp_copy_one_addr+0x5d/0x170 [ 121.188121] sctp_bind_addr_copy+0x173/0x47c [ 121.192513] ? sctp_copy_one_addr+0x170/0x170 [ 121.196991] ? sctp_autobind+0x16d/0x1f0 [ 121.201039] ? sctp_do_bind+0x5f0/0x5f0 [ 121.204997] sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 121.210523] ? security_sctp_bind_connect+0x99/0xc0 [ 121.215524] sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 121.220180] ? lock_acquire+0x1e4/0x540 [ 121.224139] ? sctp_sendmsg+0x1278/0x1d90 [ 121.228272] ? sctp_autobind+0x1f0/0x1f0 [ 121.232314] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 121.236880] ? kasan_check_write+0x14/0x20 [ 121.241120] ? lock_sock_nested+0x9f/0x120 [ 121.245340] ? trace_hardirqs_on+0xd/0x10 [ 121.249472] ? __local_bh_enable_ip+0x161/0x230 [ 121.254125] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 121.259644] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 121.264817] sctp_sendmsg+0x18a2/0x1d90 [ 121.268784] ? do_raw_spin_unlock+0xa7/0x2f0 [ 121.273177] ? sctp_id2assoc+0x3e0/0x3e0 [ 121.277223] ? _raw_spin_unlock_bh+0x30/0x40 [ 121.281614] ? __release_sock+0x3a0/0x3a0 [ 121.285763] inet_sendmsg+0x1a1/0x690 [ 121.289549] ? copy_msghdr_from_user+0x340/0x580 [ 121.294289] ? ipip_gro_receive+0x100/0x100 [ 121.298606] ? move_addr_to_kernel.part.20+0x100/0x100 [ 121.303868] ? security_socket_sendmsg+0x94/0xc0 [ 121.308623] ? ipip_gro_receive+0x100/0x100 [ 121.312929] sock_sendmsg+0xd5/0x120 [ 121.316626] ___sys_sendmsg+0x51d/0x930 [ 121.320583] ? __check_object_size+0x9d/0x5f2 [ 121.325065] ? copy_msghdr_from_user+0x580/0x580 [ 121.329808] ? lock_acquire+0x1e4/0x540 [ 121.333779] ? __fget_light+0x2f7/0x440 [ 121.337735] ? fget_raw+0x20/0x20 [ 121.341178] ? proc_fail_nth_write+0x9e/0x210 [ 121.345667] ? proc_cwd_link+0x1d0/0x1d0 [ 121.349717] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 121.355235] ? sockfd_lookup_light+0xc5/0x160 [ 121.359713] __sys_sendmmsg+0x240/0x6f0 [ 121.363676] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 121.367979] ? fsnotify_first_mark+0x350/0x350 [ 121.372645] ? __fsnotify_parent+0xcc/0x420 [ 121.376962] ? fsnotify+0x14e0/0x14e0 [ 121.380754] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 121.386273] ? fput+0x130/0x1a0 [ 121.389534] ? ksys_write+0x1ae/0x260 [ 121.393316] ? __ia32_sys_read+0xb0/0xb0 [ 121.397361] __x64_sys_sendmmsg+0x9d/0x100 [ 121.401579] do_syscall_64+0x1b9/0x820 [ 121.405454] ? finish_task_switch+0x1d3/0x870 [ 121.409932] ? syscall_return_slowpath+0x5e0/0x5e0 [ 121.414844] ? syscall_return_slowpath+0x31d/0x5e0 [ 121.419761] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 121.424761] ? prepare_exit_to_usermode+0x291/0x3b0 [ 121.429769] ? perf_trace_sys_enter+0xb10/0xb10 [ 121.434419] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 121.439246] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 121.444419] RIP: 0033:0x455e29 [ 121.447585] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 121.466752] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 121.474442] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 121.481691] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 [ 121.488941] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 121.496189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 121.503439] R13: 00000000004c111c R14: 00000000004d1558 R15: 000000000000000e 22:28:29 executing program 1: r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000010001900000007000000068100022b0509000100010100ff3ffe58", 0x1f}], 0x1) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='&\x00'}, 0x10) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000280)='IPVS\x00') sendmsg$IPVS_CMD_GET_DAEMON(r1, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, r2, 0x4, 0x70bd2a, 0x25dfdbfc, {0xb}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x11}, 0x24000090) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={0xffffffff}, 0x0, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_CONNECT(r1, &(0x7f0000000100)={0x6, 0x118, 0xfa00, {{0x1, 0xfff, "a87cd65e52be2ae68a943748662307c2e46399eee76f7e0f9aa62af8d9c31a45e9d183538c152c1b80ede48a4e36a8e5bd2deab817324869b8fdd5bf1c8baecdf014df2c4c1e9f71263a9389af26d3a85ba9e78369d131397e1d87af8ac21e44a16377987274ef574aa592711cc52bd2892bb04ea5203d79897ead22bafb89fa2c04abd98cce980af48ab0571f3758fde3ea5601833d90ad939379f5dd3d87b8bb72aafa1737ee3992df9688b7d6cc8cd3a81ba34592519fea2295f1d59cc99829d74a8cf42d8fab767258caed5e11d2af6855d666839176df67cbec332feba6b7a4228d0ed85859d5bda8427ca2bef16a4caee4a8a8a7756a7bd03598282544", 0xbb, 0x4, 0x8, 0x3, 0x8, 0xfff, 0xffffffffffffffff}, r3}}, 0x120) madvise(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x13) 22:28:29 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000e00300, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:29 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000840)) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000640)='/dev/rfkill\x00', 0x8000, 0x0) ioctl$PPPOEIOCDFWD(r1, 0xb101, 0x0) syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f00000002c0)}], 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="000066382c6be800cf2c00000000000000000000529cd4f333672fbcb9087b297b771007370278f33bd869ffbf87e3e202ddfa646905d119f975f967fa20faf8867f751dade95f03ee725d4ba41ef9a6fce6c6972eb94121262831ee5ea4103d92a5f5b9adf4159f38c8eba23751"]) accept4$inet6(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, @mcast2}, &(0x7f00000000c0)=0x11, 0x80000) getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f0000000100)={'ah\x00'}, &(0x7f0000000140)=0x1e) 22:28:29 executing program 4: r0 = socket$kcm(0xa, 0x2, 0x0) sendmsg(r0, &(0x7f0000000680)={&(0x7f0000000200)=@in={0x2, 0x0, @rand_addr=0x1000c6120000}, 0x80, &(0x7f0000000540)=[{&(0x7f0000000500)="ec", 0x1}], 0x1, 0x0, 0x0, 0x1}, 0x0) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000080)=@req={0x28, &(0x7f0000000040)={'teql0\x00', @ifru_settings={0x1b0, 0x80, @fr=&(0x7f0000000000)={0x5, 0x5, 0x6, 0x3f, 0x3, 0x2, 0x4}}}}) 22:28:29 executing program 6: r0 = socket(0xb, 0x7, 0x4) ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000280)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r3, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="01000000000000100100000000000100000000000000aabc"]) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {}, 0x0, 0x0, 0x0, 0xfffffffffffffffe}) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x400000, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(r4, 0x84, 0xd, &(0x7f00000000c0)=@assoc_value={0x0, 0x7f}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp6_SCTP_CONTEXT(r4, 0x84, 0x11, &(0x7f0000000180)={r5, 0xfff}, 0x8) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r4, 0x84, 0x1e, &(0x7f0000000040), &(0x7f0000000080)=0x4) init_module(&(0x7f00000001c0)='/wlan1keyring:\x00', 0xf, &(0x7f0000000200)='/dev/kvm\x00') 22:28:29 executing program 2 (fault-call:1 fault-nth:15): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) [ 121.622193] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16521 22:28:29 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc000000000000cc, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:29 executing program 5: socketpair(0x0, 0x0, 0x7, &(0x7f0000000000)) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000100)=')') mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0xb, 0x20040000032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000200)={0xaa}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snapshot\x00', 0x0, 0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000340)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f000000f000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, &(0x7f00000002c0)="48b801000000000000000f23c00f21f835020004000f23f8b9c70200000f32f0460fc78868cc0000b8010000000f01c166b8f8000f00d866bad00466b8c26266efc441adfedcc4c19855a804000000460f1a7d046436640f07", 0x59}], 0x1, 0x0, &(0x7f0000000380), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) close(r0) 22:28:29 executing program 4: r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r2 = syz_open_dev$loop(&(0x7f0000000180)='/dev/loop#\x00', 0x0, 0x0) setreuid(0x0, r1) ioctl$LOOP_SET_STATUS64(r2, 0x4c04, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, "2c7859518ffe655a0368f284992ab2db0cdf3f8a4b548cf6d7acdb0742908b178dea03ea4577cc0654fd414737b5accfa3fe647b3e029444c02e862b00", "892baf283df7ea8482377ece0f99e9b4816970b5c690c1f7af034a1269fa0e471a6b6930fa47cd0e0fd6a2e62c92eb46199461e19b0f80edcfdb0cf2a671df71", "11d22af1f634619e17b4a35ed136e748db0742f70d4bf16e3bae533f186d4f7b", [0x8, 0x8]}) 22:28:29 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) ioctl(0xffffffffffffffff, 0x1, &(0x7f0000000000)="a0040ad8") [ 121.670107] ntfs: (device loop0): ntfs_fill_super(): Unable to determine device size. [ 121.685383] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 121.736747] FAULT_INJECTION: forcing a failure. [ 121.736747] name failslab, interval 1, probability 0, space 0, times 0 [ 121.748041] CPU: 1 PID: 8017 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 121.756359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 121.765709] Call Trace: [ 121.768308] dump_stack+0x1c9/0x2b4 [ 121.771949] ? dump_stack_print_info.cold.2+0x52/0x52 [ 121.777152] ? __kernel_text_address+0xd/0x40 [ 121.781669] ? unwind_get_return_address+0x61/0xa0 [ 121.787228] should_fail.cold.4+0xa/0x11 [ 121.791300] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 121.796407] ? save_stack+0xa9/0xd0 [ 121.800026] ? save_stack+0x43/0xd0 [ 121.803644] ? kasan_kmalloc+0xc4/0xe0 [ 121.807518] ? kmem_cache_alloc_trace+0x152/0x780 [ 121.812351] ? sctp_add_bind_addr+0x101/0x4b0 [ 121.816833] ? sctp_copy_local_addr_list+0x499/0x690 [ 121.821919] ? sctp_copy_one_addr+0x5d/0x170 [ 121.826502] ? sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 121.832197] ? sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 121.837027] ? sctp_sendmsg+0x18a2/0x1d90 [ 121.841158] ? inet_sendmsg+0x1a1/0x690 [ 121.845136] ? sock_sendmsg+0xd5/0x120 [ 121.849015] ? ___sys_sendmsg+0x51d/0x930 [ 121.853149] ? __sys_sendmmsg+0x240/0x6f0 [ 121.857281] ? __x64_sys_sendmmsg+0x9d/0x100 [ 121.861675] ? do_syscall_64+0x1b9/0x820 [ 121.865722] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 121.871075] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 121.876597] ? _extract_crng+0x23b/0x320 [ 121.880650] ? lock_acquire+0x1e4/0x540 [ 121.884610] ? _crng_backtrack_protect+0x108/0x150 [ 121.889524] ? lock_downgrade+0x8f0/0x8f0 [ 121.893662] ? lock_acquire+0x1e4/0x540 [ 121.897622] ? sctp_bind_addr_state+0x292/0x480 [ 121.902275] ? lock_downgrade+0x8f0/0x8f0 [ 121.906412] ? kasan_unpoison_shadow+0x35/0x50 [ 121.910992] __should_failslab+0x124/0x180 [ 121.915216] should_failslab+0x9/0x14 [ 121.918999] kmem_cache_alloc_trace+0x4b/0x780 [ 121.923573] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 121.928748] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 121.933765] sctp_add_bind_addr+0x101/0x4b0 [ 121.938074] ? sctp_bind_addr_free+0x20/0x20 [ 121.942467] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 121.947650] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 121.953170] ? sctp_v4_scope+0x19b/0x1c0 [ 121.957214] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 121.962387] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 121.967391] sctp_copy_local_addr_list+0x499/0x690 [ 121.972314] ? sctp_defaults_init+0xe70/0xe70 [ 121.976795] ? get_random_bytes+0x34/0x40 [ 121.980928] ? sctp_association_new+0x1aab/0x2290 [ 121.985761] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 121.990937] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 121.996459] sctp_copy_one_addr+0x5d/0x170 [ 122.000690] ? sctp_copy_one_addr+0x5d/0x170 [ 122.005096] sctp_bind_addr_copy+0x173/0x47c [ 122.009489] ? sctp_copy_one_addr+0x170/0x170 [ 122.013968] ? sctp_autobind+0x16d/0x1f0 [ 122.018018] ? sctp_do_bind+0x5f0/0x5f0 [ 122.021989] sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 122.027511] ? security_sctp_bind_connect+0x99/0xc0 [ 122.032512] sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 122.037178] ? lock_acquire+0x1e4/0x540 [ 122.041135] ? sctp_sendmsg+0x1278/0x1d90 [ 122.045268] ? sctp_autobind+0x1f0/0x1f0 [ 122.049313] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 122.053881] ? kasan_check_write+0x14/0x20 [ 122.058099] ? lock_sock_nested+0x9f/0x120 [ 122.062317] ? trace_hardirqs_on+0xd/0x10 [ 122.066449] ? __local_bh_enable_ip+0x161/0x230 [ 122.071101] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 122.076645] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 122.081820] sctp_sendmsg+0x18a2/0x1d90 [ 122.085776] ? do_raw_spin_unlock+0xa7/0x2f0 [ 122.090172] ? sctp_id2assoc+0x3e0/0x3e0 [ 122.094219] ? _raw_spin_unlock_bh+0x30/0x40 [ 122.098612] ? __release_sock+0x3a0/0x3a0 [ 122.102748] inet_sendmsg+0x1a1/0x690 [ 122.106553] ? copy_msghdr_from_user+0x340/0x580 [ 122.111291] ? ipip_gro_receive+0x100/0x100 [ 122.115599] ? move_addr_to_kernel.part.20+0x100/0x100 [ 122.120861] ? security_socket_sendmsg+0x94/0xc0 [ 122.125600] ? ipip_gro_receive+0x100/0x100 [ 122.129906] sock_sendmsg+0xd5/0x120 [ 122.133604] ___sys_sendmsg+0x51d/0x930 [ 122.137563] ? __check_object_size+0x9d/0x5f2 [ 122.142045] ? copy_msghdr_from_user+0x580/0x580 [ 122.146798] ? lock_acquire+0x1e4/0x540 [ 122.150759] ? __fget_light+0x2f7/0x440 [ 122.154714] ? fget_raw+0x20/0x20 [ 122.158156] ? proc_fail_nth_write+0x9e/0x210 [ 122.162634] ? proc_cwd_link+0x1d0/0x1d0 [ 122.166684] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 122.172202] ? sockfd_lookup_light+0xc5/0x160 [ 122.176687] __sys_sendmmsg+0x240/0x6f0 [ 122.180653] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 122.184959] ? fsnotify_first_mark+0x350/0x350 [ 122.189526] ? __fsnotify_parent+0xcc/0x420 [ 122.193838] ? fsnotify+0x14e0/0x14e0 [ 122.197628] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 122.203147] ? fput+0x130/0x1a0 [ 122.206409] ? ksys_write+0x1ae/0x260 [ 122.210192] ? __ia32_sys_read+0xb0/0xb0 [ 122.214239] __x64_sys_sendmmsg+0x9d/0x100 [ 122.218461] do_syscall_64+0x1b9/0x820 [ 122.222333] ? finish_task_switch+0x1d3/0x870 [ 122.226822] ? syscall_return_slowpath+0x5e0/0x5e0 [ 122.231735] ? syscall_return_slowpath+0x31d/0x5e0 [ 122.236646] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 122.241645] ? prepare_exit_to_usermode+0x291/0x3b0 [ 122.246655] ? perf_trace_sys_enter+0xb10/0xb10 [ 122.251320] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 122.256150] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 122.261326] RIP: 0033:0x455e29 [ 122.264496] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 122.283706] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 122.291397] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 122.298647] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 [ 122.305909] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 122.313172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 122.320424] R13: 00000000004c111c R14: 00000000004d1558 R15: 000000000000000f 22:28:30 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe49, 0x80000005}) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSTI(r1, 0x5412, 0xffffffffffffff7c) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCFLSH(r1, 0x540b, 0x2) 22:28:30 executing program 4: r0 = syz_open_dev$usbmon(&(0x7f0000000500)='/dev/usbmon#\x00', 0x0, 0x40) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffff9c, 0x84, 0x1d, &(0x7f0000000540)={0x3, [0x0, 0x0, 0x0]}, &(0x7f0000000580)=0x10) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000700)='IPVS\x00') sendmsg$IPVS_CMD_GET_INFO(r0, &(0x7f00000007c0)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x2080200}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x40, r2, 0x10, 0x70bd2a, 0x25dfdbfd, {0xf}, [@IPVS_CMD_ATTR_DEST={0x2c, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0xb334822245cc1fe9}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0xffffffffffffffff}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x7fffffff}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x10001}]}]}, 0x40}, 0x1}, 0x800) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f00000005c0)={r1, @in6={{0xa, 0x4e22, 0xffff, @ipv4={[], [0xff, 0xff], @rand_addr=0x6}, 0x4}}}, 0x84) r3 = socket(0x400000000010, 0x3, 0x0) r4 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x80000001, 0x200000) r5 = openat$cgroup_ro(r4, &(0x7f0000000080)='cpu.stat\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r4, 0xc1205531, &(0x7f00000003c0)={0x100, 0x80000000, 0x0, 0x6, [], [], [], 0x4, 0x100, 0x0, 0x3, "17b1279b2897ae544e47cf98100dc4f0"}) sendmsg$nfc_llcp(r5, &(0x7f0000000380)={&(0x7f00000000c0)={0x27, 0x0, 0x2, 0x1, 0x6, 0x5, "e667a0c7d1507eadee8f28a72357105932de71751069489274bbb01fc325c035c4fac46fbe11c491eb509b9aea9946aac67f130d3bfd3770a193490abf6eb1", 0x36}, 0x60, &(0x7f0000000240)=[{&(0x7f0000000140)="e137ef2cea10363c19369c2abdff35fd9ae0f36f332fe8b2bdc624833f1777f7741f39ac1ed07d5fad6a3aec81f61f6a115ab982be1f6e6cbbb53d834bf5ed11a76670189441f60736052bdb3b57a24de0094c5625d8f303eba872d72743dd4d34bde6d733852b6692bbf5fe825b7f4b631253a989ea23084c4280af4a554c5be3574ffb89c9c62c9b40781b19ccb8ffd0ccfacad1e7bfa0fed53b7e3357bb45072419f74cd3121ece9fb11e613a3d007d131c3dfd0097b83ae3b6e6ae262bc90260e66c8972240b94b432de5d2cea497a3a28134424a6448157aa6ddb78888c922f6e2d66f1", 0xe6}], 0x1, &(0x7f0000000280)={0xc8, 0x1ff, 0x5, "6a5b139ee852b086ecb5f2aae6df63cd168180e2b4a95577a0e0e3c00836a416c665e7273e2791d2f549be85d21a36f4c23e55e1e9c4785249b56daa4800b9e8e1dacd7accb7afb54af79d5c1b7334974abd1175015caf6e31625973304a06361b55cc10bba5964dd59dceee9b974021b6e79a0b1851c0a34a39e37e6cee0ee4c4974ac014e0d370cb4f2a5514ee2d2775da4bd87b3d9bb604ab695d4a0daf2b759adbbd2ab98cc06e3274529bc0630f53"}, 0xc8, 0x5}, 0x4000) write(r3, &(0x7f0000000000)="2400000021002551071c0125ff00fc020200000000100f030ee1000c08000b00009d5300", 0x24) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r4, 0x84, 0x4, &(0x7f0000000680)=0x97, 0x4) 22:28:30 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) ioctl(r1, 0x0, &(0x7f0000000000)="a0040ad8") [ 122.337541] netlink: 'syz-executor1': attribute type 1 has an invalid length. 22:28:30 executing program 1: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount(&(0x7f000000a000)='./file0\x00', &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080)='configfs\x00', 0x0, &(0x7f0000000040)) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) getdents(0xffffffffffffffff, &(0x7f0000000140)=""/233, 0xe9) add_key$keyring(&(0x7f0000000400)='keyring\x00', &(0x7f0000000340)={0x73, 0x79, 0x7a}, 0x0, 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x40, 0x10) add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000080)={0x73, 0x79, 0x7a, 0x3}, &(0x7f0000000180), 0x0, 0x0) dup2(r0, r1) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffff9c, 0x8933, &(0x7f0000000100)={'team0\x00'}) 22:28:30 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000010c00, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:30 executing program 6: r0 = add_key$keyring(&(0x7f00000001c0)='keyring\x00', &(0x7f0000000200)={0x73, 0x79, 0x7a}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$assume_authority(0x1d, r0) r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x7, 0x400) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000040)={0xc5, 0x6da, 0x1, "f3e139d273ae9f03ddc0cb141ec06b7f2b38501a54aafcce6109725b7565e5828d5dbb369e702f784a77bb6b898f6ea795e35e99909dbb32d4e232bc017eca5a9975c9f1f8f38d326781013582d8e19934766ceab6be2d29a4a64d485f513af59b23ebc2e421f23e16861e657cf37933dcc63df813c0cc1d70f04c19426ffeb8638230ad019edf5969b5b49463fea70f75ad04837ab65257b4cb7c0de3cffa78a44ee55a6a04def7c365fe71d7305dca4dca254b3dbdecfa71ffa55c0f10ab10ed1d48300d"}) keyctl$get_persistent(0x16, 0x0, r0) 22:28:30 executing program 2 (fault-call:1 fault-nth:16): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) 22:28:30 executing program 4: socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f0000000000)) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000200)={0x15, 0x110, 0xfa00, {0xffffffff, 0x0, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80}}, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14}}}}, 0x118) 22:28:30 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)) 22:28:30 executing program 0: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x40000, 0x0) ioctl$SG_GET_REQUEST_TABLE(r1, 0x2286, &(0x7f0000000140)) fcntl$getownex(r0, 0x10, &(0x7f00000000c0)={0x0, 0x0}) ptrace$setopts(0x4206, r2, 0x0, 0x0) ptrace(0x4205, r2) syz_open_procfs(r2, &(0x7f0000000040)='net/stat\x00') mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x800000000000000, 0x100014, 0xffffffffffffffff, 0xfffffffffffffffd) ptrace$setregset(0x4205, r2, 0x0, &(0x7f0000000100)={&(0x7f0000000180)}) socket$unix(0x1, 0x5, 0x0) 22:28:30 executing program 6: r0 = socket$inet6(0xa, 0x80002, 0x0) bind$inet6(r0, &(0x7f00008a8000)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000080)={{{@in=@broadcast, @in=@rand_addr, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in=@dev}}, &(0x7f0000000000)=0xe8) getresuid(&(0x7f0000000180)=0x0, &(0x7f00000001c0), &(0x7f0000000200)) setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000240)={{{@in=@dev={0xac, 0x14, 0x14, 0xa}, @in=@broadcast=0xffffffff, 0x4e21, 0xffffffffffffff01, 0x9, 0x1, 0x2, 0x0, 0xa0, 0x2f, r1, r2}, {0xf0a, 0x1, 0x9, 0x8000, 0x89, 0x800, 0x7ff, 0x2}, {0x4, 0x3f, 0x40, 0x8}, 0x80000001, 0x6e6bb5, 0x2, 0x1, 0x2, 0x1}, {{@in, 0x4d6, 0x6c}, 0xa, @in=@remote={0xac, 0x14, 0x14, 0xbb}, 0x0, 0x0, 0x1, 0x2, 0x4, 0x7d3c, 0xffffffffa471c841}}, 0xe8) sendto$inet6(r0, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}}, 0x1c) mount$9p_virtio(&(0x7f0000000340)='!&ppp0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x140010, &(0x7f0000000400)={'trans=virtio,', {[{@afid={'afid', 0x3d, 0x5}, 0x2c}, {@cache_loose='cache=loose', 0x2c}, {@version_9p2000='version=9p2000', 0x2c}, {@version_L='version=9p2000.L', 0x2c}]}}) 22:28:30 executing program 1: r0 = socket$inet(0x10, 0x3, 0x2) sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="24000000030807031dfffd946fa2830020200a0009000100001d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) r1 = dup(r0) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x8000, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x1}, 0x2c}, {@aname={'aname', 0x3d, "776c616e30ab"}, 0x2c}]}}) setsockopt$RDS_CANCEL_SENT_TO(r1, 0x114, 0x1, &(0x7f0000000140)={0x2, 0x4e24, @rand_addr=0x3ff}, 0x10) ioctl$SG_SCSI_RESET(r1, 0x2284, 0x0) [ 122.504510] FAULT_INJECTION: forcing a failure. [ 122.504510] name failslab, interval 1, probability 0, space 0, times 0 [ 122.515810] CPU: 0 PID: 8055 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 122.524129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 122.533481] Call Trace: [ 122.536078] dump_stack+0x1c9/0x2b4 [ 122.539715] ? dump_stack_print_info.cold.2+0x52/0x52 [ 122.544915] ? __kernel_text_address+0xd/0x40 [ 122.549413] ? unwind_get_return_address+0x61/0xa0 22:28:30 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000024c00, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) [ 122.554362] should_fail.cold.4+0xa/0x11 [ 122.558429] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 122.563539] ? save_stack+0xa9/0xd0 [ 122.567170] ? save_stack+0x43/0xd0 [ 122.570802] ? kasan_kmalloc+0xc4/0xe0 [ 122.574691] ? kmem_cache_alloc_trace+0x152/0x780 [ 122.579548] ? sctp_add_bind_addr+0x101/0x4b0 [ 122.584058] ? sctp_copy_local_addr_list+0x499/0x690 [ 122.589161] ? sctp_copy_one_addr+0x5d/0x170 [ 122.593562] ? sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 122.599267] ? sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 122.604100] ? sctp_sendmsg+0x18a2/0x1d90 [ 122.608239] ? inet_sendmsg+0x1a1/0x690 [ 122.612201] ? sock_sendmsg+0xd5/0x120 [ 122.616072] ? ___sys_sendmsg+0x51d/0x930 [ 122.620202] ? __sys_sendmmsg+0x240/0x6f0 [ 122.624334] ? __x64_sys_sendmmsg+0x9d/0x100 [ 122.628728] ? do_syscall_64+0x1b9/0x820 [ 122.632778] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 122.638132] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 122.643656] ? _extract_crng+0x23b/0x320 [ 122.647709] ? lock_acquire+0x1e4/0x540 [ 122.651668] ? _crng_backtrack_protect+0x108/0x150 [ 122.656583] ? lock_downgrade+0x8f0/0x8f0 [ 122.660724] ? lock_acquire+0x1e4/0x540 [ 122.664685] ? sctp_bind_addr_state+0x292/0x480 [ 122.669340] ? lock_downgrade+0x8f0/0x8f0 [ 122.673476] ? kasan_unpoison_shadow+0x35/0x50 [ 122.678045] __should_failslab+0x124/0x180 [ 122.682356] should_failslab+0x9/0x14 [ 122.686141] kmem_cache_alloc_trace+0x4b/0x780 [ 122.690711] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 122.695885] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 122.700889] sctp_add_bind_addr+0x101/0x4b0 [ 122.705201] ? sctp_bind_addr_free+0x20/0x20 [ 122.709596] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 122.714770] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 122.720291] ? sctp_v4_scope+0x19b/0x1c0 [ 122.724337] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 122.729512] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 122.734515] sctp_copy_local_addr_list+0x499/0x690 [ 122.739433] ? sctp_defaults_init+0xe70/0xe70 [ 122.743914] ? get_random_bytes+0x34/0x40 [ 122.748048] ? sctp_association_new+0x1aab/0x2290 [ 122.752883] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 122.758057] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 122.763880] sctp_copy_one_addr+0x5d/0x170 [ 122.768102] ? sctp_copy_one_addr+0x5d/0x170 [ 122.772497] sctp_bind_addr_copy+0x173/0x47c [ 122.776893] ? sctp_copy_one_addr+0x170/0x170 [ 122.781382] ? sctp_autobind+0x16d/0x1f0 [ 122.785429] ? sctp_do_bind+0x5f0/0x5f0 [ 122.789403] sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 122.794925] ? security_sctp_bind_connect+0x99/0xc0 [ 122.799932] sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 122.804587] ? lock_acquire+0x1e4/0x540 [ 122.808548] ? sctp_sendmsg+0x1278/0x1d90 [ 122.812697] ? sctp_autobind+0x1f0/0x1f0 [ 122.816745] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 122.821316] ? kasan_check_write+0x14/0x20 [ 122.825540] ? lock_sock_nested+0x9f/0x120 [ 122.829762] ? trace_hardirqs_on+0xd/0x10 [ 122.833896] ? __local_bh_enable_ip+0x161/0x230 [ 122.838564] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 122.844089] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 122.849269] sctp_sendmsg+0x18a2/0x1d90 [ 122.853238] ? do_raw_spin_unlock+0xa7/0x2f0 [ 122.857635] ? sctp_id2assoc+0x3e0/0x3e0 [ 122.861686] ? _raw_spin_unlock_bh+0x30/0x40 [ 122.866084] ? __release_sock+0x3a0/0x3a0 [ 122.870227] inet_sendmsg+0x1a1/0x690 [ 122.874018] ? copy_msghdr_from_user+0x340/0x580 [ 122.878759] ? ipip_gro_receive+0x100/0x100 [ 122.883076] ? move_addr_to_kernel.part.20+0x100/0x100 [ 122.888342] ? security_socket_sendmsg+0x94/0xc0 [ 122.893083] ? ipip_gro_receive+0x100/0x100 [ 122.897391] sock_sendmsg+0xd5/0x120 [ 122.901094] ___sys_sendmsg+0x51d/0x930 [ 122.905055] ? __check_object_size+0x9d/0x5f2 [ 122.909539] ? copy_msghdr_from_user+0x580/0x580 [ 122.914282] ? lock_acquire+0x1e4/0x540 [ 122.918248] ? __fget_light+0x2f7/0x440 [ 122.922220] ? fget_raw+0x20/0x20 [ 122.925669] ? proc_fail_nth_write+0x9e/0x210 [ 122.930149] ? proc_cwd_link+0x1d0/0x1d0 [ 122.934203] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 122.939725] ? sockfd_lookup_light+0xc5/0x160 [ 122.944206] __sys_sendmmsg+0x240/0x6f0 [ 122.948172] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 122.952481] ? fsnotify_first_mark+0x350/0x350 [ 122.957056] ? __fsnotify_parent+0xcc/0x420 [ 122.961362] ? fsnotify+0x14e0/0x14e0 [ 122.965160] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 122.970680] ? fput+0x130/0x1a0 [ 122.973962] ? ksys_write+0x1ae/0x260 [ 122.977753] ? __ia32_sys_read+0xb0/0xb0 [ 122.981806] __x64_sys_sendmmsg+0x9d/0x100 [ 122.986030] do_syscall_64+0x1b9/0x820 [ 122.989902] ? finish_task_switch+0x1d3/0x870 [ 122.994382] ? syscall_return_slowpath+0x5e0/0x5e0 [ 122.999296] ? syscall_return_slowpath+0x31d/0x5e0 [ 123.004212] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 123.009227] ? prepare_exit_to_usermode+0x291/0x3b0 [ 123.014229] ? perf_trace_sys_enter+0xb10/0xb10 [ 123.018884] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 123.023717] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 123.028891] RIP: 0033:0x455e29 [ 123.032060] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 123.051356] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 123.059051] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 123.066303] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 [ 123.073557] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 123.080808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 123.088063] R13: 00000000004c111c R14: 00000000004d1558 R15: 0000000000000010 22:28:31 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/ip_vs_stats_percpu\x00') syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x100000000000e000, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r1 = open(&(0x7f0000000080)="2e2f66696c65302f662e6c6530f0", 0x40003ffd, 0x0) ftruncate(r1, 0x100) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x5c, &(0x7f0000000180)=[@in={0x2, 0x4e21, @local={0xac, 0x14, 0x14, 0xaa}}, @in={0x2, 0x4e20, @broadcast=0xffffffff}, @in6={0xa, 0x4e24, 0x9, @mcast1={0xff, 0x1, [], 0x1}, 0x6e5}, @in={0x2, 0x4e24, @multicast1=0xe0000001}, @in={0x2, 0x4e24}]}, &(0x7f0000000200)=0x10) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000240)={r2, 0x4, 0x2, [0x1, 0x3]}, &(0x7f00000002c0)=0xc) setsockopt$inet6_dccp_int(r0, 0x21, 0xb, &(0x7f0000000000)=0x7, 0x4) open(&(0x7f0000000280)="2e2f66696c65302f662e6c6530f000", 0x8042, 0x0) 22:28:31 executing program 6: sched_setattr(0x0, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x0, 0x1}, 0x0) r0 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000080)={0x73, 0x79, 0x7a, 0x1}, &(0x7f0000000180), 0x0, 0xfffffffffffffffd) r1 = add_key$keyring(&(0x7f00000001c0)='keyring\x00', &(0x7f0000000200)={0x73, 0x79, 0x7a, 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$link(0x8, r0, r1) r2 = socket(0x10, 0x80002, 0x0) bind$netlink(r2, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc) connect$netlink(r2, &(0x7f0000000000)=@proc={0x10, 0x0, 0x1}, 0xc) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r2, 0x10e, 0x5, &(0x7f0000000100)=0x1e3, 0x83) 22:28:31 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x400000000e) ioctl$FIBMAP(0xffffffffffffffff, 0x1, &(0x7f0000000080)=0x7fffffff) ioctl$PIO_UNISCRNMAP(r0, 0x5412, &(0x7f00000000c0)) 22:28:31 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)) 22:28:31 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000000004, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:31 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(seed)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000012c0), 0x0, &(0x7f0000001300)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa) r3 = getpgrp(0xffffffffffffffff) ptrace$getenv(0x4201, r3, 0x5, &(0x7f0000000000)) recvmsg(r1, &(0x7f0000001480)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f00000002c0)=""/4096, 0x34000}], 0x1, &(0x7f0000001400)=""/123, 0x7b}, 0x0) 22:28:31 executing program 1: r0 = gettid() r1 = syz_open_procfs(r0, &(0x7f0000000700)="636c6561725f7248dc243e05de65667300220f172c03a9aac1e7e3b207ab07100f6d156ca165101a0a3b3625c847d67ae983339510dc9f74b6d0fc3ebddc83e0c46968bc029c20d24eb3261a0606f515190bdff6fec92258892f19db9d3806bc55e103cdea76e9c01b12e9d82cdb822fe68d4a502bb2982ecf5fbc76d6e9ccc7ae3f99faef9676fccc7a13d5e467747e371b5c03dc16b8b34f434af8d2e5e4309b089d2d1a00a0dfb02ad8e1822270839d8b2aae64dc0b36b96e00007100000000ef69cfd13cd5e186fdb82233a31a6e7a15ee6f9c88ec1044f050e4110e8dd6dfeeef66911a82df90adfc73cc6e9a1d6da94421452ec9c7bc4e90b8831940b870b0ed84b2cd5f7fb8504ab9c2b1b1a0a0987c6ea20ec8c17a0964d206e79de077fb28987d08098b1135b91e7ff4fa0a22bfd63c5a9f0246b996c0651f5b30a6b29781a5f49720ba10658378100e34c8d8012d191fedb7277608f30dc9d79ea51a9b9b1f68c2c55fbc6e26ff3d") pread64(r1, &(0x7f0000e3e000)=""/8, 0x8, 0x800002000000) 22:28:31 executing program 2 (fault-call:1 fault-nth:17): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) 22:28:31 executing program 1: r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x800, 0x0) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x74, &(0x7f0000000040)=""/178, &(0x7f0000000100)=0xb2) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r3 = socket$inet(0x2, 0x2, 0x2000000088) bind(r3, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) setsockopt$inet_udp_int(r3, 0x11, 0xa, &(0x7f0000000000)=0x1, 0x4) recvmsg(r3, &(0x7f0000000400)={&(0x7f0000f10000)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, 0x80, &(0x7f0000001680), 0x0, &(0x7f0000000100)=""/79, 0x4f}, 0x4000003e) sendto$inet(r3, &(0x7f0000000200)='X', 0x1, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") fanotify_init(0x28, 0x0) [ 123.273086] FAULT_INJECTION: forcing a failure. [ 123.273086] name failslab, interval 1, probability 0, space 0, times 0 [ 123.284378] CPU: 0 PID: 8105 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 123.292694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 123.302045] Call Trace: [ 123.304646] dump_stack+0x1c9/0x2b4 [ 123.308287] ? dump_stack_print_info.cold.2+0x52/0x52 [ 