_slowpath+0x31d/0x5e0 [ 191.100517] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 191.105530] ? prepare_exit_to_usermode+0x291/0x3b0 [ 191.110547] ? perf_trace_sys_enter+0xb10/0xb10 [ 191.115218] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 191.120068] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.125248] RIP: 0033:0x455e29 [ 191.128419] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 191.147723] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 191.155425] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 191.162684] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 191.169952] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 21:25:11 executing program 5: syz_mount_image$jfs(&(0x7f0000000040)='jfs\x00', &(0x7f0000000000)='./file0\x00', 0x2, 0x0, &(0x7f0000000440), 0x52420, &(0x7f0000000140)) 21:25:11 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x34000, {0x4}}, 0x14}, 0x1}, 0x0) 21:25:11 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}, 0xc0fe}, 0x1c) [ 191.177218] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 191.184494] R13: 00000000004c1113 R14: 00000000004d1540 R15: 000000000000001d 21:25:11 executing program 2 (fault-call:9 fault-nth:30): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:11 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345407, &(0x7f0000000000)={{0x0, 0x3, 0xf301}}) 21:25:11 executing program 3: r0 = request_key(&(0x7f0000000080)='logon\x00', &(0x7f00000000c0)={0x73, 0x79, 0x7a, 0x0}, &(0x7f0000000100)=')loloem1+nodevwlan1wlan1\x00', 0xfffffffffffffff8) add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a, 0x1}, 0x0, 0x0, r0) socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) accept4(r1, &(0x7f0000000340)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, &(0x7f00000003c0)=0x80, 0x80000) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000400)={'veth1_to_bond\x00', r3}) r4 = socket$kcm(0xa, 0x1, 0x0) ioctl$TUNSETVNETHDRSZ(r2, 0x400454d8, &(0x7f0000000440)=0x6) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) connect$unix(r1, &(0x7f0000000200)=@abs={0x1, 0x0, 0x4e24}, 0x6e) ioctl$VHOST_SET_VRING_NUM(r1, 0x4008af10, &(0x7f00000001c0)={0x1, 0x1ff}) write$P9_RLINK(r2, &(0x7f00000002c0)={0x7, 0x47, 0x2}, 0x7) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r5, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) close(r4) r6 = semget(0x0, 0x1, 0x103) semop(r6, &(0x7f0000000300)=[{0x0, 0x80000000, 0x800}, {0x3, 0x6, 0x1000}, {0x5, 0xfffffffffffffff8, 0x1800}, {0x1, 0x7fff}], 0x4) 21:25:11 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x9effffff00000000, {0x4}}, 0x14}, 0x1}, 0x0) 21:25:11 executing program 5: ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x103000, 0x0) ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000140)={0x5, 0x47, 0x1, 0x7fff, 0xffffffffffffffff, 0x81, 0x100000001, 0x9, 0x5, 0x1, 0x1, 0xfff}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047", 0x3b}], 0x1, 0x0, &(0x7f0000000080), 0x0) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f00000002c0)=ANY=[@ANYBLOB="0100000000000000010000000000000018000000ff"]) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b0000000001"]) ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4008ae89, &(0x7f00000001c0)={0x2, 0x0, [0x48d]}) 21:25:11 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}, 0xfe80000000000000}, 0x1c) 21:25:11 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0xc0f85403, &(0x7f0000000000)) [ 191.400467] FAULT_INJECTION: forcing a failure. [ 191.400467] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 191.412400] CPU: 0 PID: 12870 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 191.420817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 191.430197] Call Trace: [ 191.432793] dump_stack+0x1c9/0x2b4 [ 191.436456] ? dump_stack_print_info.cold.2+0x52/0x52 [ 191.441665] should_fail.cold.4+0xa/0x11 [ 191.445745] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 191.450865] ? kasan_check_read+0x11/0x20 [ 191.455026] ? rcu_is_watching+0x8c/0x150 [ 191.459195] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.464743] ? xas_start+0x23d/0x740 [ 191.468485] ? trace_hardirqs_on+0x10/0x10 [ 191.472753] ? find_get_entry+0xa6d/0x1120 [ 191.477008] ? lock_downgrade+0x8f0/0x8f0 [ 191.481153] ? lock_acquire+0x1e4/0x540 [ 191.485128] ? fs_reclaim_acquire+0x20/0x20 [ 191.489447] ? lock_downgrade+0x8f0/0x8f0 [ 191.493597] ? check_same_owner+0x340/0x340 [ 191.497916] ? find_get_entry+0xa96/0x1120 [ 191.502150] ? rcu_note_context_switch+0x730/0x730 [ 191.507079] __alloc_pages_nodemask+0x36e/0xdb0 [ 191.511747] ? percpu_ref_put_many+0x119/0x240 [ 191.516322] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 191.521384] ? trace_hardirqs_on+0x10/0x10 [ 191.525616] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.531150] ? xas_start+0x23d/0x740 [ 191.534854] ? xa_load+0x288/0x450 [ 191.538384] ? lock_downgrade+0x8f0/0x8f0 [ 191.542557] ? lock_release+0xa30/0xa30 [ 191.546530] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 191.552055] alloc_pages_current+0x10c/0x210 [ 191.556452] __page_cache_alloc+0x398/0x5e0 [ 191.560760] ? xa_load+0x2b1/0x450 [ 191.564286] ? xa_clear_tag+0x40/0x40 [ 191.568164] ? filemap_range_has_page+0x4c0/0x4c0 [ 191.573012] __do_page_cache_readahead+0x24e/0x690 [ 191.577947] ? read_pages+0x680/0x680 [ 191.581739] ? lock_acquire+0x1e4/0x540 [ 191.585702] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 191.590806] ? lock_downgrade+0x8f0/0x8f0 [ 191.594949] ? lock_release+0xa30/0xa30 [ 191.598914] ondemand_readahead+0x550/0xc40 [ 191.603238] page_cache_sync_readahead+0x3a0/0x6d0 [ 191.608169] ? force_page_cache_readahead+0x360/0x360 [ 191.613358] ? lock_acquire+0x1e4/0x540 [ 191.617319] ? rcu_note_context_switch+0x730/0x730 [ 191.622250] ? check_same_owner+0x340/0x340 [ 191.626563] ? lock_release+0xa30/0xa30 [ 191.630536] generic_file_read_iter+0x1a87/0x2f10 [ 191.636391] ? filemap_write_and_wait_range+0xd0/0xd0 [ 191.641575] ? rcu_read_lock+0x70/0x70 [ 191.645451] ? __unlock_page_memcg+0x72/0x100 [ 191.649934] ? unlock_page_memcg+0x2c/0x40 [ 191.654164] ? page_add_file_rmap+0x781/0xe40 [ 191.658647] ? page_add_new_anon_rmap+0x870/0x870 [ 191.663483] ? lockdep_init_map+0x9/0x10 [ 191.667546] ? kasan_check_write+0x14/0x20 [ 191.671777] ? __init_rwsem+0x1cc/0x2a0 [ 191.675751] ? lock_acquire+0x1e4/0x540 [ 191.679714] ? alloc_set_pte+0x1133/0x1790 [ 191.683951] ? lock_release+0xa30/0xa30 [ 191.687942] ? xas_descend+0x20c/0x5f0 [ 191.691838] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 191.696941] ? check_pgprot+0xdf/0x180 [ 191.701517] ? put_page+0x280/0x280 [ 191.705134] ? kasan_check_write+0x14/0x20 [ 191.709385] ? do_raw_spin_lock+0xc1/0x200 [ 191.713610] ? alloc_set_pte+0xaf6/0x1790 [ 191.717762] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 191.722782] ? filemap_map_pages+0xca2/0x1990 [ 191.727280] ? trace_hardirqs_on+0x10/0x10 [ 191.731506] ? xa_set_tag+0x40/0x40 [ 191.735124] ? environ_open+0x90/0x90 [ 191.738910] ? trace_hardirqs_on+0x10/0x10 [ 191.743133] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.748660] ? trace_hardirqs_on+0x10/0x10 [ 191.752890] ? trace_hardirqs_on+0x10/0x10 [ 191.757128] ? find_get_entries_tag+0x1410/0x1410 [ 191.761963] ? trace_hardirqs_on+0x10/0x10 [ 191.766187] ? mntput_no_expire+0x18e/0xbc0 [ 191.770497] ? do_raw_spin_lock+0xc1/0x200 [ 191.774717] ? mnt_get_count+0x150/0x150 [ 191.778763] ? dput.part.26+0x276/0x7a0 [ 191.782731] ? shrink_dcache_sb+0x350/0x350 [ 191.787043] ? lock_acquire+0x1e4/0x540 [ 191.791004] ? __fdget_pos+0x1bb/0x200 [ 191.794894] ? lock_acquire+0x1e4/0x540 [ 191.798998] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.804527] ? fsnotify+0xbac/0x14e0 [ 191.808231] ext4_file_read_iter+0x18b/0x3c0 [ 191.812641] generic_file_splice_read+0x5a5/0x9a0 [ 191.817470] ? add_to_pipe+0x360/0x360 [ 191.821352] ? rw_verify_area+0x118/0x360 [ 191.825489] ? add_to_pipe+0x360/0x360 [ 191.829381] do_splice_to+0x12e/0x190 [ 191.833168] splice_direct_to_actor+0x270/0x8f0 [ 191.837835] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.843447] ? pipe_to_sendpage+0x400/0x400 [ 191.847951] ? do_splice_to+0x190/0x190 [ 191.851910] ? security_file_permission+0x1c2/0x230 [ 191.856910] ? rw_verify_area+0x118/0x360 [ 191.861046] do_splice_direct+0x2d4/0x420 [ 191.865184] ? splice_direct_to_actor+0x8f0/0x8f0 [ 191.870016] ? rw_verify_area+0x118/0x360 [ 191.874151] do_sendfile+0x62a/0xe20 [ 191.877859] ? do_compat_pwritev64+0x1c0/0x1c0 [ 191.882432] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.887952] ? _copy_from_user+0xdf/0x150 [ 191.892089] __x64_sys_sendfile64+0x15d/0x250 [ 191.896581] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 191.901156] do_syscall_64+0x1b9/0x820 [ 191.905030] ? finish_task_switch+0x1d3/0x870 [ 191.909515] ? syscall_return_slowpath+0x5e0/0x5e0 [ 191.914431] ? syscall_return_slowpath+0x31d/0x5e0 [ 191.919355] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 191.924444] ? prepare_exit_to_usermode+0x291/0x3b0 [ 191.929460] ? perf_trace_sys_enter+0xb10/0xb10 [ 191.934122] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 191.938960] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.944229] RIP: 0033:0x455e29 [ 191.947396] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 191.967184] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 191.974877] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 191.982130] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 191.989388] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 191.996737] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 192.003989] R13: 00000000004c1113 R14: 00000000004d1540 R15: 000000000000001e 21:25:12 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 21:25:12 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x4034540a, &(0x7f0000000000)={{0x0, 0x3, 0xf301}}) 21:25:12 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x40030000000000, {0x4}}, 0x14}, 0x1}, 0x0) 21:25:12 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}, 0xfc00000000000000}, 0x1c) 21:25:12 executing program 2 (fault-call:9 fault-nth:31): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:12 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xb, 0x2, &(0x7f00000000c0)=ANY=[@ANYRESDEC], &(0x7f0000000000)='syzkaller\x00', 0x9, 0xcf, &(0x7f0000000340)=""/207}, 0x48) r0 = syz_open_dev$dmmidi(&(0x7f0000000100)='/dev/dmmidi#\x00', 0x2cf, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000140)={'veth1\x00', 0x400}) 21:25:12 executing program 3: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_SET_BOOT_CPU_ID(r1, 0xae78, &(0x7f00000001c0)) r2 = socket$kcm(0xa, 0x1, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r3, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) setsockopt$inet_group_source_req(r0, 0x0, 0x0, &(0x7f0000000000)={0x5, {{0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0xf}}}, {{0x2, 0x4e21, @remote={0xac, 0x14, 0x14, 0xbb}}}}, 0x108) close(r2) 21:25:12 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345407, &(0x7f0000000000)) [ 192.264683] FAULT_INJECTION: forcing a failure. [ 192.264683] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 192.276596] CPU: 1 PID: 12902 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 192.285007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 192.294367] Call Trace: [ 192.296973] dump_stack+0x1c9/0x2b4 [ 192.300631] ? dump_stack_print_info.cold.2+0x52/0x52 [ 192.305841] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 192.310701] should_fail.cold.4+0xa/0x11 [ 192.314783] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 192.319906] ? kasan_check_read+0x11/0x20 [ 192.324068] ? rcu_is_watching+0x8c/0x150 [ 192.328228] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.333776] ? xas_start+0x23d/0x740 [ 192.337507] ? find_get_entry+0xa6d/0x1120 [ 192.341872] ? lock_downgrade+0x8f0/0x8f0 [ 192.346044] ? lock_acquire+0x1e4/0x540 [ 192.350036] ? fs_reclaim_acquire+0x20/0x20 [ 192.354388] ? lock_downgrade+0x8f0/0x8f0 [ 192.358554] ? check_same_owner+0x340/0x340 [ 192.362891] ? find_get_entry+0xa96/0x1120 [ 192.367140] ? rcu_note_context_switch+0x730/0x730 [ 192.372088] __alloc_pages_nodemask+0x36e/0xdb0 [ 192.376764] ? percpu_ref_put_many+0x119/0x240 [ 192.381360] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 192.386394] ? trace_hardirqs_on+0x10/0x10 [ 192.390645] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 192.395506] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.401057] ? xas_start+0x23d/0x740 [ 192.404789] ? xa_load+0x288/0x450 [ 192.408343] ? lock_downgrade+0x8f0/0x8f0 [ 192.412505] ? lock_release+0xa30/0xa30 [ 192.416499] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 192.422050] alloc_pages_current+0x10c/0x210 [ 192.426470] __page_cache_alloc+0x398/0x5e0 [ 192.430798] ? xa_load+0x2b1/0x450 [ 192.434354] ? xa_clear_tag+0x40/0x40 [ 192.438165] ? filemap_range_has_page+0x4c0/0x4c0 [ 192.443030] ? unwind_get_return_address+0x61/0xa0 [ 192.447974] __do_page_cache_readahead+0x24e/0x690 [ 192.452916] ? read_pages+0x680/0x680 [ 192.456737] ? lock_acquire+0x1e4/0x540 [ 192.460722] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 192.466014] ? lock_downgrade+0x8f0/0x8f0 [ 192.470175] ? lock_release+0xa30/0xa30 [ 192.474166] ondemand_readahead+0x550/0xc40 [ 192.478502] page_cache_sync_readahead+0x3a0/0x6d0 [ 192.483445] ? force_page_cache_readahead+0x360/0x360 [ 192.488675] ? lock_acquire+0x1e4/0x540 [ 192.492665] ? rcu_note_context_switch+0x730/0x730 [ 192.497607] ? check_same_owner+0x340/0x340 [ 192.501946] ? lock_release+0xa30/0xa30 [ 192.506106] generic_file_read_iter+0x1a87/0x2f10 [ 192.511001] ? filemap_write_and_wait_range+0xd0/0xd0 [ 192.516199] ? rcu_read_lock+0x70/0x70 [ 192.520102] ? __unlock_page_memcg+0x72/0x100 [ 192.524607] ? unlock_page_memcg+0x2c/0x40 [ 192.528850] ? page_add_file_rmap+0x781/0xe40 [ 192.533361] ? page_add_new_anon_rmap+0x870/0x870 [ 192.538217] ? perf_trace_lock+0x920/0x920 [ 192.542521] ? lock_acquire+0x1e4/0x540 [ 192.546504] ? alloc_set_pte+0x1133/0x1790 [ 192.550774] ? lock_release+0xa30/0xa30 [ 192.554760] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 192.559786] ? check_pgprot+0xdf/0x180 [ 192.563684] ? put_page+0x280/0x280 [ 192.567321] ? kasan_check_write+0x14/0x20 [ 192.571564] ? do_raw_spin_lock+0xc1/0x200 [ 192.575810] ? alloc_set_pte+0xaf6/0x1790 [ 192.579972] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 192.585067] ? filemap_map_pages+0xca2/0x1990 [ 192.589554] ? trace_hardirqs_on+0x10/0x10 [ 192.593777] ? xa_set_tag+0x40/0x40 [ 192.597482] ? perf_trace_lock+0x920/0x920 [ 192.601705] ? environ_open+0x90/0x90 [ 192.605498] ? trace_hardirqs_on+0x10/0x10 [ 192.609720] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.615260] ? trace_hardirqs_on+0x10/0x10 [ 192.619494] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 192.624333] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 192.629170] ? perf_trace_lock+0x920/0x920 [ 192.633423] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 192.638342] ? perf_trace_lock+0x920/0x920 [ 192.642568] ? perf_trace_lock+0x920/0x920 [ 192.646801] ? shrink_dcache_sb+0x350/0x350 [ 192.651127] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 192.655959] ? __fdget_pos+0x1bb/0x200 [ 192.659940] ? lock_acquire+0x1e4/0x540 [ 192.663911] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.669437] ? fsnotify+0xbac/0x14e0 [ 192.673144] ext4_file_read_iter+0x18b/0x3c0 [ 192.677554] generic_file_splice_read+0x5a5/0x9a0 [ 192.682392] ? add_to_pipe+0x360/0x360 [ 192.686290] ? rw_verify_area+0x118/0x360 [ 192.690440] ? add_to_pipe+0x360/0x360 [ 192.694323] do_splice_to+0x12e/0x190 [ 192.698123] splice_direct_to_actor+0x270/0x8f0 [ 192.702785] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.708315] ? pipe_to_sendpage+0x400/0x400 [ 192.712631] ? do_splice_to+0x190/0x190 [ 192.716598] ? security_file_permission+0x1c2/0x230 [ 192.721609] ? rw_verify_area+0x118/0x360 [ 192.725751] do_splice_direct+0x2d4/0x420 [ 192.729891] ? splice_direct_to_actor+0x8f0/0x8f0 [ 192.734739] ? rw_verify_area+0x118/0x360 [ 192.738889] do_sendfile+0x62a/0xe20 [ 192.742616] ? do_compat_pwritev64+0x1c0/0x1c0 [ 192.747205] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.752909] ? _copy_from_user+0xdf/0x150 [ 192.757052] __x64_sys_sendfile64+0x15d/0x250 [ 192.761625] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 192.766210] do_syscall_64+0x1b9/0x820 [ 192.770087] ? finish_task_switch+0x1d3/0x870 [ 192.774572] ? syscall_return_slowpath+0x5e0/0x5e0 [ 192.779493] ? syscall_return_slowpath+0x31d/0x5e0 [ 192.784413] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 192.789424] ? prepare_exit_to_usermode+0x291/0x3b0 [ 192.794432] ? perf_trace_sys_enter+0xb10/0xb10 [ 192.799238] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 192.804087] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.809263] RIP: 0033:0x455e29 [ 192.812435] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 192.831729] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 192.839430] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 192.846696] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 192.853950] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 21:25:12 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0xc0f85403, &(0x7f0000000000)) 21:25:12 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0xc0f85403, &(0x7f0000000000)) 21:25:12 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}, 0xfe800000}, 0x1c) 21:25:12 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x4034540c, &(0x7f0000000000)) 21:25:12 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0xc0f85403, &(0x7f0000000000)) 21:25:12 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)) 21:25:12 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}, 0xff8f7a20}, 0x1c) 21:25:12 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0xc0f85403, &(0x7f0000000000)) [ 192.861293] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 192.868557] R13: 00000000004c1113 R14: 00000000004d1540 R15: 000000000000001f 21:25:13 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 21:25:13 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x5423, &(0x7f0000000000)) 21:25:13 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}, 0xff00}, 0x1c) 21:25:13 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0xc0f85403, &(0x7f0000000000)) 21:25:13 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x200000000000000, {0x4}}, 0x14}, 0x1}, 0x0) 21:25:13 executing program 3: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r1 = socket$kcm(0xa, 0x1, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000000)={0x0, 0x33, "a7f175a48faacfaa871dc86cabfea9a1bce8582a130d0d766cb536ed010d145473c4e71cf7e9e116a40d601c7e8edd16fe027c"}, &(0x7f0000000040)=0x3b) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000000080)={r3, @in={{0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x3ff}}}, 0x934}, &(0x7f00000001c0)=0x90) close(r1) 21:25:13 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x5460, &(0x7f0000000000)={{0x0, 0x3, 0xf301}}) 21:25:13 executing program 2 (fault-call:9 fault-nth:32): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) [ 193.326102] FAULT_INJECTION: forcing a failure. [ 193.326102] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 193.338047] CPU: 0 PID: 12964 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 193.346461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 193.355915] Call Trace: [ 193.358511] dump_stack+0x1c9/0x2b4 [ 193.362130] ? dump_stack_print_info.cold.2+0x52/0x52 [ 193.367313] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 193.372161] should_fail.cold.4+0xa/0x11 [ 193.376214] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 193.381312] ? kasan_check_read+0x11/0x20 [ 193.385445] ? rcu_is_watching+0x8c/0x150 [ 193.389584] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 193.395125] ? xas_start+0x23d/0x740 [ 193.398831] ? find_get_entry+0xa6d/0x1120 [ 193.403060] ? lock_downgrade+0x8f0/0x8f0 [ 193.407203] ? lock_acquire+0x1e4/0x540 [ 193.411169] ? fs_reclaim_acquire+0x20/0x20 [ 193.415484] ? lock_downgrade+0x8f0/0x8f0 [ 193.419718] ? check_same_owner+0x340/0x340 [ 193.424032] ? retint_kernel+0x10/0x10 [ 193.427908] ? rcu_note_context_switch+0x730/0x730 [ 193.432831] __alloc_pages_nodemask+0x36e/0xdb0 [ 193.437493] ? percpu_ref_put_many+0x119/0x240 [ 193.442068] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 193.447075] ? trace_hardirqs_on+0x10/0x10 [ 193.451334] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 193.456180] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 193.461803] ? xas_start+0x23d/0x740 [ 193.465512] ? xa_load+0x288/0x450 [ 193.469056] ? lock_downgrade+0x8f0/0x8f0 [ 193.473209] ? lock_release+0xa30/0xa30 [ 193.477185] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 193.482722] alloc_pages_current+0x10c/0x210 [ 193.487128] __page_cache_alloc+0x398/0x5e0 [ 193.491703] ? xa_load+0x2b1/0x450 [ 193.495228] ? xa_clear_tag+0x40/0x40 [ 193.499029] ? filemap_range_has_page+0x4c0/0x4c0 [ 193.503862] ? unwind_get_return_address+0x61/0xa0 [ 193.508780] __do_page_cache_readahead+0x24e/0x690 [ 193.513702] ? read_pages+0x680/0x680 [ 193.517490] ? lock_acquire+0x1e4/0x540 [ 193.521458] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 193.526545] ? lock_downgrade+0x8f0/0x8f0 [ 193.530689] ? lock_release+0xa30/0xa30 [ 193.534662] ondemand_readahead+0x550/0xc40 [ 193.538977] page_cache_sync_readahead+0x3a0/0x6d0 [ 193.543898] ? force_page_cache_readahead+0x360/0x360 [ 193.549073] ? lock_acquire+0x1e4/0x540 [ 193.553045] ? rcu_note_context_switch+0x730/0x730 [ 193.557959] ? check_same_owner+0x340/0x340 [ 193.562269] ? lock_release+0xa30/0xa30 [ 193.566250] generic_file_read_iter+0x1a87/0x2f10 [ 193.571172] ? filemap_write_and_wait_range+0xd0/0xd0 [ 193.576352] ? rcu_read_lock+0x70/0x70 [ 193.580230] ? __unlock_page_memcg+0x72/0x100 [ 193.584730] ? unlock_page_memcg+0x2c/0x40 [ 193.588953] ? page_add_file_rmap+0x781/0xe40 [ 193.593433] ? page_add_new_anon_rmap+0x870/0x870 [ 193.598260] ? update_load_avg+0x2de/0x2590 [ 193.602565] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 193.607491] ? attach_entity_load_avg+0x860/0x860 [ 193.612333] ? lock_acquire+0x1e4/0x540 [ 193.616313] ? alloc_set_pte+0x1133/0x1790 [ 193.620554] ? lock_release+0xa30/0xa30 [ 193.624519] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 193.629520] ? check_pgprot+0xdf/0x180 [ 193.633396] ? put_page+0x280/0x280 [ 193.638117] ? kasan_check_write+0x14/0x20 [ 193.642344] ? do_raw_spin_lock+0xc1/0x200 [ 193.646565] ? alloc_set_pte+0xaf6/0x1790 [ 193.650698] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 193.655713] ? filemap_map_pages+0xca2/0x1990 [ 193.660198] ? trace_hardirqs_on+0x10/0x10 [ 193.664415] ? xa_set_tag+0x40/0x40 [ 193.668030] ? cgroup_rstat_updated+0xe6/0x470 [ 193.672601] ? trace_hardirqs_on+0x10/0x10 [ 193.676821] ? trace_hardirqs_on+0x10/0x10 [ 193.681042] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 193.685882] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 193.690716] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 193.695551] ? perf_trace_lock+0x920/0x920 [ 193.699783] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 193.704616] ? perf_trace_lock+0x920/0x920 [ 193.708840] ? perf_trace_lock+0x920/0x920 [ 193.713067] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 193.717988] ? __fdget_pos+0x1bb/0x200 [ 193.721869] ? lock_acquire+0x1e4/0x540 [ 193.725843] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.731372] ? fsnotify+0xbac/0x14e0 [ 193.735078] ext4_file_read_iter+0x18b/0x3c0 [ 193.739489] generic_file_splice_read+0x5a5/0x9a0 [ 193.744330] ? add_to_pipe+0x360/0x360 [ 193.748219] ? rw_verify_area+0x118/0x360 [ 193.752351] ? add_to_pipe+0x360/0x360 [ 193.756233] do_splice_to+0x12e/0x190 [ 193.760032] splice_direct_to_actor+0x270/0x8f0 [ 193.764697] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.770241] ? pipe_to_sendpage+0x400/0x400 [ 193.774552] ? do_splice_to+0x190/0x190 [ 193.778518] ? security_file_permission+0x1c2/0x230 [ 193.783530] ? rw_verify_area+0x118/0x360 [ 193.787696] do_splice_direct+0x2d4/0x420 [ 193.791843] ? splice_direct_to_actor+0x8f0/0x8f0 [ 193.796685] ? rw_verify_area+0x118/0x360 [ 193.800828] do_sendfile+0x62a/0xe20 [ 193.804542] ? do_compat_pwritev64+0x1c0/0x1c0 [ 193.809116] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 193.814642] ? _copy_from_user+0xdf/0x150 [ 193.818780] __x64_sys_sendfile64+0x15d/0x250 [ 193.823267] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 193.827843] do_syscall_64+0x1b9/0x820 [ 193.831720] ? finish_task_switch+0x1d3/0x870 [ 193.836206] ? syscall_return_slowpath+0x5e0/0x5e0 [ 193.841132] ? syscall_return_slowpath+0x31d/0x5e0 [ 193.846052] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 193.851056] ? prepare_exit_to_usermode+0x291/0x3b0 [ 193.856060] ? perf_trace_sys_enter+0xb10/0xb10 [ 193.860716] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 193.865548] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.870724] RIP: 0033:0x455e29 [ 193.873896] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 193.893183] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 193.900888] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 193.908185] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 193.915448] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 21:25:13 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x4020940d, &(0x7f0000000000)) 21:25:13 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x4801000000000000, {0x4}}, 0x14}, 0x1}, 0x0) 21:25:13 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}, 0x80fe}, 0x1c) 21:25:13 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0xc0f85403, &(0x7f0000000000)) [ 193.922791] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 193.930135] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000020 21:25:13 executing program 3: socketpair(0xfffffffffffffffc, 0x0, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000000)=0x3) r1 = socket$kcm(0xa, 0x1, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000140), &(0x7f0000000140)}, 0x20) close(r1) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000040)={0x0, 0x0, 0x5, [0x81, 0x7, 0x1000, 0x1, 0xdb49]}, &(0x7f0000000080)=0x12) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f00000002c0)={r3, @in={{0x2, 0x4e22}}, [0xb366, 0x800, 0x7ee4c3a6, 0xffffffffffffffff, 0x8, 0xf1140000000, 0xff, 0xfffffffffffffeff, 0x1000, 0x0, 0x4b, 0x0, 0x1f, 0x2]}, &(0x7f00000000c0)=0x100) 21:25:13 executing program 2 (fault-call:9 fault-nth:33): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:14 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345408, &(0x7f0000000000)={{0x0, 0x3, 0xf301}}) 21:25:14 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}, 0xfec0000000000000}, 0x1c) [ 194.108882] FAULT_INJECTION: forcing a failure. [ 194.108882] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 194.120992] CPU: 1 PID: 13003 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 194.129715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.139107] Call Trace: [ 194.141720] dump_stack+0x1c9/0x2b4 [ 194.145704] ? dump_stack_print_info.cold.2+0x52/0x52 [ 194.150941] should_fail.cold.4+0xa/0x11 [ 194.155026] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 194.160172] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.165721] ? xas_start+0x23d/0x740 [ 194.169453] ? trace_hardirqs_on+0x10/0x10 [ 194.173713] ? find_get_entry+0xa6d/0x1120 [ 194.178233] ? lock_downgrade+0x8f0/0x8f0 [ 194.182494] ? lock_acquire+0x1e4/0x540 [ 194.186549] ? fs_reclaim_acquire+0x20/0x20 [ 194.190879] ? lock_downgrade+0x8f0/0x8f0 [ 194.195033] ? check_same_owner+0x340/0x340 [ 194.199343] ? find_get_entry+0xa96/0x1120 [ 194.203572] ? rcu_note_context_switch+0x730/0x730 [ 194.208494] __alloc_pages_nodemask+0x36e/0xdb0 [ 194.213156] ? percpu_ref_put_many+0x119/0x240 [ 194.217743] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 194.222765] ? trace_hardirqs_on+0x10/0x10 [ 194.227025] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.232567] ? xas_start+0x23d/0x740 [ 194.236271] ? xa_load+0x288/0x450 [ 194.239806] ? lock_downgrade+0x8f0/0x8f0 [ 194.243944] ? lock_release+0xa30/0xa30 [ 194.247924] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 194.253896] alloc_pages_current+0x10c/0x210 [ 194.258304] __page_cache_alloc+0x398/0x5e0 [ 194.262630] ? xa_load+0x2b1/0x450 [ 194.266158] ? xa_clear_tag+0x40/0x40 [ 194.270056] ? filemap_range_has_page+0x4c0/0x4c0 [ 194.274896] ? unwind_get_return_address+0x61/0xa0 [ 194.279821] __do_page_cache_readahead+0x24e/0x690 [ 194.284755] ? read_pages+0x680/0x680 [ 194.288555] ? lock_acquire+0x1e4/0x540 [ 194.292513] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 194.297602] ? lock_downgrade+0x8f0/0x8f0 [ 194.301759] ? lock_release+0xa30/0xa30 [ 194.305747] ondemand_readahead+0x550/0xc40 21:25:14 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 21:25:14 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0xc0145401, &(0x7f0000000000)) 21:25:14 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0xc0f85403, &(0x7f0000000000)) 21:25:14 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0xf0ffffff00000000, {0x4}}, 0x14}, 0x1}, 0x0) 21:25:14 executing program 3: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$kcm(0xa, 0x1, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) close(r1) getsockopt$bt_BT_VOICE(r0, 0x112, 0xb, &(0x7f0000000000)=0x3, &(0x7f0000000040)=0x2) 21:25:14 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}, 0xff000000}, 0x1c) [ 194.310077] page_cache_sync_readahead+0x3a0/0x6d0 [ 194.314997] ? force_page_cache_readahead+0x360/0x360 [ 194.320191] ? lock_acquire+0x1e4/0x540 [ 194.324171] ? rcu_note_context_switch+0x730/0x730 [ 194.329122] ? check_same_owner+0x340/0x340 [ 194.333492] ? lock_release+0xa30/0xa30 [ 194.337575] generic_file_read_iter+0x1a87/0x2f10 [ 194.342646] ? filemap_write_and_wait_range+0xd0/0xd0 [ 194.347867] ? rcu_read_lock+0x70/0x70 [ 194.351819] ? __unlock_page_memcg+0x72/0x100 21:25:14 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}, 0xfc00}, 0x1c) [ 194.356325] ? unlock_page_memcg+0x2c/0x40 [ 194.360570] ? page_add_file_rmap+0x781/0xe40 [ 194.365080] ? page_add_new_anon_rmap+0x870/0x870 [ 194.369933] ? lockdep_init_map+0x9/0x10 [ 194.374007] ? kasan_check_write+0x14/0x20 [ 194.378253] ? __init_rwsem+0x1cc/0x2a0 [ 194.382242] ? lock_acquire+0x1e4/0x540 [ 194.386347] ? alloc_set_pte+0x1133/0x1790 [ 194.390692] ? lock_release+0xa30/0xa30 [ 194.394679] ? xas_descend+0x20c/0x5f0 [ 194.398581] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 194.403622] ? check_pgprot+0xdf/0x180 21:25:14 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0xffffff7f, {0x4}}, 0x14}, 0x1}, 0x0) [ 194.407516] ? put_page+0x280/0x280 [ 194.411155] ? kasan_check_write+0x14/0x20 [ 194.415395] ? do_raw_spin_lock+0xc1/0x200 [ 194.419648] ? alloc_set_pte+0xaf6/0x1790 [ 194.423820] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 194.428849] ? filemap_map_pages+0xca2/0x1990 [ 194.433376] ? trace_hardirqs_on+0x10/0x10 [ 194.437630] ? xa_set_tag+0x40/0x40 [ 194.441300] ? environ_open+0x90/0x90 [ 194.445123] ? trace_hardirqs_on+0x10/0x10 [ 194.449405] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.454965] ? trace_hardirqs_on+0x10/0x10 21:25:14 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}, 0xfffffff5}, 0x1c) 21:25:14 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0xfffffff0, {0x4}}, 0x14}, 0x1}, 0x0) [ 194.459213] ? trace_hardirqs_on+0x10/0x10 [ 194.463467] ? find_get_entries_tag+0x1410/0x1410 [ 194.468332] ? trace_hardirqs_on+0x10/0x10 [ 194.472598] ? mntput_no_expire+0x18e/0xbc0 [ 194.476950] ? do_raw_spin_lock+0xc1/0x200 [ 194.481196] ? mnt_get_count+0x150/0x150 [ 194.485272] ? dput.part.26+0x276/0x7a0 [ 194.489254] ? shrink_dcache_sb+0x350/0x350 [ 194.493773] ? lock_acquire+0x1e4/0x540 [ 194.497782] ? __fdget_pos+0x1bb/0x200 [ 194.501685] ? lock_acquire+0x1e4/0x540 21:25:14 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0xffffff7f00000000, {0x4}}, 0x14}, 0x1}, 0x0) 21:25:14 executing program 3: socketpair(0xfffffffffffffffe, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$kcm(0xa, 0x1, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r3, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="cf018001d10000002500000001040000b6010000631d000000000000000000000e1a6512402bcdd35349ecb4663bba43e9eeab976b8922db4d05faf67cfe8c006bc7c36baa8f2695f28c32739099ca91e2fdc5490154c611006a584e615238b2642365195b4248713d1b97f8fda26cc83eb8c134a7ab2bc3a01fc12f19ad168d8098b9f304cb0d27c381a6f4a66fdd03608b4e8f0cf5ba28917560a0aee8d247b06adce8bb"], 0xa5) setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000000)={{0xff, @dev={0xac, 0x14, 0x14, 0x1a}, 0x4e22, 0x0, 'ovf\x00', 0x1, 0x1}, {@remote={0xac, 0x14, 0x14, 0xbb}, 0x4e20, 0x10000, 0x2, 0x94c, 0x3}}, 0x44) close(r2) ioctl$HDIO_GETGEO(r0, 0x301, &(0x7f00000001c0)) [ 194.505683] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.511248] ? fsnotify+0xbac/0x14e0 [ 194.514981] ext4_file_read_iter+0x18b/0x3c0 [ 194.519411] generic_file_splice_read+0x5a5/0x9a0 [ 194.524268] ? add_to_pipe+0x360/0x360 [ 194.528180] ? rw_verify_area+0x118/0x360 [ 194.532339] ? add_to_pipe+0x360/0x360 [ 194.536238] do_splice_to+0x12e/0x190 [ 194.540050] splice_direct_to_actor+0x270/0x8f0 [ 194.544732] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.550287] ? pipe_to_sendpage+0x400/0x400 [ 194.554656] ? do_splice_to+0x190/0x190 21:25:14 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0xfffff000, {0x4}}, 0x14}, 0x1}, 0x0) [ 194.558644] ? security_file_permission+0x1c2/0x230 [ 194.563671] ? rw_verify_area+0x118/0x360 [ 194.567855] do_splice_direct+0x2d4/0x420 [ 194.572021] ? splice_direct_to_actor+0x8f0/0x8f0 [ 194.576880] ? rw_verify_area+0x118/0x360 [ 194.581063] do_sendfile+0x62a/0xe20 [ 194.584794] ? do_compat_pwritev64+0x1c0/0x1c0 [ 194.589647] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.595199] ? _copy_from_user+0xdf/0x150 [ 194.599374] __x64_sys_sendfile64+0x15d/0x250 [ 194.603885] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 194.608505] do_syscall_64+0x1b9/0x820 [ 194.612398] ? finish_task_switch+0x1d3/0x870 [ 194.616905] ? syscall_return_slowpath+0x5e0/0x5e0 [ 194.621848] ? syscall_return_slowpath+0x31d/0x5e0 [ 194.626792] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 194.632086] ? prepare_exit_to_usermode+0x291/0x3b0 [ 194.637117] ? perf_trace_sys_enter+0xb10/0xb10 [ 194.641800] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 194.646659] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.651855] RIP: 0033:0x455e29 [ 194.655044] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.674592] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 194.682313] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 194.689592] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 194.696891] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 194.704173] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 21:25:14 executing program 2 (fault-call:9 fault-nth:34): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:14 executing program 3: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$kcm(0xa, 0x1, 0x0) ioctl$void(r0, 0x5451) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0xfe1e) close(r1) 21:25:14 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0xf0, {0x4}}, 0x14}, 0x1}, 0x0) [ 194.711457] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000021 [ 194.800646] FAULT_INJECTION: forcing a failure. [ 194.800646] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 194.812620] CPU: 1 PID: 13080 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 194.821029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.831260] Call Trace: [ 194.833868] dump_stack+0x1c9/0x2b4 [ 194.837507] ? dump_stack_print_info.cold.2+0x52/0x52 [ 194.842750] should_fail.cold.4+0xa/0x11 [ 194.846809] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 194.851900] ? kasan_check_read+0x11/0x20 [ 194.856045] ? rcu_is_watching+0x8c/0x150 [ 194.860216] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.865744] ? xas_start+0x23d/0x740 [ 194.869449] ? trace_hardirqs_on+0x10/0x10 [ 194.873676] ? find_get_entry+0xa6d/0x1120 [ 194.877909] ? lock_downgrade+0x8f0/0x8f0 [ 194.882149] ? lock_acquire+0x1e4/0x540 [ 194.886130] ? fs_reclaim_acquire+0x20/0x20 [ 194.890472] ? lock_downgrade+0x8f0/0x8f0 [ 194.894618] ? check_same_owner+0x340/0x340 [ 194.898941] ? find_get_entry+0xa96/0x1120 [ 194.903164] ? rcu_note_context_switch+0x730/0x730 [ 194.908099] __alloc_pages_nodemask+0x36e/0xdb0 [ 194.912766] ? percpu_ref_put_many+0x119/0x240 [ 194.917340] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 194.922346] ? trace_hardirqs_on+0x10/0x10 [ 194.926573] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.932106] ? xas_start+0x23d/0x740 [ 194.935822] ? xa_load+0x288/0x450 [ 194.939354] ? lock_downgrade+0x8f0/0x8f0 [ 194.943501] ? lock_release+0xa30/0xa30 [ 194.947477] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 194.953011] alloc_pages_current+0x10c/0x210 [ 194.957437] __page_cache_alloc+0x398/0x5e0 [ 194.961746] ? xa_load+0x2b1/0x450 [ 194.965365] ? xa_clear_tag+0x40/0x40 [ 194.969151] ? filemap_range_has_page+0x4c0/0x4c0 [ 194.973980] ? unwind_get_return_address+0x61/0xa0 [ 194.978898] __do_page_cache_readahead+0x24e/0x690 [ 194.983824] ? read_pages+0x680/0x680 [ 194.987701] ? lock_acquire+0x1e4/0x540 [ 194.991676] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 194.996770] ? lock_downgrade+0x8f0/0x8f0 [ 195.000906] ? lock_release+0xa30/0xa30 [ 195.004877] ondemand_readahead+0x550/0xc40 [ 195.009220] page_cache_sync_readahead+0x3a0/0x6d0 [ 195.014158] ? force_page_cache_readahead+0x360/0x360 [ 195.019602] ? lock_acquire+0x1e4/0x540 [ 195.023577] ? rcu_note_context_switch+0x730/0x730 [ 195.028510] ? check_same_owner+0x340/0x340 [ 195.032915] ? lock_release+0xa30/0xa30 [ 195.036885] generic_file_read_iter+0x1a87/0x2f10 [ 195.041724] ? filemap_write_and_wait_range+0xd0/0xd0 [ 195.046905] ? rcu_read_lock+0x70/0x70 [ 195.050801] ? __unlock_page_memcg+0x72/0x100 [ 195.055289] ? unlock_page_memcg+0x2c/0x40 [ 195.059510] ? page_add_file_rmap+0x781/0xe40 [ 195.063994] ? page_add_new_anon_rmap+0x870/0x870 [ 195.068831] ? lockdep_init_map+0x9/0x10 [ 195.072884] ? kasan_check_write+0x14/0x20 [ 195.077126] ? __init_rwsem+0x1cc/0x2a0 [ 195.081116] ? lock_acquire+0x1e4/0x540 [ 195.085103] ? alloc_set_pte+0x1133/0x1790 [ 195.089371] ? lock_release+0xa30/0xa30 [ 195.093345] ? xas_descend+0x20c/0x5f0 [ 195.097231] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 195.102241] ? check_pgprot+0xdf/0x180 [ 195.106123] ? put_page+0x280/0x280 [ 195.109756] ? kasan_check_write+0x14/0x20 [ 195.113997] ? do_raw_spin_lock+0xc1/0x200 [ 195.118234] ? alloc_set_pte+0xaf6/0x1790 [ 195.122390] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 195.127411] ? filemap_map_pages+0xca2/0x1990 [ 195.131900] ? trace_hardirqs_on+0x10/0x10 [ 195.136120] ? xa_set_tag+0x40/0x40 [ 195.139737] ? environ_open+0x90/0x90 [ 195.143539] ? trace_hardirqs_on+0x10/0x10 [ 195.147773] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.153304] ? trace_hardirqs_on+0x10/0x10 [ 195.157614] ? trace_hardirqs_on+0x10/0x10 [ 195.161843] ? find_get_entries_tag+0x1410/0x1410 [ 195.166721] ? trace_hardirqs_on+0x10/0x10 [ 195.170956] ? mntput_no_expire+0x18e/0xbc0 [ 195.175270] ? do_raw_spin_lock+0xc1/0x200 [ 195.179505] ? mnt_get_count+0x150/0x150 [ 195.183570] ? dput.part.26+0x276/0x7a0 [ 195.187542] ? shrink_dcache_sb+0x350/0x350 [ 195.191853] ? lock_acquire+0x1e4/0x540 [ 195.195822] ? __fdget_pos+0x1bb/0x200 [ 195.199715] ? lock_acquire+0x1e4/0x540 [ 195.203681] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.209221] ? fsnotify+0xbac/0x14e0 [ 195.212924] ext4_file_read_iter+0x18b/0x3c0 [ 195.217329] generic_file_splice_read+0x5a5/0x9a0 [ 195.222161] ? add_to_pipe+0x360/0x360 [ 195.226064] ? rw_verify_area+0x118/0x360 [ 195.230230] ? add_to_pipe+0x360/0x360 [ 195.234107] do_splice_to+0x12e/0x190 [ 195.237897] splice_direct_to_actor+0x270/0x8f0 [ 195.242559] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.248102] ? pipe_to_sendpage+0x400/0x400 [ 195.252417] ? do_splice_to+0x190/0x190 [ 195.256378] ? security_file_permission+0x1c2/0x230 [ 195.261400] ? rw_verify_area+0x118/0x360 [ 195.265557] do_splice_direct+0x2d4/0x420 [ 195.269716] ? splice_direct_to_actor+0x8f0/0x8f0 [ 195.274579] ? rw_verify_area+0x118/0x360 [ 195.278712] do_sendfile+0x62a/0xe20 [ 195.282427] ? do_compat_pwritev64+0x1c0/0x1c0 [ 195.287014] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 195.292553] ? _copy_from_user+0xdf/0x150 [ 195.296719] __x64_sys_sendfile64+0x15d/0x250 [ 195.301216] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 195.305797] do_syscall_64+0x1b9/0x820 [ 195.309670] ? finish_task_switch+0x1d3/0x870 [ 195.314171] ? syscall_return_slowpath+0x5e0/0x5e0 [ 195.319095] ? syscall_return_slowpath+0x31d/0x5e0 [ 195.324040] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 195.329059] ? prepare_exit_to_usermode+0x291/0x3b0 [ 195.334074] ? perf_trace_sys_enter+0xb10/0xb10 [ 195.338735] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 195.343579] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 195.348761] RIP: 0033:0x455e29 [ 195.351946] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 195.371120] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 195.378822] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 195.386075] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 195.393328] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 21:25:15 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(0xffffffffffffffff, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 21:25:15 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}, 0xfec00000}, 0x1c) 21:25:15 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x2, &(0x7f0000000000)={{0x0, 0x3, 0xf301}}) 21:25:15 executing program 5: r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0xc0f85403, &(0x7f0000000000)) 21:25:15 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345408, &(0x7f0000000000)) 21:25:15 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x2, {0x4}}, 0x14}, 0x1}, 0x0) 21:25:15 executing program 3: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$kcm(0xa, 0x1, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) setsockopt$inet_dccp_int(r0, 0x21, 0x4, &(0x7f00000000c0)=0x4, 0x4) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) getsockopt$netlink(r0, 0x10e, 0x3, &(0x7f0000000000)=""/121, &(0x7f0000000080)=0x79) close(r1) 21:25:15 executing program 2 (fault-call:9 fault-nth:35): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) [ 195.400584] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 195.407847] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000022 [ 195.500263] FAULT_INJECTION: forcing a failure. [ 195.500263] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 195.512309] CPU: 0 PID: 13110 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 195.520725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.530095] Call Trace: [ 195.532752] dump_stack+0x1c9/0x2b4 [ 195.536387] ? dump_stack_print_info.cold.2+0x52/0x52 [ 195.541615] should_fail.cold.4+0xa/0x11 [ 195.545685] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 195.550801] ? kasan_check_read+0x11/0x20 [ 195.554958] ? rcu_is_watching+0x8c/0x150 [ 195.559123] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 195.564667] ? xas_start+0x23d/0x740 [ 195.568396] ? trace_hardirqs_on+0x10/0x10 [ 195.572631] ? find_get_entry+0xa6d/0x1120 [ 195.576950] ? lock_downgrade+0x8f0/0x8f0 [ 195.581197] ? lock_acquire+0x1e4/0x540 [ 195.585181] ? fs_reclaim_acquire+0x20/0x20 [ 195.589497] ? lock_downgrade+0x8f0/0x8f0 [ 195.593655] ? check_same_owner+0x340/0x340 [ 195.597971] ? find_get_entry+0xa96/0x1120 [ 195.602196] ? rcu_note_context_switch+0x730/0x730 [ 195.607122] __alloc_pages_nodemask+0x36e/0xdb0 [ 195.611786] ? percpu_ref_put_many+0x119/0x240 [ 195.616379] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 195.621385] ? trace_hardirqs_on+0x10/0x10 [ 195.625792] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 195.631319] ? xas_start+0x23d/0x740 [ 195.635923] ? xa_load+0x288/0x450 [ 195.639454] ? lock_downgrade+0x8f0/0x8f0 [ 195.643603] ? lock_release+0xa30/0xa30 [ 195.647572] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 195.653102] alloc_pages_current+0x10c/0x210 [ 195.657507] __page_cache_alloc+0x398/0x5e0 [ 195.661819] ? xa_load+0x2b1/0x450 [ 195.665353] ? xa_clear_tag+0x40/0x40 [ 195.669168] ? filemap_range_has_page+0x4c0/0x4c0 [ 195.674009] ? unwind_get_return_address+0x61/0xa0 [ 195.678950] __do_page_cache_readahead+0x24e/0x690 [ 195.683889] ? read_pages+0x680/0x680 [ 195.687688] ? lock_acquire+0x1e4/0x540 [ 195.691666] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 195.696762] ? lock_downgrade+0x8f0/0x8f0 [ 195.700917] ? lock_release+0xa30/0xa30 [ 195.704986] ondemand_readahead+0x550/0xc40 [ 195.709308] page_cache_sync_readahead+0x3a0/0x6d0 [ 195.714233] ? force_page_cache_readahead+0x360/0x360 [ 195.719591] ? lock_acquire+0x1e4/0x540 [ 195.723570] ? rcu_note_context_switch+0x730/0x730 [ 195.728496] ? check_same_owner+0x340/0x340 [ 195.732914] ? lock_release+0xa30/0xa30 [ 195.736901] generic_file_read_iter+0x1a87/0x2f10 [ 195.741753] ? filemap_write_and_wait_range+0xd0/0xd0 [ 195.746936] ? rcu_read_lock+0x70/0x70 [ 195.750839] ? __unlock_page_memcg+0x72/0x100 [ 195.755427] ? unlock_page_memcg+0x2c/0x40 [ 195.759667] ? page_add_file_rmap+0x781/0xe40 [ 195.764172] ? page_add_new_anon_rmap+0x870/0x870 [ 195.769012] ? lockdep_init_map+0x9/0x10 [ 195.773069] ? kasan_check_write+0x14/0x20 [ 195.777303] ? __init_rwsem+0x1cc/0x2a0 [ 195.781279] ? lock_acquire+0x1e4/0x540 [ 195.785262] ? alloc_set_pte+0x1133/0x1790 [ 195.789496] ? lock_release+0xa30/0xa30 [ 195.793464] ? xas_descend+0x20c/0x5f0 [ 195.797349] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 195.802358] ? check_pgprot+0xdf/0x180 [ 195.806248] ? put_page+0x280/0x280 [ 195.809867] ? kasan_check_write+0x14/0x20 [ 195.814094] ? do_raw_spin_lock+0xc1/0x200 [ 195.818330] ? alloc_set_pte+0xaf6/0x1790 [ 195.822492] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 195.827505] ? filemap_map_pages+0xca2/0x1990 [ 195.832015] ? trace_hardirqs_on+0x10/0x10 [ 195.836248] ? xa_set_tag+0x40/0x40 [ 195.839886] ? environ_open+0x90/0x90 [ 195.843694] ? trace_hardirqs_on+0x10/0x10 [ 195.847927] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.853477] ? trace_hardirqs_on+0x10/0x10 [ 195.857714] ? trace_hardirqs_on+0x10/0x10 [ 195.861961] ? find_get_entries_tag+0x1410/0x1410 [ 195.866801] ? trace_hardirqs_on+0x10/0x10 [ 195.871030] ? mntput_no_expire+0x18e/0xbc0 [ 195.875357] ? do_raw_spin_lock+0xc1/0x200 [ 195.879596] ? mnt_get_count+0x150/0x150 [ 195.883652] ? dput.part.26+0x276/0x7a0 [ 195.887624] ? shrink_dcache_sb+0x350/0x350 [ 195.891949] ? lock_acquire+0x1e4/0x540 [ 195.895927] ? __fdget_pos+0x1bb/0x200 [ 195.899812] ? lock_acquire+0x1e4/0x540 [ 195.903787] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.909402] ? fsnotify+0xbac/0x14e0 [ 195.913115] ext4_file_read_iter+0x18b/0x3c0 [ 195.917522] generic_file_splice_read+0x5a5/0x9a0 [ 195.922367] ? add_to_pipe+0x360/0x360 [ 195.926258] ? rw_verify_area+0x118/0x360 [ 195.930406] ? add_to_pipe+0x360/0x360 [ 195.934288] do_splice_to+0x12e/0x190 [ 195.938094] splice_direct_to_actor+0x270/0x8f0 [ 195.942762] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.948307] ? pipe_to_sendpage+0x400/0x400 [ 195.952722] ? do_splice_to+0x190/0x190 [ 195.956692] ? security_file_permission+0x1c2/0x230 [ 195.961712] ? rw_verify_area+0x118/0x360 [ 195.965864] do_splice_direct+0x2d4/0x420 [ 195.970045] ? splice_direct_to_actor+0x8f0/0x8f0 [ 195.974898] ? rw_verify_area+0x118/0x360 [ 195.979046] do_sendfile+0x62a/0xe20 [ 195.982763] ? do_compat_pwritev64+0x1c0/0x1c0 [ 195.987346] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 195.992880] ? _copy_from_user+0xdf/0x150 [ 195.997042] __x64_sys_sendfile64+0x15d/0x250 [ 196.001544] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 196.006168] do_syscall_64+0x1b9/0x820 [ 196.010048] ? finish_task_switch+0x1d3/0x870 [ 196.014537] ? syscall_return_slowpath+0x5e0/0x5e0 [ 196.019481] ? syscall_return_slowpath+0x31d/0x5e0 [ 196.024582] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 196.029600] ? prepare_exit_to_usermode+0x291/0x3b0 [ 196.034613] ? perf_trace_sys_enter+0xb10/0xb10 [ 196.039281] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 196.044126] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.049314] RIP: 0033:0x455e29 [ 196.052508] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 196.071810] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 196.080730] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 196.088005] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 196.095270] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 21:25:15 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(0xffffffffffffffff, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 21:25:15 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x48000000}}) 21:25:15 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}, 0xfc000000}, 0x1c) 21:25:16 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{0x0, 0x3, 0xf301}}) 21:25:16 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0xffffff9e, {0x4}}, 0x14}, 0x1}, 0x0) 21:25:16 executing program 5: r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0xc0f85403, &(0x7f0000000000)) [ 196.102543] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 196.109804] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000023 21:25:16 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(0xffffffffffffffff, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 21:25:16 executing program 2 (fault-call:9 fault-nth:36): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:16 executing program 3: recvmsg$kcm(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000380)=@pppol2tpv3={0x0, 0x0, {0x0, 0xffffffffffffffff}}, 0x80, &(0x7f0000000100), 0x0, &(0x7f0000000400)=""/172, 0xac, 0x7f}, 0x10120) setsockopt$l2tp_PPPOL2TP_SO_SENDSEQ(r0, 0x111, 0x3, 0x1, 0x4) socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$kcm(0xa, 0x1, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) close(r3) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000040)=0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000001c0)={{{@in=@rand_addr, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in6=@ipv4={[], [], @rand_addr}}}, &(0x7f0000000080)=0xe8) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000340)={r4, r5, r6}, 0xc) ioctl$sock_inet_SIOCSIFPFLAGS(r1, 0x8934, &(0x7f0000000000)={'ipddp0\x00', 0xec000000000}) 21:25:16 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0xc0f85403, &(0x7f0000000000)={{0x0, 0x3, 0xf301}}) 21:25:16 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}, 0xfe80}, 0x1c) 21:25:16 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0xc0045878, &(0x7f0000000000)={{0x0, 0x3, 0xf301}}) [ 196.255147] FAULT_INJECTION: forcing a failure. [ 196.255147] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 196.267607] CPU: 1 PID: 13140 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 196.276068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 196.285496] Call Trace: [ 196.288097] dump_stack+0x1c9/0x2b4 [ 196.291787] ? dump_stack_print_info.cold.2+0x52/0x52 [ 196.296998] ? perf_trace_lock_acquire+0xeb/0x9a0 21:25:16 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) [ 196.301862] should_fail.cold.4+0xa/0x11 [ 196.305940] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 196.311058] ? kasan_check_read+0x11/0x20 [ 196.315218] ? rcu_is_watching+0x8c/0x150 [ 196.319374] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 196.324908] ? xas_start+0x23d/0x740 [ 196.328642] ? find_get_entry+0xa6d/0x1120 [ 196.332872] ? lock_downgrade+0x8f0/0x8f0 [ 196.337116] ? lock_acquire+0x1e4/0x540 [ 196.341134] ? fs_reclaim_acquire+0x20/0x20 [ 196.345447] ? lock_downgrade+0x8f0/0x8f0 [ 196.349594] ? check_same_owner+0x340/0x340 [ 196.353920] ? find_get_entry+0xa96/0x1120 [ 196.358165] ? rcu_note_context_switch+0x730/0x730 [ 196.363095] __alloc_pages_nodemask+0x36e/0xdb0 [ 196.367770] ? percpu_ref_put_many+0x119/0x240 [ 196.372358] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 196.377374] ? trace_hardirqs_on+0x10/0x10 [ 196.381614] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 196.386453] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 196.392095] ? xas_start+0x23d/0x740 [ 196.395804] ? xa_load+0x288/0x450 [ 196.399336] ? lock_downgrade+0x8f0/0x8f0 [ 196.403478] ? lock_release+0xa30/0xa30 [ 196.407445] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 196.412987] alloc_pages_current+0x10c/0x210 [ 196.417391] __page_cache_alloc+0x398/0x5e0 [ 196.421712] ? xa_load+0x2b1/0x450 [ 196.425338] ? xa_clear_tag+0x40/0x40 [ 196.429131] ? filemap_range_has_page+0x4c0/0x4c0 [ 196.433968] ? unwind_get_return_address+0x61/0xa0 [ 196.438905] __do_page_cache_readahead+0x24e/0x690 [ 196.443831] ? read_pages+0x680/0x680 [ 196.447630] ? lock_acquire+0x1e4/0x540 [ 196.451601] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 196.456702] ? lock_downgrade+0x8f0/0x8f0 [ 196.460941] ? lock_release+0xa30/0xa30 [ 196.464931] ondemand_readahead+0x550/0xc40 [ 196.469250] page_cache_sync_readahead+0x3a0/0x6d0 [ 196.474192] ? force_page_cache_readahead+0x360/0x360 [ 196.479371] ? lock_acquire+0x1e4/0x540 [ 196.483453] ? rcu_note_context_switch+0x730/0x730 [ 196.488377] ? check_same_owner+0x340/0x340 [ 196.492690] ? lock_release+0xa30/0xa30 [ 196.496665] generic_file_read_iter+0x1a87/0x2f10 [ 196.501533] ? filemap_write_and_wait_range+0xd0/0xd0 [ 196.506814] ? rcu_read_lock+0x70/0x70 [ 196.510695] ? __unlock_page_memcg+0x72/0x100 [ 196.515194] ? unlock_page_memcg+0x2c/0x40 [ 196.519432] ? page_add_file_rmap+0x781/0xe40 [ 196.523925] ? page_add_new_anon_rmap+0x870/0x870 [ 196.528779] ? perf_trace_lock+0x920/0x920 [ 196.533136] ? lock_acquire+0x1e4/0x540 [ 196.537104] ? alloc_set_pte+0x1133/0x1790 [ 196.541334] ? lock_release+0xa30/0xa30 [ 196.545303] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 196.550309] ? check_pgprot+0xdf/0x180 [ 196.554198] ? put_page+0x280/0x280 [ 196.557824] ? kasan_check_write+0x14/0x20 [ 196.562057] ? do_raw_spin_lock+0xc1/0x200 [ 196.566289] ? alloc_set_pte+0xaf6/0x1790 [ 196.570435] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 196.575538] ? filemap_map_pages+0xca2/0x1990 [ 196.580031] ? trace_hardirqs_on+0x10/0x10 [ 196.584257] ? xa_set_tag+0x40/0x40 [ 196.587876] ? perf_trace_lock+0x920/0x920 [ 196.592098] ? environ_open+0x90/0x90 [ 196.595980] ? trace_hardirqs_on+0x10/0x10 [ 196.600227] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.605879] ? trace_hardirqs_on+0x10/0x10 [ 196.610109] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 196.614949] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 196.619794] ? perf_trace_lock+0x920/0x920 [ 196.624023] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 196.628865] ? perf_trace_lock+0x920/0x920 [ 196.633093] ? perf_trace_lock+0x920/0x920 [ 196.637322] ? shrink_dcache_sb+0x350/0x350 [ 196.641642] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 196.646487] ? __fdget_pos+0x1bb/0x200 [ 196.650373] ? lock_acquire+0x1e4/0x540 [ 196.654339] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.659874] ? fsnotify+0xbac/0x14e0 [ 196.663583] ext4_file_read_iter+0x18b/0x3c0 [ 196.668250] generic_file_splice_read+0x5a5/0x9a0 [ 196.673089] ? add_to_pipe+0x360/0x360 [ 196.676998] ? rw_verify_area+0x118/0x360 [ 196.681313] ? add_to_pipe+0x360/0x360 [ 196.685193] do_splice_to+0x12e/0x190 [ 196.688987] splice_direct_to_actor+0x270/0x8f0 [ 196.693652] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.699181] ? pipe_to_sendpage+0x400/0x400 [ 196.703510] ? do_splice_to+0x190/0x190 [ 196.707478] ? security_file_permission+0x1c2/0x230 [ 196.712491] ? rw_verify_area+0x118/0x360 [ 196.716633] do_splice_direct+0x2d4/0x420 [ 196.720776] ? splice_direct_to_actor+0x8f0/0x8f0 [ 196.725629] ? rw_verify_area+0x118/0x360 [ 196.729777] do_sendfile+0x62a/0xe20 [ 196.733498] ? do_compat_pwritev64+0x1c0/0x1c0 [ 196.738087] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 196.743615] ? _copy_from_user+0xdf/0x150 [ 196.747773] __x64_sys_sendfile64+0x15d/0x250 [ 196.752259] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 196.756840] do_syscall_64+0x1b9/0x820 [ 196.760723] ? finish_task_switch+0x1d3/0x870 [ 196.765208] ? syscall_return_slowpath+0x5e0/0x5e0 [ 196.770139] ? syscall_return_slowpath+0x31d/0x5e0 [ 196.775065] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 196.780073] ? prepare_exit_to_usermode+0x291/0x3b0 [ 196.785082] ? perf_trace_sys_enter+0xb10/0xb10 [ 196.789831] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 196.794673] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.799851] RIP: 0033:0x455e29 [ 196.803043] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 196.822410] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 196.830110] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 196.837370] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 196.844641] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 21:25:16 executing program 5: r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0xc0f85403, &(0x7f0000000000)) 21:25:16 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0xc00e000000000000, {0x4}}, 0x14}, 0x1}, 0x0) 21:25:16 executing program 3: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000200)=[{&(0x7f0000000080)="0006216706c0c63ff6bffa159eb15b131a1628d2223c1e4fb4aef1a86bffa792c29c21ec9a633deec082e736cc4e7998608edde1f9c12edde43239d3d2570ee5df2bd436ebbf4eb20aa7090a270836eb2f063c52cb00ee4f90029742dbe6deaf61a19569d6916129a3d3decd4f8da00c4c5c6f7c5d8efc9fe9db36861f228fb250082cefedd44feacdcb716d8a82a4e5274b018a3a4ea5", 0x97}, {&(0x7f00000001c0)="4adb45234a60106e7f7f5b78bcbd57559201fe09b46ece39dd8838252e61905a6f", 0x21}, {&(0x7f00000002c0)="a3152191631720be9c245f4335e8624889881d76f9bddbd9445e69ab2c1ec74b71206829ee65e808673830cbb8f6185d6ad82bd01d4cdb89f0c2c68aa18559a389ef9888c3b0dcad8d9744be92012bb5e60d3caee66259591a6ae32b5951014286dbccf30c17b8959a61f5df845b591c6c0c1e69c2dc4a387a1bfcf6e2c44ef55d8fcf208c06fdbbe5594d7d6df028f4fc64bd8d982799f65bb02a2a9bc6932221d56f1773b1ef31418eb8d90a0198ec8635d111fb69bf5664346617bbe3398c4e475563b05ded3dd6976357", 0xcc}, {&(0x7f00000003c0)="cc5683b5ff2f13c482b409a99aaf6a6b14bc4a0cf92eda89fdeb4ab8c83b192cda4e5c3bdbd1e6ea0b907ad407467f8ccbdd81804f56edeadf57d81fecb466818eee834c1bd87aeab28c2fec342a2d6e523d85b3b9ae808467e35a1fb85c25039d13213a7ccb8a9a0ab7e745f5dd56c34a1160f193cabba8e37011c9c67f2766a7a4f8715595a89c6363c0b24760c0bbec", 0x91}], 0x4, 0x0) r2 = socket$kcm(0xa, 0x1, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', r0}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r3, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) close(r2) [ 196.851901] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 196.859160] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000024 21:25:16 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x7a00}}) 21:25:16 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a3, &(0x7f0000000000)={{0x0, 0x3, 0xf301}}) 21:25:16 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}, 0xfec0}, 0x1c) 21:25:16 executing program 5: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0xc0f85403, &(0x7f0000000000)) 21:25:16 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x2000000, {0x4}}, 0x14}, 0x1}, 0x0) 21:25:17 executing program 3: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x0, 0x0) getsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000040)={@empty, @multicast1, @loopback}, &(0x7f0000000080)=0xc) socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) r1 = socket$kcm(0xa, 0x1, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) close(r1) 21:25:17 executing program 2 (fault-call:9 fault-nth:37): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:17 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x4034540b, &(0x7f0000000000)={{0x0, 0x3, 0xf301}}) 21:25:17 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x4800}}) 21:25:17 executing program 5: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0xc0f85403, &(0x7f0000000000)) [ 197.119518] FAULT_INJECTION: forcing a failure. [ 197.119518] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 197.131479] CPU: 1 PID: 13206 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 197.139890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.149252] Call Trace: [ 197.151852] dump_stack+0x1c9/0x2b4 [ 197.155487] ? dump_stack_print_info.cold.2+0x52/0x52 [ 197.160706] should_fail.cold.4+0xa/0x11 [ 197.164764] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 197.169859] ? kasan_unpoison_shadow+0x35/0x50 [ 197.174435] ? kasan_alloc_pages+0x38/0x40 [ 197.178671] ? get_page_from_freelist+0xfe4/0x4620 [ 197.183597] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.189124] ? xas_start+0x23d/0x740 [ 197.192843] ? trace_hardirqs_on+0x10/0x10 [ 197.197073] ? find_get_entry+0xa6d/0x1120 [ 197.201302] ? lock_downgrade+0x8f0/0x8f0 [ 197.205449] ? lock_acquire+0x1e4/0x540 [ 197.209415] ? fs_reclaim_acquire+0x20/0x20 [ 197.213742] ? lock_downgrade+0x8f0/0x8f0 [ 197.217899] ? check_same_owner+0x340/0x340 [ 197.222212] ? find_get_entry+0xa96/0x1120 [ 197.226437] ? rcu_note_context_switch+0x730/0x730 [ 197.231362] __alloc_pages_nodemask+0x36e/0xdb0 [ 197.236035] ? percpu_ref_put_many+0x119/0x240 [ 197.240615] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 197.245624] ? trace_hardirqs_on+0x10/0x10 [ 197.249861] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.255390] ? xas_start+0x23d/0x740 [ 197.259112] ? xa_load+0x288/0x450 [ 197.262644] ? lock_downgrade+0x8f0/0x8f0 [ 197.266787] ? lock_release+0xa30/0xa30 [ 197.270760] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 197.276291] alloc_pages_current+0x10c/0x210 [ 197.280784] __page_cache_alloc+0x398/0x5e0 [ 197.285096] ? xa_load+0x2b1/0x450 [ 197.288628] ? xa_clear_tag+0x40/0x40 [ 197.292420] ? filemap_range_has_page+0x4c0/0x4c0 [ 197.297340] ? unwind_get_return_address+0x61/0xa0 [ 197.302268] __do_page_cache_readahead+0x24e/0x690 [ 197.307204] ? read_pages+0x680/0x680 [ 197.311000] ? lock_acquire+0x1e4/0x540 [ 197.314972] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 197.320065] ? lock_downgrade+0x8f0/0x8f0 [ 197.324204] ? lock_release+0xa30/0xa30 [ 197.328174] ondemand_readahead+0x550/0xc40 [ 197.332752] page_cache_sync_readahead+0x3a0/0x6d0 [ 197.337675] ? force_page_cache_readahead+0x360/0x360 [ 197.342867] ? lock_acquire+0x1e4/0x540 [ 197.346830] ? rcu_note_context_switch+0x730/0x730 [ 197.351758] ? check_same_owner+0x340/0x340 [ 197.356076] ? lock_release+0xa30/0xa30 [ 197.360047] generic_file_read_iter+0x1a87/0x2f10 [ 197.364900] ? filemap_write_and_wait_range+0xd0/0xd0 [ 197.370079] ? rcu_read_lock+0x70/0x70 [ 197.373980] ? __unlock_page_memcg+0x72/0x100 [ 197.378553] ? unlock_page_memcg+0x2c/0x40 [ 197.382778] ? page_add_file_rmap+0x781/0xe40 [ 197.387268] ? page_add_new_anon_rmap+0x870/0x870 [ 197.392106] ? lockdep_init_map+0x9/0x10 [ 197.396159] ? kasan_check_write+0x14/0x20 [ 197.400403] ? __init_rwsem+0x1cc/0x2a0 [ 197.404375] ? lock_acquire+0x1e4/0x540 [ 197.408347] ? alloc_set_pte+0x1133/0x1790 [ 197.412578] ? lock_release+0xa30/0xa30 [ 197.416542] ? xas_descend+0x20c/0x5f0 [ 197.420429] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 197.425433] ? check_pgprot+0xdf/0x180 [ 197.429309] ? put_page+0x280/0x280 [ 197.432927] ? kasan_check_write+0x14/0x20 [ 197.437162] ? do_raw_spin_lock+0xc1/0x200 [ 197.441389] ? alloc_set_pte+0xaf6/0x1790 [ 197.445540] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 197.450552] ? filemap_map_pages+0xca2/0x1990 [ 197.455052] ? trace_hardirqs_on+0x10/0x10 [ 197.459287] ? xa_set_tag+0x40/0x40 [ 197.462908] ? environ_open+0x90/0x90 [ 197.467853] ? trace_hardirqs_on+0x10/0x10 [ 197.472083] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 197.477711] ? trace_hardirqs_on+0x10/0x10 [ 197.481942] ? trace_hardirqs_on+0x10/0x10 [ 197.486195] ? find_get_entries_tag+0x1410/0x1410 [ 197.491037] ? trace_hardirqs_on+0x10/0x10 [ 197.495273] ? mntput_no_expire+0x18e/0xbc0 [ 197.499584] ? do_raw_spin_lock+0xc1/0x200 [ 197.503807] ? mnt_get_count+0x150/0x150 [ 197.507868] ? dput.part.26+0x276/0x7a0 [ 197.511842] ? shrink_dcache_sb+0x350/0x350 [ 197.516160] ? lock_acquire+0x1e4/0x540 [ 197.520138] ? __fdget_pos+0x1bb/0x200 [ 197.524028] ? lock_acquire+0x1e4/0x540 [ 197.528003] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 197.533534] ? fsnotify+0xbac/0x14e0 [ 197.537250] ext4_file_read_iter+0x18b/0x3c0 [ 197.541831] generic_file_splice_read+0x5a5/0x9a0 [ 197.546664] ? add_to_pipe+0x360/0x360 [ 197.550551] ? rw_verify_area+0x118/0x360 [ 197.554693] ? add_to_pipe+0x360/0x360 [ 197.558580] do_splice_to+0x12e/0x190 [ 197.562393] splice_direct_to_actor+0x270/0x8f0 [ 197.567062] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 197.572591] ? pipe_to_sendpage+0x400/0x400 [ 197.576906] ? do_splice_to+0x190/0x190 [ 197.580880] ? security_file_permission+0x1c2/0x230 [ 197.585890] ? rw_verify_area+0x118/0x360 [ 197.590034] do_splice_direct+0x2d4/0x420 [ 197.594187] ? splice_direct_to_actor+0x8f0/0x8f0 [ 197.599036] ? rw_verify_area+0x118/0x360 [ 197.603185] do_sendfile+0x62a/0xe20 [ 197.606897] ? do_compat_pwritev64+0x1c0/0x1c0 [ 197.611491] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.617055] ? _copy_from_user+0xdf/0x150 [ 197.621209] __x64_sys_sendfile64+0x15d/0x250 [ 197.625695] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 197.630279] do_syscall_64+0x1b9/0x820 [ 197.634163] ? finish_task_switch+0x1d3/0x870 [ 197.638667] ? syscall_return_slowpath+0x5e0/0x5e0 [ 197.643594] ? syscall_return_slowpath+0x31d/0x5e0 [ 197.648515] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 197.653521] ? prepare_exit_to_usermode+0x291/0x3b0 [ 197.658531] ? perf_trace_sys_enter+0xb10/0xb10 [ 197.663201] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 197.668044] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.673226] RIP: 0033:0x455e29 [ 197.676413] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 197.695719] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 197.703420] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 197.710692] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 21:25:17 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345405, &(0x7f0000000000)={{0x0, 0x3, 0xf301}}) 21:25:17 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}, 0x207a8fff}, 0x1c) [ 197.717950] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 197.725207] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 197.732466] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000025 21:25:17 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 21:25:17 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0xc00e0000, {0x4}}, 0x14}, 0x1}, 0x0) 21:25:17 executing program 5: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0xc0f85403, &(0x7f0000000000)) 21:25:17 executing program 3: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$kcm(0xa, 0x1, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r3, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r0, 0x3) close(r2) write$P9_RCREATE(r1, &(0x7f0000000000)={0x18, 0x73, 0x2, {{0x4, 0x4, 0x3}, 0xfff}}, 0x18) 21:25:17 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x4801, {0x4}}, 0x14}, 0x1}, 0x0) 21:25:17 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x17) 21:25:17 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x5420, &(0x7f0000000000)={{0x0, 0x3, 0xf301}}) 21:25:17 executing program 2 (fault-call:9 fault-nth:38): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:17 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0xc0f85403, &(0x7f0000000000)) 21:25:17 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0xf00000000000000, {0x4}}, 0x14}, 0x1}, 0x0) 21:25:17 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x7000000}}) 21:25:17 executing program 3: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) r0 = socket$kcm(0xa, 0x1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x6, 0x0) close(r0) [ 197.959042] FAULT_INJECTION: forcing a failure. [ 197.959042] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 197.970944] CPU: 0 PID: 13256 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 197.979382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.988736] Call Trace: [ 197.991329] dump_stack+0x1c9/0x2b4 [ 197.994984] ? dump_stack_print_info.cold.2+0x52/0x52 [ 198.000212] should_fail.cold.4+0xa/0x11 [ 198.004295] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 198.009418] ? kasan_check_read+0x11/0x20 [ 198.013575] ? rcu_is_watching+0x8c/0x150 [ 198.017739] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.023808] ? xas_start+0x23d/0x740 [ 198.027537] ? trace_hardirqs_on+0x10/0x10 [ 198.031797] ? find_get_entry+0xa6d/0x1120 [ 198.036045] ? lock_downgrade+0x8f0/0x8f0 [ 198.040210] ? lock_acquire+0x1e4/0x540 [ 198.044231] ? fs_reclaim_acquire+0x20/0x20 [ 198.048664] ? lock_downgrade+0x8f0/0x8f0 [ 198.052839] ? check_same_owner+0x340/0x340 [ 198.057201] ? find_get_entry+0xa96/0x1120 [ 198.061463] ? rcu_note_context_switch+0x730/0x730 [ 198.066428] __alloc_pages_nodemask+0x36e/0xdb0 [ 198.071122] ? percpu_ref_put_many+0x119/0x240 [ 198.075710] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 198.080750] ? trace_hardirqs_on+0x10/0x10 [ 198.085009] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.090726] ? xas_start+0x23d/0x740 [ 198.094435] ? xa_load+0x288/0x450 [ 198.097975] ? lock_downgrade+0x8f0/0x8f0 [ 198.102119] ? lock_release+0xa30/0xa30 [ 198.106106] ? retint_kernel+0x10/0x10 [ 198.109990] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 198.115525] alloc_pages_current+0x10c/0x210 [ 198.119928] __page_cache_alloc+0x398/0x5e0 [ 198.124601] ? xa_load+0x2b1/0x450 [ 198.128130] ? xa_clear_tag+0x40/0x40 [ 198.131924] ? filemap_range_has_page+0x4c0/0x4c0 [ 198.136785] ? unwind_get_return_address+0x61/0xa0 [ 198.141709] __do_page_cache_readahead+0x24e/0x690 [ 198.146633] ? read_pages+0x680/0x680 [ 198.150428] ? lock_acquire+0x1e4/0x540 [ 198.154400] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 198.159503] ? lock_downgrade+0x8f0/0x8f0 [ 198.163649] ? lock_release+0xa30/0xa30 [ 198.167614] ondemand_readahead+0x550/0xc40 [ 198.172028] page_cache_sync_readahead+0x3a0/0x6d0 [ 198.176963] ? force_page_cache_readahead+0x360/0x360 [ 198.182231] ? lock_acquire+0x1e4/0x540 [ 198.186207] ? rcu_note_context_switch+0x730/0x730 [ 198.191131] ? check_same_owner+0x340/0x340 [ 198.196582] ? lock_release+0xa30/0xa30 [ 198.200552] generic_file_read_iter+0x1a87/0x2f10 [ 198.205397] ? filemap_write_and_wait_range+0xd0/0xd0 [ 198.210574] ? rcu_read_lock+0x70/0x70 [ 198.214456] ? __unlock_page_memcg+0x72/0x100 [ 198.218969] ? unlock_page_memcg+0x2c/0x40 [ 198.223204] ? page_add_file_rmap+0x781/0xe40 [ 198.227690] ? page_add_new_anon_rmap+0x870/0x870 [ 198.232524] ? lockdep_init_map+0x9/0x10 [ 198.236577] ? kasan_check_write+0x14/0x20 [ 198.240800] ? __init_rwsem+0x1cc/0x2a0 [ 198.244781] ? lock_acquire+0x1e4/0x540 [ 198.248834] ? alloc_set_pte+0x1133/0x1790 [ 198.253061] ? lock_release+0xa30/0xa30 [ 198.257028] ? xas_descend+0x20c/0x5f0 [ 198.260907] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 198.265916] ? check_pgprot+0xdf/0x180 [ 198.269804] ? put_page+0x280/0x280 [ 198.273430] ? kasan_check_write+0x14/0x20 [ 198.277674] ? do_raw_spin_lock+0xc1/0x200 [ 198.281900] ? alloc_set_pte+0xaf6/0x1790 [ 198.286046] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 198.291061] ? filemap_map_pages+0xca2/0x1990 [ 198.295561] ? trace_hardirqs_on+0x10/0x10 [ 198.299782] ? xa_set_tag+0x40/0x40 [ 198.303488] ? environ_open+0x90/0x90 [ 198.307280] ? trace_hardirqs_on+0x10/0x10 [ 198.311503] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 198.317035] ? trace_hardirqs_on+0x10/0x10 [ 198.321262] ? trace_hardirqs_on+0x10/0x10 [ 198.325507] ? find_get_entries_tag+0x1410/0x1410 [ 198.330350] ? trace_hardirqs_on+0x10/0x10 [ 198.334576] ? mntput_no_expire+0x18e/0xbc0 [ 198.338893] ? do_raw_spin_lock+0xc1/0x200 [ 198.343120] ? mnt_get_count+0x150/0x150 [ 198.347172] ? dput.part.26+0x276/0x7a0 [ 198.351140] ? shrink_dcache_sb+0x350/0x350 [ 198.355460] ? lock_acquire+0x1e4/0x540 [ 198.359434] ? __fdget_pos+0x1bb/0x200 [ 198.363315] ? lock_acquire+0x1e4/0x540 [ 198.367282] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 198.372811] ? fsnotify+0xbac/0x14e0 [ 198.376516] ext4_file_read_iter+0x18b/0x3c0 [ 198.380937] generic_file_splice_read+0x5a5/0x9a0 [ 198.385780] ? add_to_pipe+0x360/0x360 [ 198.389675] ? rw_verify_area+0x118/0x360 [ 198.393823] ? add_to_pipe+0x360/0x360 [ 198.397707] do_splice_to+0x12e/0x190 [ 198.401516] splice_direct_to_actor+0x270/0x8f0 [ 198.406176] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 198.411703] ? pipe_to_sendpage+0x400/0x400 [ 198.416028] ? do_splice_to+0x190/0x190 [ 198.419998] ? security_file_permission+0x1c2/0x230 [ 198.425029] ? rw_verify_area+0x118/0x360 [ 198.429182] do_splice_direct+0x2d4/0x420 [ 198.433331] ? splice_direct_to_actor+0x8f0/0x8f0 [ 198.438163] ? rw_verify_area+0x118/0x360 [ 198.442300] do_sendfile+0x62a/0xe20 [ 198.446011] ? do_compat_pwritev64+0x1c0/0x1c0 [ 198.450593] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.456129] ? _copy_from_user+0xdf/0x150 [ 198.460268] __x64_sys_sendfile64+0x15d/0x250 [ 198.464757] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 198.469343] do_syscall_64+0x1b9/0x820 [ 198.473227] ? finish_task_switch+0x1d3/0x870 [ 198.477716] ? syscall_return_slowpath+0x5e0/0x5e0 [ 198.482646] ? syscall_return_slowpath+0x31d/0x5e0 [ 198.487570] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 198.492673] ? prepare_exit_to_usermode+0x291/0x3b0 [ 198.497680] ? perf_trace_sys_enter+0xb10/0xb10 [ 198.502344] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 198.507187] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.512361] RIP: 0033:0x455e29 [ 198.515541] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 198.534834] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 198.542533] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 198.549788] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 21:25:17 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x20f63000) 21:25:17 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0xc0f85403, &(0x7f0000000000)) 21:25:17 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x5422, &(0x7f0000000000)={{0x0, 0x3, 0xf301}}) 21:25:18 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x1000000, {0x4}}, 0x14}, 0x1}, 0x0) [ 198.557046] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 198.564303] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 198.571560] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000026 21:25:18 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 21:25:18 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0xc0f85403, &(0x7f0000000000)) 21:25:18 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x40000000000000eb) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = dup2(r0, r1) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x117, 0x9}}, 0x20) r4 = dup3(r1, r1, 0x80000) write$RDMA_USER_CM_CMD_MIGRATE_ID(r2, &(0x7f00000000c0)={0x12, 0x10, 0xfa00, {&(0x7f0000000000), r3, r4}}, 0x18) 21:25:18 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x9effffff, {0x4}}, 0x14}, 0x1}, 0x0) 21:25:18 executing program 3: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) r0 = socket$kcm(0xa, 0x1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r4, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = eventfd(0x75fa) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000040)={r5, 0x12}) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) close(r0) 21:25:18 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x600}}) 21:25:18 executing program 2 (fault-call:9 fault-nth:39): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:18 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0xc0f85403, &(0x7f0000000000)) 21:25:18 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x6800}}) [ 198.767851] FAULT_INJECTION: forcing a failure. [ 198.767851] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 198.779799] CPU: 0 PID: 13311 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 198.788207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 198.797573] Call Trace: [ 198.800174] dump_stack+0x1c9/0x2b4 [ 198.803828] ? dump_stack_print_info.cold.2+0x52/0x52 [ 198.809034] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 198.813903] should_fail.cold.4+0xa/0x11 21:25:18 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0xc0f85403, &(0x7f0000000000)) [ 198.817981] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 198.823101] ? kasan_check_read+0x11/0x20 [ 198.827259] ? rcu_is_watching+0x8c/0x150 [ 198.831422] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.836999] ? xas_start+0x23d/0x740 [ 198.840736] ? find_get_entry+0xa6d/0x1120 [ 198.844989] ? lock_downgrade+0x8f0/0x8f0 [ 198.849156] ? lock_acquire+0x1e4/0x540 [ 198.853135] ? fs_reclaim_acquire+0x20/0x20 [ 198.857446] ? lock_downgrade+0x8f0/0x8f0 [ 198.861582] ? check_same_owner+0x340/0x340 [ 198.865950] ? find_get_entry+0xa96/0x1120 [ 198.870177] ? rcu_note_context_switch+0x730/0x730 [ 198.875105] __alloc_pages_nodemask+0x36e/0xdb0 [ 198.879763] ? percpu_ref_put_many+0x119/0x240 [ 198.884337] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 198.889352] ? trace_hardirqs_on+0x10/0x10 [ 198.893587] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 198.898424] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.903951] ? xas_start+0x23d/0x740 [ 198.907656] ? xa_load+0x288/0x450 [ 198.911188] ? lock_downgrade+0x8f0/0x8f0 [ 198.915339] ? lock_release+0xa30/0xa30 [ 198.919317] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 198.924847] alloc_pages_current+0x10c/0x210 [ 198.929254] __page_cache_alloc+0x398/0x5e0 [ 198.933572] ? xa_load+0x2b1/0x450 [ 198.937102] ? xa_clear_tag+0x40/0x40 [ 198.940925] ? filemap_range_has_page+0x4c0/0x4c0 [ 198.945781] ? unwind_get_return_address+0x61/0xa0 [ 198.950712] __do_page_cache_readahead+0x24e/0x690 [ 198.955634] ? read_pages+0x680/0x680 [ 198.959426] ? lock_acquire+0x1e4/0x540 [ 198.963389] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 198.968489] ? lock_downgrade+0x8f0/0x8f0 [ 198.972626] ? lock_release+0xa30/0xa30 [ 198.976601] ondemand_readahead+0x550/0xc40 [ 198.980914] page_cache_sync_readahead+0x3a0/0x6d0 [ 198.985846] ? force_page_cache_readahead+0x360/0x360 [ 198.991035] ? lock_acquire+0x1e4/0x540 [ 198.995009] ? rcu_note_context_switch+0x730/0x730 [ 199.000021] ? check_same_owner+0x340/0x340 [ 199.004343] ? lock_release+0xa30/0xa30 [ 199.008311] generic_file_read_iter+0x1a87/0x2f10 [ 199.013151] ? filemap_write_and_wait_range+0xd0/0xd0 [ 199.018331] ? rcu_read_lock+0x70/0x70 [ 199.022224] ? __unlock_page_memcg+0x72/0x100 [ 199.027066] ? unlock_page_memcg+0x2c/0x40 [ 199.031296] ? page_add_file_rmap+0x781/0xe40 [ 199.035806] ? page_add_new_anon_rmap+0x870/0x870 [ 199.040639] ? perf_trace_lock+0x920/0x920 [ 199.044871] ? lock_acquire+0x1e4/0x540 [ 199.048833] ? alloc_set_pte+0x1133/0x1790 [ 199.053058] ? lock_release+0xa30/0xa30 [ 199.057027] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 199.062035] ? check_pgprot+0xdf/0x180 [ 199.065912] ? put_page+0x280/0x280 [ 199.069525] ? kasan_check_write+0x14/0x20 [ 199.073756] ? do_raw_spin_lock+0xc1/0x200 [ 199.077983] ? alloc_set_pte+0xaf6/0x1790 [ 199.082122] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 199.087135] ? filemap_map_pages+0xca2/0x1990 [ 199.091619] ? trace_hardirqs_on+0x10/0x10 [ 199.095845] ? xa_set_tag+0x40/0x40 [ 199.099477] ? perf_trace_lock+0x920/0x920 [ 199.103713] ? environ_open+0x90/0x90 [ 199.107513] ? trace_hardirqs_on+0x10/0x10 [ 199.111738] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.117265] ? trace_hardirqs_on+0x10/0x10 [ 199.121493] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 199.126327] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 199.131160] ? perf_trace_lock+0x920/0x920 [ 199.135384] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 199.140213] ? perf_trace_lock+0x920/0x920 [ 199.144450] ? perf_trace_lock+0x920/0x920 [ 199.148673] ? shrink_dcache_sb+0x350/0x350 [ 199.152989] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 199.157830] ? __fdget_pos+0x1bb/0x200 [ 199.161719] ? lock_acquire+0x1e4/0x540 [ 199.165679] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.171201] ? fsnotify+0xbac/0x14e0 [ 199.174906] ext4_file_read_iter+0x18b/0x3c0 [ 199.179308] generic_file_splice_read+0x5a5/0x9a0 [ 199.184149] ? add_to_pipe+0x360/0x360 [ 199.188043] ? rw_verify_area+0x118/0x360 [ 199.192191] ? add_to_pipe+0x360/0x360 [ 199.196077] do_splice_to+0x12e/0x190 [ 199.199872] splice_direct_to_actor+0x270/0x8f0 [ 199.204541] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.210069] ? pipe_to_sendpage+0x400/0x400 [ 199.214379] ? do_splice_to+0x190/0x190 [ 199.218342] ? security_file_permission+0x1c2/0x230 [ 199.223354] ? rw_verify_area+0x118/0x360 [ 199.227494] do_splice_direct+0x2d4/0x420 [ 199.231640] ? splice_direct_to_actor+0x8f0/0x8f0 [ 199.236502] ? rw_verify_area+0x118/0x360 [ 199.240642] do_sendfile+0x62a/0xe20 [ 199.244346] ? do_compat_pwritev64+0x1c0/0x1c0 [ 199.248922] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.254533] ? _copy_from_user+0xdf/0x150 [ 199.258670] __x64_sys_sendfile64+0x15d/0x250 [ 199.263153] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 199.267741] do_syscall_64+0x1b9/0x820 [ 199.271616] ? finish_task_switch+0x1d3/0x870 [ 199.276100] ? syscall_return_slowpath+0x5e0/0x5e0 [ 199.281020] ? syscall_return_slowpath+0x31d/0x5e0 [ 199.285942] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 199.290948] ? prepare_exit_to_usermode+0x291/0x3b0 [ 199.295954] ? perf_trace_sys_enter+0xb10/0xb10 [ 199.300610] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 199.305449] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.310626] RIP: 0033:0x455e29 [ 199.313797] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.333026] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 199.340734] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 199.347997] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 199.355255] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 199.362521] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 21:25:19 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x2}}) 21:25:19 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0xf00, {0x4}}, 0x14}, 0x1}, 0x0) [ 199.369775] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000027 21:25:19 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0xffffffc8) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x101000, 0x0) ioctl$SG_SET_COMMAND_Q(r1, 0x2271, &(0x7f0000000040)=0x1) r2 = socket$inet6(0xa, 0x2000000000001, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f00000001c0)=@assoc_value={0x0, 0x3}, &(0x7f0000000200)=0x8) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000240)={r3, 0x4bad}, 0x8) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r2, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r2, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) ioctl(r2, 