123.313490] ? __kernel_text_address+0xd/0x40 [ 123.317992] ? unwind_get_return_address+0x61/0xa0 [ 123.322939] should_fail.cold.4+0xa/0x11 [ 123.327010] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 123.332124] ? save_stack+0xa9/0xd0 [ 123.335755] ? save_stack+0x43/0xd0 [ 123.339384] ? kasan_kmalloc+0xc4/0xe0 [ 123.343274] ? kmem_cache_alloc_trace+0x152/0x780 [ 123.348116] ? sctp_add_bind_addr+0x101/0x4b0 [ 123.352606] ? sctp_copy_local_addr_list+0x499/0x690 [ 123.357704] ? sctp_copy_one_addr+0x5d/0x170 [ 123.362103] ? sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 123.367805] ? sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 123.372637] ? sctp_sendmsg+0x18a2/0x1d90 [ 123.376785] ? inet_sendmsg+0x1a1/0x690 [ 123.380746] ? sock_sendmsg+0xd5/0x120 [ 123.384624] ? ___sys_sendmsg+0x51d/0x930 [ 123.388757] ? __sys_sendmmsg+0x240/0x6f0 [ 123.392890] ? __x64_sys_sendmmsg+0x9d/0x100 [ 123.397301] ? do_syscall_64+0x1b9/0x820 [ 123.401352] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 123.406708] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 123.412231] ? _extract_crng+0x23b/0x320 [ 123.416283] ? lock_acquire+0x1e4/0x540 [ 123.420253] ? _crng_backtrack_protect+0x108/0x150 [ 123.425168] ? lock_downgrade+0x8f0/0x8f0 [ 123.429308] ? lock_acquire+0x1e4/0x540 [ 123.433271] ? sctp_bind_addr_state+0x292/0x480 [ 123.437930] ? lock_downgrade+0x8f0/0x8f0 [ 123.442085] ? kasan_unpoison_shadow+0x35/0x50 [ 123.446656] __should_failslab+0x124/0x180 [ 123.450879] should_failslab+0x9/0x14 [ 123.454667] kmem_cache_alloc_trace+0x4b/0x780 [ 123.459240] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 123.464416] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 123.469421] sctp_add_bind_addr+0x101/0x4b0 [ 123.473728] ? sctp_bind_addr_free+0x20/0x20 [ 123.478125] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 123.483300] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 123.488821] ? sctp_v4_scope+0x19b/0x1c0 [ 123.492867] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 123.498043] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 123.503049] sctp_copy_local_addr_list+0x499/0x690 [ 123.507969] ? sctp_defaults_init+0xe70/0xe70 [ 123.512452] ? get_random_bytes+0x34/0x40 [ 123.516586] ? sctp_association_new+0x1aab/0x2290 [ 123.521422] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 123.526598] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 123.532122] sctp_copy_one_addr+0x5d/0x170 [ 123.536341] ? sctp_copy_one_addr+0x5d/0x170 [ 123.540739] sctp_bind_addr_copy+0x173/0x47c [ 123.545138] ? sctp_copy_one_addr+0x170/0x170 [ 123.549619] ? sctp_autobind+0x16d/0x1f0 [ 123.553670] ? sctp_do_bind+0x5f0/0x5f0 [ 123.557635] sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 123.563159] ? security_sctp_bind_connect+0x99/0xc0 [ 123.568165] sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 123.572823] ? lock_acquire+0x1e4/0x540 [ 123.576784] ? sctp_sendmsg+0x1278/0x1d90 [ 123.580925] ? sctp_autobind+0x1f0/0x1f0 [ 123.584973] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 123.589544] ? kasan_check_write+0x14/0x20 [ 123.593766] ? lock_sock_nested+0x9f/0x120 [ 123.597984] ? trace_hardirqs_on+0xd/0x10 [ 123.602119] ? __local_bh_enable_ip+0x161/0x230 [ 123.606788] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 123.612310] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 123.617488] sctp_sendmsg+0x18a2/0x1d90 [ 123.621445] ? do_raw_spin_unlock+0xa7/0x2f0 [ 123.625857] ? sctp_id2assoc+0x3e0/0x3e0 [ 123.629911] ? _raw_spin_unlock_bh+0x30/0x40 [ 123.634305] ? __release_sock+0x3a0/0x3a0 [ 123.638449] inet_sendmsg+0x1a1/0x690 [ 123.642238] ? copy_msghdr_from_user+0x340/0x580 [ 123.646979] ? ipip_gro_receive+0x100/0x100 [ 123.651285] ? move_addr_to_kernel.part.20+0x100/0x100 [ 123.656553] ? security_socket_sendmsg+0x94/0xc0 [ 123.661296] ? ipip_gro_receive+0x100/0x100 [ 123.665602] sock_sendmsg+0xd5/0x120 [ 123.669302] ___sys_sendmsg+0x51d/0x930 [ 123.673263] ? __check_object_size+0x9d/0x5f2 [ 123.677746] ? copy_msghdr_from_user+0x580/0x580 [ 123.682487] ? lock_acquire+0x1e4/0x540 [ 123.686453] ? __fget_light+0x2f7/0x440 [ 123.690411] ? fget_raw+0x20/0x20 [ 123.693861] ? proc_fail_nth_write+0x9e/0x210 [ 123.698355] ? proc_cwd_link+0x1d0/0x1d0 [ 123.702407] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 123.707930] ? sockfd_lookup_light+0xc5/0x160 [ 123.712412] __sys_sendmmsg+0x240/0x6f0 [ 123.716390] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 123.720697] ? fsnotify_first_mark+0x350/0x350 [ 123.725262] ? __fsnotify_parent+0xcc/0x420 [ 123.729580] ? fsnotify+0x14e0/0x14e0 [ 123.733377] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 123.738903] ? fput+0x130/0x1a0 [ 123.742167] ? ksys_write+0x1ae/0x260 [ 123.745967] ? __ia32_sys_read+0xb0/0xb0 [ 123.750026] __x64_sys_sendmmsg+0x9d/0x100 [ 123.754251] do_syscall_64+0x1b9/0x820 [ 123.758124] ? finish_task_switch+0x1d3/0x870 [ 123.762604] ? syscall_return_slowpath+0x5e0/0x5e0 [ 123.767520] ? syscall_return_slowpath+0x31d/0x5e0 [ 123.772436] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 123.777437] ? prepare_exit_to_usermode+0x291/0x3b0 [ 123.782436] ? perf_trace_sys_enter+0xb10/0xb10 [ 123.787092] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 123.791926] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 123.797101] RIP: 0033:0x455e29 [ 123.800270] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 22:28:31 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = syz_open_procfs(0x0, &(0x7f0000d09fe9)='smaps\x00') pread64(r1, &(0x7f0000e3e000)=""/8, 0x8, 0x100000) readv(r0, &(0x7f00000013c0)=[{&(0x7f00000002c0)=""/4096, 0x1000}, {&(0x7f0000000180)=""/246, 0xf6}, {&(0x7f00000012c0)=""/207, 0xcf}], 0x3) set_tid_address(&(0x7f0000001400)) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000140)={r1, &(0x7f0000000000)="6316b976352862a866ebbec79f218919592d9bdf33c171571f11ff9b1afd7e547ccdda94165c4bf6b046114941324445e6eb88feb4c1a019b39c84331372658b04fb76593eb112faabaae65f968cf594d962c54f9ca2f907f74644401d69720c24e615f9e882ee8ddf65a90543a77b32b6b5b893a2356f6fb9f785219340aa687fa0266f4be05a241a74677b77394211ba0090c487a74f4bdc03", &(0x7f00000000c0)=""/98}, 0x18) 22:28:31 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)) [ 123.819540] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 123.827234] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 123.834486] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 [ 123.841738] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 123.848991] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 123.856256] R13: 00000000004c111c R14: 00000000004d1558 R15: 0000000000000011 22:28:31 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000ec0200, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:31 executing program 4: r0 = socket$netlink(0x10, 0x3, 0xf) sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000023ff0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000002000ff8a00000000000000000800000008000100040000004fb7c564f0707b8c2efebbfeba2cce558d465da8e4613393e6fde2095f7131a63e4b4a3d384e5696e47f576d9fd36d4564a28fb731732c5aa900abce89cb81a3fe28f4b0183ad1ed0035fcd3cf73b97cf9037254c9ee3135979634d52b48614015da7c92d05c288b14053b3de83c2e99f6cb84b90c567964e37289e2977a297d4c8555dfbeb1a1c3977aeb4edf1d55770b3b3ebc549e9be292ea302e2e0107d32f951c78508366e895db67e0ec5ba91aa4a6ed2860f37ed780a576e9f448a577303bfeb131bb"], 0x1c}, 0x1}, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x82, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r1, 0xc0bc5310, &(0x7f0000000180)) timerfd_settime(r1, 0x1, &(0x7f0000000240)={{0x77359400}}, &(0x7f0000000280)) 22:28:31 executing program 2 (fault-call:1 fault-nth:18): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) 22:28:31 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc000000006c0200, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:31 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a004") [ 123.991589] FAULT_INJECTION: forcing a failure. [ 123.991589] name failslab, interval 1, probability 0, space 0, times 0 [ 124.002998] CPU: 0 PID: 8139 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 124.011321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 124.020677] Call Trace: [ 124.023280] dump_stack+0x1c9/0x2b4 [ 124.026924] ? dump_stack_print_info.cold.2+0x52/0x52 [ 124.032125] ? __kernel_text_address+0xd/0x40 [ 124.038265] ? unwind_get_return_address+0x61/0xa0 [ 124.043191] should_fail.cold.4+0xa/0x11 [ 124.047243] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 124.052336] ? save_stack+0xa9/0xd0 [ 124.055952] ? save_stack+0x43/0xd0 [ 124.059562] ? kasan_kmalloc+0xc4/0xe0 [ 124.063438] ? kmem_cache_alloc_trace+0x152/0x780 [ 124.068271] ? sctp_add_bind_addr+0x101/0x4b0 [ 124.072764] ? sctp_copy_local_addr_list+0x499/0x690 [ 124.077855] ? sctp_copy_one_addr+0x5d/0x170 [ 124.082247] ? sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 124.087943] ? sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 124.092773] ? sctp_sendmsg+0x18a2/0x1d90 [ 124.096903] ? inet_sendmsg+0x1a1/0x690 [ 124.100866] ? sock_sendmsg+0xd5/0x120 [ 124.104739] ? ___sys_sendmsg+0x51d/0x930 [ 124.108876] ? __sys_sendmmsg+0x240/0x6f0 [ 124.113011] ? __x64_sys_sendmmsg+0x9d/0x100 [ 124.117407] ? do_syscall_64+0x1b9/0x820 [ 124.121453] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 124.126809] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 124.132347] ? _extract_crng+0x23b/0x320 [ 124.136408] ? lock_acquire+0x1e4/0x540 [ 124.140370] ? _crng_backtrack_protect+0x108/0x150 [ 124.145285] ? lock_downgrade+0x8f0/0x8f0 [ 124.149514] ? lock_acquire+0x1e4/0x540 [ 124.153475] ? sctp_bind_addr_state+0x292/0x480 [ 124.158127] ? lock_downgrade+0x8f0/0x8f0 [ 124.162263] ? kasan_unpoison_shadow+0x35/0x50 [ 124.166830] __should_failslab+0x124/0x180 [ 124.171060] should_failslab+0x9/0x14 [ 124.174859] kmem_cache_alloc_trace+0x4b/0x780 [ 124.179428] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 124.184602] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 124.189608] sctp_add_bind_addr+0x101/0x4b0 [ 124.193917] ? sctp_bind_addr_free+0x20/0x20 [ 124.198312] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 124.203486] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 124.209011] ? sctp_v4_scope+0x19b/0x1c0 [ 124.213062] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 124.218244] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 124.223250] sctp_copy_local_addr_list+0x499/0x690 [ 124.228177] ? sctp_defaults_init+0xe70/0xe70 [ 124.232662] ? get_random_bytes+0x34/0x40 [ 124.236797] ? sctp_association_new+0x1aab/0x2290 [ 124.241634] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 124.246810] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 124.252336] sctp_copy_one_addr+0x5d/0x170 [ 124.256555] ? sctp_copy_one_addr+0x5d/0x170 [ 124.260953] sctp_bind_addr_copy+0x173/0x47c [ 124.265351] ? sctp_copy_one_addr+0x170/0x170 [ 124.269831] ? sctp_autobind+0x16d/0x1f0 [ 124.273882] ? sctp_do_bind+0x5f0/0x5f0 [ 124.277855] sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 124.283376] ? security_sctp_bind_connect+0x99/0xc0 [ 124.288382] sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 124.293038] ? lock_acquire+0x1e4/0x540 [ 124.296996] ? sctp_sendmsg+0x1278/0x1d90 [ 124.301138] ? sctp_autobind+0x1f0/0x1f0 [ 124.305184] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 124.309754] ? kasan_check_write+0x14/0x20 [ 124.313975] ? lock_sock_nested+0x9f/0x120 [ 124.318196] ? trace_hardirqs_on+0xd/0x10 [ 124.322327] ? __local_bh_enable_ip+0x161/0x230 [ 124.326985] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 124.332508] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 124.337696] sctp_sendmsg+0x18a2/0x1d90 [ 124.341657] ? do_raw_spin_unlock+0xa7/0x2f0 [ 124.346054] ? sctp_id2assoc+0x3e0/0x3e0 [ 124.350102] ? _raw_spin_unlock_bh+0x30/0x40 [ 124.354496] ? __release_sock+0x3a0/0x3a0 [ 124.358637] inet_sendmsg+0x1a1/0x690 [ 124.362422] ? copy_msghdr_from_user+0x340/0x580 [ 124.367162] ? ipip_gro_receive+0x100/0x100 [ 124.371468] ? move_addr_to_kernel.part.20+0x100/0x100 [ 124.376742] ? security_socket_sendmsg+0x94/0xc0 [ 124.381479] ? ipip_gro_receive+0x100/0x100 [ 124.385786] sock_sendmsg+0xd5/0x120 [ 124.389487] ___sys_sendmsg+0x51d/0x930 [ 124.393461] ? __check_object_size+0x9d/0x5f2 [ 124.397955] ? copy_msghdr_from_user+0x580/0x580 [ 124.402699] ? lock_acquire+0x1e4/0x540 [ 124.406671] ? __fget_light+0x2f7/0x440 [ 124.410629] ? fget_raw+0x20/0x20 [ 124.414075] ? proc_fail_nth_write+0x9e/0x210 [ 124.418554] ? proc_cwd_link+0x1d0/0x1d0 [ 124.422610] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 124.428130] ? sockfd_lookup_light+0xc5/0x160 [ 124.432611] __sys_sendmmsg+0x240/0x6f0 [ 124.436577] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 124.440886] ? fsnotify_first_mark+0x350/0x350 [ 124.445458] ? __fsnotify_parent+0xcc/0x420 [ 124.449767] ? fsnotify+0x14e0/0x14e0 [ 124.453564] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 124.459085] ? fput+0x130/0x1a0 [ 124.462350] ? ksys_write+0x1ae/0x260 [ 124.466136] ? __ia32_sys_read+0xb0/0xb0 [ 124.470297] ? syscall_slow_exit_work+0x500/0x500 [ 124.475128] __x64_sys_sendmmsg+0x9d/0x100 [ 124.479350] do_syscall_64+0x1b9/0x820 [ 124.483220] ? finish_task_switch+0x1d3/0x870 [ 124.487699] ? syscall_return_slowpath+0x5e0/0x5e0 [ 124.492612] ? syscall_return_slowpath+0x31d/0x5e0 [ 124.497527] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 124.503920] ? prepare_exit_to_usermode+0x291/0x3b0 [ 124.508925] ? perf_trace_sys_enter+0xb10/0xb10 [ 124.513584] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 124.518417] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 124.523590] RIP: 0033:0x455e29 22:28:32 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000cd0000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000f85000)={0x2, 0x1, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [0xff, 0xff], @multicast2=0xe0000002}}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [0xff, 0xff], @broadcast=0xffffffff}}}]}, 0x60}, 0x1}, 0x0) r1 = accept$unix(0xffffffffffffff9c, &(0x7f0000000700)=@abs, &(0x7f0000000780)=0x6e) accept$unix(r1, &(0x7f00000007c0), &(0x7f0000000840)=0x6e) [ 124.526761] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 124.546042] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 124.553735] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 124.560988] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 [ 124.568243] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 124.575506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 124.582769] R13: 00000000004c111c R14: 00000000004d1558 R15: 0000000000000012 22:28:32 executing program 6: r0 = socket(0xa, 0x1, 0x0) getsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000140), 0x10) setsockopt$inet_int(r0, 0x0, 0xc, &(0x7f0000000040)=0xc, 0x4) getsockopt$inet_opts(r0, 0x0, 0x9, &(0x7f00000002c0)=""/249, &(0x7f0000000000)=0xf9) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000080)={'security\x00'}, &(0x7f0000000100)=0x54) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0) 22:28:32 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000001200, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:32 executing program 2 (fault-call:1 fault-nth:19): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) 22:28:32 executing program 1: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu\x00', 0x200002, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000080), 0x3) 22:28:32 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a004") 22:28:32 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8000000008911, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)="2f007e574d000330809022cfde26555dc9ecfe1974406edad38364782d63b6612854b9e49dbdcaef718197e37e870a308b1e3a798fa788a46d3025ef933e51828ab675064e2adbe9126423b4a73d68fbe99c6db2f160d49cb6cce76c27289a4f9d097354aaa5860d2383df87526baa184d90bb7729366c17bc33d765e9bc2f882a13f3a9c1f60660bd4fd2fa31d2c0a775242289bce062d10d24ded5406918a66b2c75c43fe1ff458ae5cd9fec63039ba5a7b66a60ede5ccdabc7ee77660ef2358ccdff02226021384b0c235f114ed9ade92767aecc256acdeb610df42e7169f240357f735ae5fe29017e51e27252f48b95bfbbb3a865535298bdc36d71db635f41c57771db77aeaff883feb3dc3cc24bd3c036e396ad3af37945058839e812270bc40901fa654e7cc3292a82fc80c374dc07142a1c2e9d3e2528e4fdac32bcaefe910ebd3b948a3bfebef5fa8d82473c7fbf3ec", 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)="2f007e574d000330809022cfde26555dc9ecfe1974406edad38364782d63b6612854b9e49dbdcaef718197e37e870a308b1e3a798fa788a46d3025ef933e51828ab675064e2adbe9126423b4a73d68fbe99c6db2f160d49cb6cce76c27289a4f9d097354aaa5860d2383df87526baa184d90bb7729366c17bc33d765e9bc2f882a13f3a9c1f60660bd4fd2fa31d2c0a775242289bce062d10d24ded5406918a66b2c75c43fe1ff458ae5cd9fec63039ba5a7b66a60ede5ccdabc7ee77660ef2358ccdff02226021384b0c235f114ed9ade92767aecc256acdeb610df42e7169f240357f735ae5fe29017e51e27252f48b95bfbbb3a865535298bdc36d71db635f41c57771db77aeaff883feb3dc3cc24bd3c036e396ad3af37945058839e812270bc40901fa654e7cc3292a82fc80c374dc07142a1c2e9d3e2528e4fdac32bcaefe910ebd3b948a3bfebef5fa8d82473c7fbf3ec", 0x0, 0x0) fcntl$notify(r2, 0x402, 0x1) close(r1) socket$bt_rfcomm(0x1f, 0x1, 0x3) 22:28:32 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000640)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000600)={'ip_vti0\x00', 0x10000000201a}) close(r1) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x1, 0x0) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000040)={0x0, 0x1}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, &(0x7f00000000c0)={r3, 0x400000000}, 0x8) 22:28:32 executing program 1: mkdir(&(0x7f00000000c0)='./control\x00', 0x0) r0 = open(&(0x7f0000021000)='./control\x00', 0x0, 0x0) mknodat(r0, &(0x7f0000000080)='./control\x00', 0x1102, 0x0) accept$unix(r0, &(0x7f0000000100)=@abs, &(0x7f0000000040)=0x6e) faccessat(r0, &(0x7f0000000000)='./control\x00', 0x2, 0x0) [ 124.898497] FAULT_INJECTION: forcing a failure. [ 124.898497] name failslab, interval 1, probability 0, space 0, times 0 [ 124.909810] CPU: 0 PID: 8187 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 124.918138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 124.927487] Call Trace: [ 124.930083] dump_stack+0x1c9/0x2b4 [ 124.933711] ? dump_stack_print_info.cold.2+0x52/0x52 [ 124.938899] ? __kernel_text_address+0xd/0x40 [ 124.943388] ? unwind_get_return_address+0x61/0xa0 [ 124.948315] should_fail.cold.4+0xa/0x11 [ 124.952366] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 124.957459] ? save_stack+0xa9/0xd0 [ 124.961073] ? save_stack+0x43/0xd0 [ 124.964686] ? kasan_kmalloc+0xc4/0xe0 [ 124.968560] ? kmem_cache_alloc_trace+0x152/0x780 [ 124.973390] ? sctp_add_bind_addr+0x101/0x4b0 [ 124.977871] ? sctp_copy_local_addr_list+0x499/0x690 [ 124.983020] ? sctp_copy_one_addr+0x5d/0x170 [ 124.987415] ? sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 124.993122] ? sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 124.997961] ? sctp_sendmsg+0x18a2/0x1d90 [ 125.002097] ? inet_sendmsg+0x1a1/0x690 [ 125.006059] ? sock_sendmsg+0xd5/0x120 [ 125.009941] ? ___sys_sendmsg+0x51d/0x930 [ 125.014075] ? __sys_sendmmsg+0x240/0x6f0 [ 125.018211] ? __x64_sys_sendmmsg+0x9d/0x100 [ 125.022610] ? do_syscall_64+0x1b9/0x820 [ 125.026658] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 125.032017] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 125.037546] ? _extract_crng+0x23b/0x320 [ 125.041612] ? lock_acquire+0x1e4/0x540 [ 125.045591] ? _crng_backtrack_protect+0x108/0x150 [ 125.050507] ? lock_downgrade+0x8f0/0x8f0 [ 125.054648] ? lock_acquire+0x1e4/0x540 [ 125.058611] ? sctp_bind_addr_state+0x292/0x480 [ 125.063279] ? lock_downgrade+0x8f0/0x8f0 [ 125.067414] ? kasan_unpoison_shadow+0x35/0x50 [ 125.071985] __should_failslab+0x124/0x180 [ 125.076210] should_failslab+0x9/0x14 [ 125.079996] kmem_cache_alloc_trace+0x4b/0x780 [ 125.084571] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 125.089747] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 125.094755] sctp_add_bind_addr+0x101/0x4b0 [ 125.099069] ? sctp_bind_addr_free+0x20/0x20 [ 125.103467] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 125.108643] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 125.114174] ? sctp_v4_scope+0x19b/0x1c0 [ 125.118224] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 125.123400] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 125.128404] sctp_copy_local_addr_list+0x499/0x690 [ 125.133323] ? sctp_defaults_init+0xe70/0xe70 [ 125.137806] ? get_random_bytes+0x34/0x40 [ 125.141943] ? sctp_association_new+0x1aab/0x2290 [ 125.146782] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 125.151969] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 125.157492] sctp_copy_one_addr+0x5d/0x170 [ 125.161716] ? sctp_copy_one_addr+0x5d/0x170 [ 125.166112] sctp_bind_addr_copy+0x173/0x47c [ 125.170509] ? sctp_copy_one_addr+0x170/0x170 [ 125.174990] ? sctp_autobind+0x16d/0x1f0 [ 125.179041] ? sctp_do_bind+0x5f0/0x5f0 [ 125.183006] sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 125.188535] ? security_sctp_bind_connect+0x99/0xc0 [ 125.193542] sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 125.198196] ? lock_acquire+0x1e4/0x540 [ 125.202165] ? sctp_sendmsg+0x1278/0x1d90 [ 125.206306] ? sctp_autobind+0x1f0/0x1f0 [ 125.210376] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 125.214951] ? kasan_check_write+0x14/0x20 [ 125.219189] ? lock_sock_nested+0x9f/0x120 [ 125.223419] ? trace_hardirqs_on+0xd/0x10 [ 125.227553] ? __local_bh_enable_ip+0x161/0x230 [ 125.232217] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 125.237743] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 125.242926] sctp_sendmsg+0x18a2/0x1d90 [ 125.246889] ? do_raw_spin_unlock+0xa7/0x2f0 [ 125.251287] ? sctp_id2assoc+0x3e0/0x3e0 [ 125.255337] ? _raw_spin_unlock_bh+0x30/0x40 [ 125.259731] ? __release_sock+0x3a0/0x3a0 [ 125.263880] inet_sendmsg+0x1a1/0x690 [ 125.267664] ? copy_msghdr_from_user+0x340/0x580 [ 125.272406] ? ipip_gro_receive+0x100/0x100 [ 125.276724] ? move_addr_to_kernel.part.20+0x100/0x100 [ 125.282008] ? security_socket_sendmsg+0x94/0xc0 [ 125.286753] ? ipip_gro_receive+0x100/0x100 [ 125.291070] sock_sendmsg+0xd5/0x120 [ 125.294771] ___sys_sendmsg+0x51d/0x930 [ 125.298750] ? __check_object_size+0x9d/0x5f2 [ 125.303235] ? copy_msghdr_from_user+0x580/0x580 [ 125.307978] ? lock_acquire+0x1e4/0x540 [ 125.311947] ? __fget_light+0x2f7/0x440 [ 125.315906] ? fget_raw+0x20/0x20 [ 125.319355] ? proc_fail_nth_write+0x9e/0x210 [ 125.323844] ? proc_cwd_link+0x1d0/0x1d0 [ 125.327905] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 125.333426] ? sockfd_lookup_light+0xc5/0x160 [ 125.337907] __sys_sendmmsg+0x240/0x6f0 [ 125.341874] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 125.346186] ? fsnotify_first_mark+0x350/0x350 [ 125.350756] ? __fsnotify_parent+0xcc/0x420 [ 125.355070] ? fsnotify+0x14e0/0x14e0 [ 125.358868] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 125.364389] ? fput+0x130/0x1a0 [ 125.367653] ? ksys_write+0x1ae/0x260 [ 125.371451] ? __ia32_sys_read+0xb0/0xb0 [ 125.375505] __x64_sys_sendmmsg+0x9d/0x100 [ 125.379730] do_syscall_64+0x1b9/0x820 [ 125.383609] ? syscall_return_slowpath+0x5e0/0x5e0 [ 125.388525] ? syscall_return_slowpath+0x31d/0x5e0 [ 125.393440] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 125.398441] ? prepare_exit_to_usermode+0x291/0x3b0 [ 125.403443] ? perf_trace_sys_enter+0xb10/0xb10 [ 125.408106] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 125.412938] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 125.418117] RIP: 0033:0x455e29 [ 125.421286] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 125.440570] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 22:28:33 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) socket$inet6_sctp(0xa, 0x1, 0x84) listen(r0, 0x4) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000000340)={0x2, 0x4e23}, 0x10) sendmmsg(r1, &(0x7f00000012c0)=[{{&(0x7f00000004c0)=@alg={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-avx\x00'}, 0x80, &(0x7f0000000780), 0x0, &(0x7f00000007c0)}}, {{&(0x7f0000000d80)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback={0x0, 0x1}}}}, 0x80, &(0x7f0000000ec0), 0x0, &(0x7f0000000f00)=ANY=[@ANYBLOB="10590400000000000d01000000000000"], 0x10}}], 0x2, 0x0) 22:28:33 executing program 4: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f00000002c0)={&(0x7f0000000400)=@allocspi={0xf8, 0x16, 0x0, 0x0, 0x0, {{{@in=@rand_addr, @in=@dev={0xac, 0x14, 0x14}}, {@in6=@mcast2={0xff, 0x2, [], 0x1}}, @in6=@dev={0xfe, 0x80}}}}, 0xf8}, 0x1}, 0x0) prctl$getreaper(0x19, &(0x7f0000000080)) 22:28:33 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a004") 22:28:33 executing program 0: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000080)={0x0, 0x0}) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r3 = inotify_init1(0x0) r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000001cc0)='/dev/sequencer\x00', 0x80, 0x0) setsockopt$packet_int(r4, 0x107, 0x1f, &(0x7f0000001d00)=0x3ff, 0x4) fcntl$setown(r3, 0x8, 0xffffffffffffffff) fcntl$getownex(r3, 0x10, &(0x7f0000000240)={0x0, 0x0}) ptrace$setopts(0x4206, r5, 0x0, 0x0) ptrace(0x4207, r5) ptrace$setopts(0x4203, r1, 0x0, 0x70a000) 22:28:33 executing program 6: r0 = inotify_init() mkdir(&(0x7f0000000180)='./control\x00', 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./control\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c}) ioctl$BLKFLSBUF(r1, 0x1261, &(0x7f0000000000)) 22:28:33 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv4_newrule={0x4c, 0x20, 0x201, 0x0, 0x0, {0x2, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}, [@FRA_FLOW={0x8, 0xb}, @FRA_GENERIC_POLICY=@FRA_OIFNAME={0x14, 0x11, 'ifb0\x00'}, @FRA_DST={0x8, 0x1, @multicast1=0xe0000001}, @FRA_GENERIC_POLICY=@FRA_SUPPRESS_IFGROUP={0x8, 0xd}]}, 0x4c}, 0x1}, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x200000, 0x0) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000240)=0x0) get_robust_list(r2, &(0x7f00000003c0)=&(0x7f0000000380)={&(0x7f00000002c0)={&(0x7f0000000280)}, 0x0, &(0x7f0000000340)={&(0x7f0000000300)}}, &(0x7f0000000400)=0x18) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r1, 0xc08c5335, &(0x7f0000000180)={0x500, 0x1, 0x1, 'queue0\x00', 0x20}) [ 125.448263] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 125.455514] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 [ 125.462769] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 125.470035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 125.477299] R13: 00000000004c111c R14: 00000000004d1558 R15: 0000000000000013 22:28:33 executing program 2 (fault-call:1 fault-nth:20): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) 22:28:33 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc0000000001cc00, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:33 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040a") 22:28:33 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000040)={0x1f, {0xffffffff7ffffdff, 0x4, 0xe2d, 0x2, 0x0, 0xfffffffffffffffc}}, 0xa) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x2, 0x18, 0xfa00}, 0x20) [ 125.576794] FAULT_INJECTION: forcing a failure. [ 125.576794] name failslab, interval 1, probability 0, space 0, times 0 [ 125.588053] CPU: 0 PID: 8210 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 125.596369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 125.605729] Call Trace: [ 125.608339] dump_stack+0x1c9/0x2b4 [ 125.611982] ? dump_stack_print_info.cold.2+0x52/0x52 [ 125.617179] ? __kernel_text_address+0xd/0x40 [ 125.621686] ? unwind_get_return_address+0x61/0xa0 22:28:33 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes-generic)\x00'}, 0x58) r1 = accept4(r0, 0x0, &(0x7f0000000100), 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000280)={0x2, &(0x7f0000000240)=[{0x0, 0x0, 0x0, @broadcast}, {0x0, 0x0, 0x0, @remote}]}) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000340)="ad56b6c5820faea8bf1ff1b33820049d6dcd3292ea54c7be", 0x18) sendto$unix(r1, &(0x7f0000000080), 0x127, 0x0, 0x0, 0x0) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000400)=""/4096, &(0x7f0000000000)=""/25, &(0x7f0000000040)=""/106, 0x6000}) recvfrom$unix(r1, &(0x7f0000000140)=""/220, 0xdc, 0x0, &(0x7f00000002c0)=@abs, 0x70a000) [ 125.626643] should_fail.cold.4+0xa/0x11 [ 125.630708] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 125.635825] ? save_stack+0xa9/0xd0 [ 125.639457] ? save_stack+0x43/0xd0 [ 125.643087] ? kasan_kmalloc+0xc4/0xe0 [ 125.646979] ? kmem_cache_alloc_trace+0x152/0x780 [ 125.651833] ? sctp_add_bind_addr+0x101/0x4b0 [ 125.656326] ? sctp_copy_local_addr_list+0x499/0x690 [ 125.661412] ? sctp_copy_one_addr+0x5d/0x170 [ 125.665816] ? sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 125.671519] ? sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 125.676358] ? sctp_sendmsg+0x18a2/0x1d90 [ 125.680489] ? inet_sendmsg+0x1a1/0x690 [ 125.684452] ? sock_sendmsg+0xd5/0x120 [ 125.688322] ? ___sys_sendmsg+0x51d/0x930 [ 125.692449] ? __sys_sendmmsg+0x240/0x6f0 [ 125.696582] ? __x64_sys_sendmmsg+0x9d/0x100 [ 125.700972] ? do_syscall_64+0x1b9/0x820 [ 125.705028] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 125.710398] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 125.715923] ? _extract_crng+0x23b/0x320 [ 125.719980] ? lock_acquire+0x1e4/0x540 [ 125.723939] ? kmem_cache_alloc_trace+0x567/0x780 [ 125.728776] ? lock_downgrade+0x8f0/0x8f0 [ 125.732916] ? lock_acquire+0x1e4/0x540 [ 125.736874] ? sctp_bind_addr_state+0x292/0x480 [ 125.741523] ? lock_downgrade+0x8f0/0x8f0 [ 125.745652] ? kasan_unpoison_shadow+0x35/0x50 [ 125.750215] __should_failslab+0x124/0x180 [ 125.754432] should_failslab+0x9/0x14 [ 125.758217] kmem_cache_alloc_trace+0x4b/0x780 [ 125.762796] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 125.767982] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 125.772985] sctp_add_bind_addr+0x101/0x4b0 [ 125.777293] ? sctp_bind_addr_free+0x20/0x20 [ 125.781683] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 125.786857] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 125.792374] ? sctp_v4_scope+0x19b/0x1c0 [ 125.796415] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 125.801588] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 125.806585] sctp_copy_local_addr_list+0x499/0x690 [ 125.811509] ? sctp_defaults_init+0xe70/0xe70 [ 125.816000] ? get_random_bytes+0x34/0x40 [ 125.820146] ? sctp_association_new+0x1aab/0x2290 [ 125.824972] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 125.830153] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 125.835683] sctp_copy_one_addr+0x5d/0x170 [ 125.839913] ? sctp_copy_one_addr+0x5d/0x170 [ 125.844322] sctp_bind_addr_copy+0x173/0x47c [ 125.848722] ? sctp_copy_one_addr+0x170/0x170 [ 125.853199] ? sctp_autobind+0x16d/0x1f0 [ 125.857241] ? sctp_do_bind+0x5f0/0x5f0 [ 125.861195] sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 125.866713] ? security_sctp_bind_connect+0x99/0xc0 [ 125.871716] sctp_sendmsg_new_asoc+0x3c4/0x1200 22:28:33 executing program 4: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x403e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fsetxattr(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="62747266732e2f6465762fe8bb88c1225e"], &(0x7f00000000c0)="2a656d31823a00", 0x7, 0x0) 22:28:33 executing program 0: socketpair$unix(0x1, 0x2001040000000000, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000000c0)=0x0) ptrace$cont(0x9, r2, 0x7, 0x5) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x28, 0x0, 0x0, 0xfffffffffffff010}, {0x7ffbffff, 0x0, 0x0, 0xffffffffffffffff}]}, 0x10) write(r1, &(0x7f0000000080), 0x383) [ 125.876372] ? lock_acquire+0x1e4/0x540 [ 125.880333] ? sctp_sendmsg+0x1278/0x1d90 [ 125.884469] ? sctp_autobind+0x1f0/0x1f0 [ 125.888513] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 125.893075] ? kasan_check_write+0x14/0x20 [ 125.897301] ? lock_sock_nested+0x9f/0x120 [ 125.901537] ? trace_hardirqs_on+0xd/0x10 [ 125.905692] ? __local_bh_enable_ip+0x161/0x230 [ 125.910363] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 125.915923] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 125.921110] sctp_sendmsg+0x18a2/0x1d90 [ 125.925092] ? do_raw_spin_unlock+0xa7/0x2f0 [ 125.929494] ? sctp_id2assoc+0x3e0/0x3e0 [ 125.933545] ? _raw_spin_unlock_bh+0x30/0x40 [ 125.937942] ? __release_sock+0x3a0/0x3a0 [ 125.942095] inet_sendmsg+0x1a1/0x690 [ 125.945896] ? copy_msghdr_from_user+0x340/0x580 [ 125.950636] ? ipip_gro_receive+0x100/0x100 [ 125.954943] ? move_addr_to_kernel.part.20+0x100/0x100 [ 125.960211] ? security_socket_sendmsg+0x94/0xc0 [ 125.964965] ? ipip_gro_receive+0x100/0x100 [ 125.969285] sock_sendmsg+0xd5/0x120 [ 125.973000] ___sys_sendmsg+0x51d/0x930 [ 125.976967] ? __check_object_size+0x9d/0x5f2 [ 125.981452] ? copy_msghdr_from_user+0x580/0x580 [ 125.986199] ? lock_acquire+0x1e4/0x540 [ 125.990163] ? __fget_light+0x2f7/0x440 [ 125.994124] ? fget_raw+0x20/0x20 [ 125.997574] ? proc_fail_nth_write+0x9e/0x210 [ 126.002057] ? proc_cwd_link+0x1d0/0x1d0 [ 126.006116] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 126.011648] ? sockfd_lookup_light+0xc5/0x160 [ 126.016134] __sys_sendmmsg+0x240/0x6f0 [ 126.020099] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 126.024406] ? fsnotify_first_mark+0x350/0x350 [ 126.028973] ? __fsnotify_parent+0xcc/0x420 [ 126.033290] ? fsnotify+0x14e0/0x14e0 [ 126.037089] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 126.042609] ? fput+0x130/0x1a0 [ 126.045886] ? ksys_write+0x1ae/0x260 [ 126.049689] ? __ia32_sys_read+0xb0/0xb0 [ 126.053745] __x64_sys_sendmmsg+0x9d/0x100 [ 126.057969] do_syscall_64+0x1b9/0x820 [ 126.061840] ? finish_task_switch+0x1d3/0x870 [ 126.066323] ? syscall_return_slowpath+0x5e0/0x5e0 [ 126.071237] ? syscall_return_slowpath+0x31d/0x5e0 [ 126.076154] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 126.081157] ? prepare_exit_to_usermode+0x291/0x3b0 [ 126.086159] ? perf_trace_sys_enter+0xb10/0xb10 [ 126.090814] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 126.095649] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 126.100825] RIP: 0033:0x455e29 [ 126.103995] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 126.123269] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 126.130963] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 126.138304] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 [ 126.145557] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 126.152808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 126.160069] R13: 00000000004c111c R14: 00000000004d1558 R15: 0000000000000014 22:28:33 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040a") 22:28:33 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc0000000c000000, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:33 executing program 1: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x1, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r0, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40001800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x74, r1, 0xc02, 0x70bd26, 0x25dfdbfc, {0x7}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xff}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5}, @IPVS_CMD_ATTR_DAEMON={0x50, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x8000}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x2}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_bond\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback=0x7f000001}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e24}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x4004040}, 0x8040) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x3ff, &(0x7f0000000040)="025cc83d6d345f8f762070") fsync(r2) pwrite64(r2, &(0x7f0000000240)="5881d0bd", 0x4, 0x0) clock_settime(0x0, &(0x7f0000000100)={0x0, 0x1c9c380}) 22:28:34 executing program 5: r0 = shmget$private(0x0, 0x13000, 0x0, &(0x7f0000feb000/0x13000)=nil) r1 = shmat(r0, &(0x7f0000fec000/0x1000)=nil, 0x7000) mremap(&(0x7f0000ff7000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffd000/0x2000)=nil) shmdt(r1) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x1, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r2, 0x28, &(0x7f0000000040)}, 0x10) 22:28:34 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) syz_open_pts(r0, 0x0) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000040)) 22:28:34 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040a") 22:28:34 executing program 6: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) mmap(&(0x7f0000000000/0x237000)=nil, 0x237000, 0x0, 0x32, r0, 0x0) r1 = socket$inet6(0xa, 0x80001, 0x0) getsockopt$bt_hci(r1, 0x0, 0x63, &(0x7f0000000000)=""/30, &(0x7f0000d23000)=0x1e) 22:28:34 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000006000000, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:34 executing program 1: r0 = syz_open_dev$sndpcmc(&(0x7f0000004fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0x4142, &(0x7f0000001f64)) setsockopt$RDS_GET_MR(r0, 0x114, 0x2, &(0x7f0000000100)={{&(0x7f0000000000)=""/154, 0x9a}, &(0x7f00000000c0), 0x5d}, 0x20) 22:28:34 executing program 2 (fault-call:1 fault-nth:21): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) 22:28:34 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") openat$hwrng(0xffffffffffffff9c, &(0x7f0000000200)='/dev/hwrng\x00', 0x200000, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x7}, 0x4) setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f00000000c0)={0x200000000000001e, &(0x7f0000000040)}, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000080)=@assoc_value={0x0}, &(0x7f0000000100)=0x8) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r2, 0x84, 0x5, &(0x7f0000000140)={r3, @in={{0x2, 0x4e20, @rand_addr=0x8000}}}, 0x84) [ 126.646761] FAULT_INJECTION: forcing a failure. [ 126.646761] name failslab, interval 1, probability 0, space 0, times 0 [ 126.658040] CPU: 1 PID: 8262 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 126.666356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 126.675705] Call Trace: [ 126.678307] dump_stack+0x1c9/0x2b4 [ 126.681942] ? dump_stack_print_info.cold.2+0x52/0x52 [ 126.681962] ? __kernel_text_address+0xd/0x40 [ 126.681981] ? unwind_get_return_address+0x61/0xa0 [ 126.691661] should_fail.cold.4+0xa/0x11 [ 126.691682] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 126.700652] ? save_stack+0xa9/0xd0 [ 126.700669] ? save_stack+0x43/0xd0 [ 126.712964] ? kasan_kmalloc+0xc4/0xe0 [ 126.716847] ? kmem_cache_alloc_trace+0x152/0x780 [ 126.721682] ? sctp_add_bind_addr+0x101/0x4b0 [ 126.721700] ? sctp_copy_local_addr_list+0x499/0x690 [ 126.731265] ? sctp_copy_one_addr+0x5d/0x170 [ 126.735678] ? sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 126.741396] ? sctp_sendmsg_new_asoc+0x3c4/0x1200 22:28:34 executing program 3 (fault-call:5 fault-nth:0): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") [ 126.746245] ? sctp_sendmsg+0x18a2/0x1d90 [ 126.750393] ? inet_sendmsg+0x1a1/0x690 [ 126.754368] ? sock_sendmsg+0xd5/0x120 [ 126.758261] ? ___sys_sendmsg+0x51d/0x930 [ 126.762413] ? __sys_sendmmsg+0x240/0x6f0 [ 126.766561] ? __x64_sys_sendmmsg+0x9d/0x100 [ 126.770971] ? do_syscall_64+0x1b9/0x820 [ 126.775032] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 126.780401] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 126.785942] ? _extract_crng+0x23b/0x320 [ 126.790007] ? lock_acquire+0x1e4/0x540 22:28:34 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0xfffffffffffffffc, 0x1, &(0x7f0000001fe8)=ANY=[@ANYBLOB="dff51f558e41647945"], &(0x7f0000003ff6)='syzkaller\x00', 0x0, 0xc3, &(0x7f0000009f3d)=""/195}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x5, &(0x7f0000001fd8)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x25}, [@ldst={0x7}], {0x95}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0x437, &(0x7f000000cf3d)=""/195}, 0x48) r1 = socket(0x10, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000040)=r0, 0x4) getsockopt$sock_buf(r1, 0x1, 0x1a, &(0x7f0000000340)=""/197, &(0x7f0000000000)=0xfffffffffffffeff) 22:28:34 executing program 6: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x10000, 0x0) open_by_handle_at(r0, &(0x7f0000000040)={0x3a, 0x1, "b4823a7ac178af4c6a72c2bec5d4bf3283c5d3a37e34e2b7ec7089ef082cf5af6b7c8d042d716682a273d170bce1690cd2e0"}, 0x202) mlock2(&(0x7f0000007000/0x2000)=nil, 0x2000, 0x0) mprotect(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x0) mbind(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x0, &(0x7f000000cff8), 0x9, 0x2) [ 126.793984] ? _crng_backtrack_protect+0x108/0x150 [ 126.798911] ? lock_downgrade+0x8f0/0x8f0 [ 126.803064] ? lock_acquire+0x1e4/0x540 [ 126.807033] ? sctp_bind_addr_state+0x292/0x480 [ 126.807052] ? lock_downgrade+0x8f0/0x8f0 [ 126.815841] ? kasan_unpoison_shadow+0x35/0x50 [ 126.820426] __should_failslab+0x124/0x180 [ 126.824663] should_failslab+0x9/0x14 [ 126.828467] kmem_cache_alloc_trace+0x4b/0x780 [ 126.833058] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 126.838253] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 126.843270] sctp_add_bind_addr+0x101/0x4b0 [ 126.847577] ? sctp_bind_addr_free+0x20/0x20 [ 126.851972] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 126.857147] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 126.862671] ? sctp_v4_scope+0x19b/0x1c0 [ 126.866716] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 126.871888] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 126.876890] sctp_copy_local_addr_list+0x499/0x690 [ 126.881802] ? sctp_defaults_init+0xe70/0xe70 [ 126.886283] ? get_random_bytes+0x34/0x40 [ 126.890415] ? sctp_association_new+0x1aab/0x2290 [ 126.895274] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 126.900448] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 126.905968] sctp_copy_one_addr+0x5d/0x170 [ 126.910186] ? sctp_copy_one_addr+0x5d/0x170 [ 126.914580] sctp_bind_addr_copy+0x173/0x47c [ 126.918972] ? sctp_copy_one_addr+0x170/0x170 [ 126.923461] ? sctp_autobind+0x16d/0x1f0 [ 126.927506] ? sctp_do_bind+0x5f0/0x5f0 [ 126.931463] sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 126.936982] ? security_sctp_bind_connect+0x99/0xc0 [ 126.941983] sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 126.946636] ? lock_acquire+0x1e4/0x540 [ 126.950593] ? sctp_sendmsg+0x1278/0x1d90 [ 126.954820] ? sctp_autobind+0x1f0/0x1f0 [ 126.958864] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 126.963431] ? kasan_check_write+0x14/0x20 [ 126.967664] ? lock_sock_nested+0x9f/0x120 [ 126.971882] ? trace_hardirqs_on+0xd/0x10 [ 126.976015] ? __local_bh_enable_ip+0x161/0x230 [ 126.980667] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 126.986187] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 126.991365] sctp_sendmsg+0x18a2/0x1d90 [ 126.995319] ? do_raw_spin_unlock+0xa7/0x2f0 [ 126.999713] ? sctp_id2assoc+0x3e0/0x3e0 [ 127.003759] ? _raw_spin_unlock_bh+0x30/0x40 [ 127.008149] ? __release_sock+0x3a0/0x3a0 [ 127.012284] inet_sendmsg+0x1a1/0x690 [ 127.016072] ? copy_msghdr_from_user+0x340/0x580 [ 127.020811] ? ipip_gro_receive+0x100/0x100 [ 127.025115] ? move_addr_to_kernel.part.20+0x100/0x100 [ 127.030379] ? security_socket_sendmsg+0x94/0xc0 [ 127.035118] ? ipip_gro_receive+0x100/0x100 [ 127.039433] sock_sendmsg+0xd5/0x120 [ 127.043130] ___sys_sendmsg+0x51d/0x930 [ 127.047093] ? __check_object_size+0x9d/0x5f2 [ 127.051571] ? copy_msghdr_from_user+0x580/0x580 [ 127.056311] ? lock_acquire+0x1e4/0x540 [ 127.060274] ? __fget_light+0x2f7/0x440 [ 127.064230] ? fget_raw+0x20/0x20 [ 127.067671] ? proc_fail_nth_write+0x9e/0x210 [ 127.072147] ? proc_cwd_link+0x1d0/0x1d0 [ 127.076193] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 127.081713] ? sockfd_lookup_light+0xc5/0x160 [ 127.086193] __sys_sendmmsg+0x240/0x6f0 [ 127.090152] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 127.094456] ? fsnotify_first_mark+0x350/0x350 [ 127.099020] ? __fsnotify_parent+0xcc/0x420 [ 127.103323] ? fsnotify+0x14e0/0x14e0 [ 127.107114] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 127.112633] ? fput+0x130/0x1a0 [ 127.115895] ? ksys_write+0x1ae/0x260 [ 127.119677] ? __ia32_sys_read+0xb0/0xb0 [ 127.123723] __x64_sys_sendmmsg+0x9d/0x100 [ 127.127943] do_syscall_64+0x1b9/0x820 [ 127.131811] ? finish_task_switch+0x1d3/0x870 [ 127.136288] ? syscall_return_slowpath+0x5e0/0x5e0 [ 127.141205] ? syscall_return_slowpath+0x31d/0x5e0 [ 127.146119] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 127.151119] ? prepare_exit_to_usermode+0x291/0x3b0 [ 127.156116] ? perf_trace_sys_enter+0xb10/0xb10 [ 127.160769] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 127.165599] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 127.170768] RIP: 0033:0x455e29 [ 127.173934] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 127.193107] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 127.200797] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 127.208049] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 [ 127.215305] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 127.222554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 127.229815] R13: 00000000004c111c R14: 00000000004d1558 R15: 0000000000000015 [ 127.243704] FAULT_INJECTION: forcing a failure. [ 127.243704] name failslab, interval 1, probability 0, space 0, times 0 [ 127.255039] CPU: 0 PID: 8287 Comm: syz-executor3 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 127.263351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 127.272700] Call Trace: [ 127.275296] dump_stack+0x1c9/0x2b4 [ 127.278939] ? dump_stack_print_info.cold.2+0x52/0x52 [ 127.284139] ? kasan_check_read+0x11/0x20 [ 127.288290] ? lock_page_memcg+0xf2/0x300 [ 127.292448] should_fail.cold.4+0xa/0x11 22:28:35 executing program 5: r0 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x1b, 0x81) ioctl$BLKBSZGET(r0, 0x80081270, &(0x7f0000000080)) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x1032, 0xffffffffffffffff, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ppp\x00', 0x800, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x0, &(0x7f0000000100)=@srh={0x0, 0x6, 0x4, 0x3, 0x6, 0x10, 0xffffffffffff5c16, [@dev={0xfe, 0x80, [], 0x16}, @remote={0xfe, 0x80, [], 0xbb}, @remote={0xfe, 0x80, [], 0xbb}]}, 0x38) mremap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000, 0x0, &(0x7f0000ff8000/0x2000)=nil) prctl$getreaper(0x13, &(0x7f0000000000)) r2 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) sendmmsg(r2, &(0x7f0000000040), 0x0, 0x4000000) [ 127.296531] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 127.301651] ? perf_trace_lock+0x920/0x920 [ 127.305895] ? page_add_new_anon_rmap+0x870/0x870 [ 127.310746] ? perf_trace_lock+0x920/0x920 [ 127.314994] ? xas_find_tagged+0x45d/0x13d0 [ 127.319325] ? lock_acquire+0x1e4/0x540 [ 127.323305] ? fs_reclaim_acquire+0x20/0x20 [ 127.327634] ? lock_downgrade+0x8f0/0x8f0 [ 127.331793] ? check_same_owner+0x340/0x340 [ 127.336114] ? rcu_note_context_switch+0x730/0x730 [ 127.341035] __should_failslab+0x124/0x180 [ 127.345258] should_failslab+0x9/0x14 [ 127.349042] kmem_cache_alloc+0x2af/0x760 [ 127.353177] ? _raw_spin_unlock_irq+0x27/0x70 [ 127.357659] ? blk_start_plug+0xcc/0x370 [ 127.361708] ext4_init_io_end+0x96/0x220 [ 127.365753] ? ext4_end_io_rsv_work+0x920/0x920 [ 127.370410] ? rcu_note_context_switch+0x730/0x730 [ 127.375330] ext4_writepages+0x1299/0x4100 [ 127.379562] ? perf_trace_lock+0x920/0x920 [ 127.383783] ? ext4_mark_inode_dirty+0xb50/0xb50 [ 127.388542] ? trace_hardirqs_on+0x10/0x10 [ 127.392767] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 127.397598] ? perf_trace_lock+0x920/0x920 [ 127.401820] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 127.406653] ? perf_trace_lock+0x920/0x920 [ 127.410880] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 127.416406] ? wbc_attach_and_unlock_inode+0x596/0x9f0 [ 127.421667] ? lock_downgrade+0x8f0/0x8f0 [ 127.425798] ? lock_downgrade+0x8f0/0x8f0 [ 127.429943] ? kasan_check_read+0x11/0x20 [ 127.434076] ? do_raw_spin_unlock+0xa7/0x2f0 [ 127.438470] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 127.443036] ? lock_acquire+0x1e4/0x540 [ 127.446995] ? __filemap_fdatawrite_range+0x31d/0x4a0 [ 127.452174] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 127.457712] ? wbc_attach_and_unlock_inode+0x64b/0x9f0 [ 127.462974] ? ext4_mark_inode_dirty+0xb50/0xb50 [ 127.467725] do_writepages+0x9a/0x1a0 [ 127.471519] ? ext4_mark_inode_dirty+0xb50/0xb50 [ 127.476255] ? do_writepages+0x9a/0x1a0 [ 127.480220] __filemap_fdatawrite_range+0x364/0x4a0 [ 127.485223] ? delete_from_page_cache_batch+0x1430/0x1430 [ 127.490744] ? __might_fault+0x12b/0x1e0 [ 127.494798] ? cap_capable+0x1f9/0x260 [ 127.498674] filemap_write_and_wait+0x44/0xc0 [ 127.503152] ext4_bmap+0x26e/0x420 [ 127.506676] do_vfs_ioctl+0x130f/0x1720 [ 127.510634] ? fsnotify_first_mark+0x350/0x350 [ 127.515202] ? __fsnotify_parent+0xcc/0x420 [ 127.519506] ? ioctl_preallocate+0x300/0x300 [ 127.523896] ? __fget_light+0x2f7/0x440 [ 127.527851] ? fget_raw+0x20/0x20 [ 127.531288] ? __sb_end_write+0xac/0xe0 [ 127.535262] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 127.540798] ? fput+0x130/0x1a0 [ 127.544063] ? ksys_write+0x1ae/0x260 [ 127.547848] ? security_file_ioctl+0x94/0xc0 [ 127.552250] ksys_ioctl+0xa9/0xd0 [ 127.555686] __x64_sys_ioctl+0x73/0xb0 [ 127.559566] do_syscall_64+0x1b9/0x820 [ 127.563436] ? finish_task_switch+0x1d3/0x870 [ 127.567915] ? syscall_return_slowpath+0x5e0/0x5e0 [ 127.572828] ? syscall_return_slowpath+0x31d/0x5e0 [ 127.577752] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 127.582753] ? prepare_exit_to_usermode+0x291/0x3b0 [ 127.587752] ? perf_trace_sys_enter+0xb10/0xb10 [ 127.592407] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 127.597236] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 127.602409] RIP: 0033:0x455e29 [ 127.605577] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 127.624770] RSP: 002b:00007fd741d08c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 127.632461] RAX: ffffffffffffffda RBX: 00007fd741d096d4 RCX: 0000000000455e29 [ 127.639714] RDX: 0000000020000000 RSI: 0000000000000001 RDI: 0000000000000014 22:28:35 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc1205531, &(0x7f00000000c0)={0x0, 0xfffffffffffffffc}) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x84000) setsockopt$inet_sctp_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000080)={0x7f, 0x9, 0x7, 0xffff, 0x1, 0x4ee, 0x8001, 0x1, 0x301b, 0x78a, 0x2}, 0xb) 22:28:35 executing program 2 (fault-call:1 fault-nth:22): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) [ 127.646967] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 127.654215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 127.661464] R13: 00000000004bc8fb R14: 00000000004cad78 R15: 0000000000000000 [ 127.715635] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16549 [ 127.732287] FAULT_INJECTION: forcing a failure. [ 127.732287] name failslab, interval 1, probability 0, space 0, times 0 [ 127.743555] CPU: 0 PID: 8300 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 127.751864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 127.761212] Call Trace: [ 127.763813] dump_stack+0x1c9/0x2b4 [ 127.767453] ? dump_stack_print_info.cold.2+0x52/0x52 [ 127.772650] ? __kernel_text_address+0xd/0x40 [ 127.777148] ? unwind_get_return_address+0x61/0xa0 [ 127.782089] should_fail.cold.4+0xa/0x11 [ 127.786157] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 127.791269] ? save_stack+0xa9/0xd0 [ 127.794900] ? save_stack+0x43/0xd0 [ 127.798533] ? kasan_kmalloc+0xc4/0xe0 [ 127.802421] ? kmem_cache_alloc_trace+0x152/0x780 [ 127.807266] ? sctp_add_bind_addr+0x101/0x4b0 [ 127.811766] ? sctp_copy_local_addr_list+0x499/0x690 [ 127.816874] ? sctp_copy_one_addr+0x5d/0x170 [ 127.821284] ? sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 127.826999] ? sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 127.831845] ? sctp_sendmsg+0x18a2/0x1d90 [ 127.835996] ? inet_sendmsg+0x1a1/0x690 [ 127.839983] ? sock_sendmsg+0xd5/0x120 [ 127.843877] ? ___sys_sendmsg+0x51d/0x930 [ 127.848034] ? __sys_sendmmsg+0x240/0x6f0 [ 127.852174] ? __x64_sys_sendmmsg+0x9d/0x100 [ 127.856577] ? do_syscall_64+0x1b9/0x820 [ 127.860633] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 127.865992] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 127.871525] ? _extract_crng+0x23b/0x320 [ 127.875577] ? lock_acquire+0x1e4/0x540 [ 127.879537] ? _crng_backtrack_protect+0x108/0x150 [ 127.884456] ? lock_downgrade+0x8f0/0x8f0 [ 127.888603] ? lock_acquire+0x1e4/0x540 [ 127.892566] ? sctp_bind_addr_state+0x292/0x480 [ 127.897220] ? lock_downgrade+0x8f0/0x8f0 [ 127.901356] ? kasan_unpoison_shadow+0x35/0x50 [ 127.905924] __should_failslab+0x124/0x180 [ 127.910161] should_failslab+0x9/0x14 [ 127.913947] kmem_cache_alloc_trace+0x4b/0x780 [ 127.918523] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 127.923698] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 127.928716] sctp_add_bind_addr+0x101/0x4b0 [ 127.933041] ? sctp_bind_addr_free+0x20/0x20 [ 127.937436] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 127.942612] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 127.948139] ? sctp_v4_scope+0x19b/0x1c0 [ 127.952186] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 127.957361] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 127.962377] sctp_copy_local_addr_list+0x499/0x690 [ 127.967296] ? sctp_defaults_init+0xe70/0xe70 [ 127.971779] ? get_random_bytes+0x34/0x40 [ 127.975914] ? sctp_association_new+0x1aab/0x2290 [ 127.980762] ? n_tty_open+0x1b/0x160 [ 127.984463] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 127.989650] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 127.995178] sctp_copy_one_addr+0x5d/0x170 [ 127.999396] ? sctp_copy_one_addr+0x5d/0x170 [ 128.003805] sctp_bind_addr_copy+0x173/0x47c [ 128.008204] ? sctp_copy_one_addr+0x170/0x170 [ 128.012683] ? sctp_autobind+0x16d/0x1f0 [ 128.016730] ? sctp_do_bind+0x5f0/0x5f0 [ 128.020694] sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 128.026216] ? security_sctp_bind_connect+0x99/0xc0 [ 128.031221] sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 128.035876] ? lock_acquire+0x1e4/0x540 [ 128.039835] ? sctp_sendmsg+0x1278/0x1d90 [ 128.043983] ? sctp_autobind+0x1f0/0x1f0 [ 128.048035] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 128.052606] ? kasan_check_write+0x14/0x20 [ 128.056828] ? lock_sock_nested+0x9f/0x120 [ 128.061048] ? trace_hardirqs_on+0xd/0x10 [ 128.065179] ? __local_bh_enable_ip+0x161/0x230 [ 128.069832] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 128.075354] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 128.080533] sctp_sendmsg+0x18a2/0x1d90 [ 128.084495] ? do_raw_spin_unlock+0xa7/0x2f0 [ 128.088894] ? sctp_id2assoc+0x3e0/0x3e0 [ 128.092943] ? _raw_spin_unlock_bh+0x30/0x40 [ 128.097339] ? __release_sock+0x3a0/0x3a0 [ 128.101482] inet_sendmsg+0x1a1/0x690 [ 128.105272] ? copy_msghdr_from_user+0x340/0x580 [ 128.110029] ? ipip_gro_receive+0x100/0x100 [ 128.114335] ? move_addr_to_kernel.part.20+0x100/0x100 [ 128.119602] ? security_socket_sendmsg+0x94/0xc0 [ 128.124341] ? ipip_gro_receive+0x100/0x100 [ 128.128651] sock_sendmsg+0xd5/0x120 [ 128.132353] ___sys_sendmsg+0x51d/0x930 [ 128.136311] ? __check_object_size+0x9d/0x5f2 [ 128.140794] ? copy_msghdr_from_user+0x580/0x580 [ 128.145541] ? lock_acquire+0x1e4/0x540 [ 128.149511] ? __fget_light+0x2f7/0x440 [ 128.153470] ? fget_raw+0x20/0x20 [ 128.156921] ? proc_fail_nth_write+0x9e/0x210 [ 128.161404] ? proc_cwd_link+0x1d0/0x1d0 [ 128.165454] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 128.170974] ? sockfd_lookup_light+0xc5/0x160 [ 128.175459] __sys_sendmmsg+0x240/0x6f0 [ 128.179430] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 128.183750] ? fsnotify_first_mark+0x350/0x350 [ 128.188314] ? __fsnotify_parent+0xcc/0x420 [ 128.192620] ? fsnotify+0x14e0/0x14e0 [ 128.196417] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 128.201938] ? fput+0x130/0x1a0 [ 128.205203] ? ksys_write+0x1ae/0x260 [ 128.208989] ? __ia32_sys_read+0xb0/0xb0 [ 128.213045] __x64_sys_sendmmsg+0x9d/0x100 [ 128.217268] do_syscall_64+0x1b9/0x820 [ 128.221138] ? finish_task_switch+0x1d3/0x870 [ 128.225631] ? syscall_return_slowpath+0x5e0/0x5e0 [ 128.230544] ? syscall_return_slowpath+0x31d/0x5e0 [ 128.235459] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 128.240464] ? prepare_exit_to_usermode+0x291/0x3b0 [ 128.245467] ? perf_trace_sys_enter+0xb10/0xb10 [ 128.250125] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 128.254961] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 128.260137] RIP: 0033:0x455e29 [ 128.263307] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 128.282593] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 128.290300] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 128.297555] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 [ 128.304808] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 22:28:35 executing program 3 (fault-call:5 fault-nth:1): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") 22:28:35 executing program 5: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rtc0\x00', 0x600000, 0x0) mq_getsetattr(r0, &(0x7f0000000100)={0x6, 0x7fff, 0x20, 0x4, 0x295, 0x4e, 0x7}, &(0x7f0000000140)) r1 = syz_open_procfs(0x0, &(0x7f00004c6f8b)="6d6f756e74696e666f004388f750c83d14c4a3a9ac1488a477660ae763891738ac656bb3e891941f02f1265047502f6c2dd9f655ef7131eabf3110d638f0d2e6a49a2bc4a08d63e2da7af47e6c37972352875f125bcf3ea7f04b7b505b6a06beedb2a86e30a86bc0d37a6438b99a45ea22b1f4fb05") ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000200)={0x20000000fffffbff, 0x1}) mount(&(0x7f0000000040)='./file0\x00', &(0x7f0000852000)='.', &(0x7f00000000c0)='debugfs\x00', 0x0, &(0x7f0000d1cfff)="d6") ioctl$sock_inet6_udp_SIOCINQ(r1, 0x541b, &(0x7f0000000180)) 22:28:35 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f00000001c0)={0x0, {{0x3, 0x0, @broadcast=0xffffffff}}, {{0x2, 0x0, @broadcast=0xffffffff}}}, 0x108) 22:28:35 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc000000004c0100, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:35 executing program 6: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x4, 0x1) ioctl$EVIOCGABS20(r2, 0x80184560, &(0x7f00000002c0)=""/254) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x800, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x3f, &(0x7f0000000040)=0xe0b, 0x4) ioctl$KVM_IRQ_LINE(r1, 0x4008ae6a, &(0x7f0000000280)={0xfebfffff}) 22:28:35 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000500)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cipher_null)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f00000016c0)=[{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000001700)='/', 0x1}], 0x1, &(0x7f0000001640)}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={&(0x7f0000000040)=@alg, 0x80, &(0x7f0000000140)=[{&(0x7f0000002840)=""/4096, 0x139f}], 0x1, &(0x7f0000fb3fa9)=""/87, 0xfffffffffffffce7}, 0x0) r2 = dup3(r1, r0, 0x80000) write$P9_RATTACH(r2, &(0x7f00000000c0)={0x14, 0x69, 0x2, {0x20, 0x1, 0x8}}, 0x14) 22:28:36 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x6) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f0000000700)='./bus\x00', 0x0) writev(r1, &(0x7f0000000480)=[{}, {&(0x7f0000000100)}, {&(0x7f0000000380)='J', 0x1}], 0x3) 22:28:36 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000040)=ANY=[@ANYBLOB="b5372c5b0ad6e36738a4a1"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe1000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="672eff8b80e5660f38827e7b660feeebb96d0300000f32b8010000000f01c10f01df0f63757466660f38822dfd00000066b826010f00d866b86c008ed0", 0x3d}], 0x1, 0x0, &(0x7f0000000140), 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 128.312069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 128.319322] R13: 00000000004c111c R14: 00000000004d1558 R15: 0000000000000016 [ 128.377704] FAULT_INJECTION: forcing a failure. [ 128.377704] name failslab, interval 1, probability 0, space 0, times 0 [ 128.388970] CPU: 0 PID: 8329 Comm: syz-executor3 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 128.397289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 128.406655] Call Trace: [ 128.409237] dump_stack+0x1c9/0x2b4 [ 128.412850] ? dump_stack_print_info.cold.2+0x52/0x52 [ 128.418034] should_fail.cold.4+0xa/0x11 [ 128.422082] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 128.427169] ? kasan_slab_free+0xe/0x10 [ 128.431142] ? ext4_release_io_end+0x1b1/0x250 [ 128.435706] ? ext4_put_io_end_defer+0x129/0x590 [ 128.440444] ? ext4_writepages+0x12fa/0x4100 [ 128.444841] ? do_writepages+0x9a/0x1a0 [ 128.448800] ? __filemap_fdatawrite_range+0x364/0x4a0 [ 128.453979] ? filemap_write_and_wait+0x44/0xc0 [ 128.458655] ? ext4_bmap+0x26e/0x420 [ 128.462365] ? ksys_ioctl+0xa9/0xd0 [ 128.465975] ? __x64_sys_ioctl+0x73/0xb0 [ 128.470027] ? do_syscall_64+0x1b9/0x820 [ 128.474074] ? kasan_check_read+0x11/0x20 [ 128.478208] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 128.483730] ? unlock_page+0x1d1/0x2c0 [ 128.487621] ? wake_up_page_bit+0x5b0/0x5b0 [ 128.491929] ? trace_hardirqs_off+0xd/0x10 [ 128.496149] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 128.501683] ? lock_acquire+0x1e4/0x540 [ 128.505642] ? fs_reclaim_acquire+0x20/0x20 [ 128.509949] ? lock_downgrade+0x8f0/0x8f0 [ 128.514088] ? check_same_owner+0x340/0x340 [ 128.518397] ? ext4_meta_trans_blocks+0x310/0x310 [ 128.523228] ? rcu_note_context_switch+0x730/0x730 [ 128.528153] ? trace_hardirqs_on+0xd/0x10 [ 128.532290] __should_failslab+0x124/0x180 [ 128.536513] should_failslab+0x9/0x14 [ 128.540296] kmem_cache_alloc+0x2af/0x760 [ 128.544427] ? _raw_spin_unlock_irq+0x27/0x70 [ 128.548921] ext4_init_io_end+0x96/0x220 [ 128.552965] ? ext4_end_io_rsv_work+0x920/0x920 [ 128.557628] ? rcu_note_context_switch+0x730/0x730 [ 128.562547] ext4_writepages+0x13b4/0x4100 [ 128.566770] ? perf_trace_lock+0x920/0x920 [ 128.570991] ? ext4_mark_inode_dirty+0xb50/0xb50 [ 128.575731] ? trace_hardirqs_on+0x10/0x10 [ 128.579961] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 128.584792] ? perf_trace_lock+0x920/0x920 [ 128.589014] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 128.593853] ? perf_trace_lock+0x920/0x920 [ 128.598081] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 128.603607] ? wbc_attach_and_unlock_inode+0x596/0x9f0 [ 128.608867] ? lock_downgrade+0x8f0/0x8f0 [ 128.612999] ? lock_downgrade+0x8f0/0x8f0 [ 128.617137] ? kasan_check_read+0x11/0x20 [ 128.621267] ? do_raw_spin_unlock+0xa7/0x2f0 [ 128.625657] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 128.630222] ? lock_acquire+0x1e4/0x540 [ 128.634181] ? __filemap_fdatawrite_range+0x31d/0x4a0 [ 128.639357] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 128.644877] ? wbc_attach_and_unlock_inode+0x64b/0x9f0 [ 128.650141] ? ext4_mark_inode_dirty+0xb50/0xb50 [ 128.654884] do_writepages+0x9a/0x1a0 [ 128.658670] ? ext4_mark_inode_dirty+0xb50/0xb50 [ 128.663410] ? do_writepages+0x9a/0x1a0 [ 128.667371] __filemap_fdatawrite_range+0x364/0x4a0 [ 128.672375] ? delete_from_page_cache_batch+0x1430/0x1430 [ 128.677895] ? __might_fault+0x12b/0x1e0 [ 128.681944] ? cap_capable+0x1f9/0x260 [ 128.685818] filemap_write_and_wait+0x44/0xc0 [ 128.690294] ext4_bmap+0x26e/0x420 [ 128.693821] do_vfs_ioctl+0x130f/0x1720 [ 128.697778] ? fsnotify_first_mark+0x350/0x350 [ 128.702341] ? __fsnotify_parent+0xcc/0x420 [ 128.706645] ? ioctl_preallocate+0x300/0x300 [ 128.711038] ? __fget_light+0x2f7/0x440 [ 128.714993] ? fget_raw+0x20/0x20 [ 128.718437] ? __sb_end_write+0xac/0xe0 [ 128.722396] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 128.727914] ? fput+0x130/0x1a0 [ 128.731177] ? ksys_write+0x1ae/0x260 [ 128.734962] ? security_file_ioctl+0x94/0xc0 [ 128.739354] ksys_ioctl+0xa9/0xd0 [ 128.742790] __x64_sys_ioctl+0x73/0xb0 [ 128.746661] do_syscall_64+0x1b9/0x820 [ 128.750533] ? finish_task_switch+0x1d3/0x870 [ 128.755016] ? syscall_return_slowpath+0x5e0/0x5e0 [ 128.760150] ? syscall_return_slowpath+0x31d/0x5e0 [ 128.765067] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 128.770066] ? prepare_exit_to_usermode+0x291/0x3b0 [ 128.775077] ? perf_trace_sys_enter+0xb10/0xb10 [ 128.779729] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 128.784734] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 128.789904] RIP: 0033:0x455e29 [ 128.793072] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 128.812264] RSP: 002b:00007fd741d08c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 128.819955] RAX: ffffffffffffffda RBX: 00007fd741d096d4 RCX: 0000000000455e29 22:28:36 executing program 5: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x8100, 0x0) r1 = socket$bt_rfcomm(0x1f, 0x3, 0x3) ioctl$FICLONE(r0, 0x40049409, r1) unshare(0x400) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc\x00', 0x0, 0x0) timerfd_gettime(r2, &(0x7f0000000040)) [ 128.827223] RDX: 0000000020000000 RSI: 0000000000000001 RDI: 0000000000000014 [ 128.834484] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 128.841747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 128.848996] R13: 00000000004bc8fb R14: 00000000004cad78 R15: 0000000000000001 22:28:36 executing program 2 (fault-call:1 fault-nth:23): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) 22:28:36 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af300200f5abfb9845f9e19859c9693206f2c60b0000000719e1d66e970123d893d974e5b9c3285677b2139823e5500c92ab5b94da3a7de19f063bb765b02bd5b660fb7fa898c6f5c6369c3f363068d10af833f6475bbe8b7967255b177607ba100f6c4654718232dbda64aa1f69cf9ab5b3ea3ed63452b7ebd37c9dae664e322e08ad8f6029fe8fd0b34c7117480471aeca0a3fc9eceb28509ca8a83e4f8b85131808bc5cfb4cc24e1901769c084c082712b470666b6dddf74ced693973ba1ded8b") ioctl$fiemap(r0, 0xc020660b, &(0x7f0000000200)) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000040)='\x00', 0x4, 0x6, &(0x7f0000000580)=[{&(0x7f0000000240)="b5861483c0f94b16bfc416c97e1e6f11b16664aeab5d02eae348eb8340120a2dae3024099d840c500831b39952d975465cb89fcb7e307719140bf9889afba185609ab2c594c94c877368e695fc4a25d8d5174b938c96ffe0149fb6fa723eda6523993bc66bae8f11360c3dd5c8e365b180b76efb1db79a52e65fa8bf79a3684dcb581098cc37804302fa5ddc819d7a0104f658c5028f0cdbee5aa9d5bf91e1dc1a3745cd37b9afa7f30f3340c539fdcf2fc6fa6b111779738216a5283e67e8be", 0xc0, 0x80000000}, {&(0x7f0000000300)="0277943155cedbd0c6b66604ffce61d41900c6d6255507939c0c1b09b41d5303050e884996840f2ec8e0a7a0d39a66bf4c9ceae4adab7e88dc7ea799f40daf7c4a3c7f6487d0aa87d915f0cbb2095c8d", 0x50, 0x25}, {&(0x7f0000000080)="a1c46f6870ca7e8178988f1f8050c186444b82a7d1a0", 0x16, 