0x0, &(0x7f0000000100)="d67ec21ea5e145d1cca15830cf9fbbdc143db4385d61880594bc4db784ebe8ae2b7c1b6e24edbf61044b7ceab442dab12661526480482c3bfd549bd89f627c6879546fcb467299ef82d171bb1e5ad37709e837e164a1af91e29681acfa24b43780d49e4a6e334257502d0dae9af8943565f8c9921ecff79a5f04a0614556731299a6c7c645e16e3c644472") bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000000c0)={0x3, &(0x7f0000000000)=[{0x5, 0x95, 0xffffffff7fffffff, 0x4}, {0x8001, 0x482, 0x3ff, 0x4}, {0x1, 0x8001, 0x16, 0x1}]}, 0x10) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:19 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0xc0f85403, &(0x7f0000000000)) 21:25:19 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0xc0505405, &(0x7f0000000000)={{0x0, 0x3, 0xf301}}) 21:25:19 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0xf0ffffffffffff, {0x4}}, 0x14}, 0x1}, 0x0) 21:25:19 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 21:25:19 executing program 2 (fault-call:9 fault-nth:40): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:19 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000000c0)="025cc83d6d345f8f762070") perf_event_open(&(0x7f0000c86f88)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) time(&(0x7f0000000040)) 21:25:19 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r1, 0x84, 0x65, &(0x7f0000000000)=[@in6={0xa, 0x4e20, 0x5ce8267a, @dev={0xfe, 0x80}, 0x100000001}, @in={0x2, 0x4e22, @local={0xac, 0x14, 0x14, 0xaa}}, @in6={0xa, 0x4e21, 0x8, @mcast2={0xff, 0x2, [], 0x1}, 0x1000}, @in={0x2, 0x4e24, @multicast1=0xe0000001}, @in6={0xa, 0x4e24, 0x9, @empty, 0x7}, @in={0x2, 0x4e21, @loopback=0x7f000001}, @in6={0xa, 0x4e22, 0x7, @remote={0xfe, 0x80, [], 0xbb}, 0x7}, @in6={0xa, 0x7fffffff, 0x7, @local={0xfe, 0x80, [], 0xaa}, 0x1}], 0xbc) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:19 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x3}}) 21:25:19 executing program 3: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) r0 = socket$kcm(0xa, 0x1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) close(r0) 21:25:19 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0xec0, {0x4}}, 0x14}, 0x1}, 0x0) [ 199.590197] FAULT_INJECTION: forcing a failure. [ 199.590197] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 199.602132] CPU: 0 PID: 13359 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 199.610548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.619911] Call Trace: [ 199.622513] dump_stack+0x1c9/0x2b4 [ 199.626180] ? dump_stack_print_info.cold.2+0x52/0x52 [ 199.631391] ? perf_trace_lock_acquire+0xeb/0x9a0 21:25:19 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a0, &(0x7f0000000000)={{0x0, 0x3, 0xf301}}) 21:25:19 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0xf0ffffff, {0x4}}, 0x14}, 0x1}, 0x0) [ 199.637154] should_fail.cold.4+0xa/0x11 [ 199.641235] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 199.646358] ? kasan_check_read+0x11/0x20 [ 199.650523] ? rcu_is_watching+0x8c/0x150 [ 199.654690] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.660246] ? xas_start+0x23d/0x740 [ 199.663981] ? find_get_entry+0xa6d/0x1120 [ 199.668230] ? lock_downgrade+0x8f0/0x8f0 [ 199.672398] ? lock_acquire+0x1e4/0x540 [ 199.676389] ? fs_reclaim_acquire+0x20/0x20 [ 199.680730] ? lock_downgrade+0x8f0/0x8f0 [ 199.684898] ? check_same_owner+0x340/0x340 21:25:19 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0xc0145401, &(0x7f0000000000)={{0x0, 0x3, 0xf301}}) [ 199.689237] ? find_get_entry+0xa96/0x1120 [ 199.693488] ? rcu_note_context_switch+0x730/0x730 [ 199.698438] __alloc_pages_nodemask+0x36e/0xdb0 [ 199.703122] ? percpu_ref_put_many+0x119/0x240 [ 199.707719] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 199.712745] ? trace_hardirqs_on+0x10/0x10 [ 199.716994] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 199.721858] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.727410] ? xas_start+0x23d/0x740 [ 199.731164] ? xa_load+0x288/0x450 [ 199.734720] ? lock_downgrade+0x8f0/0x8f0 21:25:19 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0xf0ffff, {0x4}}, 0x14}, 0x1}, 0x0) [ 199.738883] ? lock_release+0xa30/0xa30 [ 199.742874] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 199.748422] alloc_pages_current+0x10c/0x210 [ 199.752848] __page_cache_alloc+0x398/0x5e0 [ 199.757179] ? xa_load+0x2b1/0x450 [ 199.760735] ? xa_clear_tag+0x40/0x40 [ 199.764550] ? filemap_range_has_page+0x4c0/0x4c0 [ 199.769407] ? unwind_get_return_address+0x61/0xa0 [ 199.774351] __do_page_cache_readahead+0x24e/0x690 [ 199.779300] ? read_pages+0x680/0x680 [ 199.783116] ? lock_acquire+0x1e4/0x540 21:25:19 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x4020940d, &(0x7f0000000000)={{0x0, 0x3, 0xf301}}) 21:25:19 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0xf000000, {0x4}}, 0x14}, 0x1}, 0x0) [ 199.787127] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 199.792242] ? lock_downgrade+0x8f0/0x8f0 [ 199.796402] ? lock_release+0xa30/0xa30 [ 199.800394] ondemand_readahead+0x550/0xc40 [ 199.804732] page_cache_sync_readahead+0x3a0/0x6d0 [ 199.809676] ? force_page_cache_readahead+0x360/0x360 [ 199.814879] ? lock_acquire+0x1e4/0x540 [ 199.818866] ? rcu_note_context_switch+0x730/0x730 [ 199.823815] ? check_same_owner+0x340/0x340 [ 199.828147] ? lock_release+0xa30/0xa30 [ 199.832140] generic_file_read_iter+0x1a87/0x2f10 21:25:19 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40049409, &(0x7f0000000000)={{0x0, 0x3, 0xf301}}) [ 199.837029] ? filemap_write_and_wait_range+0xd0/0xd0 [ 199.842225] ? rcu_read_lock+0x70/0x70 [ 199.846149] ? __unlock_page_memcg+0x72/0x100 [ 199.850651] ? unlock_page_memcg+0x2c/0x40 [ 199.854893] ? page_add_file_rmap+0x781/0xe40 [ 199.859398] ? page_add_new_anon_rmap+0x870/0x870 [ 199.864258] ? perf_trace_lock+0x920/0x920 [ 199.868517] ? lock_acquire+0x1e4/0x540 [ 199.872504] ? alloc_set_pte+0x1133/0x1790 [ 199.876751] ? lock_release+0xa30/0xa30 [ 199.880735] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 199.885760] ? check_pgprot+0xdf/0x180 21:25:19 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0xfffffffffffff000, {0x4}}, 0x14}, 0x1}, 0x0) 21:25:19 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x4034540d, &(0x7f0000000000)={{0x0, 0x3, 0xf301}}) [ 199.889655] ? put_page+0x280/0x280 [ 199.893286] ? kasan_check_write+0x14/0x20 [ 199.897525] ? do_raw_spin_lock+0xc1/0x200 [ 199.901777] ? alloc_set_pte+0xaf6/0x1790 [ 199.905945] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 199.911170] ? filemap_map_pages+0xca2/0x1990 [ 199.915691] ? trace_hardirqs_on+0x10/0x10 [ 199.919935] ? xa_set_tag+0x40/0x40 [ 199.923572] ? perf_trace_lock+0x920/0x920 [ 199.927826] ? environ_open+0x90/0x90 [ 199.931725] ? trace_hardirqs_on+0x10/0x10 [ 199.935971] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.941526] ? trace_hardirqs_on+0x10/0x10 [ 199.945777] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 199.950650] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 199.955538] ? perf_trace_lock+0x920/0x920 [ 199.959787] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 199.964641] ? perf_trace_lock+0x920/0x920 [ 199.968888] ? perf_trace_lock+0x920/0x920 [ 199.973133] ? shrink_dcache_sb+0x350/0x350 [ 199.977472] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 199.982323] ? __fdget_pos+0x1bb/0x200 [ 199.986236] ? lock_acquire+0x1e4/0x540 [ 199.990226] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.995794] ? fsnotify+0xbac/0x14e0 [ 199.999643] ext4_file_read_iter+0x18b/0x3c0 [ 200.004156] generic_file_splice_read+0x5a5/0x9a0 [ 200.009028] ? add_to_pipe+0x360/0x360 [ 200.012920] ? rw_verify_area+0x118/0x360 [ 200.017058] ? add_to_pipe+0x360/0x360 [ 200.020950] do_splice_to+0x12e/0x190 [ 200.024749] splice_direct_to_actor+0x270/0x8f0 [ 200.029410] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 200.034941] ? pipe_to_sendpage+0x400/0x400 [ 200.039260] ? do_splice_to+0x190/0x190 [ 200.043240] ? security_file_permission+0x1c2/0x230 [ 200.048250] ? rw_verify_area+0x118/0x360 [ 200.052401] do_splice_direct+0x2d4/0x420 [ 200.056552] ? splice_direct_to_actor+0x8f0/0x8f0 [ 200.061393] ? rw_verify_area+0x118/0x360 [ 200.065534] do_sendfile+0x62a/0xe20 [ 200.069244] ? do_compat_pwritev64+0x1c0/0x1c0 [ 200.073823] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.079350] ? _copy_from_user+0xdf/0x150 [ 200.083491] __x64_sys_sendfile64+0x15d/0x250 [ 200.088064] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 200.092641] do_syscall_64+0x1b9/0x820 [ 200.096525] ? finish_task_switch+0x1d3/0x870 [ 200.101021] ? syscall_return_slowpath+0x5e0/0x5e0 [ 200.105958] ? syscall_return_slowpath+0x31d/0x5e0 [ 200.110877] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 200.115883] ? prepare_exit_to_usermode+0x291/0x3b0 [ 200.120891] ? perf_trace_sys_enter+0xb10/0xb10 [ 200.125552] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 200.130401] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.135576] RIP: 0033:0x455e29 [ 200.138750] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 200.158122] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 200.165826] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 200.173086] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 200.180345] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 200.187604] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 200.194863] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000028 21:25:21 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000000c0)="025cc83d6d345f8f762070") perf_event_open(&(0x7f0000c86f88)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) time(&(0x7f0000000040)) 21:25:21 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0xf, {0x4}}, 0x14}, 0x1}, 0x0) 21:25:21 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 21:25:21 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345403, &(0x7f0000000000)={{0x0, 0x3, 0xf301}}) 21:25:21 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x10000, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x43, &(0x7f0000000040)={'TPROXY\x00'}, &(0x7f0000000080)=0x1e) setsockopt$sock_int(r0, 0x1, 0x8000000f, &(0x7f0000000140)=0x9, 0x0) r2 = socket$inet6(0xa, 0x2000000000001, 0x0) ioctl$KVM_GET_FPU(r1, 0x81a0ae8c, &(0x7f0000000180)) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r2, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r2, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) ioctl$TIOCSSOFTCAR(r2, 0x541a, &(0x7f0000000100)=0x80000000) setsockopt$sock_int(r2, 0x1, 0x2a, &(0x7f00000000c0)=0x8000, 0x4) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:21 executing program 2 (fault-call:9 fault-nth:41): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:21 executing program 3: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$kcm(0xa, 0x1, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) getsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000000), &(0x7f0000000040)=0xb) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000080), &(0x7f00000000c0)=0xc) close(r1) 21:25:21 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x6c000000}}) 21:25:21 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) getsockopt$bt_hci(r0, 0x0, 0x3, &(0x7f0000000000)=""/4096, &(0x7f0000001000)=0x1000) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x1) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:21 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x2}}, 0x14}, 0x1}, 0x0) 21:25:21 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0xc0045877, &(0x7f0000000000)={{0x0, 0x3, 0xf301}}) 21:25:21 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="025cc83d6d345f8f762070") socketpair$inet_udplite(0x2, 0x2, 0x88, &(0x7f00000003c0)) [ 201.110225] FAULT_INJECTION: forcing a failure. [ 201.110225] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 201.122319] CPU: 0 PID: 13431 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 201.130776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 201.140136] Call Trace: [ 201.142735] dump_stack+0x1c9/0x2b4 [ 201.146372] ? dump_stack_print_info.cold.2+0x52/0x52 [ 201.151579] ? _raw_spin_unlock_irq+0x27/0x70 [ 201.156087] ? finish_task_switch+0x1d3/0x870 [ 201.160598] should_fail.cold.4+0xa/0x11 [ 201.164672] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 201.169794] ? kasan_check_write+0x14/0x20 [ 201.174045] ? __schedule+0x884/0x1ed0 [ 201.177947] ? trace_hardirqs_on+0x10/0x10 [ 201.182193] ? __sched_text_start+0x8/0x8 [ 201.186358] ? lock_downgrade+0x8f0/0x8f0 [ 201.190547] ? lock_acquire+0x1e4/0x540 [ 201.194536] ? fs_reclaim_acquire+0x20/0x20 [ 201.198869] ? lock_downgrade+0x8f0/0x8f0 [ 201.203053] ? check_same_owner+0x340/0x340 [ 201.207395] ? rcu_note_context_switch+0x730/0x730 [ 201.212330] __alloc_pages_nodemask+0x36e/0xdb0 [ 201.216995] ? percpu_ref_put_many+0x119/0x240 [ 201.221578] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 201.226587] ? trace_hardirqs_on+0x10/0x10 [ 201.231098] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 201.236638] ? xas_start+0x23d/0x740 [ 201.240345] ? xa_load+0x288/0x450 [ 201.243877] ? lock_downgrade+0x8f0/0x8f0 [ 201.248033] ? lock_release+0xa30/0xa30 [ 201.252004] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 201.257539] alloc_pages_current+0x10c/0x210 [ 201.261943] __page_cache_alloc+0x398/0x5e0 [ 201.266263] ? xa_load+0x2b1/0x450 [ 201.269792] ? xa_clear_tag+0x40/0x40 [ 201.273590] ? filemap_range_has_page+0x4c0/0x4c0 [ 201.278431] ? unwind_get_return_address+0x61/0xa0 [ 201.283357] __do_page_cache_readahead+0x24e/0x690 [ 201.288285] ? read_pages+0x680/0x680 [ 201.292078] ? lock_acquire+0x1e4/0x540 [ 201.296042] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 201.301135] ? lock_downgrade+0x8f0/0x8f0 [ 201.305276] ? lock_release+0xa30/0xa30 [ 201.309244] ondemand_readahead+0x550/0xc40 [ 201.313562] page_cache_sync_readahead+0x3a0/0x6d0 [ 201.318487] ? force_page_cache_readahead+0x360/0x360 [ 201.323754] ? lock_acquire+0x1e4/0x540 [ 201.327752] ? rcu_note_context_switch+0x730/0x730 [ 201.332682] ? check_same_owner+0x340/0x340 [ 201.337016] ? lock_release+0xa30/0xa30 [ 201.340986] generic_file_read_iter+0x1a87/0x2f10 [ 201.345838] ? filemap_write_and_wait_range+0xd0/0xd0 [ 201.351020] ? rcu_read_lock+0x70/0x70 [ 201.354905] ? __unlock_page_memcg+0x72/0x100 [ 201.359392] ? unlock_page_memcg+0x2c/0x40 [ 201.363711] ? page_add_file_rmap+0x781/0xe40 [ 201.368200] ? page_add_new_anon_rmap+0x870/0x870 [ 201.373047] ? lockdep_init_map+0x9/0x10 [ 201.377099] ? kasan_check_write+0x14/0x20 [ 201.381332] ? __init_rwsem+0x1cc/0x2a0 [ 201.385305] ? lock_acquire+0x1e4/0x540 [ 201.389280] ? alloc_set_pte+0x1133/0x1790 [ 201.393604] ? lock_release+0xa30/0xa30 [ 201.397567] ? xas_descend+0x20c/0x5f0 [ 201.401461] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 201.406485] ? check_pgprot+0xdf/0x180 [ 201.410360] ? put_page+0x280/0x280 [ 201.413978] ? kasan_check_write+0x14/0x20 [ 201.418634] ? do_raw_spin_lock+0xc1/0x200 [ 201.422878] ? alloc_set_pte+0xaf6/0x1790 [ 201.427024] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 201.432036] ? filemap_map_pages+0xca2/0x1990 [ 201.436527] ? trace_hardirqs_on+0x10/0x10 [ 201.440752] ? xa_set_tag+0x40/0x40 [ 201.444372] ? environ_open+0x90/0x90 [ 201.448167] ? trace_hardirqs_on+0x10/0x10 [ 201.452390] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 201.457930] ? trace_hardirqs_on+0x10/0x10 [ 201.462168] ? trace_hardirqs_on+0x10/0x10 [ 201.466406] ? find_get_entries_tag+0x1410/0x1410 [ 201.471261] ? trace_hardirqs_on+0x10/0x10 [ 201.475492] ? mntput_no_expire+0x18e/0xbc0 [ 201.479799] ? do_raw_spin_lock+0xc1/0x200 [ 201.484029] ? mnt_get_count+0x150/0x150 [ 201.488081] ? dput.part.26+0x276/0x7a0 [ 201.492044] ? shrink_dcache_sb+0x350/0x350 [ 201.496366] ? lock_acquire+0x1e4/0x540 [ 201.500327] ? __fdget_pos+0x1bb/0x200 [ 201.504208] ? lock_acquire+0x1e4/0x540 [ 201.508183] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 201.513706] ? fsnotify+0xbac/0x14e0 [ 201.517435] ext4_file_read_iter+0x18b/0x3c0 [ 201.521847] generic_file_splice_read+0x5a5/0x9a0 [ 201.526703] ? add_to_pipe+0x360/0x360 [ 201.530591] ? rw_verify_area+0x118/0x360 [ 201.534729] ? add_to_pipe+0x360/0x360 [ 201.538608] do_splice_to+0x12e/0x190 [ 201.542411] splice_direct_to_actor+0x270/0x8f0 [ 201.547072] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 201.552597] ? pipe_to_sendpage+0x400/0x400 [ 201.556936] ? do_splice_to+0x190/0x190 [ 201.560985] ? security_file_permission+0x1c2/0x230 [ 201.565994] ? rw_verify_area+0x118/0x360 [ 201.570140] do_splice_direct+0x2d4/0x420 [ 201.574285] ? splice_direct_to_actor+0x8f0/0x8f0 [ 201.579130] ? rw_verify_area+0x118/0x360 [ 201.583280] do_sendfile+0x62a/0xe20 [ 201.586991] ? do_compat_pwritev64+0x1c0/0x1c0 [ 201.591582] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 201.597110] ? _copy_from_user+0xdf/0x150 [ 201.601438] __x64_sys_sendfile64+0x15d/0x250 [ 201.605934] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 201.610522] do_syscall_64+0x1b9/0x820 [ 201.614475] ? finish_task_switch+0x1d3/0x870 [ 201.618971] ? syscall_return_slowpath+0x5e0/0x5e0 [ 201.623892] ? syscall_return_slowpath+0x31d/0x5e0 [ 201.628815] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 201.634750] ? prepare_exit_to_usermode+0x291/0x3b0 [ 201.639846] ? perf_trace_sys_enter+0xb10/0xb10 [ 201.646592] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 201.651589] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 201.656774] RIP: 0033:0x455e29 [ 201.660039] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 201.679317] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 201.687023] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 201.694286] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 201.701546] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 21:25:21 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x7a}}) [ 201.708812] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 201.716070] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000029 21:25:21 executing program 5: syz_emit_ethernet(0xfed1, &(0x7f000000a000)={@broadcast=[0xff, 0xe0, 0xff, 0xff, 0xff, 0xff], @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0xfec3, 0x0, 0xfeaf, 0x0, 0x2f, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, @multicast1=0xe0000001}, @udp={0x0, 0x0, 0x8}}}}}, 0x0) 21:25:21 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x3}}, 0x14}, 0x1}, 0x0) 21:25:21 executing program 3: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) tee(r0, r0, 0x80000001, 0x2) r2 = socket$kcm(0xa, 0x1, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000040)=0xc) ioctl$KVM_GET_VCPU_EVENTS(r1, 0x8040ae9f, &(0x7f00000000c0)) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000080)=0x0) kcmp(r3, r5, 0x0, r1, r0) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x4010, r2, 0x0) setfsgid(r4) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r6, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) close(r2) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r1, 0xc1205531, &(0x7f00000002c0)={0x1, 0x2, 0x4102, 0x7e04, [], [], [], 0x9, 0x4, 0x2, 0x5, "03318863a33f08863a76871d54bd6e13"}) socket$nl_crypto(0x10, 0x3, 0x15) 21:25:21 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x803c9b7f048ce016) ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f00000002c0)) 21:25:21 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x7a00000000000000}}) 21:25:21 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, r0) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 21:25:21 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0xf000000}}, 0x14}, 0x1}, 0x0) 21:25:21 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:21 executing program 2 (fault-call:9 fault-nth:42): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:21 executing program 3: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x100, 0x0) setsockopt$inet6_MRT6_DEL_MFC_PROXY(r1, 0x29, 0xd3, &(0x7f00000000c0)={{0xa, 0x4e24, 0x4049, @mcast1={0xff, 0x1, [], 0x1}, 0xfff}, {0xa, 0x4e24, 0x0, @loopback={0x0, 0x1}, 0x7fff}, 0xfff, [0x1, 0x8, 0x5, 0x200000000000, 0x10000, 0x6, 0x0, 0xffffffffffffffff]}, 0x5c) getpeername$netlink(r0, &(0x7f0000000040), &(0x7f0000000080)=0xc) r2 = socket$kcm(0xa, 0x1, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r3, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) close(r2) syz_open_dev$mice(&(0x7f00000001c0)='/dev/input/mice\x00', 0x0, 0x400) 21:25:21 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x68000000}}) 21:25:21 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f0000008980)=[{{0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000001580)="ae3ad57d6158b85806b80548dfbb5a13", 0x10}], 0x1, &(0x7f0000001680)}}, {{&(0x7f0000003200)=@l2={0x1f}, 0x80, &(0x7f0000003540), 0x0, &(0x7f0000003580)}}], 0x2, 0x0) 21:25:21 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x5423, &(0x7f0000000000)={{0x0, 0x3, 0xf301}}) 21:25:22 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x5421, &(0x7f0000000000)={{0x0, 0x3, 0xf301}}) 21:25:22 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x2}}, 0x14}, 0x1}, 0x0) 21:25:22 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x22, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, &(0x7f00000003c0)}) 21:25:22 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x6c00}}) 21:25:22 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) delete_module(&(0x7f0000000000)=')\x00', 0x200) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e23, 0x100, @loopback={0x0, 0x1}}, 0x1c) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) [ 202.060581] FAULT_INJECTION: forcing a failure. [ 202.060581] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 202.072496] CPU: 1 PID: 13513 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 202.080906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 202.087806] binder: 13532:13535 transaction failed 29189/-22, size 0-0 line 2852 [ 202.090263] Call Trace: [ 202.090286] dump_stack+0x1c9/0x2b4 [ 202.090302] ? dump_stack_print_info.cold.2+0x52/0x52 [ 202.090315] ? _raw_spin_unlock_irq+0x27/0x70 [ 202.090335] ? finish_task_switch+0x1d3/0x870 [ 202.118184] should_fail.cold.4+0xa/0x11 [ 202.122248] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 202.127350] ? kasan_check_write+0x14/0x20 [ 202.131584] ? __schedule+0x884/0x1ed0 [ 202.135469] ? trace_hardirqs_on+0x10/0x10 [ 202.139700] ? __sched_text_start+0x8/0x8 [ 202.143859] ? lock_downgrade+0x8f0/0x8f0 [ 202.148010] ? lock_acquire+0x1e4/0x540 [ 202.151981] ? fs_reclaim_acquire+0x20/0x20 [ 202.156298] ? lock_downgrade+0x8f0/0x8f0 [ 202.160445] ? check_same_owner+0x340/0x340 [ 202.164775] ? retint_kernel+0x10/0x10 [ 202.168656] ? rcu_note_context_switch+0x730/0x730 [ 202.173602] __alloc_pages_nodemask+0x36e/0xdb0 [ 202.178271] ? __perf_event_task_sched_out+0x2f0/0x1a60 [ 202.183634] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 202.188644] ? trace_hardirqs_on+0x10/0x10 [ 202.192881] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 202.198428] ? xas_start+0x23d/0x740 [ 202.202140] ? xa_load+0x288/0x450 [ 202.205678] ? lock_downgrade+0x8f0/0x8f0 [ 202.209828] ? lock_release+0xa30/0xa30 [ 202.213814] ? xas_load+0x15c/0x1e0 [ 202.217440] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 202.222988] alloc_pages_current+0x10c/0x210 [ 202.227397] __page_cache_alloc+0x398/0x5e0 [ 202.231712] ? xa_load+0x2b1/0x450 [ 202.235255] ? xa_clear_tag+0x40/0x40 [ 202.239233] ? filemap_range_has_page+0x4c0/0x4c0 [ 202.244070] ? rb_next+0x140/0x140 [ 202.247619] __do_page_cache_readahead+0x24e/0x690 [ 202.252558] ? read_pages+0x680/0x680 [ 202.256368] ? lock_acquire+0x1e4/0x540 [ 202.260336] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 202.265531] ? lock_downgrade+0x8f0/0x8f0 [ 202.269675] ? lock_release+0xa30/0xa30 [ 202.273649] ondemand_readahead+0x550/0xc40 [ 202.277979] page_cache_sync_readahead+0x3a0/0x6d0 [ 202.282907] ? force_page_cache_readahead+0x360/0x360 [ 202.288104] ? lock_acquire+0x1e4/0x540 [ 202.292071] ? rcu_note_context_switch+0x730/0x730 [ 202.296999] ? check_same_owner+0x340/0x340 [ 202.301333] ? lock_release+0xa30/0xa30 [ 202.305320] generic_file_read_iter+0x1a87/0x2f10 [ 202.310181] ? filemap_write_and_wait_range+0xd0/0xd0 [ 202.315375] ? __update_load_avg_blocked_se.isra.34+0x460/0x460 [ 202.321444] ? update_load_avg+0x2de/0x2590 [ 202.325759] ? page_add_new_anon_rmap+0x870/0x870 [ 202.330605] ? attach_entity_load_avg+0x860/0x860 [ 202.335443] ? kasan_check_write+0x14/0x20 [ 202.339689] ? update_load_avg+0x2de/0x2590 [ 202.344003] ? attach_entity_load_avg+0x860/0x860 [ 202.348839] ? alloc_set_pte+0x1133/0x1790 [ 202.353066] ? lock_release+0xa30/0xa30 [ 202.357034] ? xas_descend+0x20c/0x5f0 [ 202.360928] ? rb_erase+0x3550/0x3550 [ 202.364719] ? put_page+0x280/0x280 [ 202.368337] ? kasan_check_write+0x14/0x20 [ 202.372564] ? do_raw_spin_lock+0xc1/0x200 [ 202.376797] ? lock_acquire+0x1e4/0x540 [ 202.380759] ? cpuacct_charge+0x2eb/0x5d0 [ 202.384894] ? lock_downgrade+0x8f0/0x8f0 [ 202.389033] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 202.394056] ? trace_hardirqs_on+0x10/0x10 [ 202.398293] ? lock_acquire+0x1e4/0x540 [ 202.402256] ? update_curr+0x4c8/0xc00 [ 202.406134] ? trace_hardirqs_on+0x10/0x10 [ 202.410357] ? lock_release+0xa30/0xa30 [ 202.414325] ? cpuacct_charge+0x30a/0x5d0 [ 202.418470] ? trace_hardirqs_on+0x10/0x10 [ 202.422694] ? trace_hardirqs_on+0x10/0x10 [ 202.426926] ? trace_hardirqs_on+0x10/0x10 [ 202.431160] ? update_curr+0x4e7/0xc00 [ 202.435038] ? find_get_entries_tag+0x1410/0x1410 [ 202.439876] ? __account_cfs_rq_runtime+0x770/0x770 [ 202.444884] ? trace_hardirqs_on+0x10/0x10 [ 202.449111] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.454638] ? __perf_event_task_sched_out+0x2f0/0x1a60 [ 202.459989] ? active_load_balance_cpu_stop+0x1030/0x1030 [ 202.465525] ? lock_acquire+0x1e4/0x540 [ 202.469496] ? __fdget_pos+0x1bb/0x200 [ 202.473376] ? __perf_event_task_sched_in+0x24f/0xbb0 [ 202.478556] ? lock_acquire+0x1e4/0x540 [ 202.482522] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.488046] ? fsnotify+0xbac/0x14e0 [ 202.491854] ext4_file_read_iter+0x18b/0x3c0 [ 202.496255] generic_file_splice_read+0x5a5/0x9a0 [ 202.501100] ? add_to_pipe+0x360/0x360 [ 202.505079] ? rw_verify_area+0x118/0x360 [ 202.509213] ? add_to_pipe+0x360/0x360 [ 202.513093] do_splice_to+0x12e/0x190 [ 202.516895] splice_direct_to_actor+0x270/0x8f0 [ 202.521553] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.527083] ? pipe_to_sendpage+0x400/0x400 [ 202.531400] ? do_splice_to+0x190/0x190 [ 202.535379] ? security_file_permission+0x1c2/0x230 [ 202.540388] ? rw_verify_area+0x118/0x360 [ 202.544526] do_splice_direct+0x2d4/0x420 [ 202.548677] ? splice_direct_to_actor+0x8f0/0x8f0 [ 202.553524] ? rw_verify_area+0x118/0x360 [ 202.557672] do_sendfile+0x62a/0xe20 [ 202.561396] ? do_compat_pwritev64+0x1c0/0x1c0 [ 202.565976] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 202.571505] ? _copy_from_user+0xdf/0x150 [ 202.575647] __x64_sys_sendfile64+0x15d/0x250 [ 202.580146] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 202.584735] do_syscall_64+0x1b9/0x820 [ 202.588727] ? syscall_slow_exit_work+0x500/0x500 [ 202.593560] ? syscall_return_slowpath+0x5e0/0x5e0 [ 202.598482] ? syscall_return_slowpath+0x31d/0x5e0 [ 202.603415] ? prepare_exit_to_usermode+0x291/0x3b0 [ 202.608429] ? perf_trace_sys_enter+0xb10/0xb10 [ 202.613090] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 202.617931] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.623106] RIP: 0033:0x455e29 [ 202.626290] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 202.645569] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 202.653276] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 21:25:22 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2000) mq_getsetattr(r2, &(0x7f0000000040)={0x0, 0x0, 0x8, 0x9, 0x53, 0x9, 0xff, 0x4}, &(0x7f0000000080)) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) [ 