0x80000000}, {&(0x7f0000000380)="77f1a6e6891e94790cb88ec76f707b8473cdfbe114f27aea23f2420c40526c8b5697a564089730f20037be6318f00372d3ea9c750e48cac7a9f8ed31b8fcb07320b58d86d6e20310cc69ee82162049a28c67b5da5fa19823412a995e9ea24ce3c6a4cde5916d4c20671d310ba7d5ced4f04f5a0af892233c54cb9cc516a61f48f22fc51188133494db357a20cdd40f5a3e9540f15d71b3bb5db962417becb3268c33fe475675c28e3c9b6cf64bd80eae595f0f36aebd3af36a0b29445c3fcdde10bb648d8f41603271b4bf3ede2617cfa0d54928", 0xd4, 0x8}, {&(0x7f0000000480)="c74e195acb0a77dba1213e213d30e37851359982a3e90e1771ff37f725823459c2b7fd76f315dcdfa569b197a4a309830d8c619d574e7fadea0f78e6af922e0779", 0x41, 0xfff}, {&(0x7f0000000500)="1065d5ecc500e3b758d6be71db9d08fd0912b4f532dde480aae759020ea0811ac07eabccd618b22aa0cb0bd626ba7d6d2c5254127a29e174e80ab11beb27ec0268a0f46ae5abb59380f39aec72bb9cbc18781d03", 0x54, 0x3f}], 0x8000, &(0x7f0000000640)={[{@nodiscard='nodiscard', 0x2c}, {@nobarrier='nobarrier', 0x2c}, {@inode_cache='inode_cache', 0x2c}, {@clear_cache='clear_cache', 0x2c}, {@datacow='datacow', 0x2c}, {@skip_balance='skip_balance', 0x2c}, {@check_int='check_int', 0x2c}, {@fragment_all='fragment=all', 0x2c}]}) syz_mount_image$btrfs(&(0x7f00000001c0)='btrfs\x00', &(0x7f00000006c0)='./file0\x00', 0x100, 0x7, &(0x7f0000001a80)=[{&(0x7f0000000700)="8a29a833fe5fb3c01dfc8a2d289129560d5905cf6a2bf516cb0b69f08a74975504e676ea9b5d1b5c842278caad3f825ef8a058daa6f3cb65661c8eff8d1ba7d452c7a77454beb95b806f29a6db3d9207", 0x50, 0x9}, {&(0x7f0000000780)="78180bbed7ab7caa238c08eb15788639684b0194fb0344a5bf4c0a84320b63551ff7710f49d6d65b2c91a96cf45f0e7844f85cfcaeb5b51e3e45db18de495299ef7e7dd78e4af23ecc6d71827f74b3557c0fc967a9c394e5cc9d68504c675f1299216ac1e04d176063f74be6cd1f33b8a9e45886358fb923ce175a1bde8ed7edc2d4d26026430a6000c5b0a9100483c0dfd6d8098de693d589f7de9b2beaab3cbc90d64b52aa3a87f9bc160fb69738d644aa4229e803df5de44df2224cea5e97bd51626ae051d2f576bbc3597a6cec9c369deb99e0593fe57e90e72823cab537233103a36b6afa72510a722d35330f201399397677cd95cd0c04450583", 0xfd}, {&(0x7f0000000880)="3396b5dad985e87de8cc2d3a71f3c4f01a6d310b8be1d24a43de7f83af7dc58ace720bbfa8324f8e6bb7a4c02394fe1e88dfe9ac208375c60570afa1d6c75d5328072691573f7d671948c2c1a4ce890121c09c61643d04659705b3ce760d7a86bd7d86a23a4f7d350df455ea6c9efbbfc2105ffb0170dcdefb79fc26acb01fc264b57ab80e3333ec47e1de728f459892433cc34b086a1379a5dbede9036ac62fdb182d67ae9608a2ab71439dd5dc879bac720c27a7b34c11298ae079adbe4f5c5e1410f0e2c585415d07f79ff217b1eb4edd9bee8e0defd8c6a57be7aa843db7fe42196d287b4ff428dc71558c11be108c2864dde0a65db03cfc1cf5a343f3e0b1ee1ed6821e962eee398164e1761c31d261be46042f924282b737583087bfcf590af8a5a2e0e6b8c02d79dd9e0c02e70399204b41072bf0e6455d988b88fa1bac886c0554f4d53d6d7ac46e5a3247cd7ccfe263235e65bb58b84cc039bdd948d9cc3d4685f146ef7a0f8ced36c20e0e81c1c22b62865a02681857ab0a64100b0898e7ba27921949d25b87746aa50d1b71196a98f7530e4bcb903477620ec26f208d2f011875db96f8198f436513342dd99fad13344cff58ee13d15636f747497cfa896d8a9fff32de48bd98239217d592edcd33bef920a020ebdfe562c6ea121292e7fcef53be98e9cb283cc7805d4744e5d5eff61f5aeb201388ae111ce709623663ecd79dbd6d67d434f2394e861cc8b5ce7cbbcf10b87bd897192133d887112333b3bdbff3ecbceea4d38fcd7259afb34add2433c80edb8be2b100d00fa6526e93929c4c7a58251a557dac24c271927a1d3a11583adbc072a87b6d8f7a7a6332a9bbe80cdb4d8785f3beb3fdadf3b50ad7c927573b8acef9933c6bfb4ddd818d806b5eb115c5b90cd87b3f088298eaf245073e9c591eb982fc5e3cc8f8362397abc1d874bb27948d51d846eb0fe330bdef933f1cda729cace70650e099f1ab6042e762b2810c4d44fd3ef532b6095adbf68bdd667dfaabda6f694942547b8a0ca6db67f2e56782ff5d6f2afa582e4ed5ddf06602cc6374d6b42ca68daf395f724d8386fec2055d64b05e8a98b8947b6f5e0a9f23aee7f7474de2b188abe431d9a5b04141116dc072788931d31f2764ad11c2c1ad98ba9137d64e57cc84719bc92073597427f0eb4de06fc2bee09ccfb74c7439f9fdb6544110f9c19f04735fb1519f59a886281441d689f18ac14ddc2179aeeb7b4e5e04bfde234572cd06feadb07aaa0d10fcb748d632486de35077a1d8c17289a1fb0b17a464033a232f2057f799fc14d9c7987ef057908395750505fbce203d2f13e0e14d8b951f33e8af6e037484860b548228991ec85fef1bb26d8ba56ebdb4e924a5ef07a2053dbea241961d1ef6b04f55334fd90f565ec694f5a59d2f763eb0f7b676bf7ded6979bc7dd7f5654298c57d03191a3fdabb89d80c8682d08557b1182ebae755d1e2348f05dde9aa9f568d30b4e07174c85e3dd1ff0d64aa62e23259a057db4f1be531b94ca900157f458185ba749dceb514c95771b81692b35f470373fbf18caac843d332a32311f666648b8934494847bccd282e2d0c6f69610101ab5af8bcca11d2710fd5366dde670a4ca9926df0b8cc7db9498bd4ad721ceb879af9d702581436be0a34740eece2c71660955089c5abb5a93d9209f236ef993940f95ee70afef9a7afc1e4dbfc8bb798d49f01894313e8f387372bccc010da4e1564041a163d70a832d8ea5783826ef6fd202e10259e27b1e749d4b9771569d252918ca1088d815e3fb77d12ea9ed23e498fbdab8cd09a37ab11171140b5357265096afad9cc66e91bf3e8345191a4f5166cb0190bdb3c108591ba50279902689f1e29b3c943e94a77db755690c96431b70f82d5a84a3406973c1003e2e3b9583ae71a2b7eee733ba4f53e1554b9bcabb4d1868a443e44b3313d4347c0dd5eacd96be5d2f32beda7cedf6f4e81d721747a358cccdbf2767f83d297e40699f94223f7ea3a75296746dabce449d46307396809bc95e3f5e3ed0a7f6d6e0ba33709265956f08e390b66faddebb1785f03db10caebe8a858db1b215dac5f295a8f7777f7e474564a1296a301e139dcbcc8222547ad72fd66b41280f44b73f97f8d869a6123683355be7fa88145e8933eade7c2aa210f377d9287590ed8bb42fe7eb38cd524ddde7580083a20969e1d95375d0b83d2cae9f47ed475c062a6e93bb649e41e0fb656ca7d7ea6a2b0b10077ef35b8782d80128fd8def0150aeb9540c11aa8778c6f3f2206b2de8ca1529ca860bd725426f5e608c780c126c5c46c05d2eb669b26586c79cd49901be7e29d4e0d128c4ae0ae3131fdedb53289d130b330c1cc5585a7b10cacc22983e71729871eb4b6c1c6a04e3e80d9fff04f97a91c667a345995665e27c916912e9163d56f2ec03d6fa29dac5b623994074d55127a61af360987b6fa7ac9eaf058cb8bc634a7390ae4e89c40d4045c2178af5456c843631cfc4906863325be46f5023856c095ee1bebeae914e9fefc11b1737cd82d78eee120912c0e302541483de9d446fa9752528e5e68f1c668073f66ec56aff7e34cc2109de8075a9cb1ac5f17e5285831b369132e34547e7c64c87b5c28c7694942c7441a350d93ee18966d28f589677f0ba965221940d959b2c3f59ee207d11ac5c6dc4effc14df1e274aa5b175510fbe85717b43233a98953db4b6b0f7c9fb6ad30b6fea9f11a7b75c82a89199b95e4e8d14f2a2ef2e51344fe3a87cafae3df589bd1ec458ec27a25ce3e06a35165c81b4cbbe4daa4a2dafb53d4755141331b072c234295c89a0330180356cf2c34efdbe5c2d562a871fa4cbc883cd124c077ca30f51f5dc6a81bde1805c184b75e01ac6cd8922dfc6a21303eb3640ddc8dc9bb4871dc78231f50f9dafd63ecdbdc0988b8cc093985e94c469ff49d132ed6710e4a3602b5b2035c0c0921a0c9127719099370839b4ebb6c1ca5f8d31164b6decc158d7c628913fe24e60e64f06774510cece95451b3a01b48276e296bf3081b0ce0ce42008fc0e194d35a93bb773f2f264998a738f4402166a2d65044520b5adf0666cd0bfdb02830f68bfd6b866cd56e255e371039caf96b8bd3151e5a5db08c5f5dbe6951f897f1d0a08c23725ba151adc2c6d34d55423c4c940272a923512fb67214515372ec6b163bb7139f4f46a8520dd173c6c688b863a2d586825df6bc316a6a866f553424d0a49f665943742e8cf7956e9c46821acf679d6aa01ed93605023ef054c581b35ecf17397d0a4e072bea0f89d48559e501285275673d8b3f913f8204b44ed43c9e6b806448d60f7bf332d34389b65f7e84b875f79156db3505dd770acf747ab212a83029d1faa4f9b8ff77904c880f0fd6598a3c1edf63322d7e156382d8e26386104370658b5b6d9a3f3633c7f7c821fbc0b042b35b8bf236e680af9290f1cec6babb799d84bfc4f3359b218a7915f0ab53b3c4d4cfae9cb3409445a427e28fd9b3c99e86da6859f28177fe43aaab5be76f8394f58d21672efbc288203e37b6e7a7ab5883a40ca8466ba547faddc6c7b7814a34b356fc775f50b6c38d423b50e2edbc701c6745c70b5c985c6c8399335e576f9949389c10ff793c2330166c5159d50beed0693925f1eadce2922ec0d487d421586d99127b2a6e7fd824d8b672e857f77eaa5618700167a22b76af9b91c5da3ca524bfa14070129099eca4947883463c2d559202470d970a7374f0a4b86576b50cb79bb5ec6b94789ab09c82ea0c3946661827681bfe36b79a4cce1f825823247146d699a5a49df4e9372404d2439c89c3bacc641f62b981cf6afead96c799cb202f7b50d4516f972434889dfbfe0f431a3926db9b85079247e6bf6f09fe021ebda7a1e64928348206bf243f7eb57a2bfad324b36a00d634b6c842a5da8c38ecfe64dd84130f1377a2f8230dbc53b4ecd0a088c522d59760ef8d87adc624f80c16cdccf4a525c9c6e95504756ad3eb7be1f5ea8a4ad2c64c8a797352b8e55c48b5122198f098053b30557f9ad6103fe7c1a7b3426488fce1469eac911915bdde7adba0134adb6cee1281aad46b36644096e999ed2d3705802ce06ebf64e021b0dd4b2ec9084a4c885f38f6a303887caf331705a2e1d67a1d4d200a8283125eafada3a466fa5b813b6ce9210bbeedd8876c4856528cd878e17ea097a2888bb9931b1a95026afddac35144e5b0bf3ff7c39d1ad47509d4c900e4ad44987455894c61fa9c5808199b6b1420c822f51a41738348020f81885f6849fe87463b3e66bdde565f17e9518185c647b9116b9548b1898223a27848aa34011b0e13b90f0779c1a04f25786269dd04166f17867aed9792f13626e6269dc80994005f5cda5780706f1652b846954e6dc9b1293a6091b5cb5a1ecadf5b3d4d360d1b4651575a749b17a42aa1b43ebf6f88d9fc7306d12efae221681ea674c85a961bdd32c3a5fe8ace86aaeda67429b1424cbf1939eb0f81468453baf3272f1b8ef9ca2bd7a9d51dcc2a80cd4f56524125d67c6adb0add5a04bc156861fdacb11b84b3d0982a7eac2be996c29e6811cd22340f26cec7e6e8ad1ddd1001084d3841e89e1636f5047a38d0c0e19e4d64b1812f2ea4ae9bef648863b8573fd136b8e3404a7a183eb3ba5ae1a8b41f7c489f6e035a89d7c82a77aaba7f79a3d350f0c4f450d8056169e105d3f8f3e8e0cf6989b80a12c95322b3e77ceaaa80f4b1c3c48579158998aa3e34d87f4e1aa9a3872ed47f15d7055154952281528f7a4b17b06e8bb6724c8f19a9df32d9f2d3df46591bd79a06442b1523ddc60039152d4cf636a0216c12e8fbc7d6c68de86d5d1e5e0b85b11e3e87f37559d07cb3f3fea2249505a47581a022a2df75ecc02e57849a28cfda6bbf6b7dd10e8e08c9309df0eeb6ef9228ba84b9fa1707f0d44f102e5befefe935d9c067451916cec81f94f13be299ef477fa532167626275c8a67862ee5eb2693e6281c7fdab1975bbc9a84bb03b341035e499308ef5d13d87b3d1fd9effe3753a0abfb10ac6e812c00fae836108be5436ae3450cad247c54672494d575b48fd0c8fe84b57bddccbde9c47cad212d5f9b15b41c4f40850445ec09d18be67b9357fd1cf241445a07ae82f3a20f750fbe7c94e3a8b3ac0cd2d4144093d0c1da21ff24d6123c4b577b8327d4fa546dd5e7a17f05cc644856296a161944bc0dbd1a0e03a5d931edbded2ab176f21ebe6860089eaff60ac71216120261c7534ecf65362a4dfa416cbfd0290e6565a0e1792735df5a8221fcb0434788a026caea2af66357b467db6336ad649daaa6493922b38e33638feeef06bd42f1d0d73efbfbd2db5700ecb76a31194e8ba5f580f911c2d06903f44600a700eeaefec05a386e8f4be1b84d501d57bf11852d58a48cbf9662d24cd7e4a76f0de93dce1d1d46365aad29539162eabd2684a2a0667d738beb84d5433754755c7b19219a45acdbc6dbfb8b793d7f0897c5d57ca4ec11d66193d20ab777d4e9f87984f72261a569ffe786a60c8e633226b0a624040488219adf836905dce6343f3f5c53905eb35e7f9e3ac332ed484ff3d71e1bd9ddca352347b2b942d9b1b13cd796ce39a5c69ed33f6559f345188c1aa1905d191136df0442b2c544f6d97346b1a30955bf81787b806c61f47e60e8fce95875d5965c6a0c97084b527c3da1f01e1bc2bb08b2cfea41f11527d9e8be6cbab14193f46c43a071547b79a3cc2c57f248a610401d50d4", 0x1000, 0x3ff}, {&(0x7f0000001880)="71318b9fec774aca96", 0x9, 0xad}, {&(0x7f00000018c0)="0f22b488489475f470223a92f0fb75372c7e2f0affb6357eda525b6a0889121ab1ec28cf4b689a1fd1adf1c3", 0x2c, 0x101}, {&(0x7f0000001900)="485f1dca3a451f822ddd1b7040129b7ddb0f0eb5337e06c724426a257a7ee05872314f425169ec193b87af7b17cab9d97a3cb06ba882edba57c301fc2820cf3d80e1be1bb3efe0822dce5339c327ed65c445c97a44cf", 0x56, 0x3}, {&(0x7f0000001980)="5a8971481ad65c4fd44802a6f2245feeb5d0f1ead31001046688d8814231efcad97804a92c565f1cff722d59c7b61166ff72b991a41a841a9aad24846afa8f1bcf92b5dac71a2ff2dfa10b31a1fad47fbc1209e7423ca8d69ca176bb0f8bfd8001ad0cb12197770a5cdcbf08d1b31850f9d1b16ad7a2402eedfe3776169b0573cab9c9fdc26b470428d4b12882f7b9b828fd556d05fb8910d5da3e12d439a260a656e1a9c95d2b6b88d5a138c3b907fb673574008fb7ee69acf2936fa0859c2df66d6b400a9ba670888055eb6e93505463489cfe9ea98cfc6ba4fb4f03f9ae331db830374d06283540ebb9", 0xeb, 0x80000001}], 0x80082, &(0x7f0000001b40)={[{@check_int_print_mask={'check_int_print_mask', 0x3d, [0x37, 0x31, 0x36, 0x30]}, 0x2c}, {@space_cache='space_cache', 0x2c}, {@nobarrier='nobarrier', 0x2c}, {@flushoncommit='flushoncommit', 0x2c}, {@nossd='nossd', 0x2c}, {@check_int_print_mask={'check_int_print_mask', 0x3d, [0x38, 0x37, 0x39]}, 0x2c}, {@degraded='degraded', 0x2c}, {@notreelog='notreelog', 0x2c}]}) 22:28:36 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc0000000001c000, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) [ 128.904841] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16549 [ 128.962700] FAULT_INJECTION: forcing a failure. [ 128.962700] name failslab, interval 1, probability 0, space 0, times 0 [ 128.974018] CPU: 0 PID: 8351 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 128.982337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 128.991691] Call Trace: [ 128.994292] dump_stack+0x1c9/0x2b4 [ 128.997935] ? dump_stack_print_info.cold.2+0x52/0x52 [ 129.003141] ? __kernel_text_address+0xd/0x40 [ 129.007647] ? unwind_get_return_address+0x61/0xa0 [ 129.012586] should_fail.cold.4+0xa/0x11 [ 129.016660] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 129.021774] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 129.026631] ? save_stack+0xa9/0xd0 [ 129.030270] ? save_stack+0x43/0xd0 [ 129.033906] ? kasan_kmalloc+0xc4/0xe0 [ 129.037806] ? perf_trace_lock+0x920/0x920 [ 129.042046] ? sctp_sendmsg+0x18a2/0x1d90 [ 129.046201] ? sock_sendmsg+0xd5/0x120 [ 129.050099] ? ___sys_sendmsg+0x51d/0x930 [ 129.054254] ? __sys_sendmmsg+0x240/0x6f0 [ 129.058413] ? __x64_sys_sendmmsg+0x9d/0x100 22:28:36 executing program 6: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000b4508a)='/dev/ashmem\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xc, 0x31, 0xffffffffffffffff, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe) r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x1, 0x2) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='cgroup.max.depth\x00', 0x2, 0x0) mmap(&(0x7f00006ff000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x40087707, &(0x7f00000011c0)="000000800000800000") mmap(&(0x7f00002f1000/0x4000)=nil, 0x4000, 0x5, 0x4010, r2, 0x49) write$P9_RLINK(r1, &(0x7f0000000080)={0x7, 0x47, 0x2}, 0x7) 22:28:36 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x8d4, 0x20}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x4, &(0x7f00000000c0)=@raw=[@ldst={0x1, 0x3, 0x6, 0xb, 0xf, 0x29, 0xffffffffffffffff}, @generic={0x3f, 0xfffffffffffffffe, 0x1000, 0x1}], &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x48) 22:28:36 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x200000088) recvfrom$inet6(r0, &(0x7f0000000140)=""/185, 0xb9, 0x40000, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000280)=0x5ae, 0x4) r1 = socket$inet6(0xa, 0x8000000000000803, 0x88) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuset.memory_pressure\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r2, 0x84, 0x16, &(0x7f0000000080)={0x9, [0x2, 0x20400000000000, 0x390, 0x8, 0x8, 0x1, 0x3, 0x0, 0x3]}, 0x16) sendmsg$inet_sctp(r1, &(0x7f0000a29000)={&(0x7f0000000040)=@in6={0xa, 0x4e23, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c, &(0x7f0000002540)}, 0x0) ioctl$TIOCGLCKTRMIOS(r2, 0x5456, &(0x7f00000000c0)={0x10000, 0xe5, 0x10000, 0xa415, 0x401, 0x1a, 0x83, 0x5, 0x10000, 0x1, 0x5, 0x6}) 22:28:36 executing program 6: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, &(0x7f0000001880)=ANY=[]) r0 = creat(&(0x7f00000000c0)='./file0/file0\x00', 0x0) getpid() r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000200)={0xaa, 0x4}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000100)={0x1, 0x1ff, {0x9, 0x2, 0x4, 0x16, 0x1, 0x8, 0x5, 0x55}}) mremap(&(0x7f0000011000/0x1000)=nil, 0x1000, 0x11000, 0x3, &(0x7f0000fef000/0x11000)=nil) fallocate(r0, 0x0, 0x800000, 0x8) statfs(&(0x7f0000000140)='./file0/file0\x00', &(0x7f00000003c0)=""/229) [ 129.062833] ? do_syscall_64+0x1b9/0x820 [ 129.066901] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 129.072276] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 129.077821] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 129.082673] ? perf_trace_lock+0x920/0x920 [ 129.086919] ? lock_acquire+0x1e4/0x540 [ 129.091165] ? sctp_bind_addr_state+0x292/0x480 [ 129.095842] ? lock_downgrade+0x8f0/0x8f0 [ 129.099999] __should_failslab+0x124/0x180 [ 129.104246] should_failslab+0x9/0x14 [ 129.108054] kmem_cache_alloc_trace+0x4b/0x780 22:28:36 executing program 3 (fault-call:5 fault-nth:2): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") 22:28:36 executing program 5: pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RUNLINKAT(r1, &(0x7f0000000440)={0x7, 0x4d}, 0x7) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) write$P9_RREADDIR(r1, &(0x7f0000000480)={0x2a, 0x29, 0x1, {0x0, [{{}, 0x0, 0x0, 0x7, './file0'}]}}, 0x2a) write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0) mount$9p_fd(0x0, &(0x7f0000000540)='./file1\x00', &(0x7f0000000580)='9p\x00', 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d}, 0x2c, {'wfdno', 0x3d}, 0x2c}) mount$9p_tcp(&(0x7f0000000040)='127.0.0.1\x00', &(0x7f0000000180)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000500)={'trans=tcp,', {'port', 0x3d}, 0x2c}) fallocate(r1, 0x0, 0x8, 0x10001) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000900)='9p\x00', 0x0, &(0x7f0000000840)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/rtc0\x00', 0x20400, 0x0) ioctl$KDDELIO(r2, 0x4b35, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000300)={0x8, 0x8002, 0x3ff, 0x8, 0x0}, &(0x7f0000000380)=0x10) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffff9c, 0x84, 0x11, &(0x7f0000000400)={0x0}, &(0x7f00000004c0)=0x8) getsockopt$inet_sctp_SCTP_STATUS(r2, 0x84, 0xe, &(0x7f00000005c0)={r3, 0xbd, 0x1, 0x9, 0x80000001, 0x9, 0x6, 0x2, {r4, @in={{0x2, 0x4e21, @broadcast=0xffffffff}}, 0xb0, 0x7, 0x1, 0x40, 0x7}}, &(0x7f0000000680)=0xb0) 22:28:36 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000140)='pids.max\x00', 0x2, 0x0) sendfile(r1, r1, &(0x7f0000000080), 0x8) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/nat_icmp_send\x00', 0x2, 0x0) setsockopt$RDS_FREE_MR(r2, 0x114, 0x3, &(0x7f00000000c0)={{0x1, 0x200}, 0x2}, 0x10) [ 129.112646] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 129.117940] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 129.122968] sctp_add_bind_addr+0x101/0x4b0 [ 129.127298] ? sctp_bind_addr_free+0x20/0x20 [ 129.131714] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 129.136911] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 129.142453] ? sctp_v4_scope+0x19b/0x1c0 [ 129.146517] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 129.151712] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 129.156737] sctp_copy_local_addr_list+0x499/0x690 [ 129.161672] ? sctp_defaults_init+0xe70/0xe70 [ 129.166171] ? get_random_bytes+0x34/0x40 [ 129.170323] ? sctp_association_new+0x1aab/0x2290 [ 129.175174] ? n_tty_open+0x1b/0x160 [ 129.178894] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 129.184087] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 129.189630] sctp_copy_one_addr+0x5d/0x170 [ 129.193864] ? sctp_copy_one_addr+0x5d/0x170 [ 129.198282] sctp_bind_addr_copy+0x173/0x47c [ 129.201644] FAULT_INJECTION: forcing a failure. [ 129.201644] name failslab, interval 1, probability 0, space 0, times 0 [ 129.202690] ? sctp_copy_one_addr+0x170/0x170 [ 129.202706] ? sctp_autobind+0x16d/0x1f0 [ 129.202722] ? sctp_do_bind+0x5f0/0x5f0 [ 129.202740] sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 129.202757] ? security_sctp_bind_connect+0x99/0xc0 [ 129.202780] sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 129.241577] ? lock_acquire+0x1e4/0x540 [ 129.245541] ? sctp_sendmsg+0x1278/0x1d90 [ 129.249684] ? sctp_autobind+0x1f0/0x1f0 [ 129.253733] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 129.258306] ? kasan_check_write+0x14/0x20 [ 129.262529] ? lock_sock_nested+0x9f/0x120 [ 129.266754] ? trace_hardirqs_on+0xd/0x10 [ 129.270892] ? __local_bh_enable_ip+0x161/0x230 [ 129.275551] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 129.281079] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 129.286273] sctp_sendmsg+0x18a2/0x1d90 [ 129.290235] ? do_raw_spin_unlock+0xa7/0x2f0 [ 129.294639] ? sctp_id2assoc+0x3e0/0x3e0 [ 129.298690] ? _raw_spin_unlock_bh+0x30/0x40 [ 129.303090] ? __release_sock+0x3a0/0x3a0 [ 129.307234] inet_sendmsg+0x1a1/0x690 [ 129.311028] ? copy_msghdr_from_user+0x340/0x580 [ 129.315773] ? ipip_gro_receive+0x100/0x100 [ 129.320086] ? move_addr_to_kernel.part.20+0x100/0x100 [ 129.325354] ? security_socket_sendmsg+0x94/0xc0 [ 129.330101] ? ipip_gro_receive+0x100/0x100 [ 129.334433] sock_sendmsg+0xd5/0x120 [ 129.338136] ___sys_sendmsg+0x51d/0x930 [ 129.342098] ? __check_object_size+0x9d/0x5f2 [ 129.346584] ? copy_msghdr_from_user+0x580/0x580 [ 129.351330] ? lock_acquire+0x1e4/0x540 [ 129.355299] ? __fget_light+0x2f7/0x440 [ 129.359259] ? fget_raw+0x20/0x20 [ 129.362713] ? proc_fail_nth_write+0x9e/0x210 [ 129.367209] ? proc_cwd_link+0x1d0/0x1d0 [ 129.371266] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 129.376791] ? sockfd_lookup_light+0xc5/0x160 [ 129.381279] __sys_sendmmsg+0x240/0x6f0 [ 129.385247] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 129.389559] ? fsnotify_first_mark+0x350/0x350 [ 129.394143] ? __fsnotify_parent+0xcc/0x420 [ 129.398453] ? fsnotify+0x14e0/0x14e0 [ 129.402251] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 129.407774] ? fput+0x130/0x1a0 [ 129.411042] ? ksys_write+0x1ae/0x260 [ 129.414832] ? __ia32_sys_read+0xb0/0xb0 [ 129.418887] __x64_sys_sendmmsg+0x9d/0x100 [ 129.423116] do_syscall_64+0x1b9/0x820 [ 129.426991] ? finish_task_switch+0x1d3/0x870 [ 129.431476] ? syscall_return_slowpath+0x5e0/0x5e0 [ 129.436395] ? syscall_return_slowpath+0x31d/0x5e0 [ 129.441312] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 129.446319] ? prepare_exit_to_usermode+0x291/0x3b0 [ 129.451325] ? perf_trace_sys_enter+0xb10/0xb10 [ 129.455985] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 129.460823] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 129.466000] RIP: 0033:0x455e29 [ 129.469177] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 129.488424] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 129.496125] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 129.503384] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 22:28:37 executing program 0: capset(&(0x7f0000000000)={0x400019980330}, &(0x7f0000000080)) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x40800, 0x0) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffff9c, 0x84, 0x7c, &(0x7f00000000c0)={0x0, 0x100000000, 0x3}, &(0x7f0000000100)=0x8) setsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000140)={r1, 0x93, 0x8, 0xffffffff}, 0x10) semctl$IPC_RMID(0x0, 0x0, 0x10) [ 129.510640] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 129.517897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 129.525154] R13: 00000000004c111c R14: 00000000004d1558 R15: 0000000000000017 [ 129.532425] CPU: 1 PID: 8382 Comm: syz-executor3 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 129.540745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 129.550096] Call Trace: [ 129.552689] dump_stack+0x1c9/0x2b4 [ 129.556320] ? dump_stack_print_info.cold.2+0x52/0x52 [ 129.561500] ? lock_release+0xa30/0xa30 [ 129.565468] should_fail.cold.4+0xa/0x11 [ 129.569517] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 129.574609] ? is_bpf_text_address+0xd7/0x170 [ 129.579205] ? kernel_text_address+0x79/0xf0 [ 129.583599] ? __kernel_text_address+0xd/0x40 [ 129.588084] ? __save_stack_trace+0x8d/0xf0 [ 129.592403] ? save_stack+0xa9/0xd0 [ 129.596033] ? save_stack+0x43/0xd0 [ 129.599647] ? kasan_kmalloc+0xc4/0xe0 [ 129.603539] ? kasan_slab_alloc+0x12/0x20 [ 129.607671] ? kmem_cache_alloc+0x12e/0x760 [ 129.611980] ? ext4_writepages+0x13b4/0x4100 [ 129.616377] ? do_writepages+0x9a/0x1a0 [ 129.620337] ? __filemap_fdatawrite_range+0x364/0x4a0 [ 129.625527] ? filemap_write_and_wait+0x44/0xc0 [ 129.630182] ? ext4_bmap+0x26e/0x420 [ 129.633879] ? do_vfs_ioctl+0x130f/0x1720 [ 129.638014] ? ksys_ioctl+0xa9/0xd0 [ 129.641630] ? do_syscall_64+0x1b9/0x820 [ 129.645677] ? check_same_owner+0x340/0x340 [ 129.649989] ? rcu_note_context_switch+0x730/0x730 [ 129.654908] ? trace_hardirqs_off+0xd/0x10 [ 129.659130] __should_failslab+0x124/0x180 [ 129.663353] should_failslab+0x9/0x14 [ 129.667142] kmem_cache_alloc+0x2af/0x760 [ 129.671280] ? lock_release+0xa30/0xa30 [ 129.675243] jbd2__journal_start+0x1e7/0xa80 [ 129.679639] ? jbd2_write_access_granted.part.9+0x430/0x430 [ 129.685335] ? rcu_note_context_switch+0x730/0x730 [ 129.690273] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 129.695797] __ext4_journal_start_sb+0x182/0x600 [ 129.700537] ? ext4_writepages+0x16b3/0x4100 [ 129.704931] ? ext4_journal_abort_handle.isra.5+0x260/0x260 [ 129.710627] ? rcu_note_context_switch+0x730/0x730 [ 129.715542] ? ext4_ind_trans_blocks+0x12/0x80 [ 129.720113] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 129.725634] ? ext4_meta_trans_blocks+0x25f/0x310 [ 129.730466] ext4_writepages+0x16b3/0x4100 [ 129.734698] ? perf_trace_lock+0x920/0x920 [ 129.738928] ? ext4_mark_inode_dirty+0xb50/0xb50 [ 129.743681] ? trace_hardirqs_on+0x10/0x10 [ 129.747903] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 129.752734] ? perf_trace_lock+0x920/0x920 [ 129.756957] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 129.761790] ? perf_trace_lock+0x920/0x920 [ 129.766024] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 129.771551] ? wbc_attach_and_unlock_inode+0x596/0x9f0 [ 129.776812] ? lock_downgrade+0x8f0/0x8f0 [ 129.780968] ? lock_downgrade+0x8f0/0x8f0 [ 129.785109] ? kasan_check_read+0x11/0x20 [ 129.789245] ? do_raw_spin_unlock+0xa7/0x2f0 [ 129.793647] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 129.798214] ? lock_acquire+0x1e4/0x540 [ 129.802173] ? __filemap_fdatawrite_range+0x31d/0x4a0 [ 129.807356] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 129.812878] ? wbc_attach_and_unlock_inode+0x64b/0x9f0 [ 129.818140] ? ext4_mark_inode_dirty+0xb50/0xb50 [ 129.822885] do_writepages+0x9a/0x1a0 [ 129.826670] ? ext4_mark_inode_dirty+0xb50/0xb50 [ 129.831410] ? do_writepages+0x9a/0x1a0 [ 129.835373] __filemap_fdatawrite_range+0x364/0x4a0 [ 129.840376] ? delete_from_page_cache_batch+0x1430/0x1430 [ 129.845899] ? __might_fault+0x12b/0x1e0 [ 129.849952] ? cap_capable+0x1f9/0x260 [ 129.853836] filemap_write_and_wait+0x44/0xc0 [ 129.858315] ext4_bmap+0x26e/0x420 [ 129.861866] do_vfs_ioctl+0x130f/0x1720 [ 129.865827] ? fsnotify_first_mark+0x350/0x350 [ 129.870395] ? __fsnotify_parent+0xcc/0x420 [ 129.874703] ? ioctl_preallocate+0x300/0x300 [ 129.879099] ? __fget_light+0x2f7/0x440 [ 129.883060] ? fget_raw+0x20/0x20 [ 129.886504] ? __sb_end_write+0xac/0xe0 [ 129.890467] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 129.895989] ? fput+0x130/0x1a0 [ 129.899256] ? ksys_write+0x1ae/0x260 [ 129.903046] ? security_file_ioctl+0x94/0xc0 [ 129.907440] ksys_ioctl+0xa9/0xd0 [ 129.910881] __x64_sys_ioctl+0x73/0xb0 [ 129.914755] do_syscall_64+0x1b9/0x820 [ 129.918637] ? finish_task_switch+0x1d3/0x870 [ 129.923120] ? syscall_return_slowpath+0x5e0/0x5e0 [ 129.928035] ? syscall_return_slowpath+0x31d/0x5e0 [ 129.932950] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 129.937952] ? prepare_exit_to_usermode+0x291/0x3b0 [ 129.942954] ? perf_trace_sys_enter+0xb10/0xb10 [ 129.947620] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 129.952454] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 129.957628] RIP: 0033:0x455e29 [ 129.960796] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 129.980077] RSP: 002b:00007fd741d08c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 129.987784] RAX: ffffffffffffffda RBX: 00007fd741d096d4 RCX: 0000000000455e29 [ 129.995038] RDX: 0000000020000000 RSI: 0000000000000001 RDI: 0000000000000014 [ 130.002289] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 130.009541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 130.016793] R13: 00000000004bc8fb R14: 00000000004cad78 R15: 0000000000000002 [ 130.024137] EXT4-fs (sda1): ext4_writepages: jbd2_start: 9223372036854775807 pages, ino 16549; err -12 22:28:37 executing program 1: r0 = socket$inet(0x2, 0xff7fffffffffffff, 0x0) connect$unix(r0, &(0x7f0000000240)=@file={0x0, './file0\x00'}, 0x6e) 22:28:37 executing program 2 (fault-call:1 fault-nth:24): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) 22:28:37 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x2, 0x40000) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) ftruncate(r2, 0x8200) r3 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x40000000011, r3, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3, 0x12, r3, 0x0) mlock(&(0x7f0000000000/0x3000)=nil, 0x3000) sigaltstack(&(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140)) mlock2(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0) r4 = getpid() ioprio_set$pid(0x3, r4, 0x7fffffff) [ 130.121077] FAULT_INJECTION: forcing a failure. [ 130.121077] name failslab, interval 1, probability 0, space 0, times 0 [ 130.132391] CPU: 0 PID: 8398 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 130.140703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 130.150050] Call Trace: [ 130.152645] dump_stack+0x1c9/0x2b4 [ 130.156279] ? dump_stack_print_info.cold.2+0x52/0x52 [ 130.161481] ? __kernel_text_address+0xd/0x40 [ 130.165984] ? unwind_get_return_address+0x61/0xa0 [ 130.170924] should_fail.cold.4+0xa/0x11 [ 130.175085] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 130.180197] ? save_stack+0xa9/0xd0 [ 130.183828] ? save_stack+0x43/0xd0 [ 130.187464] ? kasan_kmalloc+0xc4/0xe0 [ 130.191380] ? kmem_cache_alloc_trace+0x152/0x780 [ 130.196227] ? sctp_add_bind_addr+0x101/0x4b0 [ 130.200725] ? sctp_copy_local_addr_list+0x499/0x690 [ 130.205826] ? sctp_copy_one_addr+0x5d/0x170 [ 130.210237] ? sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 130.215950] ? sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 130.220792] ? sctp_sendmsg+0x18a2/0x1d90 [ 130.224940] ? inet_sendmsg+0x1a1/0x690 [ 130.228917] ? sock_sendmsg+0xd5/0x120 [ 130.232811] ? ___sys_sendmsg+0x51d/0x930 [ 130.236959] ? __sys_sendmmsg+0x240/0x6f0 [ 130.241110] ? __x64_sys_sendmmsg+0x9d/0x100 [ 130.245519] ? do_syscall_64+0x1b9/0x820 [ 130.249582] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 130.254955] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 130.260500] ? _extract_crng+0x23b/0x320 [ 130.264567] ? lock_acquire+0x1e4/0x540 22:28:37 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) bind(0xffffffffffffffff, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2}, 0x0, 0x0, 0x0, 0x1}}, 0x80) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="4f3899861715935fea548d473cb44aa119e8e85ed6d55cbb904da7c0f0f0fb2f0603bafce8cdf2cbc139fb0cfa08a036662601cfc787fd3881f01a6cd3b7324fabbdd23265") uname(&(0x7f0000000080)=""/55) r1 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) clone(0x0, &(0x7f0000000180), &(0x7f0000000240), &(0x7f00000002c0), &(0x7f0000000300)) ioctl(r1, 0x2000c2604110, &(0x7f0000000000)) 22:28:37 executing program 0: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) r2 = syz_open_dev$mice(&(0x7f0000000200)='/dev/input/mice\x00', 0x0, 0x6) write(r2, &(0x7f0000000280)="8d", 0x1) read(r2, &(0x7f0000000080)=""/52, 0x34) r3 = getpgrp(0xffffffffffffffff) fcntl$lock(r2, 0x7, &(0x7f0000000040)={0x1, 0x0, 0x9, 0x200, r3}) r4 = epoll_create1(0x80000) fcntl$getflags(r4, 0x40b) [ 130.268544] ? kmem_cache_alloc_trace+0x567/0x780 [ 130.273391] ? lock_downgrade+0x8f0/0x8f0 [ 130.277543] ? lock_acquire+0x1e4/0x540 [ 130.281521] ? sctp_bind_addr_state+0x292/0x480 [ 130.286188] ? lock_downgrade+0x8f0/0x8f0 [ 130.290341] ? kasan_unpoison_shadow+0x35/0x50 [ 130.294927] __should_failslab+0x124/0x180 [ 130.299172] should_failslab+0x9/0x14 [ 130.302984] kmem_cache_alloc_trace+0x4b/0x780 [ 130.307569] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 130.312757] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 130.317770] sctp_add_bind_addr+0x101/0x4b0 22:28:38 executing program 4: pipe2(&(0x7f0000f61000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000bc8000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000d62fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) write$binfmt_aout(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="811e173ecc013bb08203000007000000200300001f000000000000000000000057176a8ee6f275b4f7dc93df3c55cb51c7785e0eea81a3bcfabc954b618b0e9027031ef737e51981eba438dd7142043492003145fd505dc042cb000000000000000000"], 0x63) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x1c) read(r0, &(0x7f0000000000)=""/126, 0x7e) ioctl$FIONREAD(r1, 0x541b, &(0x7f0000604ffc)) dup2(r0, r2) [ 130.322092] ? sctp_bind_addr_free+0x20/0x20 [ 130.326500] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 130.331692] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 130.337232] ? sctp_v4_scope+0x19b/0x1c0 [ 130.341303] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 130.346491] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 130.351513] sctp_copy_local_addr_list+0x499/0x690 [ 130.356445] ? sctp_defaults_init+0xe70/0xe70 [ 130.360944] ? get_random_bytes+0x34/0x40 [ 130.365095] ? sctp_association_new+0x1aab/0x2290 [ 130.369945] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 130.375135] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 130.378167] 9pnet: p9_fd_create_tcp (8376): problem connecting socket to 127.0.0.1 [ 130.380670] sctp_copy_one_addr+0x5d/0x170 [ 130.380684] ? sctp_copy_one_addr+0x5d/0x170 [ 130.380702] sctp_bind_addr_copy+0x173/0x47c [ 130.394106] 9pnet: p9_fd_create_tcp (8407): problem connecting socket to 127.0.0.1 [ 130.396995] ? sctp_copy_one_addr+0x170/0x170 [ 130.397010] ? sctp_autobind+0x16d/0x1f0 [ 130.397025] ? sctp_do_bind+0x5f0/0x5f0 22:28:38 executing program 5: io_setup(0x4, &(0x7f00000001c0)=0x0) r1 = timerfd_create(0x7, 0x80000) r2 = syz_open_dev$vcsn(&(0x7f00000002c0)='/dev/vcs#\x00', 0x9, 0x40) r3 = open(&(0x7f0000000340)='./file0\x00', 0x101000, 0x1a) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/rfkill\x00', 0x2, 0x0) r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000440)='/proc/sys/net/ipv4/vs/sloppy_tcp\x00', 0x2, 0x0) r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000580)='/dev/snd/pcmC#D#p\x00', 0xffffffffffffff9c}, 0x10) r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r8 = openat$audio(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/audio\x00', 0x0, 0x0) r9 = openat$cgroup_procs(0xffffffffffffff9c, &(0x7f0000000840)='cgroup.threads\x00', 0x2, 0x0) r10 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000ac0)='/dev/cuse\x00', 0x40, 0x0) r11 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r12 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f00000009c0)='wlan0ppp1-:&wlan0trustedmd5sumppp0\x00'}, 0x10) io_submit(r0, 0x6, &(0x7f0000000a80)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0xf, 0x3, r1, &(0x7f0000000200)="f5b525983eecf671b0fd8c6c9ca7f6d11b44effb69216193025ae9686eba07310cc4c4a6e80189f237d06844b5532e901c5b6b298bd997c9d173321bc69876a2faf6137783bac9e213de42", 0x4b, 0x6, 0x0, 0x0, r2}, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x8, 0x9, r3, &(0x7f0000000380)="4f4b171d45b067bb3036401a463634264f113d7d54d2c780b6718282294594", 0x1f, 0x1, 0x0, 0x0, r4}, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x2, 0x7936cd7e, r5, &(0x7f0000000480)="b9a873d699e70eedfe2a56f9451ea7b2dcbfeb9aa589c456bd1d5d0a59c6cd6dc107e824597f4d093cde1750591a5a7907c8c0832c035d7453ade122ec101bed8f2e42289d67e99ae8c7ea6b5cd41a5902ae120c0e54a62e5e2472b82630f85305c9375f8d3095fbede32b91c9580ada7604637f2af25da6fd7a079e45880817e35c156a27b08b137a6c5bf8fbfdbf2e0500407aacdca11160854a5c34c2b29ddaa2e5e440e36509bcad6a706acc0a59d3c3fffeb00b5fcd903995111460b322e18cade59b97945d8267298dd8ecaadf8abc68", 0xd3, 0x4, 0x0, 0x0, r6}, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x6, 0x7, r7, &(0x7f0000000700)="a3f73f12d0e25a40fd06f0009e2607d57e42aa545a829f2c9f4adaa6f241e3377f4a092c964af41adeb989153a350a29b415b88ff541fe772ce14f0f058ab1f1d37f024eb3243f4e5647ecde21b321b13fd7a4e7aca3190ecbd3305fe10adfdaea29a951eb731bbee0ddc6a537f565d93f68b9861b8a3ac92f3a0acc333c67c7c97e2f7694e260a01aad4a8643e8cb44957d6ba0138b9fcbe6363e", 0x9b, 0x9, 0x0, 0x1, r8}, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x1, 0xa0, r9, &(0x7f0000000880)="4ed82f5280e7d93624019d66d98c2d9d5b2eac686d6a1391da55fe3cf916eaa65ab2f5f2", 0x24, 0x557eed94, 0x0, 0x0, r10}, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x0, 0x2, r11, &(0x7f0000000940)="1d2f3cb943ca9aa69c14699c77b31522005f011ae79bb60e9eeb1dbc7959380b6eecbbf3f64c927c5994692af2095e29e8e6063a63d7643b5012dfd82678b35efb7b966f0078c327bcc01ada0b3d7c2e6e8e8c3337775bd5", 0x58, 0x5, 0x0, 0x0, r12}]) r13 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r13, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r14 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r15, 0xae60) r16 = ioctl$KVM_CREATE_VCPU(r15, 0xae41, 0x200000000) r17 = syz_open_dev$sndpcmp(&(0x7f0000000100)='/dev/snd/pcmC#D#p\x00', 0x7fffffff, 0x400) setsockopt$XDP_UMEM_REG(r17, 0x11b, 0x4, &(0x7f0000000180)={&(0x7f0000000140)=""/50, 0x100000, 0x1000, 0x245e}, 0x18) syz_kvm_setup_cpu$x86(r15, r16, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000005c0)="82780000260f017731f3d87e0b0f20e06635000020000f22e066b9800000c00f326635002000000f30640f02d766b8008000000f23d80f21f86635400000f00f23f8db13b85f078ee82e0f01cf"}], 0xaaaaaaaaaaaac60, 0x0, &(0x7f0000000100), 0x330) ioctl$KVM_ENABLE_CAP_CPU(r16, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [0x4b564d02, 0x1]}) ioctl$KVM_RUN(r16, 0xae80, 0x0) [ 130.397040] sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 130.397060] ? security_sctp_bind_connect+0x99/0xc0 [ 130.432122] sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 130.436793] ? lock_acquire+0x1e4/0x540 [ 130.440764] ? sctp_sendmsg+0x1278/0x1d90 [ 130.444913] ? sctp_autobind+0x1f0/0x1f0 [ 130.448975] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 130.453568] ? kasan_check_write+0x14/0x20 [ 130.457807] ? lock_sock_nested+0x9f/0x120 [ 130.462052] ? trace_hardirqs_on+0xd/0x10 [ 130.466199] ? __local_bh_enable_ip+0x161/0x230 [ 130.470872] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 130.476412] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 130.481604] sctp_sendmsg+0x18a2/0x1d90 [ 130.485580] ? do_raw_spin_unlock+0xa7/0x2f0 [ 130.489991] ? sctp_id2assoc+0x3e0/0x3e0 [ 130.494054] ? _raw_spin_unlock_bh+0x30/0x40 [ 130.498464] ? __release_sock+0x3a0/0x3a0 [ 130.502622] inet_sendmsg+0x1a1/0x690 [ 130.506429] ? copy_msghdr_from_user+0x340/0x580 [ 130.511179] ? ipip_gro_receive+0x100/0x100 [ 130.515481] ? move_addr_to_kernel.part.20+0x100/0x100 [ 130.520740] ? security_socket_sendmsg+0x94/0xc0 [ 130.525472] ? ipip_gro_receive+0x100/0x100 [ 130.529775] sock_sendmsg+0xd5/0x120 [ 130.533470] ___sys_sendmsg+0x51d/0x930 [ 130.537441] ? __check_object_size+0x9d/0x5f2 [ 130.541922] ? copy_msghdr_from_user+0x580/0x580 [ 130.546660] ? lock_acquire+0x1e4/0x540 [ 130.550618] ? __fget_light+0x2f7/0x440 [ 130.554571] ? fget_raw+0x20/0x20 [ 130.558011] ? proc_fail_nth_write+0x9e/0x210 [ 130.562493] ? proc_cwd_link+0x1d0/0x1d0 [ 130.566548] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 130.572081] ? sockfd_lookup_light+0xc5/0x160 [ 130.576568] __sys_sendmmsg+0x240/0x6f0 [ 130.580525] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 130.584837] ? fsnotify_first_mark+0x350/0x350 [ 130.589398] ? __fsnotify_parent+0xcc/0x420 [ 130.593699] ? fsnotify+0x14e0/0x14e0 [ 130.597485] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 130.603002] ? fput+0x130/0x1a0 [ 130.606286] ? ksys_write+0x1ae/0x260 [ 130.610069] ? __ia32_sys_read+0xb0/0xb0 [ 130.614125] __x64_sys_sendmmsg+0x9d/0x100 [ 130.618345] do_syscall_64+0x1b9/0x820 [ 130.622213] ? finish_task_switch+0x1d3/0x870 [ 130.626687] ? syscall_return_slowpath+0x5e0/0x5e0 [ 130.631599] ? syscall_return_slowpath+0x31d/0x5e0 [ 130.636518] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 130.641524] ? prepare_exit_to_usermode+0x291/0x3b0 [ 130.646531] ? perf_trace_sys_enter+0xb10/0xb10 [ 130.651178] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 130.656011] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 130.661187] RIP: 0033:0x455e29 [ 130.664352] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 130.683481] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 130.691169] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 130.698419] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 [ 130.705669] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 130.713008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 22:28:38 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc0000000000e000, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:38 executing program 6: r0 = dup3(0xffffffffffffff9c, 0xffffffffffffffff, 0x0) ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000000040)) mmap$binder(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x2, 0x100000002132, 0xffffffffffffffff, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0xc812, r1, 0x0) r2 = socket$inet(0x2, 0x3, 0x2) getsockopt$inet_buf(r2, 0x0, 0x20, &(0x7f0000000200)=""/221, &(0x7f0000000000)=0xdd) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000080)={{0xff, 0x4}, 'port0\x00', 0x4, 0x3, 0x8000, 0xffffffffffff30fa, 0x1f, 0x100000000, 0x48, 0x0, 0x1, 0x401}) 22:28:38 executing program 1: r0 = syz_open_dev$adsp(&(0x7f00000001c0)='/dev/adsp#\x00', 0x0, 0x30080) ioctl$KVM_ENABLE_CAP_CPU(r0, 0x4068aea3, &(0x7f0000000200)={0x7b, 0x0, [0xfff0000, 0x80000000, 0x3, 0x2]}) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x3ff) ioctl$SG_GET_ACCESS_COUNT(r0, 0x2289, &(0x7f0000000400)) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x1000000000008912, &(0x7f0000000080)="025cc83d6d345f8f762070") r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x20000, 0x0) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$KVM_GET_EMULATED_CPUID(r3, 0xc008ae09, &(0x7f0000000140)=""/127) r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/sequencer2\x00', 0x0, 0x0) futex(&(0x7f0000000ffc), 0x85, 0x0, &(0x7f0000fd3ff0), &(0x7f0000000ffc), 0x80000000) r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r5, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000080)="66baa00066b8dd1466ef650f01cfb8ac6300000f23d80f21f835800000900f23f80f019d27460000c4c19d14aea3000000260f22c1f20f7c320f01ca0f358fc978e2b170310000", 0x47}], 0x1, 0x24, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r3, 0x84, 0x71, &(0x7f0000000300)={0x0, 0x20}, &(0x7f0000000340)=0x8) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r4, 0x84, 0x76, &(0x7f0000000380)={r7, 0x6}, &(0x7f00000003c0)=0x8) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000000)={0x10007, 0x0, 0x0, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) ioctl$KVM_DEASSIGN_DEV_IRQ(r4, 0x4040ae75, &(0x7f0000000440)={0x280, 0x7c0, 0x6}) 22:28:38 executing program 2 (fault-call:1 fault-nth:25): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) 22:28:38 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) ioctl(r1, 0x1, &(0x7f0000000000)="a0040ad8") [ 130.720272] R13: 00000000004c111c R14: 00000000004d1558 R15: 0000000000000018 [ 130.728849] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16549 [ 130.743334] attempt to access beyond end of device [ 130.748291] loop6: rw=1, want=9469, limit=112 [ 130.810862] FAULT_INJECTION: forcing a failure. [ 130.810862] name failslab, interval 1, probability 0, space 0, times 0 [ 130.822196] CPU: 1 PID: 8440 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 130.830506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 130.839864] Call Trace: [ 130.842446] dump_stack+0x1c9/0x2b4 [ 130.846067] ? dump_stack_print_info.cold.2+0x52/0x52 [ 130.851250] ? __kernel_text_address+0xd/0x40 [ 130.855734] ? unwind_get_return_address+0x61/0xa0 [ 130.860660] should_fail.cold.4+0xa/0x11 [ 130.864712] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 130.869810] ? save_stack+0xa9/0xd0 [ 130.873423] ? save_stack+0x43/0xd0 [ 130.877038] ? kasan_kmalloc+0xc4/0xe0 [ 130.880911] ? kmem_cache_alloc_trace+0x152/0x780 [ 130.885766] ? sctp_add_bind_addr+0x101/0x4b0 [ 130.890261] ? sctp_copy_local_addr_list+0x499/0x690 [ 130.895348] ? sctp_copy_one_addr+0x5d/0x170 [ 130.899745] ? sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 130.905444] ? sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 130.910272] ? sctp_sendmsg+0x18a2/0x1d90 [ 130.914406] ? inet_sendmsg+0x1a1/0x690 [ 130.918368] ? sock_sendmsg+0xd5/0x120 [ 130.922240] ? ___sys_sendmsg+0x51d/0x930 [ 130.926373] ? __sys_sendmmsg+0x240/0x6f0 [ 130.930506] ? __x64_sys_sendmmsg+0x9d/0x100 [ 130.934921] ? do_syscall_64+0x1b9/0x820 [ 130.938970] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 130.944324] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 130.949850] ? _extract_crng+0x23b/0x320 [ 130.953907] ? lock_acquire+0x1e4/0x540 [ 130.957868] ? kmem_cache_alloc_trace+0x567/0x780 [ 130.962697] ? lock_downgrade+0x8f0/0x8f0 [ 130.966839] ? lock_acquire+0x1e4/0x540 [ 130.970800] ? sctp_bind_addr_state+0x292/0x480 [ 130.975455] ? lock_downgrade+0x8f0/0x8f0 [ 130.979592] ? kasan_unpoison_shadow+0x35/0x50 [ 130.984161] __should_failslab+0x124/0x180 [ 130.988386] should_failslab+0x9/0x14 [ 130.992173] kmem_cache_alloc_trace+0x4b/0x780 [ 130.996745] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 131.001927] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 131.006931] sctp_add_bind_addr+0x101/0x4b0 [ 131.011241] ? sctp_bind_addr_free+0x20/0x20 [ 131.015635] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 131.020812] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 131.026333] ? sctp_v4_scope+0x19b/0x1c0 [ 131.030380] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 131.035557] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 131.040561] sctp_copy_local_addr_list+0x499/0x690 [ 131.045490] ? sctp_defaults_init+0xe70/0xe70 [ 131.049983] ? get_random_bytes+0x34/0x40 [ 131.054127] ? sctp_association_new+0x1aab/0x2290 [ 131.058962] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 131.064137] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 131.069661] sctp_copy_one_addr+0x5d/0x170 [ 131.073882] ? sctp_copy_one_addr+0x5d/0x170 [ 131.078280] sctp_bind_addr_copy+0x173/0x47c [ 131.082679] ? sctp_copy_one_addr+0x170/0x170 [ 131.087159] ? sctp_autobind+0x16d/0x1f0 [ 131.091209] ? sctp_do_bind+0x5f0/0x5f0 [ 131.095171] sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 131.100695] ? security_sctp_bind_connect+0x99/0xc0 [ 131.105701] sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 131.110359] ? lock_acquire+0x1e4/0x540 [ 131.114318] ? sctp_sendmsg+0x1278/0x1d90 [ 131.118455] ? sctp_autobind+0x1f0/0x1f0 [ 131.122501] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 131.127072] ? kasan_check_write+0x14/0x20 [ 131.131305] ? lock_sock_nested+0x9f/0x120 [ 131.135525] ? trace_hardirqs_on+0xd/0x10 [ 131.139660] ? __local_bh_enable_ip+0x161/0x230 [ 131.144314] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 131.149836] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 131.155019] sctp_sendmsg+0x18a2/0x1d90 [ 131.158978] ? do_raw_spin_unlock+0xa7/0x2f0 [ 131.163376] ? sctp_id2assoc+0x3e0/0x3e0 [ 131.167425] ? _raw_spin_unlock_bh+0x30/0x40 [ 131.171821] ? __release_sock+0x3a0/0x3a0 [ 131.175964] inet_sendmsg+0x1a1/0x690 [ 131.179753] ? copy_msghdr_from_user+0x340/0x580 [ 131.184495] ? ipip_gro_receive+0x100/0x100 [ 131.188813] ? move_addr_to_kernel.part.20+0x100/0x100 [ 131.194080] ? security_socket_sendmsg+0x94/0xc0 [ 131.198831] ? ipip_gro_receive+0x100/0x100 [ 131.203143] sock_sendmsg+0xd5/0x120 [ 131.206854] ___sys_sendmsg+0x51d/0x930 [ 131.210816] ? __check_object_size+0x9d/0x5f2 [ 131.215300] ? copy_msghdr_from_user+0x580/0x580 [ 131.220045] ? lock_acquire+0x1e4/0x540 [ 131.224015] ? __fget_light+0x2f7/0x440 [ 131.227977] ? fget_raw+0x20/0x20 [ 131.231425] ? proc_fail_nth_write+0x9e/0x210 [ 131.235907] ? proc_cwd_link+0x1d0/0x1d0 [ 131.239957] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 131.245480] ? sockfd_lookup_light+0xc5/0x160 [ 131.249962] __sys_sendmmsg+0x240/0x6f0 [ 131.253928] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 131.258239] ? fsnotify_first_mark+0x350/0x350 [ 131.262817] ? __fsnotify_parent+0xcc/0x420 [ 131.267126] ? fsnotify+0x14e0/0x14e0 [ 131.270925] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 131.276447] ? fput+0x130/0x1a0 [ 131.279715] ? ksys_write+0x1ae/0x260 [ 131.283502] ? __ia32_sys_read+0xb0/0xb0 [ 131.287555] __x64_sys_sendmmsg+0x9d/0x100 [ 131.291779] do_syscall_64+0x1b9/0x820 [ 131.295653] ? finish_task_switch+0x1d3/0x870 [ 131.300135] ? syscall_return_slowpath+0x5e0/0x5e0 [ 131.305061] ? syscall_return_slowpath+0x31d/0x5e0 [ 131.309979] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 131.314992] ? prepare_exit_to_usermode+0x291/0x3b0 [ 131.319998] ? perf_trace_sys_enter+0xb10/0xb10 [ 131.324658] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 131.329502] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 131.334675] RIP: 0033:0x455e29 [ 131.337849] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 22:28:39 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = semget(0x0, 0x7, 0x40) semctl$GETZCNT(r1, 0x3, 0xf, &(0x7f0000000140)=""/86) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={&(0x7f0000000040)={0x10, 0x34000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x200026, 0x829, 0xfffffffffffffffe, 0x0, {0x4}}, 0x14}, 0x1}, 0x0) [ 131.357124] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 131.364818] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 131.372071] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 [ 131.379322] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 131.386574] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 131.393829] R13: 00000000004c111c R14: 00000000004d1558 R15: 0000000000000019 [ 131.414287] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 3624535200 > max in inode 16543 22:28:39 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x400002}, 0x1c) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x5}, 0x1c) 22:28:39 executing program 6: r0 = getpid() sched_setattr(r0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, &(0x7f0000000000)={0x77359400}, &(0x7f0000048000), 0x0) r1 = semget$private(0x0, 0x8, 0x0) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x181800, 0x0) semop(r1, &(0x7f0000000080)=[{0x2, 0xffff}, {}], 0x2) getsockname(r2, &(0x7f0000000100)=@ax25, &(0x7f0000000180)=0x80) semtimedop(r1, &(0x7f0000000240)=[{0x0, 0x8000000000051d}, {0x2, 0x100000b}], 0x2, &(0x7f0000000040)) semctl$IPC_RMID(r1, 0x0, 0x10) 22:28:39 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) ioctl(r1, 0x63, &(0x7f0000000000)="a0040ad8") 22:28:39 executing program 4: r0 = socket(0x11, 0x80002, 0x0) bind$packet(r0, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}}, 0x14) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f00000000c0)={0x0, 0x3f}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e22, @rand_addr=0x1}}, [0x40, 0x109251fb, 0x800, 0x8, 0x4, 0x7, 0xffffffff, 0x8, 0x20, 0xd1, 0x9, 0x1, 0x0, 0x4, 0x3]}, &(0x7f0000000280)=0x100) getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f00000014c0)={r1, 0xb038, 0x9f0, 0x6a2d, 0x9, 0x5, 0x1, 0x6, {r2, @in={{0x2, 0x4e22, @broadcast=0xffffffff}}, 0x2078, 0x3, 0x4c41, 0x3, 0x9}}, &(0x7f0000000440)=0xb0) r3 = socket$inet6(0xa, 0x0, 0x2) bind$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x1f, {0xfffffffffffff801, 0x4, 0x1, 0x3ff, 0x6, 0x3}, 0x1, 0x9}, 0xe) ioctl(r3, 0x4000008912, &(0x7f0000000240)="295ee1311f16f477671070") syz_genetlink_get_family_id$team(&(0x7f0000000000)='team\x00') sysfs$2(0x2, 0x8012, &(0x7f00000004c0)=""/4096) syz_emit_ethernet(0x4a, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaffffffffffff7f000000002b00142c00fe8008000000000000000000000000aafe80000000000000000000000000b61b3cba00003730bd7c68f250d90b8858cee63716922db9c9a56ed1d56a9d8a29404b28f83625c39de32a802854f5e6c1318f6df5eac9950e4da4e3a9b93d114f5bdbe0f09f6ba3c2aa777eb7a63bbc2d021222a6cf96cb6436e274ae7cffc971c3085caedc38d780748a450cda6af5c452c1525a1b7c9160315dd1ad4371a80ca85090fc77575c8250b0e63e255826c9e164e3c190db0e0e5422e0d479204a9e841cc67c977e7d3e964c9fac8638bea50a38333aa0ed68266d86188f29c2f8be8d76958c9cfb39921764490a42814d8cf10aced29b6eaea84bd8c72cbd452457366e34b17eab32c14fe3a3e225688c", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], &(0x7f00000002c0)) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) r4 = syz_open_dev$dspn(&(0x7f0000001580)='/dev/dsp#\x00', 0x81, 0x880) ioctl$RTC_SET_TIME(r4, 0x4024700a, &(0x7f00000015c0)={0x31, 0x13, 0xb, 0x2, 0xb, 0x5, 0x1, 0xd8, 0xffffffffffffffff}) 22:28:39 executing program 0: shutdown(0xffffffffffffffff, 0x1) connect$inet6(0xffffffffffffffff, &(0x7f000000cfe4)={0xa, 0x0, 0x0, @dev={0xfe, 0x80}, 0x7}, 0x1c) sendto(0xffffffffffffffff, &(0x7f0000000000)="702196e263f8c69d8e3bb362e13462da15a334547250b826d19507ce27ec024f2ecbd963e8cd033d", 0x28, 0x0, 0x0, 0x0) 22:28:39 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) ioctl(r1, 0x2, &(0x7f0000000000)="a0040ad8") 22:28:39 executing program 2 (fault-call:1 fault-nth:26): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) [ 131.657829] FAULT_INJECTION: forcing a failure. [ 131.657829] name failslab, interval 1, probability 0, space 0, times 0 [ 131.669133] CPU: 0 PID: 8483 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 131.677460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 131.686815] Call Trace: [ 131.689415] dump_stack+0x1c9/0x2b4 [ 131.693052] ? dump_stack_print_info.cold.2+0x52/0x52 [ 131.698234] ? __kernel_text_address+0xd/0x40 [ 131.702716] ? unwind_get_return_address+0x61/0xa0 [ 131.707632] should_fail.cold.4+0xa/0x11 [ 131.711677] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 131.716767] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 131.721592] ? save_stack+0xa9/0xd0 [ 131.725202] ? save_stack+0x43/0xd0 [ 131.728812] ? kasan_kmalloc+0xc4/0xe0 [ 131.732686] ? perf_trace_lock+0x920/0x920 [ 131.736904] ? sctp_sendmsg+0x18a2/0x1d90 [ 131.741037] ? sock_sendmsg+0xd5/0x120 [ 131.744909] ? ___sys_sendmsg+0x51d/0x930 [ 131.749040] ? __sys_sendmmsg+0x240/0x6f0 [ 131.753173] ? __x64_sys_sendmmsg+0x9d/0x100 [ 131.757568] ? do_syscall_64+0x1b9/0x820 [ 131.761619] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 131.766972] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 131.772496] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 131.777337] ? perf_trace_lock+0x920/0x920 [ 131.781564] ? lock_acquire+0x1e4/0x540 [ 131.785525] ? sctp_bind_addr_state+0x292/0x480 [ 131.790179] ? lock_downgrade+0x8f0/0x8f0 [ 131.794326] __should_failslab+0x124/0x180 [ 131.798552] should_failslab+0x9/0x14 [ 131.802337] kmem_cache_alloc_trace+0x4b/0x780 [ 131.806905] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 131.812081] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 131.817101] sctp_add_bind_addr+0x101/0x4b0 [ 131.821407] ? sctp_bind_addr_free+0x20/0x20 [ 131.825799] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 131.830973] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 131.836492] ? sctp_v4_scope+0x19b/0x1c0 [ 131.840536] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 131.845709] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 131.850711] sctp_copy_local_addr_list+0x499/0x690 [ 131.855625] ? sctp_defaults_init+0xe70/0xe70 [ 131.860109] ? get_random_bytes+0x34/0x40 [ 131.864240] ? sctp_association_new+0x1aab/0x2290 [ 131.869070] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 131.874244] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 131.879767] sctp_copy_one_addr+0x5d/0x170 [ 131.883984] ? sctp_copy_one_addr+0x5d/0x170 [ 131.888379] sctp_bind_addr_copy+0x173/0x47c [ 131.892774] ? sctp_copy_one_addr+0x170/0x170 [ 131.897263] ? sctp_autobind+0x16d/0x1f0 [ 131.901312] ? sctp_do_bind+0x5f0/0x5f0 [ 131.905275] sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 131.910797] ? security_sctp_bind_connect+0x99/0xc0 [ 131.915798] sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 131.920450] ? lock_acquire+0x1e4/0x540 [ 131.924406] ? sctp_sendmsg+0x1278/0x1d90 [ 131.928541] ? sctp_autobind+0x1f0/0x1f0 [ 131.932585] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 131.937160] ? kasan_check_write+0x14/0x20 [ 131.941381] ? lock_sock_nested+0x9f/0x120 [ 131.945600] ? trace_hardirqs_on+0xd/0x10 [ 131.949739] ? __local_bh_enable_ip+0x161/0x230 [ 131.954401] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 131.959923] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 131.965098] sctp_sendmsg+0x18a2/0x1d90 [ 131.969054] ? do_raw_spin_unlock+0xa7/0x2f0 [ 131.973460] ? sctp_id2assoc+0x3e0/0x3e0 [ 131.977510] ? _raw_spin_unlock_bh+0x30/0x40 [ 131.981902] ? __release_sock+0x3a0/0x3a0 [ 131.986043] inet_sendmsg+0x1a1/0x690 [ 131.989831] ? copy_msghdr_from_user+0x340/0x580 [ 131.994581] ? ipip_gro_receive+0x100/0x100 [ 131.998885] ? move_addr_to_kernel.part.20+0x100/0x100 [ 132.004184] ? security_socket_sendmsg+0x94/0xc0 [ 132.008921] ? ipip_gro_receive+0x100/0x100 [ 132.013227] sock_sendmsg+0xd5/0x120 [ 132.016925] ___sys_sendmsg+0x51d/0x930 [ 132.020883] ? __check_object_size+0x9d/0x5f2 [ 132.025362] ? copy_msghdr_from_user+0x580/0x580 [ 132.030104] ? lock_acquire+0x1e4/0x540 [ 132.034067] ? __fget_light+0x2f7/0x440 [ 132.038025] ? fget_raw+0x20/0x20 [ 132.041469] ? proc_fail_nth_write+0x9e/0x210 [ 132.045946] ? proc_cwd_link+0x1d0/0x1d0 [ 132.049992] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 132.055513] ? sockfd_lookup_light+0xc5/0x160 [ 132.059991] __sys_sendmmsg+0x240/0x6f0 [ 132.063955] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 132.068259] ? fsnotify_first_mark+0x350/0x350 [ 132.072822] ? __fsnotify_parent+0xcc/0x420 [ 132.077126] ? fsnotify+0x14e0/0x14e0 [ 132.080921] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 132.086438] ? fput+0x130/0x1a0 [ 132.089702] ? ksys_write+0x1ae/0x260 [ 132.093484] ? __ia32_sys_read+0xb0/0xb0 [ 132.097535] __x64_sys_sendmmsg+0x9d/0x100 [ 132.101756] do_syscall_64+0x1b9/0x820 [ 132.105724] ? finish_task_switch+0x1d3/0x870 [ 132.110204] ? syscall_return_slowpath+0x5e0/0x5e0 [ 132.115121] ? syscall_return_slowpath+0x31d/0x5e0 [ 132.120040] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 132.125041] ? prepare_exit_to_usermode+0x291/0x3b0 [ 132.130045] ? perf_trace_sys_enter+0xb10/0xb10 [ 132.134698] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 132.139526] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 132.144701] RIP: 0033:0x455e29 [ 132.147876] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 132.167081] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 132.174784] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 132.182036] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 [ 132.189286] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 132.196539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 22:28:39 executing program 1: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = gettid() vmsplice(r0, &(0x7f0000001880)=[{&(0x7f0000001780)='w', 0x1}], 0x1, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000040), 0x8) tkill(r2, 0x1000000000016) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000002340)="cd", 0x1}], 0x1, 0x0) 22:28:39 executing program 0: unshare(0x400) io_setup(0x2, &(0x7f0000000280)=0x0) r1 = eventfd2(0x0, 0x0) io_submit(r0, 0xb6a04a8, &(0x7f0000000340)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000400), 0x0, 0x0, 0x0, 0x1, r1}]) [ 132.203789] R13: 00000000004c111c R14: 00000000004d1558 R15: 000000000000001a 22:28:40 executing program 5: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0) write(r0, &(0x7f0000000100)='-5', 0x2) ioctl$RTC_VL_READ(r0, 0x80047013, &(0x7f0000000000)) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) 22:28:40 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6db45f8f762070") r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000140)=ANY=[]) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$fiemap(r2, 0xc020660b, &(0x7f0000000280)=ANY=[@ANYBLOB="00000000000000008e0000000000000001000000000000000000000100000000"]) pread64(r0, &(0x7f0000000040)=""/197, 0xc5, 0x0) 22:28:40 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) ioctl(r1, 0x8, &(0x7f0000000000)="a0040ad8") 22:28:40 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc0000000002c000, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:40 executing program 0: socketpair$inet6_sctp(0xa, 0x1, 0x84, &(0x7f0000000000)={0xffffffffffffffff}) r1 = fcntl$getown(0xffffffffffffff9c, 0x9) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000040)={{{@in6=@remote, @in6=@ipv4={[], [], @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6=@mcast2}}, &(0x7f0000000140)=0xe8) r3 = getegid() setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000180)={r1, r2, r3}, 0xc) 22:28:40 executing program 4: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x1, 0x10100) unlinkat(r0, &(0x7f0000000180)='./file0\x00', 0x200) readlink(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)=""/122, 0x7a) r1 = shmget(0x0, 0x1000, 0x88, &(0x7f0000ffd000/0x1000)=nil) shmctl$SHM_STAT(r1, 0xd, &(0x7f0000000280)=""/94) mount(&(0x7f0000000140)='\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ceph\x00', 0x0, &(0x7f0000000040)) 22:28:40 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) ioctl(r1, 0xc0045878, &(0x7f0000000000)="a0040ad8") 22:28:40 executing program 0: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000080)='./file0/file1\x00', 0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f0000000200)={[{@uni_xlateno='uni_xlate=0', 0x2c}, {@shortname_winnt='shortname=winnt', 0x2c}, {@shortname_winnt='shortname=winnt', 0x2c}, {@utf8='utf8=1', 0x2c}, {@utf8no='utf8=0', 0x2c}, {@utf8no='utf8=0', 0x2c}, {@utf8no='utf8=0', 0x2c}, {@shortname_lower='shortname=lower', 0x2c}]}) syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x100000000000e000, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) mount$9p_rdma(&(0x7f00000000c0)='127.0.0.1\x00', &(0x7f0000000180)='./file0/file1/file0\x00', &(0x7f00000001c0)='9p\x00', 0x40000, &(0x7f0000000280)=ANY=[@ANYBLOB="7472616e733d72646d612c706f82743d3078303030303030303030303030346532302c6d6d61702c63616368653d667363616368652c00"]) r0 = syz_open_dev$vcsa(&(0x7f00000002c0)='/dev/vcsa#\x00', 0x4, 0x200) write$P9_RREADLINK(r0, &(0x7f0000000300)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10) 22:28:40 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000001c0)="025cc83d6d345f8f762070b210d42478e67a071a91d48e26c78c3cc9a51cd99ed0a475c1f69c8281e6f1a509117b9bfb393772c1de09955ba5fb118a9c8b538e5dd93d06d1d707ebc419f25a9ef51cd633af074cfd360a5b017eed272d15a88ff2a1869a848344ee481e386604b2848a9b063059147e7bd837a0b4") r1 = socket$inet6(0xa, 0x1, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000002000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqsrc(r3, 0x0, 0x2000000000000004, &(0x7f0000013ff4)={@local={0xac, 0x14, 0x14, 0xaa}, @rand_addr}, 0xc) getsockopt$inet_mtu(r3, 0x0, 0x29, &(0x7f0000000040), &(0x7f0000000080)=0x4) ioctl$sock_inet_SIOCGARP(r3, 0x8954, &(0x7f0000000140)={{0x2, 0x0, @multicast2=0xe0000002}, {}, 0x0, {0x2, 0x0, @multicast1=0xe0000001}, 'nr0\x00'}) close(r3) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x81, 0x0) ioctl$SNDRV_TIMER_IOCTL_PVERSION(r4, 0x80045400, &(0x7f00000000c0)) dup3(r1, r2, 0x0) 22:28:40 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80}, 0x4}, 0x1c) sigaltstack(&(0x7f0000ffa000/0x4000)=nil, &(0x7f0000000380)) pivot_root(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./file0\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r0, r1, &(0x7f0000000040)=0x100000, 0x8001) 22:28:40 executing program 2 (fault-call:1 fault-nth:27): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) 22:28:40 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000c00200, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:40 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}) ioctl$KVM_NMI(r2, 0xae9a) r3 = accept$inet6(0xffffffffffffff9c, &(0x7f00000000c0)={0x0, 0x0, 0x0, @mcast2}, &(0x7f0000000100)=0x1c) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r3, 0x84, 0x1e, &(0x7f0000000140), &(0x7f0000000180)=0x4) getsockname$packet(0xffffffffffffffff, &(0x7f00000011c0), &(0x7f0000001200)=0xfffffffffffffd8e) r4 = gettid() ptrace$peekuser(0x3, r4, 0x6) ioctl$KVM_RUN(r2, 0xae80, 0x0) 22:28:40 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) ioctl(r1, 0x6c, &(0x7f0000000000)="a0040ad8") [ 132.651517] FAULT_INJECTION: forcing a failure. [ 132.651517] name failslab, interval 1, probability 0, space 0, times 0 [ 132.662796] CPU: 0 PID: 8553 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 132.671114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 132.680462] Call Trace: [ 132.683046] dump_stack+0x1c9/0x2b4 [ 132.686661] ? dump_stack_print_info.cold.2+0x52/0x52 [ 132.692006] ? __kernel_text_address+0xd/0x40 [ 132.696492] ? unwind_get_return_address+0x61/0xa0 [ 132.701410] should_fail.cold.4+0xa/0x11 [ 132.705456] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 132.710545] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 132.715369] ? save_stack+0xa9/0xd0 [ 132.718978] ? save_stack+0x43/0xd0 [ 132.722587] ? kasan_kmalloc+0xc4/0xe0 [ 132.726464] ? perf_trace_lock+0x920/0x920 [ 132.730684] ? sctp_sendmsg+0x18a2/0x1d90 [ 132.734816] ? sock_sendmsg+0xd5/0x120 [ 132.738702] ? ___sys_sendmsg+0x51d/0x930 [ 132.742836] ? __sys_sendmmsg+0x240/0x6f0 [ 132.746966] ? __x64_sys_sendmmsg+0x9d/0x100 [ 132.751368] ? do_syscall_64+0x1b9/0x820 [ 132.755413] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 132.761016] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 132.766540] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 132.771368] ? perf_trace_lock+0x920/0x920 [ 132.775591] ? lock_acquire+0x1e4/0x540 [ 132.779550] ? sctp_bind_addr_state+0x292/0x480 [ 132.784203] ? lock_downgrade+0x8f0/0x8f0 [ 132.788337] __should_failslab+0x124/0x180 [ 132.792561] should_failslab+0x9/0x14 [ 132.796346] kmem_cache_alloc_trace+0x4b/0x780 [ 132.800915] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 132.806089] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 132.811094] sctp_add_bind_addr+0x101/0x4b0 [ 132.815413] ? sctp_bind_addr_free+0x20/0x20 [ 132.819807] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 132.824992] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 132.830516] ? sctp_v4_scope+0x19b/0x1c0 [ 132.834561] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 132.839735] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 132.844740] sctp_copy_local_addr_list+0x499/0x690 [ 132.849655] ? sctp_defaults_init+0xe70/0xe70 [ 132.854138] ? get_random_bytes+0x34/0x40 [ 132.858272] ? sctp_association_new+0x1aab/0x2290 [ 132.863104] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 132.868289] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 132.873811] sctp_copy_one_addr+0x5d/0x170 [ 132.878028] ? sctp_copy_one_addr+0x5d/0x170 [ 132.882422] sctp_bind_addr_copy+0x173/0x47c [ 132.886821] ? sctp_copy_one_addr+0x170/0x170 [ 132.891298] ? sctp_autobind+0x16d/0x1f0 [ 132.895343] ? sctp_do_bind+0x5f0/0x5f0 [ 132.899302] sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 132.904824] ? security_sctp_bind_connect+0x99/0xc0 [ 132.909824] sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 132.914476] ? lock_acquire+0x1e4/0x540 [ 132.918433] ? sctp_sendmsg+0x1278/0x1d90 [ 132.922577] ? sctp_autobind+0x1f0/0x1f0 [ 132.926622] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 132.931189] ? kasan_check_write+0x14/0x20 [ 