202.660542] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 202.667800] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 202.675231] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 202.682495] R13: 00000000004c1113 R14: 00000000004d1540 R15: 000000000000002a 21:25:22 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0xf}}, 0x14}, 0x1}, 0x0) 21:25:22 executing program 3: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r1 = socket$kcm(0xa, 0x1, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000000)) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) close(r1) [ 202.732679] binder: 13532:13549 transaction failed 29189/-22, size 0-0 line 2852 [ 202.788202] binder: undelivered TRANSACTION_ERROR: 29189 [ 202.794673] binder: undelivered TRANSACTION_ERROR: 29189 21:25:22 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, 0xffffffffffffffff) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 21:25:22 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x4034540e, &(0x7f0000000000)={{0x0, 0x3, 0xf301}}) 21:25:22 executing program 2 (fault-call:9 fault-nth:43): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:22 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x7400}}) 21:25:22 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f00000000c0)='./file1\x00', 0x0) fallocate(r1, 0x0, 0x0, 0x2f07) write$binfmt_aout(r1, &(0x7f0000001ac0), 0x9ffc) fallocate(r1, 0x0, 0x8f0a, 0xac0) fdatasync(r1) 21:25:22 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000000)={0xffffffffffffffff}, 0x0, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r1, &(0x7f0000000080)={0x15, 0x110, 0xfa00, {r2, 0x6, 0x0, 0x0, 0x0, @ib={0x1b, 0x1cbe0000000, 0x6, {"7c9ec1884548dde50ee2b6b3e90c89bd"}, 0xfbf, 0x8001, 0x20}, @in6={0xa, 0x4e21, 0x8, @empty, 0x1}}}, 0x118) 21:25:22 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x200000000000000}}, 0x14}, 0x1}, 0x0) 21:25:22 executing program 3: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$kcm(0xa, 0x1, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000000)=0x9) close(r1) 21:25:22 executing program 5: r0 = socket$inet6(0xa, 0x801, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f0000000000)) close(r1) 21:25:22 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345404, &(0x7f0000000000)={{0x0, 0x3, 0xf301}}) 21:25:22 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0xc00e0000}}, 0x14}, 0x1}, 0x0) 21:25:22 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) timer_create(0x1, &(0x7f0000000000)={0x0, 0xe, 0x1, @tid=0xffffffffffffffff}, &(0x7f0000000040)=0x0) timer_getoverrun(r2) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) [ 202.962640] FAULT_INJECTION: forcing a failure. [ 202.962640] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 202.974668] CPU: 0 PID: 13598 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 202.983071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 202.992521] Call Trace: [ 202.995123] dump_stack+0x1c9/0x2b4 [ 202.998802] ? dump_stack_print_info.cold.2+0x52/0x52 [ 203.004009] should_fail.cold.4+0xa/0x11 [ 203.008087] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 203.013210] ? lock_downgrade+0x8f0/0x8f0 [ 203.017383] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 203.022930] ? xas_start+0x23d/0x740 [ 203.026658] ? trace_hardirqs_on+0x10/0x10 [ 203.030898] ? find_get_entry+0xa6d/0x1120 [ 203.035133] ? lock_downgrade+0x8f0/0x8f0 [ 203.039278] ? lock_acquire+0x1e4/0x540 [ 203.043239] ? fs_reclaim_acquire+0x20/0x20 [ 203.047559] ? lock_downgrade+0x8f0/0x8f0 [ 203.051705] ? check_same_owner+0x340/0x340 [ 203.056029] ? find_get_entry+0xa96/0x1120 [ 203.060266] ? rcu_note_context_switch+0x730/0x730 [ 203.065192] __alloc_pages_nodemask+0x36e/0xdb0 [ 203.069850] ? __perf_event_task_sched_out+0x2f0/0x1a60 [ 203.075213] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 203.080228] ? trace_hardirqs_on+0x10/0x10 [ 203.084467] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 203.090011] ? xas_start+0x23d/0x740 [ 203.093732] ? xa_load+0x288/0x450 [ 203.097266] ? lock_downgrade+0x8f0/0x8f0 [ 203.101424] ? lock_release+0xa30/0xa30 [ 203.105413] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 203.110957] alloc_pages_current+0x10c/0x210 [ 203.115545] __page_cache_alloc+0x398/0x5e0 [ 203.119852] ? xa_load+0x2b1/0x450 [ 203.123387] ? xa_clear_tag+0x40/0x40 [ 203.127182] ? filemap_range_has_page+0x4c0/0x4c0 [ 203.132018] ? unwind_get_return_address+0x61/0xa0 [ 203.136945] __do_page_cache_readahead+0x24e/0x690 [ 203.141871] ? read_pages+0x680/0x680 [ 203.145664] ? lock_acquire+0x1e4/0x540 [ 203.149628] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 203.154721] ? lock_downgrade+0x8f0/0x8f0 [ 203.158862] ? lock_release+0xa30/0xa30 [ 203.162837] ondemand_readahead+0x550/0xc40 [ 203.167154] page_cache_sync_readahead+0x3a0/0x6d0 [ 203.172079] ? force_page_cache_readahead+0x360/0x360 [ 203.177259] ? lock_acquire+0x1e4/0x540 [ 203.181223] ? rcu_note_context_switch+0x730/0x730 [ 203.186151] ? check_same_owner+0x340/0x340 [ 203.190472] ? lock_release+0xa30/0xa30 [ 203.194449] generic_file_read_iter+0x1a87/0x2f10 [ 203.199295] ? filemap_write_and_wait_range+0xd0/0xd0 [ 203.204472] ? rcu_read_lock+0x70/0x70 [ 203.208354] ? __unlock_page_memcg+0x72/0x100 [ 203.212836] ? unlock_page_memcg+0x2c/0x40 [ 203.217061] ? page_add_file_rmap+0x781/0xe40 [ 203.221559] ? page_add_new_anon_rmap+0x870/0x870 [ 203.226393] ? lockdep_init_map+0x9/0x10 [ 203.230444] ? kasan_check_write+0x14/0x20 [ 203.234666] ? __init_rwsem+0x1cc/0x2a0 [ 203.238638] ? lock_acquire+0x1e4/0x540 [ 203.242603] ? alloc_set_pte+0x1133/0x1790 [ 203.246829] ? lock_release+0xa30/0xa30 [ 203.250799] ? xas_descend+0x20c/0x5f0 [ 203.254678] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 203.259683] ? check_pgprot+0xdf/0x180 [ 203.263559] ? put_page+0x280/0x280 [ 203.267174] ? kasan_check_write+0x14/0x20 [ 203.271405] ? do_raw_spin_lock+0xc1/0x200 [ 203.275633] ? alloc_set_pte+0xaf6/0x1790 [ 203.279778] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 203.284814] ? filemap_map_pages+0xca2/0x1990 [ 203.289302] ? trace_hardirqs_on+0x10/0x10 [ 203.293536] ? xa_set_tag+0x40/0x40 [ 203.297152] ? environ_open+0x90/0x90 [ 203.300953] ? trace_hardirqs_on+0x10/0x10 [ 203.305177] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 203.310707] ? trace_hardirqs_on+0x10/0x10 [ 203.314935] ? trace_hardirqs_on+0x10/0x10 [ 203.319165] ? find_get_entries_tag+0x1410/0x1410 [ 203.324006] ? trace_hardirqs_on+0x10/0x10 [ 203.328260] ? mntput_no_expire+0x18e/0xbc0 [ 203.332567] ? do_raw_spin_lock+0xc1/0x200 [ 203.336804] ? mnt_get_count+0x150/0x150 [ 203.340857] ? dput.part.26+0x276/0x7a0 [ 203.344831] ? shrink_dcache_sb+0x350/0x350 [ 203.349147] ? lock_acquire+0x1e4/0x540 [ 203.353109] ? __fdget_pos+0x1bb/0x200 [ 203.356989] ? lock_acquire+0x1e4/0x540 [ 203.360955] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 203.366489] ? fsnotify+0xbac/0x14e0 [ 203.370202] ext4_file_read_iter+0x18b/0x3c0 [ 203.374606] generic_file_splice_read+0x5a5/0x9a0 [ 203.379447] ? add_to_pipe+0x360/0x360 [ 203.383331] ? rw_verify_area+0x118/0x360 [ 203.387477] ? add_to_pipe+0x360/0x360 [ 203.391363] do_splice_to+0x12e/0x190 [ 203.395157] splice_direct_to_actor+0x270/0x8f0 [ 203.399815] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 203.405345] ? pipe_to_sendpage+0x400/0x400 [ 203.409661] ? do_splice_to+0x190/0x190 [ 203.413626] ? security_file_permission+0x1c2/0x230 [ 203.418631] ? rw_verify_area+0x118/0x360 [ 203.422778] do_splice_direct+0x2d4/0x420 [ 203.426916] ? splice_direct_to_actor+0x8f0/0x8f0 [ 203.431765] ? rw_verify_area+0x118/0x360 [ 203.435901] do_sendfile+0x62a/0xe20 [ 203.439612] ? do_compat_pwritev64+0x1c0/0x1c0 [ 203.444201] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 203.449743] ? _copy_from_user+0xdf/0x150 [ 203.453881] __x64_sys_sendfile64+0x15d/0x250 [ 203.458370] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 203.462956] do_syscall_64+0x1b9/0x820 [ 203.466843] ? finish_task_switch+0x1d3/0x870 [ 203.471331] ? syscall_return_slowpath+0x5e0/0x5e0 [ 203.476249] ? syscall_return_slowpath+0x31d/0x5e0 [ 203.481169] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 203.486173] ? prepare_exit_to_usermode+0x291/0x3b0 [ 203.491179] ? perf_trace_sys_enter+0xb10/0xb10 [ 203.495845] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 203.500723] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 203.505916] RIP: 0033:0x455e29 [ 203.509088] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 203.528360] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 203.536058] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 203.543417] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 203.550674] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 203.557931] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 21:25:23 executing program 3: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$kcm(0xa, 0x1, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000040)={{{@in6=@dev, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in=@local}}, &(0x7f00000001c0)=0xe8) getresgid(&(0x7f0000000200), &(0x7f0000000240)=0x0, &(0x7f00000002c0)) lchown(&(0x7f0000000000)='./file0\x00', r2, r3) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r4, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) close(r1) [ 203.565198] R13: 00000000004c1113 R14: 00000000004d1540 R15: 000000000000002b 21:25:23 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x48010000}}, 0x14}, 0x1}, 0x0) 21:25:23 executing program 5: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) r0 = socket$kcm(0xa, 0x1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r4, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = eventfd(0x75fa) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000040)={r5, 0x12}) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) close(r0) 21:25:23 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x74}}) 21:25:23 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(0xffffffffffffffff, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 21:25:23 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x80045400, &(0x7f0000000000)={{0x0, 0x3, 0xf301}}) 21:25:23 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f0000000000)="999147095be515a62181c6d788b8ae5829b7111ede37fd671507f6d8477aa139b2ffcdc56b65e877a436c92e347fb6999b6a8158e81904", 0x37, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:23 executing program 3: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x80) getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000000)={0x0, 0x2, 0x0, 0x40, 0xd8, 0x5ea9, 0x0, 0x8, {0x0, @in6={{0xa, 0x4e22, 0xfff, @remote={0xfe, 0x80, [], 0xbb}, 0xffffffffffffffff}}, 0xffffffffffffff8e, 0x7fffffff, 0x2, 0xe78b, 0xf29}}, &(0x7f00000000c0)=0xb0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f00000001c0)={r1, 0x8e, "5ba85ac570447677cb388698434992b686cbfba01dfeee9dfa2cd2d03ba4a084b4e24520a7e2e18c8b45c15992635379af753784dfe676c7ad2839bc4c542606793257a06662b0d8091dc4828ee662b75caa2b4dc99741d4247effb607c2be3fc3c7781eb2c356f6ffe7b63959699b1533fd3e02c6e855e08293beb2ef85815534c1155e4c051de013da2831cce0"}, &(0x7f0000000100)=0x96) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x5, 0x70}, 0x24) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) close(0xffffffffffffffff) 21:25:23 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x7400000000000000}}) 21:25:23 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0xf0ffffff}}, 0x14}, 0x1}, 0x0) 21:25:23 executing program 2 (fault-call:9 fault-nth:44): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:23 executing program 5: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) r0 = socket$kcm(0xa, 0x1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r4, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = eventfd(0x75fa) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000040)={r5, 0x12}) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) close(r0) [ 203.840426] FAULT_INJECTION: forcing a failure. [ 203.840426] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 203.852360] CPU: 1 PID: 13651 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 203.860772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 203.870135] Call Trace: [ 203.872737] dump_stack+0x1c9/0x2b4 [ 203.876475] ? dump_stack_print_info.cold.2+0x52/0x52 [ 203.881686] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 203.886548] should_fail.cold.4+0xa/0x11 [ 203.890628] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 203.895746] ? kasan_check_write+0x14/0x20 [ 203.900002] ? __schedule+0x884/0x1ed0 [ 203.903907] ? __sched_text_start+0x8/0x8 [ 203.908065] ? lock_downgrade+0x8f0/0x8f0 [ 203.912228] ? lock_acquire+0x1e4/0x540 [ 203.916201] ? fs_reclaim_acquire+0x20/0x20 [ 203.920614] ? lock_downgrade+0x8f0/0x8f0 [ 203.924760] ? check_same_owner+0x340/0x340 [ 203.929074] ? rcu_note_context_switch+0x730/0x730 [ 203.934035] __alloc_pages_nodemask+0x36e/0xdb0 [ 203.938699] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 203.943700] ? xas_start+0xc4/0x740 [ 203.947325] ? write_comp_data+0xa/0x70 [ 203.951299] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 203.956820] ? xas_start+0x23d/0x740 [ 203.961303] ? xa_load+0x288/0x450 [ 203.964878] ? lock_downgrade+0x8f0/0x8f0 [ 203.969022] ? lock_release+0xa30/0xa30 [ 203.972987] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 203.978520] alloc_pages_current+0x10c/0x210 [ 203.982931] __page_cache_alloc+0x398/0x5e0 [ 203.987264] ? xa_load+0x2b1/0x450 [ 203.990792] ? xa_clear_tag+0x40/0x40 [ 203.994585] ? filemap_range_has_page+0x4c0/0x4c0 [ 203.999415] ? unwind_get_return_address+0x61/0xa0 [ 204.004345] __do_page_cache_readahead+0x24e/0x690 [ 204.009273] ? read_pages+0x680/0x680 [ 204.013063] ? lock_acquire+0x1e4/0x540 [ 204.017029] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 204.022120] ? lock_downgrade+0x8f0/0x8f0 [ 204.026256] ? lock_release+0xa30/0xa30 [ 204.030232] ondemand_readahead+0x550/0xc40 [ 204.034545] page_cache_sync_readahead+0x3a0/0x6d0 [ 204.039464] ? force_page_cache_readahead+0x360/0x360 [ 204.044642] ? lock_acquire+0x1e4/0x540 [ 204.048603] ? rcu_note_context_switch+0x730/0x730 [ 204.053527] ? check_same_owner+0x340/0x340 [ 204.057839] ? lock_release+0xa30/0xa30 [ 204.061809] generic_file_read_iter+0x1a87/0x2f10 [ 204.066655] ? filemap_write_and_wait_range+0xd0/0xd0 [ 204.071841] ? update_load_avg+0x2de/0x2590 [ 204.076153] ? attach_entity_load_avg+0x860/0x860 [ 204.080992] ? trace_hardirqs_on+0x10/0x10 [ 204.085219] ? page_add_file_rmap+0x781/0xe40 [ 204.089713] ? update_load_avg+0x2de/0x2590 [ 204.094023] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 204.098854] ? attach_entity_load_avg+0x860/0x860 [ 204.103686] ? perf_trace_lock+0x920/0x920 [ 204.107909] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 204.112745] ? rb_erase+0x3550/0x3550 [ 204.116533] ? perf_trace_lock+0x920/0x920 [ 204.121013] ? lock_release+0xa30/0xa30 [ 204.124985] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 204.129989] ? check_pgprot+0xdf/0x180 [ 204.133868] ? lock_acquire+0x1e4/0x540 [ 204.137830] ? cpuacct_charge+0x2eb/0x5d0 [ 204.141967] ? lock_downgrade+0x8f0/0x8f0 [ 204.146112] ? lock_release+0xa30/0xa30 [ 204.150074] ? lock_acquire+0x1e4/0x540 [ 204.154038] ? update_curr+0x4c8/0xc00 [ 204.157912] ? lock_downgrade+0x8f0/0x8f0 [ 204.162061] ? lock_release+0xa30/0xa30 [ 204.166025] ? cpuacct_charge+0x30a/0x5d0 [ 204.170171] ? cgroup_rstat_updated+0xe6/0x470 [ 204.174750] ? trace_hardirqs_on+0x10/0x10 [ 204.178970] ? trace_hardirqs_on+0x10/0x10 [ 204.183191] ? update_curr+0x4e7/0xc00 [ 204.187073] ? trace_hardirqs_on+0x10/0x10 [ 204.191294] ? __account_cfs_rq_runtime+0x770/0x770 [ 204.196304] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 204.201134] ? __account_cfs_rq_runtime+0x770/0x770 [ 204.206138] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 204.210969] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 204.215806] ? active_load_balance_cpu_stop+0x1030/0x1030 [ 204.221340] ? perf_trace_lock+0x920/0x920 [ 204.225569] ? perf_trace_lock+0x920/0x920 [ 204.229796] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.235326] ? __perf_event_task_sched_in+0x24f/0xbb0 [ 204.240505] ? perf_sched_cb_inc+0x2e0/0x2e0 [ 204.244905] ? lock_acquire+0x1e4/0x540 [ 204.248872] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.254835] ? fsnotify+0xbac/0x14e0 [ 204.258626] ext4_file_read_iter+0x18b/0x3c0 [ 204.263038] generic_file_splice_read+0x5a5/0x9a0 [ 204.267869] ? add_to_pipe+0x360/0x360 [ 204.271749] ? rw_verify_area+0x118/0x360 [ 204.275892] ? add_to_pipe+0x360/0x360 [ 204.279770] do_splice_to+0x12e/0x190 [ 204.283571] splice_direct_to_actor+0x270/0x8f0 [ 204.288226] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.293751] ? pipe_to_sendpage+0x400/0x400 [ 204.298060] ? do_splice_to+0x190/0x190 [ 204.302023] ? security_file_permission+0x1c2/0x230 [ 204.307029] ? rw_verify_area+0x118/0x360 [ 204.311168] do_splice_direct+0x2d4/0x420 [ 204.315306] ? splice_direct_to_actor+0x8f0/0x8f0 [ 204.320138] ? rw_verify_area+0x118/0x360 [ 204.324273] do_sendfile+0x62a/0xe20 [ 204.327979] ? do_compat_pwritev64+0x1c0/0x1c0 [ 204.332563] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 204.338083] ? _copy_from_user+0xdf/0x150 [ 204.342222] __x64_sys_sendfile64+0x15d/0x250 [ 204.346703] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 204.351275] do_syscall_64+0x1b9/0x820 [ 204.355149] ? finish_task_switch+0x1d3/0x870 [ 204.359631] ? syscall_return_slowpath+0x5e0/0x5e0 [ 204.364719] ? syscall_return_slowpath+0x31d/0x5e0 [ 204.369633] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 204.374637] ? prepare_exit_to_usermode+0x291/0x3b0 [ 204.379639] ? perf_trace_sys_enter+0xb10/0xb10 [ 204.384299] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 204.389129] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.394310] RIP: 0033:0x455e29 [ 204.397481] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 204.416702] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 204.424411] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 204.431668] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 21:25:23 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0xfffffff0}}, 0x14}, 0x1}, 0x0) 21:25:24 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x40030000000000}}, 0x14}, 0x1}, 0x0) 21:25:24 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x5450, &(0x7f0000000000)={{0x0, 0x3, 0xf301}}) [ 204.438948] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 204.446206] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 204.453550] R13: 00000000004c1113 R14: 00000000004d1540 R15: 000000000000002c 21:25:24 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2001000000001, 0x8) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='/dev/ppp\x00'}, 0x10) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_DAEMON(r2, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x58, r3, 0x400, 0x70bd2c, 0x25dfdbff, {0xb}, [@IPVS_CMD_ATTR_DEST={0x3c, 0x2, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@dev={0xac, 0x14, 0x14, 0x12}}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@dev={0xfe, 0x80, [], 0x21}}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x3}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}]}, 0x58}, 0x1}, 0x4000000) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x400000, 0x0) getsockopt$IP_VS_SO_GET_DAEMON(r4, 0x0, 0x487, &(0x7f0000000040), &(0x7f0000000080)=0x30) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) setsockopt$bt_hci_HCI_FILTER(r4, 0x0, 0x2, &(0x7f00000000c0)={0x80, 0x8, 0x200, 0x4}, 0x10) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:24 executing program 3: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$kcm(0xa, 0x1, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r3, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r0) close(r2) 21:25:24 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x3000000}}) 21:25:24 executing program 2 (fault-call:9 fault-nth:45): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:24 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345411, &(0x7f0000000000)={{0x0, 0x3, 0xf301}}) [ 204.632803] FAULT_INJECTION: forcing a failure. [ 204.632803] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 204.644888] CPU: 1 PID: 13700 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 204.653294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 204.662650] Call Trace: [ 204.665252] dump_stack+0x1c9/0x2b4 [ 204.668925] ? dump_stack_print_info.cold.2+0x52/0x52 [ 204.674130] should_fail.cold.4+0xa/0x11 [ 204.678214] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 204.683327] ? kasan_check_read+0x11/0x20 [ 204.687485] ? rcu_is_watching+0x8c/0x150 [ 204.691645] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 204.697194] ? xas_start+0x23d/0x740 [ 204.700939] ? trace_hardirqs_on+0x10/0x10 [ 204.705184] ? find_get_entry+0xa6d/0x1120 [ 204.709431] ? lock_downgrade+0x8f0/0x8f0 [ 204.713591] ? lock_acquire+0x1e4/0x540 [ 204.717571] ? fs_reclaim_acquire+0x20/0x20 [ 204.721906] ? lock_downgrade+0x8f0/0x8f0 [ 204.726071] ? check_same_owner+0x340/0x340 [ 204.730410] ? find_get_entry+0xa96/0x1120 [ 204.734652] ? rcu_note_context_switch+0x730/0x730 [ 204.739590] __alloc_pages_nodemask+0x36e/0xdb0 [ 204.744260] ? percpu_ref_put_many+0x119/0x240 [ 204.748835] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 204.753941] ? trace_hardirqs_on+0x10/0x10 [ 204.758172] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 204.763702] ? xas_start+0x23d/0x740 [ 204.767408] ? xa_load+0x288/0x450 [ 204.770933] ? lock_downgrade+0x8f0/0x8f0 [ 204.775067] ? lock_release+0xa30/0xa30 21:25:24 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(0xffffffffffffffff, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 21:25:24 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x6c}}) 21:25:24 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0xf00000000000000}}, 0x14}, 0x1}, 0x0) 21:25:24 executing program 5: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) r0 = socket$kcm(0xa, 0x1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r4, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = eventfd(0x75fa) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000040)={r5, 0x12}) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) close(r0) 21:25:24 executing program 3: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) r0 = socket$kcm(0xa, 0x1, 0x0) delete_module(&(0x7f0000000000)='GPL-+GPL\x00', 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) close(r0) 21:25:24 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x4034542f, &(0x7f0000000000)={{0x0, 0x3, 0xf301}}) 21:25:24 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) setsockopt$netlink_NETLINK_NO_ENOBUFS(r1, 0x10e, 0x5, &(0x7f0000000000)=0x400, 0x4) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000000c0)=@nat={'nat\x00', 0x1b, 0x5, 0x5d0, 0x3a8, 0x140, 0x0, 0x250, 0x0, 0x500, 0x500, 0x500, 0x500, 0x500, 0x5, &(0x7f0000000040), {[{{@ipv6={@empty, @ipv4={[], [0xff, 0xff], @local={0xac, 0x14, 0x14, 0xaa}}, [0xff0000ff, 0xffffffff, 0xff0000ff], [0xffffff00, 0xffffffff, 0xff, 0xffffffff], 'veth1_to_bridge\x00', 'bridge0\x00', {0xff}, {}, 0x7d, 0x6, 0x2, 0x28}, 0x0, 0xf8, 0x140, 0x0, {}, [@common=@srh={0x30, 'srh\x00', 0x0, {0xff, 0xc9b6, 0x1f, 0x3, 0x1, 0x20, 0x400}}]}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x10, @ipv6=@local={0xfe, 0x80, [], 0xaa}, @ipv4=@local={0xac, 0x14, 0x14, 0xaa}, @icmp_id=0x64, @icmp_id=0x65}}}, {{@uncond, 0x0, 0xc8, 0x110}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x4, @ipv6, @ipv4=@loopback=0x7f000001, @gre_key=0x6, @icmp_id=0x67}}}, {{@uncond, 0x0, 0x110, 0x158, 0x0, {}, [@common=@hbh={0x48, 'hbh\x00', 0x0, {0x3b4, 0x7, 0x1, [0x140d, 0x5, 0x5, 0xffffffffffffffe1, 0x2, 0x7, 0x7, 0x20, 0x9, 0x7f, 0xb3d2, 0xffffffffffffffca, 0x7, 0xffff, 0x8, 0x7fff]}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x2, @ipv4=@remote={0xac, 0x14, 0x14, 0xbb}, @ipv6, @icmp_id=0x64, @icmp_id=0x68}}}, {{@ipv6={@ipv4={[], [0xff, 0xff], @rand_addr=0x9}, @ipv4={[], [0xff, 0xff], @remote={0xac, 0x14, 0x14, 0xbb}}, [0xffffff00, 0x0, 0xff000000], [0xff000000, 0xff000000, 0xffffffff, 0xff000000], 'vcan0\x00', 'dummy0\x00', {}, {}, 0x7f, 0x1, 0x6, 0xa}, 0x0, 0x110, 0x158, 0x0, {}, [@common=@hbh={0x48, 'hbh\x00', 0x0, {0xffffffffffffffbc, 0x0, 0x1, [0x1a, 0xffff, 0xf49, 0x8168, 0x39, 0x7, 0x10000, 0x100, 0x6, 0x2b3f, 0x800, 0x7fff, 0x200, 0x5, 0x100, 0xca2], 0xd}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@rand_addr=0x1, 'eql\x00', 0xffffffffffff47ba}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x630) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x40, &(0x7f0000f62fe4)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c) [ 204.779043] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 204.784578] alloc_pages_current+0x10c/0x210 [ 204.788977] __page_cache_alloc+0x398/0x5e0 [ 204.793371] ? xa_load+0x2b1/0x450 [ 204.796898] ? xa_clear_tag+0x40/0x40 [ 204.800691] ? filemap_range_has_page+0x4c0/0x4c0 [ 204.805614] ? unwind_get_return_address+0x61/0xa0 [ 204.810542] __do_page_cache_readahead+0x24e/0x690 [ 204.815458] ? read_pages+0x680/0x680 [ 204.819263] ? lock_acquire+0x1e4/0x540 [ 204.823249] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 204.828362] ? lock_downgrade+0x8f0/0x8f0 [ 204.832539] ? lock_release+0xa30/0xa30 [ 204.836523] ondemand_readahead+0x550/0xc40 [ 204.840854] page_cache_sync_readahead+0x3a0/0x6d0 [ 204.845800] ? force_page_cache_readahead+0x360/0x360 [ 204.850999] ? lock_acquire+0x1e4/0x540 [ 204.854982] ? rcu_note_context_switch+0x730/0x730 [ 204.859918] ? check_same_owner+0x340/0x340 [ 204.864248] ? lock_release+0xa30/0xa30 [ 204.868239] generic_file_read_iter+0x1a87/0x2f10 [ 204.873109] ? filemap_write_and_wait_range+0xd0/0xd0 [ 204.878332] ? rcu_read_lock+0x70/0x70 [ 204.882224] ? __unlock_page_memcg+0x72/0x100 [ 204.886713] ? unlock_page_memcg+0x2c/0x40 [ 204.890938] ? page_add_file_rmap+0x781/0xe40 [ 204.895442] ? page_add_new_anon_rmap+0x870/0x870 [ 204.900276] ? lockdep_init_map+0x9/0x10 [ 204.904330] ? kasan_check_write+0x14/0x20 [ 204.908550] ? __init_rwsem+0x1cc/0x2a0 [ 204.912519] ? lock_acquire+0x1e4/0x540 [ 204.916483] ? alloc_set_pte+0x1133/0x1790 [ 204.920718] ? lock_release+0xa30/0xa30 [ 204.924677] ? xas_descend+0x20c/0x5f0 [ 204.928551] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 204.933568] ? check_pgprot+0xdf/0x180 [ 204.937451] ? put_page+0x280/0x280 [ 204.941074] ? kasan_check_write+0x14/0x20 [ 204.945296] ? do_raw_spin_lock+0xc1/0x200 [ 204.949526] ? alloc_set_pte+0xaf6/0x1790 [ 204.953672] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 204.958684] ? filemap_map_pages+0xca2/0x1990 [ 204.963167] ? trace_hardirqs_on+0x10/0x10 [ 204.967387] ? xa_set_tag+0x40/0x40 [ 204.971016] ? environ_open+0x90/0x90 [ 204.974806] ? trace_hardirqs_on+0x10/0x10 [ 204.979027] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.984561] ? trace_hardirqs_on+0x10/0x10 [ 204.988790] ? trace_hardirqs_on+0x10/0x10 [ 204.993024] ? find_get_entries_tag+0x1410/0x1410 [ 204.997875] ? trace_hardirqs_on+0x10/0x10 [ 205.002094] ? mntput_no_expire+0x18e/0xbc0 [ 205.006413] ? do_raw_spin_lock+0xc1/0x200 [ 205.010632] ? mnt_get_count+0x150/0x150 [ 205.014678] ? dput.part.26+0x276/0x7a0 [ 205.018637] ? shrink_dcache_sb+0x350/0x350 [ 205.022945] ? lock_acquire+0x1e4/0x540 [ 205.026904] ? __fdget_pos+0x1bb/0x200 [ 205.030780] ? lock_acquire+0x1e4/0x540 [ 205.034741] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 205.040263] ? fsnotify+0xbac/0x14e0 [ 205.043975] ext4_file_read_iter+0x18b/0x3c0 [ 205.048374] generic_file_splice_read+0x5a5/0x9a0 [ 205.053207] ? add_to_pipe+0x360/0x360 [ 205.057091] ? rw_verify_area+0x118/0x360 [ 205.061235] ? add_to_pipe+0x360/0x360 [ 205.065111] do_splice_to+0x12e/0x190 [ 205.068907] splice_direct_to_actor+0x270/0x8f0 [ 205.073565] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 205.079188] ? pipe_to_sendpage+0x400/0x400 [ 205.083499] ? do_splice_to+0x190/0x190 [ 205.087464] ? security_file_permission+0x1c2/0x230 [ 205.092482] ? rw_verify_area+0x118/0x360 [ 205.096617] do_splice_direct+0x2d4/0x420 [ 205.100753] ? splice_direct_to_actor+0x8f0/0x8f0 [ 205.105584] ? rw_verify_area+0x118/0x360 [ 205.109727] do_sendfile+0x62a/0xe20 [ 205.113429] ? do_compat_pwritev64+0x1c0/0x1c0 [ 205.118002] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 205.123530] ? _copy_from_user+0xdf/0x150 [ 205.127668] __x64_sys_sendfile64+0x15d/0x250 [ 205.132154] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 205.136728] do_syscall_64+0x1b9/0x820 [ 205.140600] ? finish_task_switch+0x1d3/0x870 [ 205.145082] ? syscall_return_slowpath+0x5e0/0x5e0 [ 205.149999] ? syscall_return_slowpath+0x31d/0x5e0 [ 205.154921] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 205.159923] ? prepare_exit_to_usermode+0x291/0x3b0 [ 205.164925] ? perf_trace_sys_enter+0xb10/0xb10 [ 205.169589] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 205.174422] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.179596] RIP: 0033:0x455e29 [ 205.182766] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 205.202135] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 205.209844] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 205.217096] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 205.224351] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 21:25:25 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0xf0}}, 0x14}, 0x1}, 0x0) 21:25:25 executing program 4: r0 = socket$inet6(0xa, 0x4, 0x100400000) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rtc0\x00', 0x18000, 0x0) openat$cgroup_type(r2, &(0x7f00000000c0)='cgroup.type\x00', 0x2, 0x0) ioctl$BLKBSZSET(r2, 0x40081271, &(0x7f0000000240)=0x2) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x840, 0x0) ioctl$KDGETKEYCODE(r2, 0x4b4c, &(0x7f0000000280)={0x2, 0xa0}) openat$cgroup_procs(r3, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000100)=0x0) wait4(r4, &(0x7f0000000140), 0x4, &(0x7f0000000180)) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) [ 205.231604] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 205.238856] R13: 00000000004c1113 R14: 00000000004d1540 R15: 000000000000002d 21:25:25 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x600000000000000}}) 21:25:25 executing program 3: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) socket$kcm(0xa, 0x1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x1, 0x70}, 0x21f) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r0, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) close(r0) r1 = open(&(0x7f00000002c0)='./file1\x00', 0x450040, 0x106) ioctl$SG_SET_COMMAND_Q(r1, 0x2271, &(0x7f0000000040)=0x1) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) 21:25:25 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x4034540c, &(0x7f0000000000)={{0x0, 0x3, 0xf301}}) 21:25:25 executing program 2 (fault-call:9 fault-nth:46): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:25 executing program 5: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) socket$kcm(0xa, 0x1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r3, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r4 = eventfd(0x75fa) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000040)={r4, 0x12}) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r0, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) 21:25:25 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x7a000000}}) 21:25:25 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0xffffff7f00000000}}, 0x14}, 0x1}, 0x0) [ 205.415511] FAULT_INJECTION: forcing a failure. [ 205.415511] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 205.427410] CPU: 0 PID: 13761 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 205.435815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.445196] Call Trace: [ 205.447799] dump_stack+0x1c9/0x2b4 [ 205.451465] ? dump_stack_print_info.cold.2+0x52/0x52 [ 205.456670] should_fail.cold.4+0xa/0x11 [ 205.460787] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 205.466006] ? kasan_check_read+0x11/0x20 [ 205.470176] ? rcu_is_watching+0x8c/0x150 [ 205.474444] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 205.480000] ? xas_start+0x23d/0x740 [ 205.483726] ? trace_hardirqs_on+0x10/0x10 [ 205.487965] ? find_get_entry+0xa6d/0x1120 [ 205.492198] ? lock_downgrade+0x8f0/0x8f0 [ 205.496345] ? lock_acquire+0x1e4/0x540 [ 205.500314] ? fs_reclaim_acquire+0x20/0x20 [ 205.504632] ? lock_downgrade+0x8f0/0x8f0 [ 205.508773] ? check_same_owner+0x340/0x340 [ 205.513095] ? find_get_entry+0xa96/0x1120 [ 205.517324] ? rcu_note_context_switch+0x730/0x730 [ 205.522252] __alloc_pages_nodemask+0x36e/0xdb0 [ 205.526937] ? percpu_ref_put_many+0x119/0x240 [ 205.531511] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 205.536527] ? trace_hardirqs_on+0x10/0x10 [ 205.540758] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 205.546285] ? xas_start+0x23d/0x740 [ 205.550085] ? xa_load+0x288/0x450 [ 205.553699] ? lock_downgrade+0x8f0/0x8f0 [ 205.557837] ? lock_release+0xa30/0xa30 [ 205.561820] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 205.567350] alloc_pages_current+0x10c/0x210 [ 205.571767] __page_cache_alloc+0x398/0x5e0 [ 205.576079] ? xa_load+0x2b1/0x450 [ 205.579613] ? xa_clear_tag+0x40/0x40 [ 205.583415] ? filemap_range_has_page+0x4c0/0x4c0 [ 205.588252] ? unwind_get_return_address+0x61/0xa0 [ 205.593205] __do_page_cache_readahead+0x24e/0x690 [ 205.598133] ? read_pages+0x680/0x680 [ 205.601931] ? lock_acquire+0x1e4/0x540 [ 205.605898] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 205.610997] ? lock_downgrade+0x8f0/0x8f0 [ 205.615146] ? lock_release+0xa30/0xa30 [ 205.619119] ondemand_readahead+0x550/0xc40 [ 205.623440] page_cache_sync_readahead+0x3a0/0x6d0 [ 205.628357] ? force_page_cache_readahead+0x360/0x360 [ 205.634659] ? lock_acquire+0x1e4/0x540 [ 205.638635] ? rcu_note_context_switch+0x730/0x730 [ 205.643550] ? check_same_owner+0x340/0x340 [ 205.647857] ? lock_release+0xa30/0xa30 [ 205.651834] generic_file_read_iter+0x1a87/0x2f10 [ 205.656672] ? filemap_write_and_wait_range+0xd0/0xd0 [ 205.661843] ? rcu_read_lock+0x70/0x70 [ 205.665729] ? __unlock_page_memcg+0x72/0x100 [ 205.670214] ? unlock_page_memcg+0x2c/0x40 [ 205.674436] ? page_add_file_rmap+0x781/0xe40 [ 205.678927] ? page_add_new_anon_rmap+0x870/0x870 [ 205.683760] ? lockdep_init_map+0x9/0x10 [ 205.687812] ? kasan_check_write+0x14/0x20 [ 205.692046] ? __init_rwsem+0x1cc/0x2a0 [ 205.696020] ? lock_acquire+0x1e4/0x540 [ 205.699980] ? alloc_set_pte+0x1133/0x1790 [ 205.704204] ? lock_release+0xa30/0xa30 [ 205.708175] ? xas_descend+0x20c/0x5f0 [ 205.712053] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 205.717055] ? check_pgprot+0xdf/0x180 [ 205.720927] ? put_page+0x280/0x280 [ 205.724545] ? kasan_check_write+0x14/0x20 [ 205.728792] ? do_raw_spin_lock+0xc1/0x200 [ 205.733027] ? alloc_set_pte+0xaf6/0x1790 [ 205.737168] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 205.742173] ? filemap_map_pages+0xca2/0x1990 [ 205.746661] ? trace_hardirqs_on+0x10/0x10 [ 205.750885] ? xa_set_tag+0x40/0x40 [ 205.754499] ? environ_open+0x90/0x90 [ 205.758304] ? trace_hardirqs_on+0x10/0x10 [ 205.762526] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 205.768056] ? trace_hardirqs_on+0x10/0x10 [ 205.772281] ? trace_hardirqs_on+0x10/0x10 [ 205.776509] ? find_get_entries_tag+0x1410/0x1410 [ 205.781344] ? trace_hardirqs_on+0x10/0x10 [ 205.785578] ? mntput_no_expire+0x18e/0xbc0 [ 205.789896] ? do_raw_spin_lock+0xc1/0x200 [ 205.794131] ? mnt_get_count+0x150/0x150 [ 205.798193] ? dput.part.26+0x276/0x7a0 [ 205.802156] ? shrink_dcache_sb+0x350/0x350 [ 205.806466] ? lock_acquire+0x1e4/0x540 [ 205.810432] ? __fdget_pos+0x1bb/0x200 [ 205.814310] ? lock_acquire+0x1e4/0x540 [ 205.818274] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 205.823807] ? fsnotify+0xbac/0x14e0 [ 205.827521] ext4_file_read_iter+0x18b/0x3c0 [ 205.831936] generic_file_splice_read+0x5a5/0x9a0 [ 205.836786] ? add_to_pipe+0x360/0x360 [ 205.840669] ? rw_verify_area+0x118/0x360 [ 205.844814] ? add_to_pipe+0x360/0x360 [ 205.848690] do_splice_to+0x12e/0x190 [ 205.852479] splice_direct_to_actor+0x270/0x8f0 [ 205.857150] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 205.862680] ? pipe_to_sendpage+0x400/0x400 [ 205.867025] ? do_splice_to+0x190/0x190 [ 205.870988] ? security_file_permission+0x1c2/0x230 [ 205.876182] ? rw_verify_area+0x118/0x360 [ 205.880323] do_splice_direct+0x2d4/0x420 [ 205.884457] ? splice_direct_to_actor+0x8f0/0x8f0 [ 205.889290] ? rw_verify_area+0x118/0x360 [ 205.893442] do_sendfile+0x62a/0xe20 [ 205.897148] ? do_compat_pwritev64+0x1c0/0x1c0 [ 205.901720] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 205.907243] ? _copy_from_user+0xdf/0x150 [ 205.911377] __x64_sys_sendfile64+0x15d/0x250 [ 205.915859] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 205.920444] do_syscall_64+0x1b9/0x820 [ 205.924314] ? finish_task_switch+0x1d3/0x870 [ 205.928799] ? syscall_return_slowpath+0x5e0/0x5e0 [ 205.933724] ? syscall_return_slowpath+0x31d/0x5e0 [ 205.938651] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 205.943662] ? prepare_exit_to_usermode+0x291/0x3b0 [ 205.948675] ? perf_trace_sys_enter+0xb10/0xb10 [ 205.953332] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 205.958175] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.963361] RIP: 0033:0x455e29 [ 205.966540] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 205.985720] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 205.993413] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 206.000675] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 206.007938] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 206.015193] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 206.022445] R13: 00000000004c1113 R14: 00000000004d1540 R15: 000000000000002e 21:25:26 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x9effffff00000000}}, 0x14}, 0x1}, 0x0) 21:25:26 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(0xffffffffffffffff, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 21:25:26 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f0000000000)="b62617f2f25f45dc276601915930befd589b26bccc25748d11e2810236b95098d6289d0453d63b8e643ca99eae37382f04d629905368ea40c56ef1ecab19410d00d15c013add3d606001ec2ee14376e0a4bf1148108876efa4ec0f3a226f241b48532ec8a8fbfa588343b947fe977f3bf7e8ebd8b0b3b18f7b7bcd0ce804910f5407c660db238ada", 0x88, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0x2000, 0x0) ioctl$TIOCSLCKTRMIOS(r2, 0x5457, &(0x7f0000000100)) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:26 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x6c000000, 0x3, 0xf301}}) 21:25:26 executing program 2 (fault-call:9 fault-nth:47): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:26 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x4000000}}) 21:25:26 executing program 3: socketpair(0x0, 0x80007, 0x5, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$kcm(0xa, 0x1, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) r4 = syz_genetlink_get_family_id$team(&(0x7f0000000100)='team\x00') getpeername$packet(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f00000001c0)=0x14) getsockopt$inet6_mreq(r0, 0x29, 0x1d, &(0x7f0000007fc0)={@dev, 0x0}, &(0x7f0000008000)=0x14) recvmsg(r0, &(0x7f00000083c0)={&(0x7f00000080c0)=@can={0x0, 0x0}, 0x80, &(0x7f0000008340)=[{&(0x7f0000008140)=""/169, 0xa9}, {&(0x7f0000008200)=""/233, 0xe9}, {&(0x7f0000008300)=""/46, 0x2e}], 0x3, &(0x7f0000008380)=""/21, 0x15, 0x2}, 0x2102) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000008400)={'team0\x00', 0x0}) getsockname$packet(r0, &(0x7f0000008440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000008480)=0x14) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000008580)={{{@in6=@loopback, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in6=@dev}}, &(0x7f0000008680)=0xe8) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000087c0)={'bond_slave_0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000008800)={'vcan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000008840)={'veth0_to_bond\x00', 0x0}) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f00000088c0)={{{@in6=@loopback, @in=@rand_addr, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in=@broadcast}}, &(0x7f00000089c0)=0xe8) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000008a00)={{{@in6, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@rand_addr}, 0x0, @in6=@dev}}, &(0x7f0000008b00)=0xe8) accept4(r2, &(0x7f0000008c00)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000008c80)=0x80, 0x800) getsockname$packet(r0, &(0x7f0000008cc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f0000008d00)=0x14) getsockname$packet(r0, &(0x7f0000008d40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f0000008d80)=0x14) getpeername$packet(r1, &(0x7f0000008dc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, &(0x7f0000008e00)=0x14) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000008e40)={'vcan0\x00', 0x0}) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f000000fe80)={0x0, @loopback, @remote}, &(0x7f000000fec0)=0xc) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000010000)={{{@in6=@ipv4={[], [], @loopback}, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000010100)=0xe8) accept4$packet(r1, &(0x7f00000153c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000015400)=0x14, 0x80800) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000015440)={'vcan0\x00', 0x0}) getsockname$packet(r1, &(0x7f0000015480)={0x0, 0x0, 0x0}, &(0x7f00000154c0)=0x14) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000015500)={{{@in=@multicast1, @in6=@ipv4={[], [], @rand_addr}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in6=@ipv4={[], [], @dev}}}, &(0x7f0000015600)=0xe8) getpeername$packet(r1, &(0x7f0000015780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, &(0x7f00000157c0)=0x14) accept4$packet(r0, &(0x7f0000016d40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000016d80)=0x14, 0x800) sendmsg$TEAM_CMD_OPTIONS_GET(r1, &(0x7f0000017600)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80008020}, 0xc, &(0x7f00000175c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="d8070000", @ANYRES16=r4, @ANYBLOB="20002dbd7000ffdbdf250200000008000100", @ANYRES32=r5, @ANYBLOB="340202003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000008000300060000000400040008000600", @ANYRES32=r6, @ANYBLOB="3c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r7, @ANYBLOB="3c00010024000100656e61626c65640000000000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r8, @ANYBLOB="3c000100240001006d6f64650000000000000000000000000000000000000000000000000000000008000300050000000c00040072616e646f6d00003800010024000100616374697665706f727400000000000000000000000000000000000000000000080003000300000008000400", @ANYRES32=r9, @ANYBLOB="40000100240001007072696f72697479000000000000000000000000000000000000000000000000080003000e000000080004000200000008000600", @ANYRES32=r10, @ANYBLOB="7c000100240001006270665f686173685f66756e6300000000000000000000000000000000000000080003000b0000004c000400008003060900000004000803090000004c0b04345e5b0000bd53051e00000000050001c108000000ff070101000000008d5d0902ff7f00000100faff200000000700ff09020000004c000100240001006c625f74785f6d6574686f64000000000000000000000000000000000000000008000300050000001c000400686173685f746f5f706f72745f6d617070696e670000000008000100", @ANYRES32=r11, @ANYBLOB="f800020038000100240001006e6f746966795f70656572735f696e74657276616c0000000000000000000000080003000300000008000400040000004c000100240001006270665f686173685f66756e6300000000000000000000000000000000000000080003000b0000001c0004006d0e6c0708000000050001000600000000007000080000003800010024000100616374697665706f727400000000000000000000000000000000000000000000080003000300000008000400", @ANYRES32=r12, @ANYBLOB="38000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000800030003000000080004000000000008000100", @ANYRES32=r13, @ANYBLOB="ec00020040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000080003000300000008000400", @ANYRES32=r14, @ANYBLOB="08000700000000003c000100240001006c625f74785f6d6574686f64000000000000000000000000000000000000000008000300050000000c000400686173680000000038000100240001006c625f73746174735f726566726573685f696e74657276616c00000000000000080003000300000008000400d557000034000100240001006270665f686173685f66756e6300000000000000000000000000000000000000080003000b0000000400040008000100", @ANYRES32=r15, @ANYBLOB="7400020038000100240001006e6f746966795f70656572735f636f756e7400000000000000000000000000000800030003000000080004000300000038000100240001006c625f73746174735f726566726573685f696e74657276616c000000000000000800030003000000080004000004000008000100", @ANYRES32=r16, @ANYBLOB="400002003c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r17, @ANYBLOB="08000100", @ANYRES32=r18, @ANYBLOB="840102003c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r19, @ANYBLOB="4c000100240001006c625f74785f6d6574686f64000000000000000000000000000000000000000008000300050000001c000400686173685f746f5f706f72745f6d617070696e670000000040000100240001006c625f706f72745f737461747300000000000000000000000000000000000000080003000b000000080004000500000008000600", @ANYRES32=r20, @ANYBLOB="40000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000080003000300000008000400", @ANYRES32=r21, @ANYBLOB="080007000000000038000100240001006e6f746966795f70656572735f696e74657276616c00000000000000000000000800030003000000080004000000000040000100240001007072696f72697479000000000000000000000000000000000000000000000000080003000e000000080004000004000008000600", @ANYRES32=r22, @ANYBLOB="08000100", @ANYRES32=r23, @ANYBLOB="e200020040000100240200000000000000700a57d0177f7c369ae101aa6f72745f737461747300000000000000000000000000000006000000080003000b00000008", @ANYRES32=r24, @ANYBLOB="3800010024000100616374697665706f727400000000000000000000000000000000000000000000080003000300000008000400", @ANYRES32=r25, @ANYBLOB="3c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000008000300060000000400040008000600", @ANYRES32=r26, @ANYBLOB="38000100240001006e6f746966795f70656572735f696e74657276616c00000000000000000000000800030003000000080004000080000008000100", @ANYRES32=r27, @ANYBLOB="4400020040000100240001007072696f72697479000000000000000000000000000000000000000000000000080003000e000000080004000400000008000600", @ANYRES32=r28], 0x7d8}, 0x1, 0x0, 0x0, 0x40800}, 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r3, &(0x7f0000000140)="f2e24f6b7ec2ba6474740f9d3dac7c4e493ef7ef3d58d3cc89287df8d17c1d0cc0d064e834d7885f6ac882bc5aba9fe67314", &(0x7f0000000540)="1acdbd4bd5023c905690ed832908cf12ee33669800624a563b2ed6937b38fd05210d90ddcc31fae58d38ba482b8cdc7894119cd14d77913d3c9941589ffb68b98b4382732f8f9788478fd24da740ac8e4a6609a58df1095f5fa77d9f69ca5137dffc37f01d89256dfc002e2826548cb68c4f1304561be689dc4d0f3f85b229d68dd62426ce16890d3d8af6ce695db5294bffd7636ce2fe3b9fe25d70729410f0528d4ba9a59f0b519dec52bab80e8f409644b997c205afc6d475870e1618cd088120b2e1c65371d9506954e21b8be90b6b4d2449bbf12b3122371facfc9715c90b7e8fde586a3bb829b0a48620c004fe2e9c3a7eabb56aa9b595fb517cf0f84b4e4a6a79", 0x1}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x0, 0x6, 0x8, 0x19ac, 0x11, 0xffffffffffffff9c, 0x2}, 0x2c) 21:25:26 executing program 5: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) socket$kcm(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r3 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r3, 0x12}) 21:25:26 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x7, @mcast2={0xff, 0x2, [], 0x1}, 0xbc2a}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = memfd_create(&(0x7f0000000000)='-@*selinux-user\x00', 0x0) setsockopt$bt_BT_SNDMTU(r2, 0x112, 0xc, &(0x7f0000000040)=0x3, 0x2) [ 206.339785] FAULT_INJECTION: forcing a failure. [ 206.339785] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 206.351693] CPU: 0 PID: 13812 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 206.360107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 206.369463] Call Trace: [ 206.372061] dump_stack+0x1c9/0x2b4 [ 206.375702] ? dump_stack_print_info.cold.2+0x52/0x52 [ 206.380911] should_fail.cold.4+0xa/0x11 [ 206.384995] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 206.390138] ? kasan_check_read+0x11/0x20 [ 206.394292] ? rcu_is_watching+0x8c/0x150 [ 206.398443] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 206.403979] ? xas_start+0x23d/0x740 [ 206.407690] ? trace_hardirqs_on+0x10/0x10 [ 206.411947] ? find_get_entry+0xa6d/0x1120 [ 206.416184] ? lock_downgrade+0x8f0/0x8f0 [ 206.420339] ? lock_acquire+0x1e4/0x540 [ 206.424303] ? fs_reclaim_acquire+0x20/0x20 [ 206.428618] ? lock_downgrade+0x8f0/0x8f0 [ 206.432759] ? check_same_owner+0x340/0x340 [ 206.437074] ? find_get_entry+0xa96/0x1120 [ 206.441301] ? rcu_note_context_switch+0x730/0x730 [ 206.446237] __alloc_pages_nodemask+0x36e/0xdb0 [ 206.450897] ? percpu_ref_put_many+0x119/0x240 [ 206.455473] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 206.460489] ? trace_hardirqs_on+0x10/0x10 [ 206.464726] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 206.470258] ? xas_start+0x23d/0x740 [ 206.473975] ? xa_load+0x288/0x450 [ 206.477518] ? lock_downgrade+0x8f0/0x8f0 [ 206.481666] ? lock_release+0xa30/0xa30 [ 206.485635] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 206.491164] alloc_pages_current+0x10c/0x210 [ 206.495568] __page_cache_alloc+0x398/0x5e0 [ 206.499981] ? xa_load+0x2b1/0x450 [ 206.503511] ? xa_clear_tag+0x40/0x40 [ 206.507317] ? filemap_range_has_page+0x4c0/0x4c0 [ 206.512153] ? unwind_get_return_address+0x61/0xa0 [ 206.517079] __do_page_cache_readahead+0x24e/0x690 [ 206.522015] ? read_pages+0x680/0x680 [ 206.525899] ? lock_acquire+0x1e4/0x540 [ 206.529872] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 206.534973] ? lock_downgrade+0x8f0/0x8f0 [ 206.539114] ? lock_release+0xa30/0xa30 [ 206.543088] ondemand_readahead+0x550/0xc40 [ 206.547407] page_cache_sync_readahead+0x3a0/0x6d0 [ 206.552333] ? force_page_cache_readahead+0x360/0x360 [ 206.557519] ? lock_acquire+0x1e4/0x540 [ 206.561486] ? rcu_note_context_switch+0x730/0x730 [ 206.566408] ? check_same_owner+0x340/0x340 [ 206.570733] ? lock_release+0xa30/0xa30 [ 206.574703] generic_file_read_iter+0x1a87/0x2f10 [ 206.579549] ? filemap_write_and_wait_range+0xd0/0xd0 [ 206.584727] ? rcu_read_lock+0x70/0x70 [ 206.588617] ? __unlock_page_memcg+0x72/0x100 [ 206.593102] ? unlock_page_memcg+0x2c/0x40 [ 206.597328] ? page_add_file_rmap+0x781/0xe40 [ 206.601824] ? page_add_new_anon_rmap+0x870/0x870 [ 206.606661] ? lockdep_init_map+0x9/0x10 [ 206.610721] ? kasan_check_write+0x14/0x20 [ 206.614945] ? __init_rwsem+0x1cc/0x2a0 [ 206.618940] ? lock_acquire+0x1e4/0x540 [ 206.622902] ? alloc_set_pte+0x1133/0x1790 [ 206.627137] ? lock_release+0xa30/0xa30 [ 206.631100] ? xas_descend+0x20c/0x5f0 [ 206.634979] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 206.639983] ? check_pgprot+0xdf/0x180 [ 206.643867] ? put_page+0x280/0x280 [ 206.647493] ? kasan_check_write+0x14/0x20 [ 206.651716] ? do_raw_spin_lock+0xc1/0x200 [ 206.655951] ? alloc_set_pte+0xaf6/0x1790 [ 206.660095] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 206.665108] ? filemap_map_pages+0xca2/0x1990 [ 206.669595] ? trace_hardirqs_on+0x10/0x10 [ 206.673819] ? xa_set_tag+0x40/0x40 [ 206.677436] ? environ_open+0x90/0x90 [ 206.681494] ? trace_hardirqs_on+0x10/0x10 [ 206.685717] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 206.691246] ? trace_hardirqs_on+0x10/0x10 [ 206.695479] ? trace_hardirqs_on+0x10/0x10 [ 206.699709] ? find_get_entries_tag+0x1410/0x1410 [ 206.704552] ? trace_hardirqs_on+0x10/0x10 [ 206.708777] ? mntput_no_expire+0x18e/0xbc0 [ 206.713085] ? do_raw_spin_lock+0xc1/0x200 [ 206.717319] ? mnt_get_count+0x150/0x150 [ 206.721368] ? dput.part.26+0x276/0x7a0 [ 206.725330] ? shrink_dcache_sb+0x350/0x350 [ 206.729660] ? lock_acquire+0x1e4/0x540 [ 206.733625] ? __fdget_pos+0x1bb/0x200 [ 206.737519] ? lock_acquire+0x1e4/0x540 [ 206.741485] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 206.747011] ? fsnotify+0xbac/0x14e0 [ 206.750737] ext4_file_read_iter+0x18b/0x3c0 [ 206.755142] generic_file_splice_read+0x5a5/0x9a0 [ 206.759979] ? add_to_pipe+0x360/0x360 [ 206.763870] ? rw_verify_area+0x118/0x360 [ 206.768270] ? add_to_pipe+0x360/0x360 [ 206.772157] do_splice_to+0x12e/0x190 [ 206.775954] splice_direct_to_actor+0x270/0x8f0 [ 206.780623] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 206.786167] ? pipe_to_sendpage+0x400/0x400 [ 206.790484] ? do_splice_to+0x190/0x190 [ 206.794450] ? security_file_permission+0x1c2/0x230 [ 206.799466] ? rw_verify_area+0x118/0x360 [ 206.803605] do_splice_direct+0x2d4/0x420 [ 206.807747] ? splice_direct_to_actor+0x8f0/0x8f0 [ 206.812580] ? rw_verify_area+0x118/0x360 [ 206.816719] do_sendfile+0x62a/0xe20 [ 206.820430] ? do_compat_pwritev64+0x1c0/0x1c0 [ 206.825008] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 206.830542] ? _copy_from_user+0xdf/0x150 [ 206.834684] __x64_sys_sendfile64+0x15d/0x250 [ 206.839171] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 206.843766] do_syscall_64+0x1b9/0x820 [ 206.847649] ? finish_task_switch+0x1d3/0x870 [ 206.852136] ? syscall_return_slowpath+0x5e0/0x5e0 [ 206.857056] ? syscall_return_slowpath+0x31d/0x5e0 [ 206.861985] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 206.867004] ? prepare_exit_to_usermode+0x291/0x3b0 [ 206.872026] ? perf_trace_sys_enter+0xb10/0xb10 [ 206.876705] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 206.881550] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 206.886725] RIP: 0033:0x455e29 [ 206.889908] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 206.909210] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 206.916909] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 206.924165] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 206.931424] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 21:25:26 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0xffffff7f}}, 0x14}, 0x1}, 0x0) 21:25:26 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x68}}) 21:25:26 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x3000000, 0x3, 0xf301}}) 21:25:26 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x100000000000000}}, 0x14}, 0x1}, 0x0) 21:25:26 executing program 5: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) socket$kcm(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={0xffffffffffffffff, 0x12}) [ 206.939479] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 206.946735] R13: 00000000004c1113 R14: 00000000004d1540 R15: 000000000000002f 21:25:26 executing program 3: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$kcm(0xa, 0x5, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) close(r1) r3 = getpgrp(0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r0, 0xc1105518, &(0x7f00000002c0)={{0x3, 0x5, 0x4, 0x5, 'syz0\x00', 0x9}, 0x5, 0x10000000, 0x3ec, r3, 0x7, 0x2, 'syz0\x00', &(0x7f0000000000)=['^,ppp1ppp0}eth0\x00', 'em1\'self\x00', '\x00', '#\x00', '-vmnet1\x00', 'wlan1\'security(\x00', ""], 0x34, [], [0x4, 0x8001, 0x100000001]}) 21:25:26 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x200, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r2, 0x84, 0x1c, &(0x7f0000000040), &(0x7f0000000080)=0x4) 21:25:27 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x4801000000000000}}, 0x14}, 0x1}, 0x0) 21:25:27 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x6800, 0x3, 0xf301}}) 21:25:27 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0) 21:25:27 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x4}}) 21:25:27 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0xfffff000}}, 0x14}, 0x1}, 0x0) 21:25:27 executing program 2 (fault-call:9 