132.935407] ? lock_sock_nested+0x9f/0x120 [ 132.939630] ? trace_hardirqs_on+0xd/0x10 [ 132.943764] ? __local_bh_enable_ip+0x161/0x230 [ 132.948420] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 132.953941] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 132.959117] sctp_sendmsg+0x18a2/0x1d90 [ 132.963076] ? do_raw_spin_unlock+0xa7/0x2f0 [ 132.967472] ? sctp_id2assoc+0x3e0/0x3e0 [ 132.971528] ? _raw_spin_unlock_bh+0x30/0x40 [ 132.975936] ? __release_sock+0x3a0/0x3a0 [ 132.980077] inet_sendmsg+0x1a1/0x690 [ 132.983863] ? copy_msghdr_from_user+0x340/0x580 [ 132.988601] ? ipip_gro_receive+0x100/0x100 [ 132.992910] ? move_addr_to_kernel.part.20+0x100/0x100 [ 132.998172] ? security_socket_sendmsg+0x94/0xc0 [ 133.002910] ? ipip_gro_receive+0x100/0x100 [ 133.007217] sock_sendmsg+0xd5/0x120 [ 133.010915] ___sys_sendmsg+0x51d/0x930 [ 133.014876] ? __check_object_size+0x9d/0x5f2 [ 133.019357] ? copy_msghdr_from_user+0x580/0x580 [ 133.024097] ? lock_acquire+0x1e4/0x540 [ 133.028062] ? __fget_light+0x2f7/0x440 [ 133.032022] ? fget_raw+0x20/0x20 [ 133.035469] ? proc_fail_nth_write+0x9e/0x210 [ 133.039947] ? proc_cwd_link+0x1d0/0x1d0 [ 133.043994] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 133.049516] ? sockfd_lookup_light+0xc5/0x160 [ 133.053995] __sys_sendmmsg+0x240/0x6f0 [ 133.057957] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 133.062261] ? fsnotify_first_mark+0x350/0x350 [ 133.066827] ? __fsnotify_parent+0xcc/0x420 [ 133.071132] ? fsnotify+0x14e0/0x14e0 [ 133.074923] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 133.080441] ? fput+0x130/0x1a0 [ 133.083715] ? ksys_write+0x1ae/0x260 [ 133.087499] ? __ia32_sys_read+0xb0/0xb0 [ 133.091546] ? syscall_slow_exit_work+0x500/0x500 [ 133.096373] __x64_sys_sendmmsg+0x9d/0x100 [ 133.100593] do_syscall_64+0x1b9/0x820 [ 133.104462] ? finish_task_switch+0x1d3/0x870 [ 133.108941] ? syscall_return_slowpath+0x5e0/0x5e0 [ 133.113853] ? syscall_return_slowpath+0x31d/0x5e0 [ 133.118764] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 133.123762] ? prepare_exit_to_usermode+0x291/0x3b0 [ 133.128762] ? perf_trace_sys_enter+0xb10/0xb10 [ 133.133424] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 133.138251] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 133.143432] RIP: 0033:0x455e29 [ 133.146598] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 133.165800] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 133.173491] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 133.180744] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 [ 133.187993] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 133.195245] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 133.202494] R13: 00000000004c111c R14: 00000000004d1558 R15: 000000000000001b 22:28:41 executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="850000000700000065000000000000009520000000000000c54e94bb6e6e7d020a8d953cac2e971468b89771a8368b67777b58261e240a3870f88f8c883b3671bdbc94cc217b6518a7b81e1b84b8eb44eb943e9f9cf279280058963ee5fc408ddae33d7a76bab6"], &(0x7f0000000180)="4550d4001f91eb2f57b73224433025039c3096b20c6b439348bf689c08608537d6223e63adc0624fbae2e109359dce6922324ccc13160b68cae6430697259dd52d1f73e16adc3592d02925dffae85e9cd2398c6c67c87fb5b12602f145b484be45912966e8b7e2f66069c56dd76c1dc112013c3a6b4de999cdcdc8855aee3437dcc87580cfbe546fbbfbc0eb56d8bbbea2904a7c73c2", 0x0, 0x60, &(0x7f0000000000)=""/195}, 0x16) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000240)={0xfffffffffffffff8, 0xffffffff, 0x100000001, 0x5c, 0x7, 0x1, 0x6, 0x73f, 0xb3, 0x6, 0x401}, 0xb) 22:28:41 executing program 0: r0 = memfd_create(&(0x7f0000000000)="17", 0x0) write$binfmt_elf32(r0, &(0x7f0000000140)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x36c, 0x38, 0x0, 0x0, 0x0, 0x20}, [{0x0, 0x6}]}, 0x58) execveat(r0, &(0x7f0000ff7000)='./file0\x00', &(0x7f0000000580), &(0x7f000034bff8)=[&(0x7f0000ff7000)="00000000000000060804002000fffc0c6565643b799365005f1b76"], 0x1000) 22:28:41 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = socket$inet(0x2, 0x5, 0x20) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000000)={0x0, @in={{0x2, 0x4e23}}, 0x8, 0x1, 0x1, 0xffffffffffffff90, 0x8c0}, &(0x7f0000000100)=0x98) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f00000003c0)={r2, 0xd3, "7d0f2fd4a7d8e51a563c8238f967ae3a0572a66e3d5f76b2c52d602d91537daccb6f520efe48263ed4a2034a3e5b20d96a680373f4e75aadb4aef57b866f39d0e13da3fe38ab01d9a29dbc144221805abbd270d8c06553d92025ada15d1592b758dc3dfdfcc9fb41a2557624321fb2dca5442b31992beb8c60c3cc25aef1715c4b19669dcbd8704b44201c92b4b8a3f0c175e00dad56850d34414a663a9095fa8801a753490670b5acd0edda9e616702795f0c6205d84d59cfd6dce611a9529458992934157c07fd4a95d20a0e614c42fe0d1f"}, &(0x7f0000000140)=0xdb) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") pipe2(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r5 = userfaultfd(0x0) r6 = syz_open_dev$usbmon(&(0x7f00000001c0)='/dev/usbmon#\x00', 0x6, 0x10000) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000240)={0xaa, 0x40000000000}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000d62fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) vmsplice(r4, &(0x7f0000000380)=[{&(0x7f0000000340), 0x1000000}], 0x1, 0x0) dup2(r3, r5) 22:28:41 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc0000000000000f, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:41 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) ioctl(r1, 0x6, &(0x7f0000000000)="a0040ad8") 22:28:41 executing program 2 (fault-call:1 fault-nth:28): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) 22:28:41 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) poll(&(0x7f00000000c0)=[{r0}], 0x1, 0xfffffffffffffcc8) socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) getsockopt$EBT_SO_GET_INIT_INFO(r1, 0x0, 0x82, &(0x7f00000001c0)={'broute\x00'}, &(0x7f0000000240)=0x78) close(r0) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='\x00'}, 0x10) ioctl$KVM_GET_PIT(r2, 0xc048ae65, &(0x7f0000000100)) 22:28:41 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000040)="2957e1311f16f477671070") r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x440000, 0x0) ioctl$SNDRV_TIMER_IOCTL_INFO(r2, 0x80e85411, &(0x7f0000000280)=""/80) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x100000008}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f00000001c0)={r3, @in={{0x2, 0x4e20, @loopback=0x7f000001}}}, 0x84) r4 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r4, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000740)={@multicast2=0xe0000002, @dev={0xac, 0x14, 0x14, 0x12}, @dev={0xac, 0x14}}, 0xc) getsockopt$inet_buf(r4, 0x0, 0x30, &(0x7f0000008000)=""/144, &(0x7f0000004000)=0x90) openat$cuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cuse\x00', 0x802, 0x0) [ 133.305088] FAULT_INJECTION: forcing a failure. [ 133.305088] name failslab, interval 1, probability 0, space 0, times 0 [ 133.316363] CPU: 0 PID: 8572 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 133.324683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 133.334045] Call Trace: [ 133.336647] dump_stack+0x1c9/0x2b4 [ 133.340285] ? dump_stack_print_info.cold.2+0x52/0x52 [ 133.345486] ? __kernel_text_address+0xd/0x40 [ 133.349989] ? unwind_get_return_address+0x61/0xa0 22:28:41 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f0000000240)='/dev/usbmon#\x00', 0x7, 0x121c00) r1 = getgid() ioctl$TUNSETGROUP(r0, 0x400454ce, r1) r2 = socket$inet(0x2, 0x6000000000000001, 0x0) bind$inet(r2, &(0x7f0000000100)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x10) sendto$inet(r2, &(0x7f0000000000), 0x0, 0x20000802, &(0x7f0000000000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) recvfrom$inet(r2, &(0x7f0000000300)=""/22, 0x16, 0x0, &(0x7f0000000340)={0x2, 0x0, @multicast2=0xe0000002}, 0x10) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000280)='tunl0\x00', 0x10) accept4$packet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000080)=0x14, 0x80800) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f00000000c0)={'team0\x00', r3}) getsockopt$inet_buf(r2, 0x0, 0x3d, &(0x7f0000000180)=""/69, &(0x7f0000000200)=0x45) sendto$inet(r2, &(0x7f00000002c0)="1e", 0x1, 0x0, &(0x7f0000000140)={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) [ 133.354938] should_fail.cold.4+0xa/0x11 [ 133.359010] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 133.364129] ? save_stack+0xa9/0xd0 [ 133.367769] ? save_stack+0x43/0xd0 [ 133.371399] ? kasan_kmalloc+0xc4/0xe0 [ 133.375290] ? kmem_cache_alloc_trace+0x152/0x780 [ 133.380138] ? sctp_add_bind_addr+0x101/0x4b0 [ 133.384642] ? sctp_copy_local_addr_list+0x499/0x690 [ 133.389738] ? sctp_copy_one_addr+0x5d/0x170 [ 133.394139] ? sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 133.399856] ? sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 133.404701] ? sctp_sendmsg+0x18a2/0x1d90 [ 133.408856] ? inet_sendmsg+0x1a1/0x690 [ 133.412836] ? sock_sendmsg+0xd5/0x120 [ 133.416724] ? ___sys_sendmsg+0x51d/0x930 [ 133.420875] ? __sys_sendmmsg+0x240/0x6f0 [ 133.425033] ? __x64_sys_sendmmsg+0x9d/0x100 [ 133.429448] ? do_syscall_64+0x1b9/0x820 [ 133.433516] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 133.438887] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 133.444429] ? _extract_crng+0x23b/0x320 [ 133.448496] ? lock_acquire+0x1e4/0x540 22:28:41 executing program 5: getpgrp(0x0) socket$l2tp(0x18, 0x1, 0x1) socketpair$inet_udplite(0x2, 0x2, 0x88, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000002c0)={r0, 0x6, 0x1, 0x3ff, &(0x7f0000000280)=[0x0], 0x1}, 0x20) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000040)=0x0) r3 = syz_open_procfs(r2, &(0x7f0000314f8c)="6d6f756e74696e666f004388f750c83d14c4a3a9ac1488a477660ae763891738ac656bb3e891941f02f1265047502f6c2dd9f655ef7131eabf3110d638f0d2e6a49a2bc4a08d63e2da7af47e6c37972352875f125bcf3ea7f04b7b505b6a06beedb2a86e30a86bc0d37a6438b99a45ea22b1f4fb") close(r3) sendmsg$nl_generic(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="b9000000110000032abd7000ffdbdf251f000040c4006c007446c90688855640a33ab4b91b06acac5ef93fc4438bcf47c0b78b0c001a000101000000000000b2eb6b48855e4a46b52a0406f76a5ab9c61bc8ed84635316b271e12acc9a370d1260cd5448ae88f6e0d3fcb4eb34c45b169318c21de223dc34ab223d5cb8aef8664b364784b8184b378add9ed1ade770bd6f5dcd25cdc4c6acc7d9325d6c1494c1cfd953b00a7e40b3d101128540a7b6c4b9b120ddd4ad8e6cd3f8f943e78819e439ea4053fde9db957ea60f28fad8"], 0xd8}, 0x1, 0x0, 0x0, 0x80}, 0x40040) [ 133.452474] ? _crng_backtrack_protect+0x108/0x150 [ 133.457406] ? lock_downgrade+0x8f0/0x8f0 [ 133.461562] ? lock_acquire+0x1e4/0x540 [ 133.465543] ? sctp_bind_addr_state+0x292/0x480 [ 133.470217] ? lock_downgrade+0x8f0/0x8f0 [ 133.474372] ? kasan_unpoison_shadow+0x35/0x50 [ 133.478957] __should_failslab+0x124/0x180 [ 133.483185] should_failslab+0x9/0x14 [ 133.486975] kmem_cache_alloc_trace+0x4b/0x780 [ 133.491568] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 133.496747] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 133.501753] sctp_add_bind_addr+0x101/0x4b0 [ 133.506065] ? sctp_bind_addr_free+0x20/0x20 [ 133.510461] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 133.515636] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 133.521158] ? sctp_v4_scope+0x19b/0x1c0 [ 133.525215] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 133.530390] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 133.535406] sctp_copy_local_addr_list+0x499/0x690 [ 133.540324] ? sctp_defaults_init+0xe70/0xe70 [ 133.544810] ? get_random_bytes+0x34/0x40 [ 133.548961] ? sctp_association_new+0x1aab/0x2290 [ 133.553798] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 133.558974] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 133.564503] sctp_copy_one_addr+0x5d/0x170 [ 133.568733] ? sctp_copy_one_addr+0x5d/0x170 [ 133.573130] sctp_bind_addr_copy+0x173/0x47c [ 133.577527] ? sctp_copy_one_addr+0x170/0x170 [ 133.582017] ? sctp_autobind+0x16d/0x1f0 [ 133.586064] ? sctp_do_bind+0x5f0/0x5f0 [ 133.590030] sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 133.595553] ? security_sctp_bind_connect+0x99/0xc0 [ 133.600558] sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 133.605214] ? lock_acquire+0x1e4/0x540 [ 133.609173] ? sctp_sendmsg+0x1278/0x1d90 [ 133.613310] ? sctp_autobind+0x1f0/0x1f0 [ 133.617357] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 133.621925] ? kasan_check_write+0x14/0x20 [ 133.626151] ? lock_sock_nested+0x9f/0x120 [ 133.630479] ? trace_hardirqs_on+0xd/0x10 [ 133.634614] ? __local_bh_enable_ip+0x161/0x230 [ 133.639268] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 133.644802] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 133.649981] sctp_sendmsg+0x18a2/0x1d90 [ 133.653946] ? do_raw_spin_unlock+0xa7/0x2f0 [ 133.658357] ? sctp_id2assoc+0x3e0/0x3e0 [ 133.662419] ? _raw_spin_unlock_bh+0x30/0x40 [ 133.666824] ? __release_sock+0x3a0/0x3a0 [ 133.670975] inet_sendmsg+0x1a1/0x690 [ 133.674768] ? copy_msghdr_from_user+0x340/0x580 [ 133.679521] ? ipip_gro_receive+0x100/0x100 [ 133.683927] ? move_addr_to_kernel.part.20+0x100/0x100 [ 133.689193] ? security_socket_sendmsg+0x94/0xc0 [ 133.693932] ? ipip_gro_receive+0x100/0x100 [ 133.698251] sock_sendmsg+0xd5/0x120 [ 133.701952] ___sys_sendmsg+0x51d/0x930 [ 133.705913] ? __check_object_size+0x9d/0x5f2 [ 133.710395] ? copy_msghdr_from_user+0x580/0x580 [ 133.715137] ? lock_acquire+0x1e4/0x540 [ 133.719105] ? __fget_light+0x2f7/0x440 [ 133.723063] ? fget_raw+0x20/0x20 [ 133.726514] ? proc_fail_nth_write+0x9e/0x210 [ 133.730999] ? proc_cwd_link+0x1d0/0x1d0 [ 133.735052] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 133.740575] ? sockfd_lookup_light+0xc5/0x160 [ 133.745057] __sys_sendmmsg+0x240/0x6f0 [ 133.749027] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 133.753336] ? fsnotify_first_mark+0x350/0x350 [ 133.757902] ? __fsnotify_parent+0xcc/0x420 [ 133.762208] ? fsnotify+0x14e0/0x14e0 [ 133.766014] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 133.771536] ? fput+0x130/0x1a0 [ 133.774802] ? ksys_write+0x1ae/0x260 [ 133.778591] ? __ia32_sys_read+0xb0/0xb0 [ 133.782644] __x64_sys_sendmmsg+0x9d/0x100 [ 133.786869] do_syscall_64+0x1b9/0x820 [ 133.790741] ? finish_task_switch+0x1d3/0x870 [ 133.795222] ? syscall_return_slowpath+0x5e0/0x5e0 [ 133.800136] ? syscall_return_slowpath+0x31d/0x5e0 [ 133.805050] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 133.810051] ? prepare_exit_to_usermode+0x291/0x3b0 [ 133.815053] ? perf_trace_sys_enter+0xb10/0xb10 [ 133.819708] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 133.824539] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 133.829717] RIP: 0033:0x455e29 [ 133.832886] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 133.852165] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 133.859857] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 133.867109] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 [ 133.874371] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 133.881624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 133.888876] R13: 00000000004c111c R14: 00000000004d1558 R15: 000000000000001c 22:28:41 executing program 6: r0 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x200, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r0, &(0x7f0000001340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2012048}, 0xfffffffffffffea6, &(0x7f0000001280)={&(0x7f00000012c0)={0x276, r1, 0x2, 0x70bd2a, 0x25dfdbfb, {0x7}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xbcf3}, @IPVS_CMD_ATTR_SERVICE={0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0x0, 0x7, {0x3d, 0x3}}, @IPVS_SVC_ATTR_SCHED_NAME={0x0, 0x6, 'fo\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfff}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x2b}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x400080f) preadv(r0, &(0x7f00000022c0)=[{&(0x7f0000000080)}, {&(0x7f00000000c0)=""/50, 0x32}, {&(0x7f0000000100)=""/4096, 0x1000}], 0x3, 0x0) futex(&(0x7f00000011c0)=0x2, 0x3, 0x2, &(0x7f0000001200)={0x0, 0x989680}, &(0x7f0000001240)=0x2, 0x0) 22:28:41 executing program 1: socketpair$unix(0x1, 0x4, 0x0, &(0x7f0000c05ff8)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_open_dev$mice(&(0x7f00000000c0)='/dev/input/mice\x00', 0x0, 0x410100) write$P9_RREADDIR(r2, &(0x7f0000000100)={0x87, 0x29, 0x1, {0xa, [{{0x82, 0x4, 0x6}, 0x8, 0x101, 0x7, './file0'}, {{0x48, 0x3, 0x3}, 0x81, 0x9, 0x7, './file0'}, {{0x74, 0x2, 0x1}, 0x0, 0x2, 0x7, './file0'}, {{0x0, 0x0, 0x8}, 0x7fff, 0x9bd4, 0x7, './file0'}]}}, 0x87) r3 = dup2(r1, r0) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffff9c, 0x84, 0x0, &(0x7f0000000000)={0x0, 0x7fffffff, 0x3, 0x3}, &(0x7f0000000040)=0x10) setsockopt$inet_sctp_SCTP_CONTEXT(r3, 0x84, 0x11, &(0x7f0000000080)={r4, 0x3}, 0x8) recvmmsg(r1, &(0x7f0000000c00)=[{{&(0x7f0000000980)=@rc, 0x80, &(0x7f0000000b00), 0x0, &(0x7f0000000b40)=""/192, 0xc0}}], 0x1, 0x40000103, &(0x7f0000000cc0)) getsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f00000007c0)={0x0, @dev, @multicast1}, &(0x7f0000000800)=0xc) setsockopt$inet6_IPV6_PKTINFO(r3, 0x29, 0x32, &(0x7f0000000840)={@mcast1={0xff, 0x1, [], 0x1}, r5}, 0x14) 22:28:41 executing program 2 (fault-call:1 fault-nth:29): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) 22:28:41 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000003000000, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:41 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000300)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x4bff) truncate(&(0x7f00000001c0)='./file0\x00', 0x6) write$cgroup_type(r1, &(0x7f0000000000)='threaded\x00', 0x8800000) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000001c0), 0x0) r2 = dup3(r0, r0, 0x80000) ioctl$TCGETS(r2, 0x5401, &(0x7f0000000000)) 22:28:41 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) ioctl(r1, 0x7ffffffffffff, &(0x7f0000000000)="a0040ad8") 22:28:41 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuset.effective_cpus\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000100)={&(0x7f0000000080)='./file0\x00', r0}, 0x10) ioctl$SG_SET_RESERVED_SIZE(r3, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r3, 0x0) remap_file_pages(&(0x7f0000007000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00009b4fd0)={0x4, 0x0, &(0x7f0000009ff0)=ANY=[@ANYBLOB="0c630080"], 0x0, 0x0, &(0x7f0000009000)}) 22:28:41 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc000000008c0000, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) [ 134.000495] FAULT_INJECTION: forcing a failure. [ 134.000495] name failslab, interval 1, probability 0, space 0, times 0 [ 134.011770] CPU: 0 PID: 8625 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 134.020090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 134.029443] Call Trace: [ 134.032045] dump_stack+0x1c9/0x2b4 [ 134.035691] ? dump_stack_print_info.cold.2+0x52/0x52 [ 134.040894] ? __kernel_text_address+0xd/0x40 [ 134.045400] ? unwind_get_return_address+0x61/0xa0 [ 134.050343] should_fail.cold.4+0xa/0x11 [ 134.054423] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 134.059530] ? save_stack+0xa9/0xd0 [ 134.063147] ? save_stack+0x43/0xd0 [ 134.066764] ? kasan_kmalloc+0xc4/0xe0 [ 134.070640] ? kmem_cache_alloc_trace+0x152/0x780 [ 134.075473] ? sctp_add_bind_addr+0x101/0x4b0 [ 134.079958] ? sctp_copy_local_addr_list+0x499/0x690 [ 134.085068] ? sctp_copy_one_addr+0x5d/0x170 [ 134.089464] ? sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 134.095162] ? sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 134.099991] ? sctp_sendmsg+0x18a2/0x1d90 [ 134.104133] ? inet_sendmsg+0x1a1/0x690 [ 134.108104] ? sock_sendmsg+0xd5/0x120 [ 134.111976] ? ___sys_sendmsg+0x51d/0x930 [ 134.116108] ? __sys_sendmmsg+0x240/0x6f0 [ 134.120242] ? __x64_sys_sendmmsg+0x9d/0x100 [ 134.124639] ? do_syscall_64+0x1b9/0x820 [ 134.128690] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 134.134046] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 134.139590] ? _extract_crng+0x23b/0x320 [ 134.143643] ? lock_acquire+0x1e4/0x540 [ 134.147604] ? _crng_backtrack_protect+0x108/0x150 [ 134.152521] ? lock_downgrade+0x8f0/0x8f0 [ 134.156661] ? lock_acquire+0x1e4/0x540 [ 134.160624] ? sctp_bind_addr_state+0x292/0x480 [ 134.165280] ? lock_downgrade+0x8f0/0x8f0 [ 134.169421] ? kasan_unpoison_shadow+0x35/0x50 [ 134.173992] __should_failslab+0x124/0x180 [ 134.178224] should_failslab+0x9/0x14 [ 134.182015] kmem_cache_alloc_trace+0x4b/0x780 [ 134.186588] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 134.191764] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 134.196768] sctp_add_bind_addr+0x101/0x4b0 [ 134.201091] ? sctp_bind_addr_free+0x20/0x20 [ 134.205485] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 134.210662] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 134.216185] ? sctp_v4_scope+0x19b/0x1c0 [ 134.220232] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 134.225408] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 134.230411] sctp_copy_local_addr_list+0x499/0x690 [ 134.235330] ? sctp_defaults_init+0xe70/0xe70 [ 134.239825] ? get_random_bytes+0x34/0x40 [ 134.243961] ? sctp_association_new+0x1aab/0x2290 [ 134.248795] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 134.253970] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 134.259499] sctp_copy_one_addr+0x5d/0x170 [ 134.263728] ? sctp_copy_one_addr+0x5d/0x170 [ 134.268124] sctp_bind_addr_copy+0x173/0x47c [ 134.272523] ? sctp_copy_one_addr+0x170/0x170 [ 134.277007] ? sctp_autobind+0x16d/0x1f0 [ 134.281057] ? sctp_do_bind+0x5f0/0x5f0 [ 134.285024] sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 134.290548] ? security_sctp_bind_connect+0x99/0xc0 [ 134.295554] sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 134.300210] ? lock_acquire+0x1e4/0x540 [ 134.304169] ? sctp_sendmsg+0x1278/0x1d90 [ 134.308307] ? sctp_autobind+0x1f0/0x1f0 [ 134.312366] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 134.316944] ? kasan_check_write+0x14/0x20 [ 134.321168] ? lock_sock_nested+0x9f/0x120 [ 134.325387] ? trace_hardirqs_on+0xd/0x10 [ 134.329520] ? __local_bh_enable_ip+0x161/0x230 [ 134.334179] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 134.339702] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 134.344882] sctp_sendmsg+0x18a2/0x1d90 [ 134.348840] ? do_raw_spin_unlock+0xa7/0x2f0 [ 134.353238] ? sctp_id2assoc+0x3e0/0x3e0 [ 134.357287] ? _raw_spin_unlock_bh+0x30/0x40 [ 134.361683] ? __release_sock+0x3a0/0x3a0 [ 134.365825] inet_sendmsg+0x1a1/0x690 [ 134.369612] ? copy_msghdr_from_user+0x340/0x580 [ 134.374352] ? ipip_gro_receive+0x100/0x100 [ 134.378660] ? move_addr_to_kernel.part.20+0x100/0x100 [ 134.383928] ? security_socket_sendmsg+0x94/0xc0 [ 134.388667] ? ipip_gro_receive+0x100/0x100 [ 134.392979] sock_sendmsg+0xd5/0x120 [ 134.396680] ___sys_sendmsg+0x51d/0x930 [ 134.400639] ? __check_object_size+0x9d/0x5f2 [ 134.405123] ? copy_msghdr_from_user+0x580/0x580 [ 134.409866] ? lock_acquire+0x1e4/0x540 [ 134.413836] ? __fget_light+0x2f7/0x440 [ 134.417796] ? fget_raw+0x20/0x20 [ 134.421247] ? proc_fail_nth_write+0x9e/0x210 [ 134.425726] ? proc_cwd_link+0x1d0/0x1d0 [ 134.429777] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 134.435299] ? sockfd_lookup_light+0xc5/0x160 [ 134.439781] __sys_sendmmsg+0x240/0x6f0 [ 134.443745] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 134.448056] ? fsnotify_first_mark+0x350/0x350 [ 134.452622] ? __fsnotify_parent+0xcc/0x420 [ 134.456932] ? fsnotify+0x14e0/0x14e0 [ 134.460729] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 134.466248] ? fput+0x130/0x1a0 [ 134.469511] ? ksys_write+0x1ae/0x260 [ 134.473297] ? __ia32_sys_read+0xb0/0xb0 [ 134.477350] __x64_sys_sendmmsg+0x9d/0x100 [ 134.481574] do_syscall_64+0x1b9/0x820 [ 134.485448] ? finish_task_switch+0x1d3/0x870 [ 134.489931] ? syscall_return_slowpath+0x5e0/0x5e0 [ 134.494846] ? syscall_return_slowpath+0x31d/0x5e0 [ 134.499759] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 134.504760] ? prepare_exit_to_usermode+0x291/0x3b0 [ 134.509761] ? perf_trace_sys_enter+0xb10/0xb10 [ 134.514417] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 134.519259] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 134.524433] RIP: 0033:0x455e29 [ 134.527601] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 134.546891] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 134.554600] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 134.561852] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 [ 134.569104] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 134.576368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 134.583620] R13: 00000000004c111c R14: 00000000004d1558 R15: 000000000000001d 22:28:42 executing program 6: r0 = dup3(0xffffffffffffff9c, 0xffffffffffffff9c, 0x80000) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000000)={0x0, 0x3, 0x30, 0x7fffffff, 0xa6}, &(0x7f0000000040)=0x18) setsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000080)={r1, 0xffffffffffffffff, 0x2, [0x96, 0x1]}, 0xc) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000002940)={&(0x7f0000000240)={0x10, 0x40030000000000}, 0xc, &(0x7f0000000280)={&(0x7f0000002900)={0x1c, 0x2e, 0x119, 0x0, 0x0, {0x4}, [@nested={0x8, 0x0, [@typed={0x4, 0x1, @binary}]}]}, 0x1c}, 0x1}, 0x0) 22:28:42 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) ioctl(r1, 0x10, &(0x7f0000000000)="a0040ad8") 22:28:42 executing program 2 (fault-call:1 fault-nth:30): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) [ 134.609264] binder: 8632:8636 ioctl c0306201 209b4fd0 returned -14 [ 134.632558] binder: 8632:8638 unknown command -2147458292 [ 134.652758] binder: 8632:8638 ioctl c0306201 209b4fd0 returned -22 22:28:42 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000000b00, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) [ 134.668743] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 134.699158] FAULT_INJECTION: forcing a failure. [ 134.699158] name failslab, interval 1, probability 0, space 0, times 0 [ 134.710472] CPU: 1 PID: 8650 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 134.713652] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 134.718798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 134.718803] Call Trace: [ 134.718830] dump_stack+0x1c9/0x2b4 [ 134.718851] ? dump_stack_print_info.cold.2+0x52/0x52 [ 134.718871] ? __kernel_text_address+0xd/0x40 [ 134.718891] ? unwind_get_return_address+0x61/0xa0 [ 134.756685] should_fail.cold.4+0xa/0x11 [ 134.760757] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 134.765867] ? save_stack+0xa9/0xd0 [ 134.769492] ? save_stack+0x43/0xd0 [ 134.773118] ? kasan_kmalloc+0xc4/0xe0 [ 134.777009] ? kmem_cache_alloc_trace+0x152/0x780 [ 134.781852] ? sctp_add_bind_addr+0x101/0x4b0 [ 134.786357] ? sctp_copy_local_addr_list+0x499/0x690 [ 134.791464] ? sctp_copy_one_addr+0x5d/0x170 [ 134.795865] ? sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 134.801570] ? sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 134.806407] ? sctp_sendmsg+0x18a2/0x1d90 [ 134.810544] ? inet_sendmsg+0x1a1/0x690 [ 134.814505] ? sock_sendmsg+0xd5/0x120 [ 134.818376] ? ___sys_sendmsg+0x51d/0x930 [ 134.822512] ? __sys_sendmmsg+0x240/0x6f0 [ 134.826649] ? __x64_sys_sendmmsg+0x9d/0x100 [ 134.831045] ? do_syscall_64+0x1b9/0x820 [ 134.835095] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 134.840451] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 134.845978] ? _extract_crng+0x23b/0x320 [ 134.850035] ? lock_acquire+0x1e4/0x540 [ 134.853996] ? _crng_backtrack_protect+0x108/0x150 [ 134.858916] ? lock_downgrade+0x8f0/0x8f0 [ 134.863068] ? lock_acquire+0x1e4/0x540 [ 134.867031] ? sctp_bind_addr_state+0x292/0x480 [ 134.871684] ? lock_downgrade+0x8f0/0x8f0 [ 134.875820] ? kasan_unpoison_shadow+0x35/0x50 [ 134.880393] __should_failslab+0x124/0x180 [ 134.884618] should_failslab+0x9/0x14 [ 134.888406] kmem_cache_alloc_trace+0x4b/0x780 [ 134.892975] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 134.898150] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 134.903157] sctp_add_bind_addr+0x101/0x4b0 [ 134.907467] ? sctp_bind_addr_free+0x20/0x20 [ 134.911862] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 134.917039] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 134.922563] ? sctp_v4_scope+0x19b/0x1c0 [ 134.926612] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 134.931790] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 134.936805] sctp_copy_local_addr_list+0x499/0x690 [ 134.941723] ? sctp_defaults_init+0xe70/0xe70 [ 134.946205] ? get_random_bytes+0x34/0x40 [ 134.950339] ? sctp_association_new+0x1aab/0x2290 [ 134.955174] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 134.960351] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 134.965881] sctp_copy_one_addr+0x5d/0x170 [ 134.970100] ? sctp_copy_one_addr+0x5d/0x170 [ 134.974509] sctp_bind_addr_copy+0x173/0x47c [ 134.978905] ? sctp_copy_one_addr+0x170/0x170 [ 134.983387] ? sctp_autobind+0x16d/0x1f0 [ 134.987434] ? sctp_do_bind+0x5f0/0x5f0 [ 134.991401] sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 134.996934] ? security_sctp_bind_connect+0x99/0xc0 [ 135.001939] sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 135.006594] ? lock_acquire+0x1e4/0x540 [ 135.010556] ? sctp_sendmsg+0x1278/0x1d90 [ 135.014694] ? sctp_autobind+0x1f0/0x1f0 [ 135.018741] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 135.023322] ? kasan_check_write+0x14/0x20 [ 135.027557] ? lock_sock_nested+0x9f/0x120 [ 135.031778] ? trace_hardirqs_on+0xd/0x10 [ 135.035911] ? __local_bh_enable_ip+0x161/0x230 [ 135.040567] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 135.046093] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 135.051270] sctp_sendmsg+0x18a2/0x1d90 [ 135.055233] ? do_raw_spin_unlock+0xa7/0x2f0 [ 135.059632] ? sctp_id2assoc+0x3e0/0x3e0 [ 135.063694] ? _raw_spin_unlock_bh+0x30/0x40 [ 135.068100] ? __release_sock+0x3a0/0x3a0 [ 135.072243] inet_sendmsg+0x1a1/0x690 [ 135.076031] ? copy_msghdr_from_user+0x340/0x580 [ 135.080774] ? ipip_gro_receive+0x100/0x100 [ 135.085083] ? move_addr_to_kernel.part.20+0x100/0x100 [ 135.090353] ? security_socket_sendmsg+0x94/0xc0 [ 135.095099] ? ipip_gro_receive+0x100/0x100 [ 135.099410] sock_sendmsg+0xd5/0x120 [ 135.103114] ___sys_sendmsg+0x51d/0x930 [ 135.107079] ? __check_object_size+0x9d/0x5f2 [ 135.111564] ? copy_msghdr_from_user+0x580/0x580 [ 135.116308] ? lock_acquire+0x1e4/0x540 [ 135.120273] ? __fget_light+0x2f7/0x440 [ 135.124233] ? fget_raw+0x20/0x20 [ 135.127691] ? proc_fail_nth_write+0x9e/0x210 [ 135.132171] ? proc_cwd_link+0x1d0/0x1d0 [ 135.136224] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 135.141747] ? sockfd_lookup_light+0xc5/0x160 [ 135.146234] __sys_sendmmsg+0x240/0x6f0 [ 135.150202] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 135.154526] ? fsnotify_first_mark+0x350/0x350 [ 135.159103] ? __fsnotify_parent+0xcc/0x420 [ 135.163422] ? fsnotify+0x14e0/0x14e0 [ 135.167222] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 135.172742] ? fput+0x130/0x1a0 [ 135.176010] ? ksys_write+0x1ae/0x260 [ 135.179800] ? __ia32_sys_read+0xb0/0xb0 [ 135.183855] __x64_sys_sendmmsg+0x9d/0x100 [ 135.188777] do_syscall_64+0x1b9/0x820 [ 135.192651] ? finish_task_switch+0x1d3/0x870 [ 135.197142] ? syscall_return_slowpath+0x5e0/0x5e0 [ 135.202061] ? syscall_return_slowpath+0x31d/0x5e0 [ 135.206978] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 135.211983] ? prepare_exit_to_usermode+0x291/0x3b0 [ 135.217007] ? perf_trace_sys_enter+0xb10/0xb10 [ 135.221671] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 135.226505] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 135.231679] RIP: 0033:0x455e29 [ 135.234851] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 135.254133] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 135.261829] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 135.269083] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 [ 135.276335] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 135.283598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 135.290862] R13: 00000000004c111c R14: 00000000004d1558 R15: 000000000000001e 22:28:43 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") getsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000100), &(0x7f0000000140)=0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000001000)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000000c0)="d4", 0xfffffdee) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x200400, 0x0) ioctl$SG_SET_DEBUG(r2, 0x227e, &(0x7f0000000240)) r3 = accept$alg(r1, 0x0, 0x0) sendmmsg(r3, &(0x7f0000007b40)=[{{&(0x7f0000000180)=@l2={0x1f}, 0x80}}, {{&(0x7f0000007500)=@hci={0x1f}, 0x80, &(0x7f0000007680), 0x141, &(0x7f00000076c0), 0x10}}], 0x4000000000003d5, 0x0) r4 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x10000000, 0x0) getsockname$llc(r4, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000000080)=0x10) fcntl$notify(r0, 0x402, 0x18) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r2, 0x40042409, 0x1) 22:28:43 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) ioctl(r1, 0x541b, &(0x7f0000000000)="a0040ad8") 22:28:43 executing program 0: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe800, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) modify_ldt$read(0x0, &(0x7f0000004300)=""/203, 0xcb) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB='\x00'], 0x1) ftruncate(r1, 0x80003) getsockname$packet(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000000080)=0x14) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000240)={{{@in6=@dev, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in=@remote}}, &(0x7f0000000140)=0xe8) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@loopback={0x0, 0x1}, @in6=@dev={0xfe, 0x80, [], 0x13}, 0x4e23, 0x0, 0x4e20, 0x7, 0xa, 0xa0, 0xa0, 0xff, r2, r3}, {0x6, 0x81, 0x3, 0xd9b, 0x80000000, 0x543, 0x40, 0x10000}, {0x6, 0x1, 0x9, 0x7}, 0x499a, 0x0, 0x2, 0x0, 0x3}, {{@in=@broadcast=0xffffffff, 0x4d2, 0x2b}, 0x0, @in6, 0x3501, 0x7, 0x2, 0x6, 0x38, 0x2ca82711, 0x8}}, 0xe8) dup3(r0, r0, 0x80000) sendfile(r1, r1, &(0x7f00000000c0), 0x8080fffffffe) 22:28:43 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = syz_fuse_mount(&(0x7f0000000380)='./file0\x00', 0x4000, 0x0, 0x0, 0x0, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x101000, 0x0) umount2(&(0x7f0000000100)='./file0//ile0\x00', 0x0) read(r0, &(0x7f0000000040)=""/130, 0x82) close(r0) 22:28:43 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") getsockopt$inet6_tcp_int(r0, 0x6, 0x2, &(0x7f0000d11000), &(0x7f0000000000)=0x4) getsockopt$inet6_tcp_buf(r1, 0x6, 0x1f, &(0x7f0000000040)=""/135, &(0x7f0000000140)=0x87) 22:28:43 executing program 5: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) accept$nfc_llcp(r0, &(0x7f0000000040), &(0x7f0000000140)=0x60) r1 = socket$inet6(0xa, 0x100b, 0x6) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r2 = socket(0x10, 0x2, 0x0) sendfile(r2, 0xffffffffffffffff, &(0x7f00000000c0)=0x80, 0x80000002) 22:28:43 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000000060, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:43 executing program 2 (fault-call:1 fault-nth:31): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) [ 135.328174] syz-executor5 (8622) used greatest stack depth: 7984 bytes left 22:28:43 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) ioctl(r1, 0x755ed999, &(0x7f0000000000)="a0040ad8") [ 135.389595] FAULT_INJECTION: forcing a failure. [ 135.389595] name failslab, interval 1, probability 0, space 0, times 0 [ 135.400958] CPU: 0 PID: 8678 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 135.409273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 135.418627] Call Trace: [ 135.421228] dump_stack+0x1c9/0x2b4 [ 135.424877] ? dump_stack_print_info.cold.2+0x52/0x52 [ 135.430075] ? __kernel_text_address+0xd/0x40 [ 135.434572] ? unwind_get_return_address+0x61/0xa0 22:28:43 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0xf8) r2 = eventfd(0x0) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x200402, 0x0) ioctl$EVIOCGKEYCODE_V2(r3, 0x80284504, &(0x7f0000000240)=""/162) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000380)={r2, 0x4, 0x2, r2}) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x0, 0x2, r2}) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000100)={0x0, 0x9}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000300)=ANY=[@ANYRES32=r4, @ANYBLOB="310000008fe4b1054b1cd095f81cdc11652d54e898c5bfd56e30d6b40e1d654071abc37097fcaa3ba8d4163b1f3061072a53daf362aee3d499561ada"], &(0x7f00000001c0)=0x39) 22:28:43 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) ioctl(r1, 0x755ed99f, &(0x7f0000000000)="a0040ad8") [ 135.439507] should_fail.cold.4+0xa/0x11 [ 135.443572] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 135.448686] ? save_stack+0xa9/0xd0 [ 135.452321] ? save_stack+0x43/0xd0 [ 135.455949] ? kasan_kmalloc+0xc4/0xe0 [ 135.459846] ? kmem_cache_alloc_trace+0x152/0x780 [ 135.464688] ? sctp_add_bind_addr+0x101/0x4b0 [ 135.469174] ? sctp_copy_local_addr_list+0x499/0x690 [ 135.474265] ? sctp_copy_one_addr+0x5d/0x170 [ 135.478659] ? sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 135.484382] ? sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 135.489209] ? sctp_sendmsg+0x18a2/0x1d90 [ 135.493344] ? inet_sendmsg+0x1a1/0x690 [ 135.497305] ? sock_sendmsg+0xd5/0x120 [ 135.501174] ? ___sys_sendmsg+0x51d/0x930 [ 135.505306] ? __sys_sendmmsg+0x240/0x6f0 [ 135.509439] ? __x64_sys_sendmmsg+0x9d/0x100 [ 135.513838] ? do_syscall_64+0x1b9/0x820 [ 135.517883] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 135.523235] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 135.528757] ? _extract_crng+0x23b/0x320 [ 135.532804] ? lock_acquire+0x1e4/0x540 [ 135.536765] ? kmem_cache_alloc_trace+0x567/0x780 [ 135.541592] ? lock_downgrade+0x8f0/0x8f0 [ 135.545724] ? lock_acquire+0x1e4/0x540 [ 135.549700] ? sctp_bind_addr_state+0x292/0x480 [ 135.554368] ? lock_downgrade+0x8f0/0x8f0 [ 135.558501] ? kasan_unpoison_shadow+0x35/0x50 [ 135.563069] __should_failslab+0x124/0x180 [ 135.567299] should_failslab+0x9/0x14 [ 135.571083] kmem_cache_alloc_trace+0x4b/0x780 [ 135.575662] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 135.580836] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 135.585840] sctp_add_bind_addr+0x101/0x4b0 [ 135.590156] ? sctp_bind_addr_free+0x20/0x20 [ 135.594546] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 135.599718] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 135.605239] ? sctp_v4_scope+0x19b/0x1c0 [ 135.609284] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 135.614469] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 135.619469] sctp_copy_local_addr_list+0x499/0x690 [ 135.624382] ? sctp_defaults_init+0xe70/0xe70 [ 135.628863] ? get_random_bytes+0x34/0x40 [ 135.632996] ? sctp_association_new+0x1aab/0x2290 [ 135.637829] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 135.643003] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 135.648528] sctp_copy_one_addr+0x5d/0x170 [ 135.652747] ? sctp_copy_one_addr+0x5d/0x170 [ 135.657149] sctp_bind_addr_copy+0x173/0x47c [ 135.661540] ? sctp_copy_one_addr+0x170/0x170 [ 135.666029] ? sctp_autobind+0x16d/0x1f0 [ 135.670075] ? sctp_do_bind+0x5f0/0x5f0 [ 135.674033] sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 135.679552] ? security_sctp_bind_connect+0x99/0xc0 [ 135.684552] sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 135.689204] ? lock_acquire+0x1e4/0x540 [ 135.694291] ? sctp_sendmsg+0x1278/0x1d90 [ 135.698429] ? sctp_autobind+0x1f0/0x1f0 [ 135.702488] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 135.707052] ? kasan_check_write+0x14/0x20 [ 135.711271] ? lock_sock_nested+0x9f/0x120 [ 135.715487] ? trace_hardirqs_on+0xd/0x10 [ 135.719617] ? __local_bh_enable_ip+0x161/0x230 [ 135.724279] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 135.729806] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 135.734978] sctp_sendmsg+0x18a2/0x1d90 [ 135.738936] ? do_raw_spin_unlock+0xa7/0x2f0 [ 135.743327] ? sctp_id2assoc+0x3e0/0x3e0 [ 135.747382] ? _raw_spin_unlock_bh+0x30/0x40 [ 135.751783] ? __release_sock+0x3a0/0x3a0 [ 135.755934] inet_sendmsg+0x1a1/0x690 [ 135.759728] ? copy_msghdr_from_user+0x340/0x580 [ 135.764466] ? ipip_gro_receive+0x100/0x100 [ 135.768769] ? move_addr_to_kernel.part.20+0x100/0x100 [ 135.774032] ? security_socket_sendmsg+0x94/0xc0 [ 135.778770] ? ipip_gro_receive+0x100/0x100 [ 135.783074] sock_sendmsg+0xd5/0x120 [ 135.786770] ___sys_sendmsg+0x51d/0x930 [ 135.790745] ? __check_object_size+0x9d/0x5f2 [ 135.795223] ? copy_msghdr_from_user+0x580/0x580 [ 135.799971] ? lock_acquire+0x1e4/0x540 [ 135.803933] ? __fget_light+0x2f7/0x440 [ 135.807890] ? fget_raw+0x20/0x20 [ 135.811331] ? proc_fail_nth_write+0x9e/0x210 [ 135.815809] ? proc_cwd_link+0x1d0/0x1d0 [ 135.819858] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 135.825375] ? sockfd_lookup_light+0xc5/0x160 [ 135.829852] __sys_sendmmsg+0x240/0x6f0 [ 135.833816] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 135.838122] ? fsnotify_first_mark+0x350/0x350 [ 135.842686] ? __fsnotify_parent+0xcc/0x420 [ 135.846992] ? fsnotify+0x14e0/0x14e0 [ 135.850785] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 135.856314] ? fput+0x130/0x1a0 [ 135.859576] ? ksys_write+0x1ae/0x260 [ 135.863368] ? __ia32_sys_read+0xb0/0xb0 [ 135.867414] __x64_sys_sendmmsg+0x9d/0x100 [ 135.871635] do_syscall_64+0x1b9/0x820 [ 135.875506] ? finish_task_switch+0x1d3/0x870 [ 135.879984] ? syscall_return_slowpath+0x5e0/0x5e0 [ 135.884897] ? syscall_return_slowpath+0x31d/0x5e0 [ 135.889830] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 135.894829] ? prepare_exit_to_usermode+0x291/0x3b0 [ 135.899826] ? perf_trace_sys_enter+0xb10/0xb10 [ 135.904477] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 135.909306] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 135.914479] RIP: 0033:0x455e29 [ 135.917648] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 22:28:43 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000000500, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) [ 135.936817] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 135.944506] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 135.951766] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 [ 135.959019] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 135.966268] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 135.973518] R13: 00000000004c111c R14: 00000000004d1558 R15: 000000000000001f 22:28:43 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/lblcr_expiration\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffff9c, 0x84, 0x1f, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e21, @rand_addr=0xffff}}, 0x1ff, 0x3f}, &(0x7f0000000180)=0x90) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f00000001c0)={r2, 0x33, "4b086e8d13df0057b879cdab460585b6d75938d51629cd4f72438b1fd6402d3418a98672d0cd5b345f04bdcc6f1e6e7d30ef0c"}, &(0x7f0000000200)=0x3b) ioctl(r0, 0x8918, &(0x7f0000000040)="025c483d6d345f8f762070") socketpair(0x0, 0x2, 0x8bd, &(0x7f0000000000)) sync() 22:28:43 executing program 5: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000080)='/dev/sg#\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffff9c, 0x84, 0xd, &(0x7f0000000140)=@assoc_id=0x0, &(0x7f0000000200)=0x4) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000002c0)={r2, 0x70, &(0x7f0000000240)=[@in6={0xa, 0x4e21, 0x500000000, @empty, 0x6}, @in6={0xa, 0x4e22, 0x8000, @dev={0xfe, 0x80, [], 0x1ff}, 0x80000001}, @in6={0xa, 0x4e22, 0x10001, @local={0xfe, 0x80, [], 0xaa}, 0x2}, @in6={0xa, 0x4e23, 0xffff, @remote={0xfe, 0x80, [], 0xbb}}]}, &(0x7f0000000300)=0x10) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x2275, &(0x7f00000000c0)=ANY=[@ANYBLOB="070a0000000000b4206dbf49"]) 22:28:43 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) ioctl(r1, 0x3ad, &(0x7f0000000000)="a0040ad8") 22:28:43 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x208100, 0x0) getsockname$inet(r1, &(0x7f0000000040)={0x0, 0x0, @rand_addr}, &(0x7f0000000080)=0x10) r2 = syz_open_pts(r0, 0xffffffffffffffff) ioctl$TCSETAF(r2, 0x5412, &(0x7f00000000c0)={0x13}) [ 136.044829] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 136.052829] FAT-fs (loop0): Filesystem has been set read-only 22:28:43 executing program 2 (fault-call:1 fault-nth:32): r0 = socket$inet6(0xa, 0x10000000000005, 0x0) sendmmsg(r0, &(0x7f0000004a40)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000400)="b1", 0x1}], 0x1, &(0x7f0000000540)}}], 0x1, 0x0) 22:28:43 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) ioctl(r1, 0x40305828, &(0x7f0000000000)="a0040ad8") [ 136.130340] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000202) [ 136.146450] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000202) [ 136.156426] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000202) [ 136.173636] FAULT_INJECTION: forcing a failure. [ 136.173636] name failslab, interval 1, probability 0, space 0, times 0 [ 136.184962] CPU: 1 PID: 8719 Comm: syz-executor2 Not tainted 4.18.0-rc3-next-20180709+ #2 [ 136.193278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 136.202629] Call Trace: [ 136.205228] dump_stack+0x1c9/0x2b4 [ 136.208872] ? dump_stack_print_info.cold.2+0x52/0x52 [ 136.214090] ? __kernel_text_address+0xd/0x40 [ 136.215740] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000202) [ 136.218583] ? unwind_get_return_address+0x61/0xa0 [ 136.218604] should_fail.cold.4+0xa/0x11 [ 136.218619] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 136.218639] ? save_stack+0xa9/0xd0 [ 136.230153] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000202) [ 136.230644] ? save_stack+0x43/0xd0 [ 136.234931] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000202) [ 136.239806] ? kasan_kmalloc+0xc4/0xe0 [ 136.239822] ? kmem_cache_alloc_trace+0x152/0x780 [ 136.239841] ? sctp_add_bind_addr+0x101/0x4b0 [ 136.239864] ? sctp_copy_local_addr_list+0x499/0x690 [ 136.243973] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000202) [ 136.250543] ? sctp_copy_one_addr+0x5d/0x170 [ 136.250558] ? sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 136.250573] ? sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 136.250586] ? sctp_sendmsg+0x18a2/0x1d90 [ 136.250605] ? inet_sendmsg+0x1a1/0x690 [ 136.254585] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000202) [ 136.261287] ? sock_sendmsg+0xd5/0x120 [ 136.261301] ? ___sys_sendmsg+0x51d/0x930 [ 136.261315] ? __sys_sendmmsg+0x240/0x6f0 [ 136.261329] ? __x64_sys_sendmmsg+0x9d/0x100 [ 136.261352] ? do_syscall_64+0x1b9/0x820 [ 136.337299] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 136.342659] ? lock_acquire+0x1e4/0x540 [ 136.346623] ? cache_grow_end.part.37+0x95/0x170 [ 136.351363] ? lock_downgrade+0x8f0/0x8f0 [ 136.355501] ? kasan_check_read+0x11/0x20 [ 136.359635] ? do_raw_spin_unlock+0xa7/0x2f0 [ 136.364034] ? lock_acquire+0x1e4/0x540 [ 136.367999] ? sctp_bind_addr_state+0x292/0x480 [ 136.372658] ? lock_downgrade+0x8f0/0x8f0 [ 136.376791] ? kasan_unpoison_shadow+0x35/0x50 [ 136.381370] __should_failslab+0x124/0x180 [ 136.385594] should_failslab+0x9/0x14 [ 136.389379] kmem_cache_alloc_trace+0x4b/0x780 [ 136.393949] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 136.399124] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 136.404131] sctp_add_bind_addr+0x101/0x4b0 [ 136.408440] ? sctp_bind_addr_free+0x20/0x20 [ 136.412836] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 136.418015] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 136.423542] ? sctp_v4_scope+0x19b/0x1c0 [ 136.427591] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 136.432766] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 136.437771] sctp_copy_local_addr_list+0x499/0x690 [ 136.442699] ? sctp_defaults_init+0xe70/0xe70 [ 136.447182] ? get_random_bytes+0x34/0x40 [ 136.451316] ? sctp_association_new+0x1aab/0x2290 [ 136.456150] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 136.461326] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 136.466851] sctp_copy_one_addr+0x5d/0x170 [ 136.471072] ? sctp_copy_one_addr+0x5d/0x170 [ 136.475643] sctp_bind_addr_copy+0x173/0x47c [ 136.480044] ? sctp_copy_one_addr+0x170/0x170 [ 136.484524] ? sctp_autobind+0x16d/0x1f0 [ 136.488571] ? sctp_do_bind+0x5f0/0x5f0 [ 136.492534] sctp_assoc_set_bind_addr_from_ep+0x165/0x1c0 [ 136.498059] ? security_sctp_bind_connect+0x99/0xc0 [ 136.503067] sctp_sendmsg_new_asoc+0x3c4/0x1200 [ 136.507722] ? lock_acquire+0x1e4/0x540 [ 136.511682] ? sctp_sendmsg+0x1278/0x1d90 [ 136.515819] ? sctp_autobind+0x1f0/0x1f0 [ 136.519878] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 136.524448] ? kasan_check_write+0x14/0x20 [ 136.528670] ? lock_sock_nested+0x9f/0x120 [ 136.532890] ? trace_hardirqs_on+0xd/0x10 [ 136.537027] ? __local_bh_enable_ip+0x161/0x230 [ 136.541692] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 136.547214] ? sctp_endpoint_lookup_assoc+0x183/0x290 [ 136.552406] sctp_sendmsg+0x18a2/0x1d90 [ 136.556364] ? do_raw_spin_unlock+0xa7/0x2f0 [ 136.560762] ? sctp_id2assoc+0x3e0/0x3e0 [ 136.564810] ? _raw_spin_unlock_bh+0x30/0x40 [ 136.569208] ? __release_sock+0x3a0/0x3a0 [ 136.573353] inet_sendmsg+0x1a1/0x690 [ 136.577138] ? copy_msghdr_from_user+0x340/0x580 [ 136.581879] ? ipip_gro_receive+0x100/0x100 [ 136.586186] ? move_addr_to_kernel.part.20+0x100/0x100 [ 136.591728] ? security_socket_sendmsg+0x94/0xc0 [ 136.596472] ? ipip_gro_receive+0x100/0x100 [ 136.600785] sock_sendmsg+0xd5/0x120 [ 136.604488] ___sys_sendmsg+0x51d/0x930 [ 136.608450] ? __check_object_size+0x9d/0x5f2 [ 136.612933] ? copy_msghdr_from_user+0x580/0x580 [ 136.617680] ? lock_acquire+0x1e4/0x540 [ 136.621650] ? __fget_light+0x2f7/0x440 [ 136.625610] ? fget_raw+0x20/0x20 [ 136.629087] ? proc_fail_nth_write+0x9e/0x210 [ 136.633569] ? proc_cwd_link+0x1d0/0x1d0 [ 136.637622] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 136.643146] ? sockfd_lookup_light+0xc5/0x160 [ 136.647630] __sys_sendmmsg+0x240/0x6f0 [ 136.651595] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 136.655905] ? fsnotify_first_mark+0x350/0x350 [ 136.660481] ? __fsnotify_parent+0xcc/0x420 [ 136.664808] ? fsnotify+0x14e0/0x14e0 [ 136.668607] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 136.674129] ? fput+0x130/0x1a0 [ 136.677398] ? ksys_write+0x1ae/0x260 [ 136.681185] ? __ia32_sys_read+0xb0/0xb0 [ 136.685242] __x64_sys_sendmmsg+0x9d/0x100 [ 136.689466] do_syscall_64+0x1b9/0x820 [ 136.693338] ? finish_task_switch+0x1d3/0x870 [ 136.697819] ? syscall_return_slowpath+0x5e0/0x5e0 [ 136.702735] ? syscall_return_slowpath+0x31d/0x5e0 [ 136.707651] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 136.712655] ? prepare_exit_to_usermode+0x291/0x3b0 [ 136.717657] ? perf_trace_sys_enter+0xb10/0xb10 [ 136.722315] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 136.727149] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 136.732322] RIP: 0033:0x455e29 [ 136.735493] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 136.754830] RSP: 002b:00007f2ec9f2cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 136.762529] RAX: ffffffffffffffda RBX: 00007f2ec9f2d6d4 RCX: 0000000000455e29 [ 136.769795] RDX: 0000000000000001 RSI: 0000000020004a40 RDI: 0000000000000013 22:28:44 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='io.stat\x00', 0x0, 0x0) ioctl$TIOCMSET(r0, 0x5418, &(0x7f0000000040)=0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_buf(r1, 0x6, 0x21, &(0x7f0000000280), 0x0) 22:28:44 executing program 4: r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x5, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x820}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="a4b2386b", @ANYRES16=r1, @ANYBLOB="000228bd7000fddbdf25050000004400030014000600fe8000000000000000000000000000aa080005000000000014000600000000000000000000000000000000010800030001000000080008000000000008000600030000000800050002000000340003000800040001040000080003000200000008000300030000000800040001000000080003000400000008000100030000000800050009000000"], 0xa4}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8942, &(0x7f0000000100)={'lo\x00', &(0x7f0000000080)=@ethtool_eeprom}) 22:28:44 executing program 5: syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f00000003c0), 0x0, &(0x7f00000000c0)=ANY=[]) setrlimit(0xf, &(0x7f0000000080)={0x0, 0xffff}) 22:28:44 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000000006, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) 22:28:44 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000001b80)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(xeta)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000000)="b7f2288a933d66593ae164c990a0028e", 0x10) r2 = accept$alg(r1, 0x0, 0x0) write$binfmt_script(r2, &(0x7f0000000300)=ANY=[], 0xffffffaa) recvmsg(r2, &(0x7f0000001480)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f00000002c0)=""/4096, 0x1002}], 0x34, &(0x7f0000001400)=""/123, 0x2000147b}, 0x0) r3 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000001080)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f00000010c0)) tkill(r3, 0x1000000000016) bind$bt_sco(r1, &(0x7f0000000040)={0x1f, {0x81, 0x9, 0x3, 0xfffffffffffffffc, 0x0, 0x6}}, 0x8) 22:28:44 executing program 6: r0 = memfd_create(&(0x7f0000000000)='cproc\x00', 0x0) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x0, 0x51, r0, 0x0) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f00000000c0)=0x3, 0x4) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000080)=0x5, 0x4) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f00000001c0)=@buf={0xa2, &(0x7f0000000100)="05fb58e21ce7561638c10afca4faee1c7a09c10fd024ba7c1e8374f37338375501879824d675dabb4e1ec2d29c653e503cd25ff6602b8e51d320a74d02dab9d91ba5e4473208ab230ddfc52730040c882f32446a7fbbd31139198006541949401e3744933e57275ee9ba9d2dfe0a1fcde8d6555ec9f159d5721c5fe90ed051fc56e24d642880c3542d80e41d17acdafed99bc2606e73f624b1106bfef5c4b92a2b41"}) mbind(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x4002, &(0x7f0000000040)=0xf1, 0x3f, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000240)=0x0) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r1, 0x10, &(0x7f0000000280)={0xea}) sendfile(r0, r0, &(0x7f0000000200), 0x7) [ 136.777050] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 136.784303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 136.791557] R13: 00000000004c111c R14: 00000000004d1558 R15: 0000000000000020 22:28:44 executing program 6: timer_create(0x0, &(0x7f0000044000)={0x0, 0x0, 0x1}, &(0x7f0000044000)) r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000000c0)="295ef3311f36f47767107082450f044619d81af715f71226e736b0723bbf38b742c3d1cca97834c46ca803f24b4bd79d56f01b29af7e00") r1 = accept4(r0, &(0x7f0000000680)=@can={0x0, 0x0}, &(0x7f0000000700)=0x80, 0x80800) socket$inet_dccp(0x2, 0x6, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='net/netlink\x00') timer_create(0x7, &(0x7f0000000300)={0x0, 0x1c, 0x2, @thr={&(0x7f0000000100)="3c212c52cf4a697d47d0de5cb3d4ab4fd485a98226e2e2d27299e22420e78bc45443ffe22f0f4bb958690bdb14748c9dc92af8", &(0x7f0000000140)="cb61f46e04f88967d814e5d64eafe6b8f32e5a2143a4a924648d2fbc9a52bf909e2116d841082755e295c71385cc8add88fbc7ddd93bd523d2804b830df84def93adb19b5c2a2bf34d3245e9c8c5869d3c04042abdc5f7cf5b3a5e892ecac7cc35cee463750819e93f0890aa645c343295728997785791ae8747686d281cbb436a476c400952a2074d3b7f77"}}, &(0x7f0000000280)) openat$dsp(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/dsp\x00', 0x103000, 0x0) setsockopt$packet_int(r3, 0x107, 0xe, &(0x7f0000000200)=0xc8, 0x4) ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa04, &(0x7f0000000240)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x1}) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r1, 0x28, 0x6, &(0x7f0000000040), 0x10) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000740)={@loopback={0x0, 0x1}, @dev={0xfe, 0x80, [], 0x1f}, @mcast1={0xff, 0x1, [], 0x1}, 0x4, 0xff, 0x4, 0x400, 0x1, 0x1010020, r2}) timer_settime(0x0, 0x0, &(0x7f0000000000)={{}, {0x0, 0x989680}}, &(0x7f0000001240)) 22:28:44 executing program 0: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='devpts\x00', 0x0, &(0x7f00000000c0)) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000340)='/dev/autofs\x00', 0x80000000008001, 0x0) setsockopt$inet_group_source_req(r0, 0x0, 0x0, &(0x7f0000000140)={0x9, {{0x2, 0x4e23, @multicast2=0xe0000002}}, {{0x2, 0x4e22, @local={0xac, 0x14, 0x14, 0xaa}}}}, 0x108) 22:28:44 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffff9c, 0x8933, &(0x7f0000000140)={'vcan0\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f0000000180)={@remote={0xfe, 0x80, [], 0xbb}, 0x3, r2}) get_mempolicy(&(0x7f0000000000), &(0x7f0000000040), 0x6a, &(0x7f0000ffd000/0x3000)=nil, 0x3) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000f68000)={@loopback={0x0, 0x1}, 0x0, 0x0, 0xff, 0x1, 0xfec0}, 0x20) 22:28:44 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$fiemap(r1, 0x40086602, &(0x7f0000000240)=ANY=[]) write$binfmt_elf64(r1, &(0x7f00000002c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) ioctl(r1, 0xc0045877, &(0x7f0000000000)="a0040ad8") [ 136.849825] ntfs: (device loop5): ntfs_fill_super(): Unable to determine device size. 22:28:44 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0xc00000000020000, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f, 0x0, 0x1, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c) [ 136.908840] ntfs: (device loop5): ntfs_fill_super(): Unable to determine device size. [ 136.920996] devpts: called with bogus options 22:28:44 executing program 6: openat$rtc(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rtc0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) clock_getres(0x6, &(0x7f0000000000)) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000fd0ffc)=0xe) ioctl$FIONREAD(r1, 0x541b, &(0x7f0000000100)) 22:28:44 executing program 5: r0 = memfd_create(&(0x7f0000002901)='dev ', 0x0) write(r0, &(0x7f0000000080)="16", 0x1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x11, r0, 0x0) perf_event_open(&(0x7f0000000fc5)={0x0, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) [ 136.987484] devpts: called with bogus options [ 287.712101] INFO: task khugepaged:903 blocked for more than 140 seconds. [ 287.719034] Not tainted 4.18.0-rc3-next-20180709+ #2 [ 287.724664] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 287.732631] khugepaged D23456 903 2 0x80000000 [ 287.738281] Call Trace: [ 287.740874] __schedule+0x87c/0x1ed0 [ 287.744592] ? __sched_text_start+0x8/0x8 [ 287.748755] ? attach_entity_load_avg+0x860/0x860 [ 287.753614] ? get_kernel_page+0x130/0x130 [ 287.757854] ? trace_hardirqs_on+0x10/0x10 [ 287.762095] ? __mem_cgroup_threshold+0x740/0x740 [ 287.766935] schedule+0xfb/0x450 [ 287.770303] ? lock_downgrade+0x8f0/0x8f0 [ 287.774449] ? __schedule+0x1ed0/0x1ed0 [ 287.778425] ? kasan_check_read+0x11/0x20 [ 287.782581] ? do_raw_spin_unlock+0xa7/0x2f0 [ 287.786999] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 287.791584] ? kasan_check_write+0x14/0x20 [ 287.795824] ? do_raw_spin_lock+0xc1/0x200 [ 287.800059] __rwsem_down_write_failed_common+0x95d/0x1630 [ 287.805685] ? rwsem_spin_on_owner+0xa40/0xa40 [ 287.810559] ? trace_hardirqs_on+0x10/0x10 [ 287.814795] ? should_fail+0x246/0xd86 [ 287.818677] ? trace_hardirqs_on+0x10/0x10 [ 287.822909] ? update_blocked_averages+0xcee/0x1770 [ 287.827926] ? __mem_cgroup_largest_soft_limit_node.part.65+0x7f0/0x7f0 [ 287.834694] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 287.840237] ? __collapse_huge_page_swapin+0x85e/0x1670 [ 287.845600] ? collapse_shmem+0x4810/0x4810 [ 287.849926] ? lock_acquire+0x1e4/0x540 [ 287.853912] ? get_mem_cgroup_from_mm+0x209/0x440 [ 287.858748] ? get_mem_cgroup_from_page+0x190/0x190 [ 287.863775] ? lock_acquire+0x1e4/0x540 [ 287.867741] ? collapse_huge_page+0x1ed/0x2140 [ 287.872330] ? lock_acquire+0x1e4/0x540 [ 287.876296] ? collapse_huge_page+0x2b9/0x2140 [ 287.880875] ? lock_release+0xa30/0xa30 [ 287.884846] ? check_same_owner+0x340/0x340 [ 287.889165] rwsem_down_write_failed+0xe/0x10 [ 287.893661] ? rwsem_down_write_failed+0xe/0x10 [ 287.898329] call_rwsem_down_write_failed+0x17/0x30 [ 287.903354] down_write+0xaa/0x130 [ 287.906894] ? collapse_huge_page+0x2b9/0x2140 [ 287.911478] ? down_read+0x1d0/0x1d0 [ 287.915197] collapse_huge_page+0x2b9/0x2140 [ 287.919614] ? pick_next_task_fair+0x64a/0x17a0 [ 287.924286] ? __collapse_huge_page_swapin+0x1670/0x1670 [ 287.929732] ? lock_acquire+0x1e4/0x540 [ 287.933707] ? khugepaged_scan_mm_slot+0x2c4/0x3200 [ 287.938716] ? lock_release+0xa30/0xa30 [ 287.942692] ? trace_hardirqs_on+0x10/0x10 [ 287.946936] ? kasan_check_read+0x11/0x20 [ 287.951086] ? lock_acquire+0x1e4/0x540 [ 287.955077] ? khugepaged_scan_mm_slot+0x2072/0x3200 [ 287.960199] ? lock_downgrade+0x8f0/0x8f0 [ 287.964360] ? kasan_check_read+0x11/0x20 [ 287.968511] ? do_raw_spin_unlock+0xa7/0x2f0 [ 287.972924] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 287.977512] ? __pte_alloc_kernel+0x2e0/0x2e0 [ 287.982025] ? kasan_check_write+0x14/0x20 [ 287.986275] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 287.991808] ? khugepaged_find_target_node+0x19a/0x1e0 [ 287.997093] khugepaged_scan_mm_slot+0x2096/0x3200 [ 288.002027] ? lock_acquire+0xf1/0x540 [ 288.005924] ? collapse_huge_page+0x2140/0x2140 [ 288.010622] ? kasan_check_read+0x11/0x20 [ 288.014783] ? do_raw_spin_unlock+0xa7/0x2f0 [ 288.019198] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 288.023800] ? lock_acquire+0x1e4/0x540 [ 288.027783] ? lock_downgrade+0x8f0/0x8f0 [ 288.031947] ? kasan_check_read+0x11/0x20 [ 288.036103] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 288.040692] ? kasan_check_write+0x14/0x20 [ 288.044932] ? do_raw_spin_lock+0xc1/0x200 [ 288.049170] ? trace_hardirqs_on+0x10/0x10 [ 288.053419] ? finish_wait+0x25d/0x430 [ 288.057319] ? remove_wait_queue+0x360/0x360 [ 288.061740] ? check_same_owner+0x340/0x340 [ 288.066069] ? rcu_note_context_switch+0x730/0x730 [ 288.071012] ? khugepaged_wait_work+0x170/0x980 [ 288.075705] ? trace_event_raw_event_mm_collapse_huge_page_isolate+0x390/0x390 [ 288.083072] ? perf_trace_lock+0x920/0x920 [ 288.087320] ? lock_repin_lock+0x430/0x430 [ 288.091566] ? kasan_check_write+0x14/0x20 [ 288.095807] ? finish_wait+0x430/0x430 [ 288.099709] ? lock_acquire+0x1e4/0x540 [ 288.103697] ? lock_downgrade+0x8f0/0x8f0 [ 288.107863] ? lock_release+0xa30/0xa30 [ 288.111838] ? check_same_owner+0x340/0x340 [ 288.116162] ? do_raw_spin_unlock+0xa7/0x2f0 [ 288.120577] ? kasan_check_write+0x14/0x20 [ 288.124811] ? do_raw_spin_lock+0xc1/0x200 [ 288.129042] khugepaged+0x9aa/0xce0 [ 288.132664] ? khugepaged_scan_mm_slot+0x3200/0x3200 [ 288.137762] ? find_held_lock+0x36/0x1c0 [ 288.141821] ? find_held_lock+0x36/0x1c0 [ 288.145893] ? kasan_check_read+0x11/0x20 [ 288.150037] ? do_raw_spin_unlock+0xa7/0x2f0 [ 288.154447] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 288.159558] ? __kthread_parkme+0x58/0x1b0 [ 288.163795] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 288.168821] ? trace_hardirqs_on+0xd/0x10 [ 288.172969] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 288.178503] ? __kthread_parkme+0x106/0x1b0 [ 288.182817] kthread+0x345/0x410 [ 288.186189] ? khugepaged_scan_mm_slot+0x3200/0x3200 [ 288.191285] ? kthread_bind+0x40/0x40 [ 288.195085] ret_from_fork+0x3a/0x50 [ 288.198823] INFO: task rs:main Q:Reg:4340 blocked for more than 140 seconds. [ 288.206007] Not tainted 4.18.0-rc3-next-20180709+ #2 [ 288.211625] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 288.219589] rs:main Q:Reg D22320 4340 1 0x00000000 [ 288.225211] Call Trace: [ 288.227812] __schedule+0x87c/0x1ed0 [ 288.231524] ? __sched_text_start+0x8/0x8 [ 288.235672] ? lock_acquire+0x1e4/0x540 [ 288.239642] ? __fdget_pos+0x1bb/0x200 [ 288.243525] ? lock_release+0xa30/0xa30 [ 288.247491] ? check_same_owner+0x340/0x340 [ 288.251819] ? rcu_note_context_switch+0x730/0x730 [ 288.256752] schedule+0xfb/0x450 [ 288.260116] ? lock_downgrade+0x8f0/0x8f0 [ 288.264270] ? __schedule+0x1ed0/0x1ed0 [ 288.268246] ? kasan_check_read+0x11/0x20 [ 288.272400] ? do_raw_spin_unlock+0xa7/0x2f0 [ 288.276804] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 288.281381] ? kasan_check_write+0x14/0x20 [ 288.285612] ? do_raw_spin_lock+0xc1/0x200 [ 288.289842] rwsem_down_read_failed+0x362/0x600 [ 288.294521] ? rwsem_down_write_failed_killable+0x10/0x10 [ 288.300059] ? lock_acquire+0x1e4/0x540 [ 288.304031] ? rcuwait_wake_up+0x1a3/0x2f0 [ 288.308264] ? lock_downgrade+0x8f0/0x8f0 [ 288.312408] ? lock_release+0xa30/0xa30 [ 288.316378] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 288.321911] ? rcuwait_wake_up+0x1cc/0x2f0 [ 288.326143] call_rwsem_down_read_failed+0x18/0x30 [ 288.331067] ? rcuwait_wake_up+0x186/0x2f0 [ 288.335298] __percpu_down_read+0x16e/0x210 [ 288.339619] ? percpu_free_rwsem+0xa0/0xa0 [ 288.343852] __sb_start_write+0x2d7/0x300 [ 288.348004] vfs_write+0x42a/0x560 [ 288.351544] ksys_write+0x101/0x260 [ 288.355210] ? __ia32_sys_read+0xb0/0xb0 [ 288.359270] __x64_sys_write+0x73/0xb0 [ 288.363164] do_syscall_64+0x1b9/0x820 [ 288.367060] ? syscall_slow_exit_work+0x500/0x500 [ 288.371896] ? syscall_return_slowpath+0x5e0/0x5e0 [ 288.376832] ? syscall_return_slowpath+0x31d/0x5e0 [ 288.381759] ? prepare_exit_to_usermode+0x291/0x3b0 [ 288.386785] ? perf_trace_sys_enter+0xb10/0xb10 [ 288.391466] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 288.396316] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 288.401513] RIP: 0033:0x7fbf0091c19d [ 288.405226] Code: Bad RIP value. [ 288.408607] RSP: 002b:00007fbefeebd000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 288.416340] RAX: ffffffffffffffda RBX: 0000000000000053 RCX: 00007fbf0091c19d [ 288.423629] RDX: 0000000000000053 RSI: 00000000017a0a90 RDI: 0000000000000005 [ 288.430930] RBP: 00000000017a0a90 R08: 00000000017a0a90 R09: 3a73747076656420 [ 288.438226] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 288.445522] R13: 00007fbefeebd480 R14: 0000000000000001 R15: 00000000017a0890 [ 288.452818] INFO: task syz-fuzzer:4460 blocked for more than 140 seconds. [ 288.459759] Not tainted 4.18.0-rc3-next-20180709+ #2 [ 288.465391] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 288.473358] syz-fuzzer D19312 4460 4453 0x00000000 [ 288.479004] Call Trace: [ 288.481617] __schedule+0x87c/0x1ed0 [ 288.485351] ? __sched_text_start+0x8/0x8 [ 288.489507] ? trace_hardirqs_on+0x10/0x10 [ 288.493761] ? select_task_rq_fair+0x73b/0x32a0 [ 288.498451] ? lock_downgrade+0x8f0/0x8f0 [ 288.502620] ? account_entity_enqueue+0x3ec/0x700 [ 288.507477] ? __enqueue_entity+0x10d/0x1f0 [ 288.511817] schedule+0xfb/0x450 [ 288.515185] ? lock_downgrade+0x8f0/0x8f0 [ 288.519344] ? __schedule+0x1ed0/0x1ed0 [ 288.523334] ? kasan_check_read+0x11/0x20 [ 288.527506] ? do_raw_spin_unlock+0xa7/0x2f0 [ 288.531953] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 