fault-nth:48): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:27 executing program 4: r0 = socket$inet6(0xa, 0x2080000000001, 0x8) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r1, 0x5386, &(0x7f0000000000)) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, &(0x7f0000000040), &(0x7f0000000080)=0x40) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:27 executing program 5: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) socket$kcm(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r3 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r3, 0x12}) 21:25:27 executing program 3: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$kcm(0xa, 0x1, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) setsockopt$inet_buf(r0, 0x0, 0x2b, &(0x7f0000000080), 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) setsockopt$inet_int(r0, 0x0, 0x1f, &(0x7f0000000040)=0x80000001, 0x4) close(r1) fcntl$setsig(r2, 0xa, 0x3c) connect$bt_rfcomm(r0, &(0x7f0000000000)={0x1f, {0xdbca, 0x255a, 0x5, 0x6, 0x1, 0x6}, 0x6}, 0xa) 21:25:27 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x5, 0x3, 0xf301}}) 21:25:27 executing program 3: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) r0 = socket$kcm(0xa, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) close(r0) 21:25:27 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x2000000}}, 0x14}, 0x1}, 0x0) 21:25:27 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x74, 0x3, 0xf301}}) 21:25:27 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x7}}) 21:25:27 executing program 5: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) socket$kcm(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x1000000000002, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x12}) 21:25:27 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) openat$ashmem(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ashmem\x00', 0x400000, 0x0) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000000c0)={0x0, @multicast2, @remote}, &(0x7f0000000100)=0xc) sendmsg$can_bcm(r3, &(0x7f0000000240)={&(0x7f0000000140)={0x1d, r4}, 0x10, &(0x7f0000000200)={&(0x7f0000000180)={0x5, 0xc, 0x4, {0x77359400}, {0x77359400}, {0x1, 0x9, 0x2, 0xfff}, 0x1, @canfd={{0x0, 0xffffffffffffffe0, 0x2, 0x7fffffff}, 0x2b, 0x2, 0x0, 0x0, "3988095e92e489567ad0695d48e19431f84b5058ee93fc3d5c0c5095bab3a6ca7494302e12a2ce0a360a0c69770679dc0db8b43de901e6d209cd9ae878c9324d"}}, 0x80}, 0x1, 0x0, 0x0, 0x20000001}, 0x10) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r5 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x5, 0x40001) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f00000002c0)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) ioctl$SG_SET_TIMEOUT(r5, 0x2201, &(0x7f0000000040)=0x3a3e8ff5) ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000300)={'irlan0\x00', 0x8}) 21:25:27 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x68, 0x3, 0xf301}}) 21:25:27 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0xf0ffff}}, 0x14}, 0x1}, 0x0) [ 207.456885] FAULT_INJECTION: forcing a failure. [ 207.456885] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 207.468864] CPU: 0 PID: 13916 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 207.477274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 207.486721] Call Trace: [ 207.489319] dump_stack+0x1c9/0x2b4 [ 207.494086] ? dump_stack_print_info.cold.2+0x52/0x52 [ 207.499302] should_fail.cold.4+0xa/0x11 [ 207.503381] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 207.508524] ? kasan_check_read+0x11/0x20 [ 207.512681] ? rcu_is_watching+0x8c/0x150 [ 207.516847] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 207.522395] ? xas_start+0x23d/0x740 [ 207.526656] ? trace_hardirqs_on+0x10/0x10 [ 207.530906] ? find_get_entry+0xa6d/0x1120 [ 207.535160] ? lock_downgrade+0x8f0/0x8f0 [ 207.539329] ? lock_acquire+0x1e4/0x540 [ 207.543314] ? fs_reclaim_acquire+0x20/0x20 [ 207.547640] ? lock_downgrade+0x8f0/0x8f0 [ 207.551788] ? check_same_owner+0x340/0x340 [ 207.556103] ? find_get_entry+0xa96/0x1120 [ 207.560347] ? rcu_note_context_switch+0x730/0x730 [ 207.565288] __alloc_pages_nodemask+0x36e/0xdb0 [ 207.569956] ? percpu_ref_put_many+0x119/0x240 [ 207.574543] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 207.579549] ? trace_hardirqs_on+0x10/0x10 [ 207.583781] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 207.589396] ? xas_start+0x23d/0x740 [ 207.593104] ? xa_load+0x288/0x450 [ 207.596640] ? lock_downgrade+0x8f0/0x8f0 [ 207.600782] ? lock_release+0xa30/0xa30 [ 207.604751] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 207.610296] alloc_pages_current+0x10c/0x210 [ 207.614705] __page_cache_alloc+0x398/0x5e0 [ 207.619028] ? xa_load+0x2b1/0x450 [ 207.622560] ? xa_clear_tag+0x40/0x40 [ 207.626351] ? filemap_range_has_page+0x4c0/0x4c0 [ 207.631270] ? unwind_get_return_address+0x61/0xa0 [ 207.637117] __do_page_cache_readahead+0x24e/0x690 [ 207.642064] ? read_pages+0x680/0x680 [ 207.645858] ? lock_acquire+0x1e4/0x540 [ 207.650007] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 207.655120] ? lock_downgrade+0x8f0/0x8f0 [ 207.659268] ? lock_release+0xa30/0xa30 [ 207.663236] ondemand_readahead+0x550/0xc40 [ 207.667554] page_cache_sync_readahead+0x3a0/0x6d0 [ 207.672481] ? force_page_cache_readahead+0x360/0x360 [ 207.677674] ? lock_acquire+0x1e4/0x540 [ 207.681646] ? rcu_note_context_switch+0x730/0x730 [ 207.687086] ? check_same_owner+0x340/0x340 [ 207.692451] ? lock_release+0xa30/0xa30 [ 207.696418] generic_file_read_iter+0x1a87/0x2f10 [ 207.701272] ? filemap_write_and_wait_range+0xd0/0xd0 [ 207.706446] ? rcu_read_lock+0x70/0x70 [ 207.710337] ? __unlock_page_memcg+0x72/0x100 [ 207.714830] ? unlock_page_memcg+0x2c/0x40 [ 207.719065] ? page_add_file_rmap+0x781/0xe40 [ 207.723556] ? page_add_new_anon_rmap+0x870/0x870 [ 207.728392] ? lockdep_init_map+0x9/0x10 [ 207.732703] ? kasan_check_write+0x14/0x20 [ 207.736928] ? __init_rwsem+0x1cc/0x2a0 [ 207.740900] ? lock_acquire+0x1e4/0x540 [ 207.744870] ? alloc_set_pte+0x1133/0x1790 [ 207.749099] ? lock_release+0xa30/0xa30 [ 207.753064] ? xas_descend+0x20c/0x5f0 [ 207.756959] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 207.761967] ? check_pgprot+0xdf/0x180 [ 207.765851] ? put_page+0x280/0x280 [ 207.769470] ? kasan_check_write+0x14/0x20 [ 207.773954] ? do_raw_spin_lock+0xc1/0x200 [ 207.778241] ? alloc_set_pte+0xaf6/0x1790 [ 207.782394] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 207.787401] ? filemap_map_pages+0xca2/0x1990 [ 207.791889] ? trace_hardirqs_on+0x10/0x10 [ 207.796132] ? xa_set_tag+0x40/0x40 [ 207.799750] ? environ_open+0x90/0x90 [ 207.803549] ? trace_hardirqs_on+0x10/0x10 [ 207.807772] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 207.813303] ? trace_hardirqs_on+0x10/0x10 [ 207.817530] ? trace_hardirqs_on+0x10/0x10 [ 207.821768] ? find_get_entries_tag+0x1410/0x1410 [ 207.826618] ? trace_hardirqs_on+0x10/0x10 [ 207.830857] ? mntput_no_expire+0x18e/0xbc0 [ 207.835165] ? do_raw_spin_lock+0xc1/0x200 [ 207.839398] ? mnt_get_count+0x150/0x150 [ 207.843450] ? dput.part.26+0x276/0x7a0 [ 207.847421] ? shrink_dcache_sb+0x350/0x350 [ 207.851748] ? lock_acquire+0x1e4/0x540 [ 207.855720] ? __fdget_pos+0x1bb/0x200 [ 207.859708] ? lock_acquire+0x1e4/0x540 [ 207.863699] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 207.869230] ? fsnotify+0xbac/0x14e0 [ 207.872962] ext4_file_read_iter+0x18b/0x3c0 [ 207.877380] generic_file_splice_read+0x5a5/0x9a0 [ 207.882221] ? add_to_pipe+0x360/0x360 [ 207.886130] ? rw_verify_area+0x118/0x360 [ 207.890287] ? add_to_pipe+0x360/0x360 [ 207.894168] do_splice_to+0x12e/0x190 [ 207.897963] splice_direct_to_actor+0x270/0x8f0 [ 207.902636] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 207.908167] ? pipe_to_sendpage+0x400/0x400 [ 207.912494] ? do_splice_to+0x190/0x190 [ 207.916460] ? security_file_permission+0x1c2/0x230 [ 207.921472] ? rw_verify_area+0x118/0x360 [ 207.925626] do_splice_direct+0x2d4/0x420 [ 207.929777] ? splice_direct_to_actor+0x8f0/0x8f0 [ 207.934899] ? rw_verify_area+0x118/0x360 [ 207.939042] do_sendfile+0x62a/0xe20 [ 207.942759] ? do_compat_pwritev64+0x1c0/0x1c0 [ 207.947345] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 207.953034] ? _copy_from_user+0xdf/0x150 [ 207.957180] __x64_sys_sendfile64+0x15d/0x250 [ 207.961684] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 207.966263] do_syscall_64+0x1b9/0x820 [ 207.970145] ? syscall_slow_exit_work+0x500/0x500 [ 207.974982] ? syscall_return_slowpath+0x5e0/0x5e0 [ 207.979906] ? syscall_return_slowpath+0x31d/0x5e0 [ 207.984838] ? prepare_exit_to_usermode+0x291/0x3b0 [ 207.989848] ? perf_trace_sys_enter+0xb10/0xb10 [ 207.994524] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 207.999373] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 208.004552] RIP: 0033:0x455e29 [ 208.007751] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 208.027219] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 208.034932] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 208.042192] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 208.049452] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 208.056711] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 208.063980] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000030 21:25:28 executing program 5: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) socket$kcm(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x12}) 21:25:28 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0xfffffffffffff000}}, 0x14}, 0x1}, 0x0) 21:25:28 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0) 21:25:28 executing program 3: socketpair(0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000140)={0xffffffffffffffff}) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f000039c000)=0x400000000000001, 0x4) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000965fec), 0x13) socket$kcm(0xa, 0x1, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) socket$kcm(0x29, 0x2, 0x0) close(r0) 21:25:28 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x500000000000000}}) 21:25:28 executing program 2 (fault-call:9 fault-nth:49): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:28 executing program 4: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x40000, 0x0) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r0, 0x5386, &(0x7f0000000040)) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0x2f, &(0x7f0000000080)=0x1, 0x4) r2 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0x12, &(0x7f0000687000)=0x9, 0x4) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0xfffffffffffffffc, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c) sendto$inet6(r2, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) accept4$bt_l2cap(r0, &(0x7f00000000c0), &(0x7f0000000100)=0xe, 0x80800) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r0) 21:25:28 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x4800000000000000, 0x3, 0xf301}}) 21:25:28 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0xec0}}, 0x14}, 0x1}, 0x0) [ 208.331765] FAULT_INJECTION: forcing a failure. [ 208.331765] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 208.343719] CPU: 0 PID: 13947 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 208.352370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 208.361755] Call Trace: [ 208.364371] dump_stack+0x1c9/0x2b4 [ 208.368014] ? dump_stack_print_info.cold.2+0x52/0x52 [ 208.373224] ? perf_trace_lock_acquire+0xeb/0x9a0 21:25:28 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x6800000000000000, 0x3, 0xf301}}) [ 208.378113] should_fail.cold.4+0xa/0x11 [ 208.378129] ? fault_create_debugfs_attr+0x1f0/0x1f0 21:25:28 executing program 2 (fault-call:9 fault-nth:50): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) [ 208.378144] ? kasan_check_write+0x14/0x20 21:25:28 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x74000000}}) 21:25:28 executing program 5: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) socket$kcm(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r0 = eventfd(0x75fa) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r0, 0x12}) 21:25:28 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)) [ 208.378163] ? __schedule+0x884/0x1ed0 [ 208.378179] ? __sched_text_start+0x8/0x8 [ 208.378190] ? lock_downgrade+0x8f0/0x8f0 21:25:28 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x6000000, 0x3, 0xf301}}) 21:25:28 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0xf0ffffffffffff}}, 0x14}, 0x1}, 0x0) 21:25:28 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)) 21:25:28 executing program 5: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) socket$kcm(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = eventfd(0x75fa) ioctl$KVM_IRQFD(r0, 0x4020ae76, &(0x7f0000000040)={r1, 0x12}) [ 208.378204] ? lock_acquire+0x1e4/0x540 [ 208.378214] ? fs_reclaim_acquire+0x20/0x20 [ 208.378225] ? lock_downgrade+0x8f0/0x8f0 [ 208.378239] ? check_same_owner+0x340/0x340 [ 208.378250] ? rcu_note_context_switch+0x730/0x730 [ 208.378265] __alloc_pages_nodemask+0x36e/0xdb0 [ 208.378274] ? percpu_ref_put_many+0x119/0x240 [ 208.378287] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 208.378297] ? trace_hardirqs_on+0x10/0x10 [ 208.378312] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 208.378320] ? xas_start+0x23d/0x740 [ 208.378333] ? lock_acquire+0x1e4/0x540 [ 208.378341] ? xa_load+0x288/0x450 [ 208.378352] ? lock_downgrade+0x8f0/0x8f0 [ 208.378364] ? lock_release+0xa30/0xa30 [ 208.378377] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 208.378388] alloc_pages_current+0x10c/0x210 [ 208.378401] __page_cache_alloc+0x398/0x5e0 [ 208.378409] ? xa_load+0x2b1/0x450 [ 208.378419] ? xa_clear_tag+0x40/0x40 [ 208.378430] ? filemap_range_has_page+0x4c0/0x4c0 [ 208.378441] ? unwind_get_return_address+0x61/0xa0 [ 208.378455] __do_page_cache_readahead+0x24e/0x690 [ 208.378469] ? read_pages+0x680/0x680 [ 208.378482] ? lock_acquire+0x1e4/0x540 [ 208.378493] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 208.378503] ? lock_downgrade+0x8f0/0x8f0 [ 208.378515] ? lock_release+0xa30/0xa30 [ 208.378528] ondemand_readahead+0x550/0xc40 [ 208.378543] page_cache_sync_readahead+0x3a0/0x6d0 [ 208.378557] ? force_page_cache_readahead+0x360/0x360 [ 208.378569] ? lock_acquire+0x1e4/0x540 [ 208.378579] ? rcu_note_context_switch+0x730/0x730 [ 208.378589] ? check_same_owner+0x340/0x340 [ 208.378601] ? lock_release+0xa30/0xa30 [ 208.378614] generic_file_read_iter+0x1a87/0x2f10 [ 208.378633] ? filemap_write_and_wait_range+0xd0/0xd0 [ 208.378640] ? rcu_read_lock+0x70/0x70 [ 208.378653] ? __unlock_page_memcg+0x72/0x100 [ 208.378662] ? unlock_page_memcg+0x2c/0x40 [ 208.378673] ? page_add_file_rmap+0x781/0xe40 [ 208.378684] ? page_add_new_anon_rmap+0x870/0x870 [ 208.378696] ? lockdep_init_map+0x9/0x10 [ 208.378707] ? kasan_check_write+0x14/0x20 [ 208.378716] ? __init_rwsem+0x1cc/0x2a0 [ 208.378732] ? lock_acquire+0x1e4/0x540 [ 208.378742] ? alloc_set_pte+0x1133/0x1790 [ 208.378755] ? lock_release+0xa30/0xa30 [ 208.378763] ? xas_descend+0x20c/0x5f0 [ 208.378775] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 208.378784] ? check_pgprot+0xdf/0x180 [ 208.378793] ? put_page+0x280/0x280 [ 208.378804] ? kasan_check_write+0x14/0x20 [ 208.378813] ? do_raw_spin_lock+0xc1/0x200 [ 208.378826] ? alloc_set_pte+0xaf6/0x1790 [ 208.378840] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 208.378851] ? filemap_map_pages+0xca2/0x1990 [ 208.378863] ? trace_hardirqs_on+0x10/0x10 [ 208.378872] ? xa_set_tag+0x40/0x40 [ 208.378884] ? environ_open+0x90/0x90 [ 208.378896] ? trace_hardirqs_on+0x10/0x10 [ 208.378906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 208.378918] ? trace_hardirqs_on+0x10/0x10 [ 208.378930] ? trace_hardirqs_on+0x10/0x10 [ 208.378944] ? find_get_entries_tag+0x1410/0x1410 [ 208.378959] ? trace_hardirqs_on+0x10/0x10 [ 208.378970] ? mntput_no_expire+0x18e/0xbc0 [ 208.378979] ? do_raw_spin_lock+0xc1/0x200 [ 208.378990] ? mnt_get_count+0x150/0x150 [ 208.379000] ? dput.part.26+0x276/0x7a0 [ 208.379014] ? shrink_dcache_sb+0x350/0x350 [ 208.379031] ? lock_acquire+0x1e4/0x540 [ 208.379041] ? __fdget_pos+0x1bb/0x200 [ 208.379056] ? lock_acquire+0x1e4/0x540 [ 208.379076] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 208.379087] ? fsnotify+0xbac/0x14e0 [ 208.379104] ext4_file_read_iter+0x18b/0x3c0 [ 208.379121] generic_file_splice_read+0x5a5/0x9a0 [ 208.379135] ? add_to_pipe+0x360/0x360 [ 208.379154] ? rw_verify_area+0x118/0x360 [ 208.379167] ? add_to_pipe+0x360/0x360 [ 208.379180] do_splice_to+0x12e/0x190 [ 208.379196] splice_direct_to_actor+0x270/0x8f0 [ 208.379208] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 208.379222] ? pipe_to_sendpage+0x400/0x400 [ 208.379235] ? do_splice_to+0x190/0x190 [ 208.379246] ? security_file_permission+0x1c2/0x230 [ 208.379256] ? rw_verify_area+0x118/0x360 [ 208.379269] do_splice_direct+0x2d4/0x420 [ 208.379282] ? splice_direct_to_actor+0x8f0/0x8f0 [ 208.379294] ? rw_verify_area+0x118/0x360 [ 208.379305] do_sendfile+0x62a/0xe20 [ 208.379319] ? do_compat_pwritev64+0x1c0/0x1c0 [ 208.379334] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 208.379344] ? _copy_from_user+0xdf/0x150 [ 208.379356] __x64_sys_sendfile64+0x15d/0x250 [ 208.379367] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 208.379383] do_syscall_64+0x1b9/0x820 [ 208.379392] ? finish_task_switch+0x1d3/0x870 [ 208.379403] ? syscall_return_slowpath+0x5e0/0x5e0 [ 208.379414] ? syscall_return_slowpath+0x31d/0x5e0 [ 208.379426] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 208.379437] ? prepare_exit_to_usermode+0x291/0x3b0 [ 208.379448] ? perf_trace_sys_enter+0xb10/0xb10 [ 208.379460] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 208.379474] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 208.379482] RIP: 0033:0x455e29 [ 208.379485] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 208.379667] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 208.379678] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 208.379684] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 208.379690] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 208.379696] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 208.379702] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000031 [ 208.485842] FAULT_INJECTION: forcing a failure. [ 208.485842] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 208.485861] CPU: 1 PID: 13981 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 208.485869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 208.485873] Call Trace: [ 208.485891] dump_stack+0x1c9/0x2b4 [ 208.485907] ? dump_stack_print_info.cold.2+0x52/0x52 [ 208.485929] should_fail.cold.4+0xa/0x11 [ 208.485948] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 208.485963] ? update_load_avg+0x2de/0x2590 [ 208.485976] ? __update_load_avg_se.isra.35+0x630/0x990 [ 208.485993] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 208.486012] ? xas_start+0x23d/0x740 [ 208.486031] ? trace_hardirqs_on+0x10/0x10 [ 208.486049] ? find_get_entry+0xa6d/0x1120 [ 208.486064] ? lock_downgrade+0x8f0/0x8f0 [ 208.486081] ? lock_acquire+0x1e4/0x540 [ 208.486094] ? fs_reclaim_acquire+0x20/0x20 [ 208.486108] ? lock_downgrade+0x8f0/0x8f0 [ 208.486123] ? check_same_owner+0x340/0x340 [ 208.486136] ? find_get_entry+0xa96/0x1120 [ 208.486150] ? rcu_note_context_switch+0x730/0x730 [ 208.486169] __alloc_pages_nodemask+0x36e/0xdb0 [ 208.486181] ? percpu_ref_put_many+0x119/0x240 [ 208.486198] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 208.486212] ? trace_hardirqs_on+0x10/0x10 [ 208.486227] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 208.486244] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 208.486256] ? xas_start+0x23d/0x740 [ 208.486271] ? lock_acquire+0x1e4/0x540 [ 208.486282] ? xa_load+0x288/0x450 21:25:29 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x400300}}, 0x14}, 0x1}, 0x0) 21:25:29 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x1000000}}) 21:25:29 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0) 21:25:29 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)) [ 208.486295] ? lock_downgrade+0x8f0/0x8f0 [ 208.486310] ? lock_release+0xa30/0xa30 [ 208.486326] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 208.486339] alloc_pages_current+0x10c/0x210 [ 208.486355] __page_cache_alloc+0x398/0x5e0 [ 208.486365] ? xa_load+0x2b1/0x450 [ 208.486377] ? xa_clear_tag+0x40/0x40 [ 208.486391] ? filemap_range_has_page+0x4c0/0x4c0 [ 208.486406] ? unwind_get_return_address+0x61/0xa0 [ 208.486424] __do_page_cache_readahead+0x24e/0x690 [ 208.486441] ? read_pages+0x680/0x680 [ 208.486457] ? lock_acquire+0x1e4/0x540 [ 208.486472] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 208.486487] ? lock_downgrade+0x8f0/0x8f0 [ 208.486503] ? lock_release+0xa30/0xa30 [ 208.486518] ondemand_readahead+0x550/0xc40 [ 208.486535] page_cache_sync_readahead+0x3a0/0x6d0 [ 208.486559] ? force_page_cache_readahead+0x360/0x360 [ 208.486575] ? lock_acquire+0x1e4/0x540 [ 208.486590] ? rcu_note_context_switch+0x730/0x730 [ 208.486603] ? check_same_owner+0x340/0x340 [ 208.486618] ? lock_release+0xa30/0xa30 [ 208.486634] generic_file_read_iter+0x1a87/0x2f10 [ 208.486656] ? filemap_write_and_wait_range+0xd0/0xd0 [ 208.486666] ? rcu_read_lock+0x70/0x70 [ 208.486680] ? __unlock_page_memcg+0x72/0x100 [ 208.486692] ? unlock_page_memcg+0x2c/0x40 [ 208.486704] ? page_add_file_rmap+0x781/0xe40 [ 208.486717] ? page_add_new_anon_rmap+0x870/0x870 [ 208.486731] ? lockdep_init_map+0x9/0x10 [ 208.486746] ? kasan_check_write+0x14/0x20 [ 208.486759] ? __init_rwsem+0x1cc/0x2a0 [ 208.486777] ? lock_acquire+0x1e4/0x540 [ 208.486792] ? alloc_set_pte+0x1133/0x1790 [ 208.486806] ? lock_release+0xa30/0xa30 [ 208.486819] ? xas_descend+0x20c/0x5f0 [ 208.486834] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 208.486846] ? check_pgprot+0xdf/0x180 [ 208.486858] ? put_page+0x280/0x280 [ 208.486872] ? kasan_check_write+0x14/0x20 [ 208.486883] ? do_raw_spin_lock+0xc1/0x200 [ 208.486899] ? alloc_set_pte+0xaf6/0x1790 [ 208.486917] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 208.486931] ? filemap_map_pages+0xca2/0x1990 [ 208.486946] ? trace_hardirqs_on+0x10/0x10 [ 208.486959] ? xa_set_tag+0x40/0x40 [ 208.486975] ? environ_open+0x90/0x90 [ 208.486990] ? trace_hardirqs_on+0x10/0x10 [ 208.487004] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 208.487019] ? trace_hardirqs_on+0x10/0x10 [ 208.487034] ? trace_hardirqs_on+0x10/0x10 [ 208.487052] ? find_get_entries_tag+0x1410/0x1410 [ 208.487069] ? trace_hardirqs_on+0x10/0x10 [ 208.487084] ? mntput_no_expire+0x18e/0xbc0 [ 208.487096] ? do_raw_spin_lock+0xc1/0x200 [ 208.487110] ? mnt_get_count+0x150/0x150 [ 208.487124] ? dput.part.26+0x276/0x7a0 [ 208.487139] ? shrink_dcache_sb+0x350/0x350 [ 208.487156] ? lock_acquire+0x1e4/0x540 [ 208.487168] ? __fdget_pos+0x1bb/0x200 [ 208.487186] ? lock_acquire+0x1e4/0x540 [ 208.487201] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 208.487214] ? fsnotify+0xbac/0x14e0 [ 208.487230] ext4_file_read_iter+0x18b/0x3c0 [ 208.487261] generic_file_splice_read+0x5a5/0x9a0 [ 208.487280] ? add_to_pipe+0x360/0x360 [ 208.487303] ? rw_verify_area+0x118/0x360 [ 208.487318] ? add_to_pipe+0x360/0x360 [ 208.487333] do_splice_to+0x12e/0x190 [ 208.487350] splice_direct_to_actor+0x270/0x8f0 [ 208.487365] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 208.487380] ? pipe_to_sendpage+0x400/0x400 [ 208.487396] ? do_splice_to+0x190/0x190 [ 208.487411] ? security_file_permission+0x1c2/0x230 [ 208.487425] ? rw_verify_area+0x118/0x360 [ 208.487441] do_splice_direct+0x2d4/0x420 [ 208.487456] ? splice_direct_to_actor+0x8f0/0x8f0 [ 208.487470] ? rw_verify_area+0x118/0x360 [ 208.487484] do_sendfile+0x62a/0xe20 [ 208.487500] ? do_compat_pwritev64+0x1c0/0x1c0 [ 208.487518] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 208.487532] ? _copy_from_user+0xdf/0x150 [ 208.487547] __x64_sys_sendfile64+0x15d/0x250 [ 208.487569] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 208.487590] do_syscall_64+0x1b9/0x820 [ 208.487603] ? finish_task_switch+0x1d3/0x870 [ 208.487617] ? syscall_return_slowpath+0x5e0/0x5e0 [ 208.487631] ? syscall_return_slowpath+0x31d/0x5e0 [ 208.487645] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 208.487659] ? prepare_exit_to_usermode+0x291/0x3b0 [ 208.487673] ? perf_trace_sys_enter+0xb10/0xb10 [ 208.487687] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 208.487704] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 208.487714] RIP: 0033:0x455e29 [ 208.487717] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 208.487931] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 208.487945] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 208.487952] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 208.487959] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 21:25:29 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x74, &(0x7f0000000000)=""/194, &(0x7f0000000100)=0xc2) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:29 executing program 2 (fault-call:9 fault-nth:51): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:29 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0xfdfdffff, 0x3, 0xf301}}) 21:25:29 executing program 5: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) socket$kcm(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = eventfd(0x75fa) ioctl$KVM_IRQFD(r0, 0x4020ae76, &(0x7f0000000040)={r1, 0x12}) 21:25:29 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)) 21:25:29 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0xf00}}, 0x14}, 0x1}, 0x0) 21:25:29 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x2000000}}) [ 208.487967] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 208.487974] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000032 21:25:29 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x54a2, &(0x7f0000000000)) [ 209.866498] FAULT_INJECTION: forcing a failure. [ 209.866498] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 209.878519] CPU: 1 PID: 14042 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 209.886929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 209.896577] Call Trace: [ 209.899270] dump_stack+0x1c9/0x2b4 [ 209.902911] ? dump_stack_print_info.cold.2+0x52/0x52 [ 209.908206] ? perf_trace_lock_acquire+0xeb/0x9a0 21:25:29 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x101000, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000080)={0x10000, 0x2000}) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x22c240, 0x0) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = socket$inet6_sctp(0xa, 0x0, 0x84) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r3, 0x84, 0x4, &(0x7f00000000c0), &(0x7f0000000100)=0x4) [ 209.913075] should_fail.cold.4+0xa/0x11 [ 209.917158] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 209.922280] ? kasan_check_read+0x11/0x20 [ 209.926447] ? rcu_is_watching+0x8c/0x150 [ 209.930632] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 209.936186] ? xas_start+0x23d/0x740 [ 209.939919] ? find_get_entry+0xa6d/0x1120 [ 209.944171] ? lock_downgrade+0x8f0/0x8f0 [ 209.948339] ? lock_acquire+0x1e4/0x540 [ 209.952334] ? fs_reclaim_acquire+0x20/0x20 [ 209.956672] ? lock_downgrade+0x8f0/0x8f0 [ 209.960838] ? check_same_owner+0x340/0x340 21:25:29 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x54a2, &(0x7f0000000000)) [ 209.965277] ? find_get_entry+0xa96/0x1120 [ 209.969524] ? rcu_note_context_switch+0x730/0x730 [ 209.974555] __alloc_pages_nodemask+0x36e/0xdb0 [ 209.979316] ? percpu_ref_put_many+0x119/0x240 [ 209.983920] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 209.988956] ? trace_hardirqs_on+0x10/0x10 [ 209.993209] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 209.998072] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 210.003641] ? xas_start+0x23d/0x740 [ 210.007376] ? lock_acquire+0x1e4/0x540 [ 210.011360] ? xa_load+0x288/0x450 21:25:29 