288.536575] ? kasan_check_write+0x14/0x20 [ 288.540832] ? do_raw_spin_lock+0xc1/0x200 [ 288.545079] rwsem_down_read_failed+0x362/0x600 [ 288.549767] ? rwsem_down_write_failed_killable+0x10/0x10 [ 288.555318] ? lock_acquire+0x1e4/0x540 [ 288.559311] ? rcuwait_wake_up+0x1a3/0x2f0 [ 288.563546] ? lock_downgrade+0x8f0/0x8f0 [ 288.567700] ? lock_release+0xa30/0xa30 [ 288.571697] ? ep_scan_ready_list+0xac1/0xf50 [ 288.576202] ? lock_downgrade+0x8f0/0x8f0 [ 288.580374] call_rwsem_down_read_failed+0x18/0x30 [ 288.585322] ? rcuwait_wake_up+0x186/0x2f0 [ 288.589570] __percpu_down_read+0x16e/0x210 [ 288.593893] ? percpu_free_rwsem+0xa0/0xa0 [ 288.598148] __sb_start_write+0x2d7/0x300 [ 288.602317] ext4_page_mkwrite+0x1d0/0x1430 [ 288.606658] ? ext4_change_inode_journal_flag+0x3e0/0x3e0 [ 288.612204] ? migrate_swap_stop+0x850/0x850 [ 288.616637] ? lock_release+0xa30/0xa30 [ 288.620629] ? do_wp_page+0xf70/0x19b0 [ 288.624520] do_page_mkwrite+0x14e/0x520 [ 288.628592] ? print_bad_pte+0x5f0/0x5f0 [ 288.632671] ? do_raw_spin_unlock+0xa7/0x2f0 [ 288.637082] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 288.641686] ? __pte_alloc_kernel+0x2e0/0x2e0 [ 288.646199] do_wp_page+0xf78/0x19b0 [ 288.649927] ? finish_mkwrite_fault+0x610/0x610 [ 288.654595] ? trace_hardirqs_on+0x10/0x10 [ 288.658845] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 288.663879] ? lock_acquire+0x1e4/0x540 [ 288.667864] ? __handle_mm_fault+0x1cef/0x4480 [ 288.672449] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 288.677994] ? lock_release+0xa30/0xa30 [ 288.681982] ? generic_update_time+0x26a/0x450 [ 288.686579] ? may_umount_tree+0x220/0x220 [ 288.691035] ? pmd_val+0x88/0x100 [ 288.694515] ? add_mm_counter_fast+0xd0/0xd0 [ 288.698946] ? kasan_check_write+0x14/0x20 [ 288.703484] ? do_raw_spin_lock+0xc1/0x200 [ 288.707734] __handle_mm_fault+0x2aab/0x4480 [ 288.712170] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 288.717038] ? lock_acquire+0x1e4/0x540 [ 288.721027] ? handle_mm_fault+0x417/0xc80 [ 288.725259] ? lock_downgrade+0x8f0/0x8f0 [ 288.729419] ? lock_release+0xa30/0xa30 [ 288.733400] ? lock_release+0xa30/0xa30 [ 288.737415] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 288.742967] ? mem_cgroup_from_task+0xcb/0x1f0 [ 288.747560] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 288.752348] handle_mm_fault+0x53e/0xc80 [ 288.756426] ? __handle_mm_fault+0x4480/0x4480 [ 288.761032] ? find_vma+0x34/0x190 [ 288.764596] __do_page_fault+0x620/0xe50 [ 288.768661] ? mm_fault_error+0x380/0x380 [ 288.772816] ? __ia32_sys_read+0xb0/0xb0 [ 288.776877] do_page_fault+0xf6/0x8c0 [ 288.780700] ? vmalloc_sync_all+0x30/0x30 [ 288.784869] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 288.790425] ? do_syscall_64+0x497/0x820 [ 288.794496] ? syscall_slow_exit_work+0x500/0x500 [ 288.799360] ? syscall_return_slowpath+0x5e0/0x5e0 [ 288.804302] ? prepare_exit_to_usermode+0x291/0x3b0 [ 288.809333] ? page_fault+0x8/0x30 [ 288.812886] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 288.817741] ? page_fault+0x8/0x30 [ 288.821296] page_fault+0x1e/0x30 [ 288.824761] RIP: 0033:0x70b5e1 [ 288.827954] Code: Bad RIP value. [ 288.831345] RSP: 002b:000000c42b451240 EFLAGS: 00010212 [ 288.836726] RAX: 000000c42b451878 RBX: 000000c42b451880 RCX: 00007f72d6b48000 [ 288.844021] RDX: fffffffffffffffe RSI: 00000000020a14d8 RDI: 000000c42b451250 [ 288.851313] RBP: 000000c42b451250 R08: 0000000000000000 R09: 0000000000000000 [ 288.858589] R10: 000000000095bf8a R11: 0000000000000004 R12: 0000000000000000 [ 288.865884] R13: 0000000000000020 R14: 0000000000000013 R15: 000000c42b4519e8 [ 288.873189] INFO: task syz-fuzzer:4473 blocked for more than 140 seconds. [ 288.880131] Not tainted 4.18.0-rc3-next-20180709+ #2 [ 288.885763] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 288.893758] syz-fuzzer D19984 4473 4453 0x00000000 [ 288.899400] Call Trace: [ 288.902029] __schedule+0x87c/0x1ed0 [ 288.905761] ? __sched_text_start+0x8/0x8 [ 288.909921] ? trace_hardirqs_on+0x10/0x10 [ 288.914173] ? select_task_rq_fair+0x73b/0x32a0 [ 288.918855] ? lock_downgrade+0x8f0/0x8f0 [ 288.923030] ? account_entity_enqueue+0x3ec/0x700 [ 288.927889] ? __enqueue_entity+0x10d/0x1f0 [ 288.932222] schedule+0xfb/0x450 [ 288.935616] ? lock_downgrade+0x8f0/0x8f0 [ 288.939772] ? __schedule+0x1ed0/0x1ed0 [ 288.943774] ? kasan_check_read+0x11/0x20 [ 288.947926] ? do_raw_spin_unlock+0xa7/0x2f0 [ 288.952359] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 288.956974] ? kasan_check_write+0x14/0x20 [ 288.961234] ? do_raw_spin_lock+0xc1/0x200 [ 288.965484] rwsem_down_read_failed+0x362/0x600 [ 288.970171] ? rwsem_down_write_failed_killable+0x10/0x10 [ 288.975724] ? lock_acquire+0x1e4/0x540 [ 288.979709] ? rcuwait_wake_up+0x1a3/0x2f0 [ 288.983953] ? lock_downgrade+0x8f0/0x8f0 [ 288.988109] ? lock_release+0xa30/0xa30 [ 288.992109] ? try_to_wake_up+0x10a/0x12b0 [ 288.996360] call_rwsem_down_read_failed+0x18/0x30 [ 289.001300] ? rcuwait_wake_up+0x186/0x2f0 [ 289.005552] __percpu_down_read+0x16e/0x210 [ 289.009884] ? percpu_free_rwsem+0xa0/0xa0 [ 289.014157] __sb_start_write+0x2d7/0x300 [ 289.018310] ext4_page_mkwrite+0x1d0/0x1430 [ 289.022656] ? ext4_change_inode_journal_flag+0x3e0/0x3e0 [ 289.028210] ? migrate_swap_stop+0x850/0x850 [ 289.032635] ? lock_release+0xa30/0xa30 [ 289.036625] ? do_wp_page+0xf70/0x19b0 [ 289.040516] do_page_mkwrite+0x14e/0x520 [ 289.044579] ? print_bad_pte+0x5f0/0x5f0 [ 289.048639] ? do_raw_spin_unlock+0xa7/0x2f0 [ 289.053060] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 289.057655] ? __pte_alloc_kernel+0x2e0/0x2e0 [ 289.062164] do_wp_page+0xf78/0x19b0 [ 289.065894] ? finish_mkwrite_fault+0x610/0x610 [ 289.070568] ? trace_hardirqs_on+0x10/0x10 [ 289.074821] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 289.079851] ? lock_acquire+0x1e4/0x540 [ 289.083856] ? __handle_mm_fault+0x1cef/0x4480 [ 289.088461] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 289.094022] ? lock_release+0xa30/0xa30 [ 289.098015] ? generic_update_time+0x26a/0x450 [ 289.102613] ? may_umount_tree+0x220/0x220 [ 289.106872] ? pmd_val+0x88/0x100 [ 289.110326] ? add_mm_counter_fast+0xd0/0xd0 [ 289.114758] ? kasan_check_write+0x14/0x20 [ 289.119003] ? do_raw_spin_lock+0xc1/0x200 [ 289.123258] __handle_mm_fault+0x2aab/0x4480 [ 289.127684] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 289.132538] ? lock_acquire+0x1e4/0x540 [ 289.136514] ? handle_mm_fault+0x417/0xc80 [ 289.140741] ? lock_downgrade+0x8f0/0x8f0 [ 289.144887] ? lock_release+0xa30/0xa30 [ 289.148860] ? lock_release+0xa30/0xa30 [ 289.152843] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 289.158395] ? mem_cgroup_from_task+0xcb/0x1f0 [ 289.162986] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 289.167747] handle_mm_fault+0x53e/0xc80 [ 289.171821] ? __handle_mm_fault+0x4480/0x4480 [ 289.176424] ? find_vma+0x34/0x190 [ 289.179967] __do_page_fault+0x620/0xe50 [ 289.184038] ? mm_fault_error+0x380/0x380 [ 289.188204] ? __ia32_sys_read+0xb0/0xb0 [ 289.192267] do_page_fault+0xf6/0x8c0 [ 289.196077] ? vmalloc_sync_all+0x30/0x30 [ 289.200229] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 289.205795] ? do_syscall_64+0x497/0x820 [ 289.209858] ? syscall_slow_exit_work+0x500/0x500 [ 289.214714] ? syscall_return_slowpath+0x5e0/0x5e0 [ 289.219648] ? syscall_return_slowpath+0x31d/0x5e0 [ 289.224583] ? prepare_exit_to_usermode+0x291/0x3b0 [ 289.229594] ? page_fault+0x8/0x30 [ 289.233135] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 289.237970] ? page_fault+0x8/0x30 [ 289.241516] page_fault+0x1e/0x30 [ 289.244961] RIP: 0033:0x70b5e1 [ 289.248151] Code: Bad RIP value. [ 289.251517] RSP: 002b:000000c4299ff240 EFLAGS: 00010212 [ 289.256876] RAX: 000000c4299ff878 RBX: 000000c4299ff880 RCX: 00007f72d5948000 [ 289.264138] RDX: fffffffffffffffe RSI: 00000000020a49f8 RDI: 000000c4299ff250 [ 289.271400] RBP: 000000c4299ff250 R08: 0000000000000000 R09: 0000000000000000 [ 289.278661] R10: 000000000095bf8a R11: 0000000000000004 R12: 0000000000000000 [ 289.285937] R13: 0000000000000020 R14: 0000000000000013 R15: 000000c4299ff9f0 [ 289.293224] INFO: task syz-executor4:4484 blocked for more than 140 seconds. [ 289.300406] Not tainted 4.18.0-rc3-next-20180709+ #2 [ 289.306024] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 289.313986] syz-executor4 D21912 4484 4477 0x00000000 [ 289.319622] Call Trace: [ 289.322211] __schedule+0x87c/0x1ed0 [ 289.325923] ? kasan_check_read+0x11/0x20 [ 289.330074] ? __sched_text_start+0x8/0x8 [ 289.334218] ? is_bpf_text_address+0xd7/0x170 [ 289.338713] ? path_init+0x2340/0x2340 [ 289.342601] ? path_parentat.isra.43+0x20/0x160 [ 289.347275] ? trace_hardirqs_on+0x10/0x10 [ 289.351505] schedule+0xfb/0x450 [ 289.354864] ? lock_downgrade+0x8f0/0x8f0 [ 289.359022] ? __schedule+0x1ed0/0x1ed0 [ 289.363008] ? kasan_check_read+0x11/0x20 [ 289.367160] ? do_raw_spin_unlock+0xa7/0x2f0 [ 289.371565] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 289.376145] ? kasan_check_write+0x14/0x20 [ 289.380380] ? do_raw_spin_lock+0xc1/0x200 [ 289.384612] rwsem_down_read_failed+0x362/0x600 [ 289.389283] ? rwsem_down_write_failed_killable+0x10/0x10 [ 289.394815] ? lock_acquire+0x1e4/0x540 [ 289.398788] ? rcuwait_wake_up+0x1a3/0x2f0 [ 289.403022] ? lock_downgrade+0x8f0/0x8f0 [ 289.407185] ? lock_release+0xa30/0xa30 [ 289.411163] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 289.416185] ? mntput+0x74/0xa0 [ 289.419456] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 289.424988] ? terminate_walk+0x20a/0x5e0 [ 289.429134] ? rcuwait_wake_up+0x1cc/0x2f0 [ 289.433365] call_rwsem_down_read_failed+0x18/0x30 [ 289.438284] ? rcuwait_wake_up+0x186/0x2f0 [ 289.442510] __percpu_down_read+0x16e/0x210 [ 289.446834] ? percpu_free_rwsem+0xa0/0xa0 [ 289.451071] __sb_start_write+0x2d7/0x300 [ 289.455212] mnt_want_write+0x3f/0xc0 [ 289.459018] do_unlinkat+0x2b7/0xa30 [ 289.462730] ? do_raw_spin_unlock+0xa7/0x2f0 [ 289.467139] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 289.471716] ? __ia32_sys_rmdir+0x40/0x40 [ 289.475863] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 289.481396] ? strncpy_from_user+0x3be/0x510 [ 289.485819] ? mpi_free.cold.1+0x19/0x19 [ 289.489874] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 289.495409] ? getname_flags+0x26e/0x5a0 [ 289.499463] __x64_sys_unlink+0x42/0x50 [ 289.503434] do_syscall_64+0x1b9/0x820 [ 289.507322] ? syscall_slow_exit_work+0x500/0x500 [ 289.512180] ? syscall_return_slowpath+0x5e0/0x5e0 [ 289.517107] ? syscall_return_slowpath+0x31d/0x5e0 [ 289.522034] ? prepare_exit_to_usermode+0x291/0x3b0 [ 289.527057] ? perf_trace_sys_enter+0xb10/0xb10 [ 289.531723] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 289.536571] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 289.541764] RIP: 0033:0x455b77 [ 289.544948] Code: Bad RIP value. [ 289.548330] RSP: 002b:00007ffcb702dbd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 [ 289.556042] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000455b77 [ 289.563359] RDX: 00007ffcb702dbe0 RSI: 00007ffcb702dc70 RDI: 00007ffcb702dc70 [ 289.570627] RBP: 00007ffcb702f980 R08: 0000000000000000 R09: 000000000000000b [ 289.577904] R10: 0000000000000006 R11: 0000000000000206 R12: 000000000165f940 [ 289.585177] R13: 0000000000000000 R14: 00007ffcb702f350 R15: 0000000000702140 [ 289.592466] INFO: task syz-executor7:4485 blocked for more than 140 seconds. [ 289.599665] Not tainted 4.18.0-rc3-next-20180709+ #2 [ 289.605292] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 289.613263] syz-executor7 D22160 4485 4476 0x00000000 [ 289.618916] Call Trace: [ 289.621514] __schedule+0x87c/0x1ed0 [ 289.625237] ? kasan_check_read+0x11/0x20 [ 289.629408] ? __sched_text_start+0x8/0x8 [ 289.633567] ? is_bpf_text_address+0xd7/0x170 [ 289.638078] ? path_init+0x2340/0x2340 [ 289.641989] ? path_parentat.isra.43+0x20/0x160 [ 289.646669] ? trace_hardirqs_on+0x10/0x10 [ 289.650914] schedule+0xfb/0x450 [ 289.654279] ? lock_downgrade+0x8f0/0x8f0 [ 289.658428] ? __schedule+0x1ed0/0x1ed0 [ 289.662398] ? kasan_check_read+0x11/0x20 [ 289.666549] ? do_raw_spin_unlock+0xa7/0x2f0 [ 289.670960] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 289.675543] ? kasan_check_write+0x14/0x20 [ 289.679773] ? do_raw_spin_lock+0xc1/0x200 [ 289.684024] rwsem_down_read_failed+0x362/0x600 [ 289.688701] ? rwsem_down_write_failed_killable+0x10/0x10 [ 289.694249] ? lock_acquire+0x1e4/0x540 [ 289.698229] ? rcuwait_wake_up+0x1a3/0x2f0 [ 289.702475] ? lock_downgrade+0x8f0/0x8f0 [ 289.706618] ? lock_release+0xa30/0xa30 [ 289.710607] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 289.715619] ? mntput+0x74/0xa0 [ 289.718903] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 289.724444] ? terminate_walk+0x20a/0x5e0 [ 289.728600] ? rcuwait_wake_up+0x1cc/0x2f0 [ 289.732857] call_rwsem_down_read_failed+0x18/0x30 [ 289.737797] ? rcuwait_wake_up+0x186/0x2f0 [ 289.742037] __percpu_down_read+0x16e/0x210 [ 289.746357] ? percpu_free_rwsem+0xa0/0xa0 [ 289.750593] __sb_start_write+0x2d7/0x300 [ 289.754752] mnt_want_write+0x3f/0xc0 [ 289.758557] do_unlinkat+0x2b7/0xa30 [ 289.762276] ? do_raw_spin_unlock+0xa7/0x2f0 [ 289.766687] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 289.771280] ? __ia32_sys_rmdir+0x40/0x40 [ 289.775424] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 289.780977] ? strncpy_from_user+0x3be/0x510 [ 289.785395] ? mpi_free.cold.1+0x19/0x19 [ 289.789473] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 289.795030] ? getname_flags+0x26e/0x5a0 [ 289.799102] __x64_sys_unlink+0x42/0x50 [ 289.803081] do_syscall_64+0x1b9/0x820 [ 289.806967] ? syscall_slow_exit_work+0x500/0x500 [ 289.811812] ? syscall_return_slowpath+0x5e0/0x5e0 [ 289.816747] ? syscall_return_slowpath+0x31d/0x5e0 [ 289.821681] ? prepare_exit_to_usermode+0x291/0x3b0 [ 289.826701] ? perf_trace_sys_enter+0xb10/0xb10 [ 289.831368] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 289.836220] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 289.841432] RIP: 0033:0x455b77 [ 289.844615] Code: Bad RIP value. [ 289.847982] RSP: 002b:00007fff42d26928 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 [ 289.855706] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000455b77 [ 289.862972] RDX: 00007fff42d26930 RSI: 00007fff42d269c0 RDI: 00007fff42d269c0 [ 289.870245] RBP: 00007fff42d286d0 R08: 0000000000000000 R09: 000000000000000b [ 289.877511] R10: 0000000000000006 R11: 0000000000000206 R12: 0000000001f3a940 [ 289.884793] R13: 0000000000000000 R14: 00007fff42d280a0 R15: 0000000000702140 [ 289.892074] INFO: task syz-executor6:4486 blocked for more than 140 seconds. [ 289.899261] Not tainted 4.18.0-rc3-next-20180709+ #2 [ 289.904881] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 289.912864] syz-executor6 D19768 4486 4479 0x00000000 [ 289.918572] Call Trace: [ 289.921186] __schedule+0x87c/0x1ed0 [ 289.924924] ? kasan_check_read+0x11/0x20 [ 289.929094] ? __sched_text_start+0x8/0x8 [ 289.933263] ? is_bpf_text_address+0xd7/0x170 [ 289.937769] ? path_init+0x2340/0x2340 [ 289.941674] ? path_parentat.isra.43+0x20/0x160 [ 289.946355] ? trace_hardirqs_on+0x10/0x10 [ 289.950608] schedule+0xfb/0x450 [ 289.953979] ? lock_downgrade+0x8f0/0x8f0 [ 289.958135] ? __schedule+0x1ed0/0x1ed0 [ 289.962122] ? kasan_check_read+0x11/0x20 [ 289.966287] ? do_raw_spin_unlock+0xa7/0x2f0 [ 289.970706] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 289.975313] ? kasan_check_write+0x14/0x20 [ 289.979576] ? do_raw_spin_lock+0xc1/0x200 [ 289.983830] rwsem_down_read_failed+0x362/0x600 [ 289.988507] ? rwsem_down_write_failed_killable+0x10/0x10 [ 289.994054] ? lock_acquire+0x1e4/0x540 [ 289.998033] ? rcuwait_wake_up+0x1a3/0x2f0 [ 290.002276] ? lock_downgrade+0x8f0/0x8f0 [ 290.006431] ? lock_release+0xa30/0xa30 [ 290.010414] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 290.015439] ? mntput+0x74/0xa0 [ 290.018728] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 290.024274] ? terminate_walk+0x20a/0x5e0 [ 290.028430] ? rcuwait_wake_up+0x1cc/0x2f0 [ 290.032675] call_rwsem_down_read_failed+0x18/0x30 [ 290.037612] ? rcuwait_wake_up+0x186/0x2f0 [ 290.041856] __percpu_down_read+0x16e/0x210 [ 290.046183] ? percpu_free_rwsem+0xa0/0xa0 [ 290.050430] __sb_start_write+0x2d7/0x300 [ 290.054585] mnt_want_write+0x3f/0xc0 [ 290.058396] do_unlinkat+0x2b7/0xa30 [ 290.062121] ? do_raw_spin_unlock+0xa7/0x2f0 [ 290.066534] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 290.071140] ? __ia32_sys_rmdir+0x40/0x40 [ 290.075296] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 290.080841] ? strncpy_from_user+0x3be/0x510 [ 290.085282] ? mpi_free.cold.1+0x19/0x19 [ 290.089369] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 290.094926] ? getname_flags+0x26e/0x5a0 [ 290.098999] __x64_sys_unlink+0x42/0x50 [ 290.103018] do_syscall_64+0x1b9/0x820 [ 290.106927] ? syscall_slow_exit_work+0x500/0x500 [ 290.111789] ? syscall_return_slowpath+0x5e0/0x5e0 [ 290.116732] ? syscall_return_slowpath+0x31d/0x5e0 [ 290.121671] ? prepare_exit_to_usermode+0x291/0x3b0 [ 290.126694] ? perf_trace_sys_enter+0xb10/0xb10 [ 290.131383] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 290.136266] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 290.141467] RIP: 0033:0x455b77 [ 290.144664] Code: Bad RIP value. [ 290.148050] RSP: 002b:00007ffef77a4a18 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 [ 290.155776] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000455b77 [ 290.163080] RDX: 00007ffef77a4a20 RSI: 00007ffef77a4ab0 RDI: 00007ffef77a4ab0 [ 290.170364] RBP: 00007ffef77a67c0 R08: 0000000000000000 R09: 000000000000000b [ 290.177648] R10: 0000000000000006 R11: 0000000000000206 R12: 00000000024c6940 [ 290.184953] R13: 0000000000000000 R14: 00007ffef77a6190 R15: 0000000000702140 [ 290.192256] INFO: task syz-executor5:4487 blocked for more than 140 seconds. [ 290.199442] Not tainted 4.18.0-rc3-next-20180709+ #2 [ 290.205063] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 290.213030] syz-executor5 D21352 4487 4478 0x00000000 [ 290.218667] Call Trace: [ 290.221274] __schedule+0x87c/0x1ed0 [ 290.225014] ? kasan_check_read+0x11/0x20 [ 290.229186] ? __sched_text_start+0x8/0x8 [ 290.233342] ? is_bpf_text_address+0xd7/0x170 [ 290.237857] ? path_init+0x2340/0x2340 [ 290.241756] ? path_parentat.isra.43+0x20/0x160 [ 290.246431] ? trace_hardirqs_on+0x10/0x10 [ 290.250675] schedule+0xfb/0x450 [ 290.254064] ? lock_downgrade+0x8f0/0x8f0 [ 290.258228] ? __schedule+0x1ed0/0x1ed0 [ 290.262211] ? kasan_check_read+0x11/0x20 [ 290.266406] ? do_raw_spin_unlock+0xa7/0x2f0 [ 290.270821] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 290.275409] ? kasan_check_write+0x14/0x20 [ 290.279666] ? do_raw_spin_lock+0xc1/0x200 [ 290.283925] rwsem_down_read_failed+0x362/0x600 [ 290.288602] ? rwsem_down_write_failed_killable+0x10/0x10 [ 290.294145] ? lock_acquire+0x1e4/0x540 [ 290.298122] ? rcuwait_wake_up+0x1a3/0x2f0 [ 290.302377] ? lock_downgrade+0x8f0/0x8f0 [ 290.306531] ? lock_release+0xa30/0xa30 [ 290.310514] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 290.315539] ? mntput+0x74/0xa0 [ 290.318825] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 290.324381] ? terminate_walk+0x20a/0x5e0 [ 290.328539] ? rcuwait_wake_up+0x1cc/0x2f0 [ 290.332786] call_rwsem_down_read_failed+0x18/0x30 [ 290.337719] ? rcuwait_wake_up+0x186/0x2f0 [ 290.341960] __percpu_down_read+0x16e/0x210 [ 290.346284] ? percpu_free_rwsem+0xa0/0xa0 [ 290.350531] __sb_start_write+0x2d7/0x300 [ 290.354688] mnt_want_write+0x3f/0xc0 [ 290.358498] do_unlinkat+0x2b7/0xa30 [ 290.362216] ? do_raw_spin_unlock+0xa7/0x2f0 [ 290.366639] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 290.371228] ? __ia32_sys_rmdir+0x40/0x40 [ 290.375384] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 290.380926] ? strncpy_from_user+0x3be/0x510 [ 290.385364] ? mpi_free.cold.1+0x19/0x19 [ 290.389439] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 290.394998] ? getname_flags+0x26e/0x5a0 [ 290.399077] __x64_sys_unlink+0x42/0x50 [ 290.403061] do_syscall_64+0x1b9/0x820 [ 290.406952] ? syscall_slow_exit_work+0x500/0x500 [ 290.411803] ? syscall_return_slowpath+0x5e0/0x5e0 [ 290.416735] ? syscall_return_slowpath+0x31d/0x5e0 [ 290.421670] ? prepare_exit_to_usermode+0x291/0x3b0 [ 290.426690] ? perf_trace_sys_enter+0xb10/0xb10 [ 290.431366] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 290.436218] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 290.441409] RIP: 0033:0x455b77 [ 290.444599] Code: Bad RIP value. [ 290.447981] RSP: 002b:00007fff5b7be3a8 EFLAGS: 00000202 ORIG_RAX: 0000000000000057 [ 290.455695] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000455b77 [ 290.462968] RDX: 00007fff5b7be3b0 RSI: 00007fff5b7be440 RDI: 00007fff5b7be440 [ 290.470240] RBP: 00007fff5b7c0150 R08: 0000000000000000 R09: 000000000000000b [ 290.477514] R10: 0000000000000006 R11: 0000000000000202 R12: 00000000024f7940 [ 290.484796] R13: 0000000000000000 R14: 00007fff5b7bfb20 R15: 0000000000702140 [ 290.492104] INFO: task syz-executor2:8718 blocked for more than 140 seconds. [ 290.499287] Not tainted 4.18.0-rc3-next-20180709+ #2 [ 290.504910] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 290.512877] syz-executor2 D24880 8718 4489 0x00000004 [ 290.518530] Call Trace: [ 290.521131] __schedule+0x87c/0x1ed0 [ 290.524855] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 290.529446] ? __sched_text_start+0x8/0x8 [ 290.533609] ? trace_hardirqs_on+0x10/0x10 [ 290.537843] ? trace_hardirqs_on+0xd/0x10 [ 290.542007] ? free_unref_page_commit.isra.87+0x610/0x610 [ 290.547573] ? lock_downgrade+0x8f0/0x8f0 [ 290.551748] schedule+0xfb/0x450 [ 290.555125] ? lock_downgrade+0x8f0/0x8f0 [ 290.559275] ? __schedule+0x1ed0/0x1ed0 [ 290.563260] ? kasan_check_read+0x11/0x20 [ 290.567413] ? do_raw_spin_unlock+0xa7/0x2f0 [ 290.571822] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 290.576414] ? kasan_check_write+0x14/0x20 [ 290.580653] ? do_raw_spin_lock+0xc1/0x200 [ 290.585227] rwsem_down_read_failed+0x362/0x600 [ 290.589908] ? rwsem_down_write_failed_killable+0x10/0x10 [ 290.595451] ? lock_acquire+0x1e4/0x540 [ 290.599435] ? rcuwait_wake_up+0x1a3/0x2f0 [ 290.603679] ? lock_downgrade+0x8f0/0x8f0 [ 290.607839] ? lock_release+0xa30/0xa30 [ 290.611817] ? __free_object+0x173/0x340 [ 290.615888] ? __account_cfs_rq_runtime+0x770/0x770 [ 290.620923] call_rwsem_down_read_failed+0x18/0x30 [ 290.625864] ? rcuwait_wake_up+0x186/0x2f0 [ 290.630104] __percpu_down_read+0x16e/0x210 [ 290.634432] ? percpu_free_rwsem+0xa0/0xa0 [ 290.638680] __sb_start_write+0x2d7/0x300 [ 290.642832] ext4_page_mkwrite+0x1d0/0x1430 [ 290.647160] ? ext4_change_inode_journal_flag+0x3e0/0x3e0 [ 290.652713] ? __free_pages+0x149/0x190 [ 290.656692] ? do_wp_page+0xf70/0x19b0 [ 290.660586] do_page_mkwrite+0x14e/0x520 [ 290.664654] ? print_bad_pte+0x5f0/0x5f0 [ 290.668720] ? do_raw_spin_unlock+0xa7/0x2f0 [ 290.673128] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 290.677728] ? __pte_alloc_kernel+0x2e0/0x2e0 [ 290.682230] do_wp_page+0xf78/0x19b0 [ 290.685968] ? lock_repin_lock+0x430/0x430 [ 290.690224] ? finish_mkwrite_fault+0x610/0x610 [ 290.694898] ? trace_hardirqs_on+0x10/0x10 [ 290.699136] ? __schedule+0x884/0x1ed0 [ 290.703030] ? debug_object_assert_init+0x4b0/0x4b0 [ 290.708054] ? lock_acquire+0x1e4/0x540 [ 290.712049] ? lock_acquire+0x1e4/0x540 [ 290.716037] ? __handle_mm_fault+0x1cef/0x4480 [ 290.720634] ? lock_release+0xa30/0xa30 [ 290.724619] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 290.729209] ? pmd_val+0x88/0x100 [ 290.732667] ? add_mm_counter_fast+0xd0/0xd0 [ 290.737098] ? kasan_check_write+0x14/0x20 [ 290.741345] ? do_raw_spin_lock+0xc1/0x200 [ 290.745594] __handle_mm_fault+0x2aab/0x4480 [ 290.750033] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 290.754900] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 290.759497] ? kasan_check_write+0x14/0x20 [ 290.763736] ? do_raw_spin_lock+0xc1/0x200 [ 290.767997] ? lock_acquire+0x1e4/0x540 [ 290.771987] ? handle_mm_fault+0x417/0xc80 [ 290.776228] ? lock_downgrade+0x8f0/0x8f0 [ 290.780380] ? lock_release+0xa30/0xa30 [ 290.784371] ? lock_release+0xa30/0xa30 [ 290.788355] ? do_raw_spin_lock+0xc1/0x200 [ 290.792595] ? mem_cgroup_from_task+0xcb/0x1f0 [ 290.797183] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 290.801963] handle_mm_fault+0x53e/0xc80 [ 290.806038] ? __handle_mm_fault+0x4480/0x4480 [ 290.810638] ? find_vma+0x34/0x190 [ 290.814187] __do_page_fault+0x620/0xe50 [ 290.818255] ? clock_was_set_work+0x30/0x30 [ 290.822584] ? mm_fault_error+0x380/0x380 [ 290.826736] ? __x64_sys_nanosleep+0x1f8/0x280 [ 290.831325] ? hrtimer_nanosleep+0x620/0x620 [ 290.835741] do_page_fault+0xf6/0x8c0 [ 290.839553] ? vmalloc_sync_all+0x30/0x30 [ 290.843703] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 290.849245] ? do_syscall_64+0x497/0x820 [ 290.853313] ? syscall_return_slowpath+0x5e0/0x5e0 [ 290.858251] ? syscall_return_slowpath+0x31d/0x5e0 [ 290.863198] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 290.868232] ? prepare_exit_to_usermode+0x291/0x3b0 [ 290.873256] ? page_fault+0x8/0x30 [ 290.876806] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 290.881658] ? page_fault+0x8/0x30 [ 290.885212] page_fault+0x1e/0x30 [ 290.888670] RIP: 0033:0x4084b0 [ 290.891859] Code: 00 00 2e 23 40 00 00 00 00 00 3e 23 40 00 00 00 00 00 4e 23 40 00 00 00 00 00 5e 23 40 00 00 00 00 00 6e 23 40 00 00 00 00 00 <7e> 23 40 00 00 00 00 00 8e 23 40 00 00 00 00 00 9e 23 40 00 00 00 [ 290.911080] RSP: 002b:00007fff0a41e3c0 EFLAGS: 00010287 [ 290.916452] RAX: 0000001b2be20650 RBX: 0000000000000000 RCX: 0000001b2ce20000 [ 290.923746] RDX: 0000001b2be20654 RSI: 0000000000000001 RDI: 0000000000000001 [ 290.931023] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 290.938300] R10: 00007fff0a41e400 R11: 0000000000000000 R12: 000000000000000c [ 290.945584] R13: 0000000000000002 R14: 000000000072bea0 R15: 000000000072bea0 [ 290.952871] INFO: task syz-executor1:8747 blocked for more than 140 seconds. [ 290.960069] Not tainted 4.18.0-rc3-next-20180709+ #2 [ 290.965692] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 290.973666] syz-executor1 D24880 8747 4488 0x00000004 [ 290.979308] Call Trace: [ 290.981906] __schedule+0x87c/0x1ed0 [ 290.985625] ? __sched_text_start+0x8/0x8 [ 290.989796] ? trace_hardirqs_on+0x10/0x10 [ 290.994040] ? trace_hardirqs_on+0x10/0x10 [ 290.998304] ? trace_hardirqs_on+0x10/0x10 [ 291.002573] ? finish_task_switch+0x1d3/0x870 [ 291.007083] ? preempt_notifier_register+0x200/0x200 [ 291.012209] ? kvm_sched_clock_read+0x9/0x20 [ 291.016635] ? lock_repin_lock+0x430/0x430 [ 291.020884] schedule+0xfb/0x450 [ 291.024266] ? lock_downgrade+0x8f0/0x8f0 [ 291.028430] ? __schedule+0x1ed0/0x1ed0 [ 291.032424] ? kasan_check_read+0x11/0x20 [ 291.036585] ? do_raw_spin_unlock+0xa7/0x2f0 [ 291.041013] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 291.045624] ? kasan_check_write+0x14/0x20 [ 291.049863] ? do_raw_spin_lock+0xc1/0x200 [ 291.054107] rwsem_down_read_failed+0x362/0x600 [ 291.058786] ? rwsem_down_write_failed_killable+0x10/0x10 [ 291.064329] ? lock_acquire+0x1e4/0x540 [ 291.068307] ? rcuwait_wake_up+0x1a3/0x2f0 [ 291.072547] ? lock_downgrade+0x8f0/0x8f0 [ 291.076704] ? lock_release+0xa30/0xa30 [ 291.080687] ? __free_object+0x173/0x340 [ 291.084759] ? kasan_check_read+0x11/0x20 [ 291.088923] call_rwsem_down_read_failed+0x18/0x30 [ 291.093856] ? rcuwait_wake_up+0x186/0x2f0 [ 291.098093] __percpu_down_read+0x16e/0x210 [ 291.102419] ? percpu_free_rwsem+0xa0/0xa0 [ 291.106667] __sb_start_write+0x2d7/0x300 [ 291.110820] ext4_page_mkwrite+0x1d0/0x1430 [ 291.115150] ? ext4_change_inode_journal_flag+0x3e0/0x3e0 [ 291.120694] ? destroy_hrtimer_on_stack+0x1c/0x20 [ 291.125541] ? futex_wait+0x5d2/0xa20 [ 291.129363] ? do_wp_page+0xf70/0x19b0 [ 291.133267] do_page_mkwrite+0x14e/0x520 [ 291.137330] ? print_bad_pte+0x5f0/0x5f0 [ 291.141412] ? do_raw_spin_unlock+0xa7/0x2f0 [ 291.145825] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 291.150428] ? __pte_alloc_kernel+0x2e0/0x2e0 [ 291.154933] do_wp_page+0xf78/0x19b0 [ 291.158662] ? finish_mkwrite_fault+0x610/0x610 [ 291.163338] ? trace_hardirqs_on+0x10/0x10 [ 291.167597] ? lock_acquire+0x1e4/0x540 [ 291.171601] ? __handle_mm_fault+0x1cef/0x4480 [ 291.176198] ? lock_release+0xa30/0xa30 [ 291.180179] ? pmd_val+0x88/0x100 [ 291.183637] ? add_mm_counter_fast+0xd0/0xd0 [ 291.188056] ? kasan_check_write+0x14/0x20 [ 291.192302] ? do_raw_spin_lock+0xc1/0x200 [ 291.196544] __handle_mm_fault+0x2aab/0x4480 [ 291.200965] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 291.205817] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 291.210925] ? to_ratio+0x20/0x20 [ 291.214389] ? lock_acquire+0x1e4/0x540 [ 291.218371] ? handle_mm_fault+0x417/0xc80 [ 291.222618] ? lock_downgrade+0x8f0/0x8f0 [ 291.226769] ? lock_release+0xa30/0xa30 [ 291.230750] ? lock_release+0xa30/0xa30 [ 291.234744] ? lock_acquire+0x1e4/0x540 [ 291.238728] ? mem_cgroup_from_task+0xcb/0x1f0 [ 291.243325] ? mem_cgroup_css_online+0x3c0/0x3c0 [ 291.248098] handle_mm_fault+0x53e/0xc80 [ 291.252167] ? __handle_mm_fault+0x4480/0x4480 [ 291.256754] ? find_vma+0x34/0x190 [ 291.260305] __do_page_fault+0x620/0xe50 [ 291.264372] ? mm_fault_error+0x380/0x380 [ 291.268531] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 291.274084] ? __x64_sys_clock_gettime+0x170/0x250 [ 291.279029] ? __ia32_sys_clock_settime+0x290/0x290 [ 291.284054] do_page_fault+0xf6/0x8c0 [ 291.287869] ? vmalloc_sync_all+0x30/0x30 [ 291.292027] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 291.297583] ? do_syscall_64+0x497/0x820 [ 291.301650] ? syscall_slow_exit_work+0x500/0x500 [ 291.306507] ? syscall_return_slowpath+0x5e0/0x5e0 [ 291.311443] ? syscall_return_slowpath+0x31d/0x5e0 [ 291.316379] ? prepare_exit_to_usermode+0x291/0x3b0 [ 291.321411] ? page_fault+0x8/0x30 [ 291.324961] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 291.329809] ? page_fault+0x8/0x30 [ 291.333357] page_fault+0x1e/0x30 [ 291.336810] RIP: 0033:0x4084b0 [ 291.340099] Code: 00 00 2e 23 40 00 00 00 00 00 3e 23 40 00 00 00 00 00 4e 23 40 00 00 00 00 00 5e 23 40 00 00 00 00 00 6e 23 40 00 00 00 00 00 <7e> 23 40 00 00 00 00 00 8e 23 40 00 00 00 00 00 9e 23 40 00 00 00 [ 291.359258] RSP: 002b:00007ffc15c6de80 EFLAGS: 00010283 [ 291.364637] RAX: 0000001b2bc2212c RBX: 0000000000000000 RCX: 0000001b2cc20000 [ 291.371920] RDX: 0000001b2bc22130 RSI: 0000000000730698 RDI: 0000000000000007 [ 291.379191] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 291.386462] R10: 00007ffc15c6dec0 R11: 0000000000000246 R12: 0000000000000000 [ 291.393745] R13: 0000000000000002 R14: 000000000072bf48 R15: 000000000072bf48 [ 291.401035] INFO: lockdep is turned off. [ 291.405098] NMI backtrace for cpu 1 [ 291.408743] CPU: 1 PID: 897 Comm: khungtaskd Not tainted 4.18.0-rc3-next-20180709+ #2 [ 291.416693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 291.426021] Call Trace: [ 291.428589] dump_stack+0x1c9/0x2b4 [ 291.432199] ? dump_stack_print_info.cold.2+0x52/0x52 [ 291.437366] ? vprintk_default+0x28/0x30 [ 291.441418] nmi_cpu_backtrace.cold.5+0x19/0xce [ 291.446071] ? lapic_can_unplug_cpu.cold.28+0x3f/0x3f [ 291.451240] nmi_trigger_cpumask_backtrace+0x151/0x192 [ 291.456498] arch_trigger_cpumask_backtrace+0x14/0x20 [ 291.461665] watchdog+0xb39/0x10b0 [ 291.465185] ? reset_hung_task_detector+0xd0/0xd0 [ 291.470008] ? kasan_check_read+0x11/0x20 [ 291.474137] ? do_raw_spin_unlock+0xa7/0x2f0 [ 291.478531] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 291.483610] ? __kthread_parkme+0x58/0x1b0 [ 291.487824] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 291.492833] ? trace_hardirqs_on+0xd/0x10 [ 291.496964] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 291.502490] ? __kthread_parkme+0x106/0x1b0 [ 291.506795] kthread+0x345/0x410 [ 291.510141] ? reset_hung_task_detector+0xd0/0xd0 [ 291.514964] ? kthread_bind+0x40/0x40 [ 291.518765] ret_from_fork+0x3a/0x50 [ 291.522498] Sending NMI from CPU 1 to CPUs 0: [ 291.527011] NMI backtrace for cpu 0 skipped: idling at native_safe_halt+0x6/0x10 [ 291.527997] Kernel panic - not syncing: hung_task: blocked tasks [ 291.540669] CPU: 1 PID: 897 Comm: khungtaskd Not tainted 4.18.0-rc3-next-20180709+ #2 [ 291.548610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 291.557957] Call Trace: [ 291.560551] dump_stack+0x1c9/0x2b4 [ 291.564162] ? dump_stack_print_info.cold.2+0x52/0x52 [ 291.569338] ? printk_safe_log_store+0x2f0/0x2f0 [ 291.574073] panic+0x238/0x4e7 [ 291.577248] ? add_taint.cold.5+0x16/0x16 [ 291.581377] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 291.586895] ? nmi_trigger_cpumask_backtrace+0x13a/0x192 [ 291.592324] ? printk_safe_flush+0xd7/0x130 [ 291.596623] watchdog+0xb4a/0x10b0 [ 291.600143] ? reset_hung_task_detector+0xd0/0xd0 [ 291.604970] ? kasan_check_read+0x11/0x20 [ 291.609100] ? do_raw_spin_unlock+0xa7/0x2f0 [ 291.613493] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 291.618578] ? __kthread_parkme+0x58/0x1b0 [ 291.622804] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 291.627809] ? trace_hardirqs_on+0xd/0x10 [ 291.631935] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 291.637450] ? __kthread_parkme+0x106/0x1b0 [ 291.641748] kthread+0x345/0x410 [ 291.645094] ? reset_hung_task_detector+0xd0/0xd0 [ 291.649912] ? kthread_bind+0x40/0x40 [ 291.653689] ret_from_fork+0x3a/0x50 [ 291.657994] Dumping ftrace buffer: [ 291.661528] (ftrace buffer empty) [ 291.665225] Kernel Offset: disabled [ 291.668844] Rebooting in 86400 seconds..