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x54a2, &(0x7f0000000000)) [ 210.014921] ? lock_downgrade+0x8f0/0x8f0 [ 210.019087] ? lock_release+0xa30/0xa30 [ 210.023076] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 210.028629] alloc_pages_current+0x10c/0x210 [ 210.033063] __page_cache_alloc+0x398/0x5e0 [ 210.037401] ? xa_load+0x2b1/0x450 [ 210.040962] ? xa_clear_tag+0x40/0x40 [ 210.044782] ? filemap_range_has_page+0x4c0/0x4c0 [ 210.049637] ? unwind_get_return_address+0x61/0xa0 [ 210.054587] __do_page_cache_readahead+0x24e/0x690 [ 210.059540] ? read_pages+0x680/0x680 [ 210.063355] ? lock_acquire+0x1e4/0x540 21:25:30 executing program 3: r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)) 21:25:30 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) socket$vsock_dgram(0x28, 0x2, 0x0) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) [ 210.067343] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 210.072462] ? lock_downgrade+0x8f0/0x8f0 [ 210.076626] ? lock_release+0xa30/0xa30 [ 210.080618] ondemand_readahead+0x550/0xc40 [ 210.084959] page_cache_sync_readahead+0x3a0/0x6d0 [ 210.089908] ? force_page_cache_readahead+0x360/0x360 [ 210.095112] ? lock_acquire+0x1e4/0x540 [ 210.099104] ? rcu_note_context_switch+0x730/0x730 [ 210.104068] ? check_same_owner+0x340/0x340 [ 210.108531] ? lock_release+0xa30/0xa30 [ 210.112540] generic_file_read_iter+0x1a87/0x2f10 21:25:30 executing program 3: r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)) [ 210.117409] ? filemap_write_and_wait_range+0xd0/0xd0 [ 210.122611] ? rcu_read_lock+0x70/0x70 [ 210.126516] ? __unlock_page_memcg+0x72/0x100 [ 210.131021] ? unlock_page_memcg+0x2c/0x40 [ 210.135261] ? page_add_file_rmap+0x781/0xe40 [ 210.139769] ? page_add_new_anon_rmap+0x870/0x870 [ 210.144634] ? perf_trace_lock+0x920/0x920 [ 210.148922] ? lock_acquire+0x1e4/0x540 [ 210.152908] ? alloc_set_pte+0x1133/0x1790 [ 210.157155] ? lock_release+0xa30/0xa30 [ 210.161144] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 210.166170] ? check_pgprot+0xdf/0x180 [ 210.170067] ? put_page+0x280/0x280 [ 210.173702] ? kasan_check_write+0x14/0x20 [ 210.177941] ? do_raw_spin_lock+0xc1/0x200 [ 210.182198] ? alloc_set_pte+0xaf6/0x1790 [ 210.186360] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 210.191469] ? filemap_map_pages+0xca2/0x1990 [ 210.196068] ? trace_hardirqs_on+0x10/0x10 [ 210.200331] ? xa_set_tag+0x40/0x40 [ 210.203980] ? perf_trace_lock+0x920/0x920 [ 210.208231] ? environ_open+0x90/0x90 [ 210.212046] ? trace_hardirqs_on+0x10/0x10 [ 210.216297] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 210.221938] ? trace_hardirqs_on+0x10/0x10 [ 210.226182] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 210.231036] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 210.235875] ? perf_trace_lock+0x920/0x920 [ 210.240101] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 210.244942] ? perf_trace_lock+0x920/0x920 [ 210.249167] ? perf_trace_lock+0x920/0x920 [ 210.253393] ? shrink_dcache_sb+0x350/0x350 [ 210.257713] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 210.262547] ? __fdget_pos+0x1bb/0x200 [ 210.266435] ? lock_acquire+0x1e4/0x540 [ 210.270412] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 210.275942] ? fsnotify+0xbac/0x14e0 [ 210.279657] ext4_file_read_iter+0x18b/0x3c0 [ 210.284059] generic_file_splice_read+0x5a5/0x9a0 [ 210.288905] ? add_to_pipe+0x360/0x360 [ 210.292794] ? rw_verify_area+0x118/0x360 [ 210.296933] ? add_to_pipe+0x360/0x360 [ 210.300812] do_splice_to+0x12e/0x190 [ 210.304608] splice_direct_to_actor+0x270/0x8f0 [ 210.309276] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 210.314802] ? pipe_to_sendpage+0x400/0x400 [ 210.319116] ? do_splice_to+0x190/0x190 [ 210.323094] ? security_file_permission+0x1c2/0x230 [ 210.328102] ? rw_verify_area+0x118/0x360 [ 210.332243] do_splice_direct+0x2d4/0x420 [ 210.336386] ? splice_direct_to_actor+0x8f0/0x8f0 [ 210.341230] ? rw_verify_area+0x118/0x360 [ 210.345369] do_sendfile+0x62a/0xe20 [ 210.349083] ? do_compat_pwritev64+0x1c0/0x1c0 [ 210.353671] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 210.359720] ? _copy_from_user+0xdf/0x150 [ 210.363863] __x64_sys_sendfile64+0x15d/0x250 [ 210.368350] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 210.372932] do_syscall_64+0x1b9/0x820 [ 210.376816] ? finish_task_switch+0x1d3/0x870 [ 210.381307] ? syscall_return_slowpath+0x5e0/0x5e0 [ 210.386242] ? syscall_return_slowpath+0x31d/0x5e0 [ 210.391178] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 210.396274] ? prepare_exit_to_usermode+0x291/0x3b0 [ 210.401299] ? perf_trace_sys_enter+0xb10/0xb10 [ 210.405992] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 210.410841] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 210.416022] RIP: 0033:0x455e29 [ 210.419206] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 210.438690] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 210.446397] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 210.453661] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 210.460949] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 210.468211] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 210.475472] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000033 21:25:30 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x600, 0x3, 0xf301}}) 21:25:30 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x700}}) 21:25:30 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e20, 0x7, @dev={0xfe, 0x80, [], 0x1a}, 0xa68}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='pids.current\x00', 0x0, 0x0) ioctl$SG_SET_KEEP_ORPHAN(r2, 0x2287, &(0x7f0000000240)=0xfffffffffffffbff) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x10000, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_MCAST(r3, &(0x7f0000000100)={0x16, 0x98, 0xfa00, {&(0x7f0000000040), 0x2, r4, 0x30, 0x1, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x1e}}}}, 0xa0) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:30 executing program 3: r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)) 21:25:30 executing program 5: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) socket$kcm(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x0, 0x4, 0x70}, 0x2c) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = eventfd(0x75fa) ioctl$KVM_IRQFD(r0, 0x4020ae76, &(0x7f0000000040)={r1, 0x12}) 21:25:30 executing program 6 (fault-call:8 fault-nth:0): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 21:25:30 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x9effffff}}, 0x14}, 0x1}, 0x0) 21:25:30 executing program 2 (fault-call:9 fault-nth:52): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) [ 210.737214] FAULT_INJECTION: forcing a failure. [ 210.737214] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 210.749447] CPU: 0 PID: 14107 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 210.757856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 210.767226] Call Trace: [ 210.769828] dump_stack+0x1c9/0x2b4 [ 210.773471] ? dump_stack_print_info.cold.2+0x52/0x52 [ 210.778685] should_fail.cold.4+0xa/0x11 21:25:30 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x4, 0x3, 0xf301}}) 21:25:30 executing program 3: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)) 21:25:30 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000000)=[@in={0x2, 0x4e21}], 0x10) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x4) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000080)=0xfffffffffffff55f, 0x4) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = open(&(0x7f0000000040)='./file0\x00', 0x1, 0x21) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r2, 0x84, 0x1b, &(0x7f0000000300)=ANY=[@ANYRES32=0x0, @ANYBLOB="250000008bd2dac27cc1fa0689430e848e14bc6e3f293c089c9243fe060000009808000000c9b9944dfc23ce6285d4824e6de8d1d93deb468c3773bc44ff4e88d6d9ae119da6a8cd2232c69d7321a392f50c0b362c0c7b55824c0d2392ab3378651a3b51a656955c51af99e7ab00375a031f758aa2ac8e81b332d39d9e658598d4b5d78ff8652bc8c66d6f1719d7b99032a38afc32390a044bb08b8fc7b225cd0cf246d5014992c1c4ac51d279b04474c7fd2df707b0fa92b6f5837d0ce7d1e078506b8636790d02467b5f6beb5be8af6bcdb49ebcdae8beb943ffd1e0a7dc83376e30fe251f78caceed56ac6112c5a020a972a8fd2958a6f946776249ae63db20ae03e4a70d6f45e6fa303dd455f81681e33281255ddcf275305ef0ab805dbca04548bacbf81fefb2b7d94d7f2745c3085baea473707de1779754cea6629861c3b5cf863b01df3e43974f8c4e691715dcb5b26ca499af8c1eec3c889763263e31729595d250224f25239b535859d42743a554ea8f09089644786886f69bcec40441f4921c9272230ab267f5482e5e98e845134734bce036431fcb23a7466c12736928143e497aec4e202f94e1d5008f3e6505f904bcffa69beddf1040941270742a643d53"], &(0x7f0000000140)=0x2) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f00000000c0)={r3, 0x2}, 0x8) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:30 executing program 5: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) socket$kcm(0xa, 0x1, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x12}) 21:25:30 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0xf000}}, 0x14}, 0x1}, 0x0) 21:25:30 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x700000000000000}}) [ 210.782761] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 210.787878] ? kasan_check_read+0x11/0x20 [ 210.792144] ? rcu_is_watching+0x8c/0x150 [ 210.796315] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 210.801869] ? xas_start+0x23d/0x740 [ 210.805596] ? trace_hardirqs_on+0x10/0x10 [ 210.809893] ? find_get_entry+0xa6d/0x1120 [ 210.814143] ? lock_downgrade+0x8f0/0x8f0 [ 210.818309] ? lock_acquire+0x1e4/0x540 [ 210.822315] ? fs_reclaim_acquire+0x20/0x20 [ 210.826649] ? lock_downgrade+0x8f0/0x8f0 [ 210.830810] ? check_same_owner+0x340/0x340 [ 210.835141] ? find_get_entry+0xa96/0x1120 [ 210.839387] ? rcu_note_context_switch+0x730/0x730 [ 210.844338] __alloc_pages_nodemask+0x36e/0xdb0 [ 210.849017] ? percpu_ref_put_many+0x119/0x240 [ 210.853638] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 210.858652] ? trace_hardirqs_on+0x10/0x10 [ 210.862979] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 210.868510] ? xas_start+0x23d/0x740 [ 210.872222] ? lock_acquire+0x1e4/0x540 [ 210.876183] ? xa_load+0x288/0x450 [ 210.879803] ? lock_downgrade+0x8f0/0x8f0 [ 210.883964] ? lock_release+0xa30/0xa30 [ 210.887938] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 210.893485] alloc_pages_current+0x10c/0x210 [ 210.897893] __page_cache_alloc+0x398/0x5e0 [ 210.902205] ? xa_load+0x2b1/0x450 [ 210.905821] ? xa_clear_tag+0x40/0x40 [ 210.909624] ? filemap_range_has_page+0x4c0/0x4c0 [ 210.914472] ? unwind_get_return_address+0x61/0xa0 [ 210.919398] __do_page_cache_readahead+0x24e/0x690 [ 210.924330] ? read_pages+0x680/0x680 [ 210.928386] ? lock_acquire+0x1e4/0x540 [ 210.932352] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 210.937453] ? lock_downgrade+0x8f0/0x8f0 [ 210.941592] ? lock_release+0xa30/0xa30 [ 210.945559] ondemand_readahead+0x550/0xc40 [ 210.949877] page_cache_sync_readahead+0x3a0/0x6d0 [ 210.954799] ? force_page_cache_readahead+0x360/0x360 [ 210.960064] ? lock_acquire+0x1e4/0x540 [ 210.964030] ? rcu_note_context_switch+0x730/0x730 [ 210.968948] ? check_same_owner+0x340/0x340 [ 210.973263] ? lock_release+0xa30/0xa30 [ 210.977230] generic_file_read_iter+0x1a87/0x2f10 [ 210.982077] ? filemap_write_and_wait_range+0xd0/0xd0 [ 210.987257] ? rcu_read_lock+0x70/0x70 [ 210.991141] ? __unlock_page_memcg+0x72/0x100 [ 210.995640] ? unlock_page_memcg+0x2c/0x40 [ 210.999866] ? page_add_file_rmap+0x781/0xe40 [ 211.004354] ? page_add_new_anon_rmap+0x870/0x870 [ 211.009190] ? lockdep_init_map+0x9/0x10 [ 211.013242] ? kasan_check_write+0x14/0x20 [ 211.017467] ? __init_rwsem+0x1cc/0x2a0 [ 211.021452] ? lock_acquire+0x1e4/0x540 [ 211.025427] ? alloc_set_pte+0x1133/0x1790 [ 211.029658] ? lock_release+0xa30/0xa30 [ 211.033622] ? xas_descend+0x20c/0x5f0 [ 211.037512] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 211.042518] ? check_pgprot+0xdf/0x180 [ 211.046393] ? put_page+0x280/0x280 [ 211.050020] ? kasan_check_write+0x14/0x20 [ 211.054243] ? do_raw_spin_lock+0xc1/0x200 [ 211.058480] ? alloc_set_pte+0xaf6/0x1790 [ 211.062624] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 211.067640] ? filemap_map_pages+0xca2/0x1990 [ 211.072136] ? trace_hardirqs_on+0x10/0x10 [ 211.076449] ? xa_set_tag+0x40/0x40 [ 211.080070] ? environ_open+0x90/0x90 [ 211.083862] ? trace_hardirqs_on+0x10/0x10 [ 211.088084] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 211.093709] ? trace_hardirqs_on+0x10/0x10 [ 211.097935] ? trace_hardirqs_on+0x10/0x10 [ 211.102164] ? find_get_entries_tag+0x1410/0x1410 [ 211.107103] ? trace_hardirqs_on+0x10/0x10 [ 211.111329] ? mntput_no_expire+0x18e/0xbc0 [ 211.115640] ? do_raw_spin_lock+0xc1/0x200 [ 211.119868] ? mnt_get_count+0x150/0x150 [ 211.123925] ? dput.part.26+0x276/0x7a0 [ 211.127908] ? shrink_dcache_sb+0x350/0x350 [ 211.132226] ? lock_acquire+0x1e4/0x540 [ 211.136187] ? __fdget_pos+0x1bb/0x200 [ 211.140068] ? lock_acquire+0x1e4/0x540 [ 211.144033] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 211.149559] ? fsnotify+0xbac/0x14e0 [ 211.153266] ext4_file_read_iter+0x18b/0x3c0 [ 211.157669] generic_file_splice_read+0x5a5/0x9a0 [ 211.162502] ? add_to_pipe+0x360/0x360 [ 211.166390] ? rw_verify_area+0x118/0x360 [ 211.170534] ? add_to_pipe+0x360/0x360 [ 211.174412] do_splice_to+0x12e/0x190 [ 211.178210] splice_direct_to_actor+0x270/0x8f0 [ 211.182868] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 211.188397] ? pipe_to_sendpage+0x400/0x400 [ 211.192802] ? do_splice_to+0x190/0x190 [ 211.196774] ? security_file_permission+0x1c2/0x230 [ 211.201781] ? rw_verify_area+0x118/0x360 [ 211.205933] do_splice_direct+0x2d4/0x420 [ 211.210081] ? splice_direct_to_actor+0x8f0/0x8f0 [ 211.214914] ? rw_verify_area+0x118/0x360 [ 211.219051] do_sendfile+0x62a/0xe20 [ 211.222772] ? do_compat_pwritev64+0x1c0/0x1c0 [ 211.227366] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 211.232897] ? _copy_from_user+0xdf/0x150 [ 211.237038] __x64_sys_sendfile64+0x15d/0x250 [ 211.241523] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 211.246127] do_syscall_64+0x1b9/0x820 [ 211.250004] ? finish_task_switch+0x1d3/0x870 [ 211.254499] ? syscall_return_slowpath+0x5e0/0x5e0 [ 211.259416] ? syscall_return_slowpath+0x31d/0x5e0 [ 211.264337] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 211.269361] ? prepare_exit_to_usermode+0x291/0x3b0 [ 211.274376] ? perf_trace_sys_enter+0xb10/0xb10 [ 211.279038] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 211.283878] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 211.289065] RIP: 0033:0x455e29 [ 211.292238] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 211.311510] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 211.319208] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 211.326464] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 211.333723] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 211.340980] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 211.348239] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000034 21:25:31 executing program 3: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)) 21:25:31 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0xc00e}}, 0x14}, 0x1}, 0x0) 21:25:31 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x6c, 0x3, 0xf301}}) 21:25:31 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x400000000000000}}) 21:25:31 executing program 2 (fault-call:9 fault-nth:53): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:31 executing program 5: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x12}) 21:25:31 executing program 3: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)) [ 211.542963] FAULT_INJECTION: forcing a failure. [ 211.542963] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 211.554895] CPU: 0 PID: 14160 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 211.563304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 211.572662] Call Trace: [ 211.575261] dump_stack+0x1c9/0x2b4 [ 211.578896] ? dump_stack_print_info.cold.2+0x52/0x52 [ 211.584121] ? _raw_spin_unlock_irq+0x27/0x70 [ 211.588637] ? finish_task_switch+0x1d3/0x870 [ 211.593148] should_fail.cold.4+0xa/0x11 [ 211.597234] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 211.602354] ? kasan_check_write+0x14/0x20 [ 211.606612] ? __schedule+0x884/0x1ed0 [ 211.610518] ? trace_hardirqs_on+0x10/0x10 [ 211.614767] ? __sched_text_start+0x8/0x8 [ 211.618936] ? lock_downgrade+0x8f0/0x8f0 [ 211.623101] ? lock_acquire+0x1e4/0x540 [ 211.627088] ? fs_reclaim_acquire+0x20/0x20 [ 211.631424] ? lock_downgrade+0x8f0/0x8f0 [ 211.636480] ? check_same_owner+0x340/0x340 [ 211.640817] ? rcu_note_context_switch+0x730/0x730 [ 211.645756] __alloc_pages_nodemask+0x36e/0xdb0 [ 211.650421] ? percpu_ref_put_many+0x119/0x240 [ 211.655001] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 211.660017] ? trace_hardirqs_on+0x10/0x10 [ 211.664247] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 211.669771] ? xas_start+0x23d/0x740 [ 211.673476] ? lock_acquire+0x1e4/0x540 [ 211.677444] ? xa_load+0x288/0x450 [ 211.680980] ? lock_downgrade+0x8f0/0x8f0 [ 211.685123] ? lock_release+0xa30/0xa30 [ 211.689088] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 211.694622] alloc_pages_current+0x10c/0x210 [ 211.699022] __page_cache_alloc+0x398/0x5e0 [ 211.703330] ? xa_load+0x2b1/0x450 [ 211.706854] ? xa_clear_tag+0x40/0x40 [ 211.710659] ? filemap_range_has_page+0x4c0/0x4c0 [ 211.715489] ? __do_page_cache_readahead+0x2d6/0x690 [ 211.720591] __do_page_cache_readahead+0x24e/0x690 [ 211.725511] ? read_pages+0x680/0x680 [ 211.729299] ? lock_acquire+0x1e4/0x540 [ 211.733266] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 211.738358] ? lock_downgrade+0x8f0/0x8f0 [ 211.742498] ? lock_release+0xa30/0xa30 [ 211.746463] ondemand_readahead+0x550/0xc40 [ 211.750790] page_cache_sync_readahead+0x3a0/0x6d0 [ 211.755719] ? force_page_cache_readahead+0x360/0x360 [ 211.760897] ? lock_acquire+0x1e4/0x540 [ 211.764857] ? rcu_note_context_switch+0x730/0x730 [ 211.769862] ? check_same_owner+0x340/0x340 [ 211.774177] ? lock_release+0xa30/0xa30 [ 211.778144] generic_file_read_iter+0x1a87/0x2f10 [ 211.782979] ? filemap_write_and_wait_range+0xd0/0xd0 [ 211.788155] ? rcu_read_lock+0x70/0x70 [ 211.792031] ? __unlock_page_memcg+0x72/0x100 [ 211.796523] ? unlock_page_memcg+0x2c/0x40 [ 211.800744] ? page_add_file_rmap+0x781/0xe40 [ 211.805239] ? page_add_new_anon_rmap+0x870/0x870 [ 211.810079] ? lockdep_init_map+0x9/0x10 [ 211.814127] ? kasan_check_write+0x14/0x20 [ 211.818350] ? __init_rwsem+0x1cc/0x2a0 [ 211.822312] ? lock_acquire+0x1e4/0x540 [ 211.826273] ? alloc_set_pte+0x1133/0x1790 [ 211.830507] ? lock_release+0xa30/0xa30 [ 211.834478] ? xas_descend+0x20c/0x5f0 [ 211.838438] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 211.843453] ? check_pgprot+0xdf/0x180 [ 211.847328] ? put_page+0x280/0x280 [ 211.850942] ? kasan_check_write+0x14/0x20 [ 211.855162] ? do_raw_spin_lock+0xc1/0x200 [ 211.859393] ? alloc_set_pte+0xaf6/0x1790 [ 211.863537] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 211.868546] ? filemap_map_pages+0xca2/0x1990 [ 211.873034] ? trace_hardirqs_on+0x10/0x10 [ 211.877267] ? xa_set_tag+0x40/0x40 [ 211.880892] ? environ_open+0x90/0x90 [ 211.884691] ? trace_hardirqs_on+0x10/0x10 [ 211.888913] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 211.894439] ? trace_hardirqs_on+0x10/0x10 [ 211.898668] ? trace_hardirqs_on+0x10/0x10 [ 211.902893] ? find_get_entries_tag+0x1410/0x1410 [ 211.907735] ? trace_hardirqs_on+0x10/0x10 [ 211.911970] ? mntput_no_expire+0x18e/0xbc0 [ 211.916279] ? do_raw_spin_lock+0xc1/0x200 [ 211.920521] ? mnt_get_count+0x150/0x150 [ 211.924570] ? dput.part.26+0x276/0x7a0 [ 211.928702] ? shrink_dcache_sb+0x350/0x350 [ 211.933015] ? lock_acquire+0x1e4/0x540 [ 211.936976] ? __fdget_pos+0x1bb/0x200 [ 211.940864] ? lock_acquire+0x1e4/0x540 [ 211.944833] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 211.950367] ? fsnotify+0xbac/0x14e0 [ 211.954159] ext4_file_read_iter+0x18b/0x3c0 [ 211.958557] generic_file_splice_read+0x5a5/0x9a0 [ 211.963404] ? add_to_pipe+0x360/0x360 [ 211.967285] ? rw_verify_area+0x118/0x360 [ 211.971423] ? add_to_pipe+0x360/0x360 [ 211.975307] do_splice_to+0x12e/0x190 [ 211.979095] splice_direct_to_actor+0x270/0x8f0 [ 211.983769] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 211.989294] ? pipe_to_sendpage+0x400/0x400 [ 211.993619] ? do_splice_to+0x190/0x190 [ 211.997579] ? security_file_permission+0x1c2/0x230 [ 212.002591] ? rw_verify_area+0x118/0x360 [ 212.006735] do_splice_direct+0x2d4/0x420 [ 212.010887] ? splice_direct_to_actor+0x8f0/0x8f0 [ 212.015717] ? rw_verify_area+0x118/0x360 [ 212.019848] do_sendfile+0x62a/0xe20 [ 212.023641] ? do_compat_pwritev64+0x1c0/0x1c0 [ 212.028216] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 212.033760] ? _copy_from_user+0xdf/0x150 [ 212.037904] __x64_sys_sendfile64+0x15d/0x250 [ 212.042386] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 212.046961] do_syscall_64+0x1b9/0x820 [ 212.050835] ? finish_task_switch+0x1d3/0x870 [ 212.055317] ? syscall_return_slowpath+0x5e0/0x5e0 [ 212.060232] ? syscall_return_slowpath+0x31d/0x5e0 [ 212.065146] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 212.070150] ? prepare_exit_to_usermode+0x291/0x3b0 [ 212.075159] ? perf_trace_sys_enter+0xb10/0xb10 [ 212.079816] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 212.084660] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 212.089833] RIP: 0033:0x455e29 [ 212.093002] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 212.112522] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 212.120225] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 212.127480] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 212.134759] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 212.142014] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 212.149357] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000035 21:25:32 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 21:25:32 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x6c00000000000000, 0x3, 0xf301}}) 21:25:32 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:32 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x148}}, 0x14}, 0x1}, 0x0) 21:25:32 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)) 21:25:32 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x6c00000000000000}}) 21:25:32 executing program 2 (fault-call:9 fault-nth:54): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:32 executing program 5: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x12}) [ 212.303724] FAULT_INJECTION: forcing a failure. [ 212.303724] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 212.315725] CPU: 1 PID: 14183 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 212.324144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 212.333575] Call Trace: [ 212.336174] dump_stack+0x1c9/0x2b4 [ 212.339811] ? dump_stack_print_info.cold.2+0x52/0x52 [ 212.345014] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 212.349875] should_fail.cold.4+0xa/0x11 21:25:32 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)) 21:25:32 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000000)=0x0) ioctl$TIOCSPGRP(r0, 0x5410, &(0x7f0000000040)=r2) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:32 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x400000000000000, 0x3, 0xf301}}) 21:25:32 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x34000}}, 0x14}, 0x1}, 0x0) [ 212.353953] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 212.359078] ? kasan_check_read+0x11/0x20 [ 212.363244] ? rcu_is_watching+0x8c/0x150 [ 212.367405] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 212.372961] ? xas_start+0x23d/0x740 [ 212.376697] ? find_get_entry+0xa6d/0x1120 [ 212.380945] ? lock_downgrade+0x8f0/0x8f0 [ 212.385109] ? lock_acquire+0x1e4/0x540 [ 212.389094] ? fs_reclaim_acquire+0x20/0x20 [ 212.393436] ? lock_downgrade+0x8f0/0x8f0 [ 212.397605] ? check_same_owner+0x340/0x340 [ 212.402024] ? find_get_entry+0xa96/0x1120 [ 212.406267] ? rcu_note_context_switch+0x730/0x730 [ 212.411213] __alloc_pages_nodemask+0x36e/0xdb0 [ 212.415887] ? percpu_ref_put_many+0x119/0x240 [ 212.420557] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 212.425583] ? trace_hardirqs_on+0x10/0x10 [ 212.429811] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 212.434647] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 212.440186] ? xas_start+0x23d/0x740 [ 212.444325] ? lock_acquire+0x1e4/0x540 [ 212.448286] ? xa_load+0x288/0x450 [ 212.451829] ? lock_downgrade+0x8f0/0x8f0 [ 212.455965] ? lock_release+0xa30/0xa30 [ 212.459927] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 212.465548] alloc_pages_current+0x10c/0x210 [ 212.469964] __page_cache_alloc+0x398/0x5e0 [ 212.474274] ? xa_load+0x2b1/0x450 [ 212.477802] ? xa_clear_tag+0x40/0x40 [ 212.482633] ? filemap_range_has_page+0x4c0/0x4c0 [ 212.487463] ? unwind_get_return_address+0x61/0xa0 [ 212.492477] __do_page_cache_readahead+0x24e/0x690 [ 212.497403] ? read_pages+0x680/0x680 [ 212.501192] ? lock_acquire+0x1e4/0x540 [ 212.505167] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 212.510258] ? lock_downgrade+0x8f0/0x8f0 [ 212.514391] ? lock_release+0xa30/0xa30 [ 212.518355] ondemand_readahead+0x550/0xc40 [ 212.522684] page_cache_sync_readahead+0x3a0/0x6d0 [ 212.528041] ? force_page_cache_readahead+0x360/0x360 [ 212.533403] ? lock_acquire+0x1e4/0x540 [ 212.537375] ? rcu_note_context_switch+0x730/0x730 [ 212.542301] ? check_same_owner+0x340/0x340 [ 212.546608] ? lock_release+0xa30/0xa30 [ 212.550571] generic_file_read_iter+0x1a87/0x2f10 [ 212.555405] ? filemap_write_and_wait_range+0xd0/0xd0 [ 212.560604] ? rcu_read_lock+0x70/0x70 [ 212.564491] ? __unlock_page_memcg+0x72/0x100 [ 212.568979] ? unlock_page_memcg+0x2c/0x40 [ 212.573211] ? page_add_file_rmap+0x781/0xe40 [ 212.577803] ? page_add_new_anon_rmap+0x870/0x870 [ 212.582636] ? perf_trace_lock+0x920/0x920 [ 212.586871] ? lock_acquire+0x1e4/0x540 [ 212.590832] ? alloc_set_pte+0x1133/0x1790 [ 212.595052] ? lock_release+0xa30/0xa30 [ 212.599452] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 212.604470] ? check_pgprot+0xdf/0x180 [ 212.608343] ? put_page+0x280/0x280 [ 212.611961] ? kasan_check_write+0x14/0x20 [ 212.616277] ? do_raw_spin_lock+0xc1/0x200 [ 212.620503] ? alloc_set_pte+0xaf6/0x1790 [ 212.624640] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 212.629655] ? filemap_map_pages+0xca2/0x1990 [ 212.634150] ? trace_hardirqs_on+0x10/0x10 [ 212.638378] ? xa_set_tag+0x40/0x40 [ 212.642000] ? perf_trace_lock+0x920/0x920 [ 212.646233] ? environ_open+0x90/0x90 [ 212.650036] ? trace_hardirqs_on+0x10/0x10 [ 212.654258] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 212.659784] ? trace_hardirqs_on+0x10/0x10 [ 212.664010] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 212.668855] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 212.673869] ? perf_trace_lock+0x920/0x920 [ 212.678094] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 212.682925] ? perf_trace_lock+0x920/0x920 [ 212.687145] ? perf_trace_lock+0x920/0x920 [ 212.691376] ? shrink_dcache_sb+0x350/0x350 [ 212.696220] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 212.701059] ? __fdget_pos+0x1bb/0x200 [ 212.704937] ? lock_acquire+0x1e4/0x540 [ 212.708914] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 212.714448] ? fsnotify+0xbac/0x14e0 [ 212.718162] ext4_file_read_iter+0x18b/0x3c0 [ 212.722575] generic_file_splice_read+0x5a5/0x9a0 [ 212.727410] ? add_to_pipe+0x360/0x360 [ 212.731294] ? rw_verify_area+0x118/0x360 [ 212.735528] ? add_to_pipe+0x360/0x360 [ 212.739421] do_splice_to+0x12e/0x190 [ 212.743229] splice_direct_to_actor+0x270/0x8f0 [ 212.747886] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 212.753415] ? pipe_to_sendpage+0x400/0x400 [ 212.757990] ? do_splice_to+0x190/0x190 [ 212.761953] ? security_file_permission+0x1c2/0x230 [ 212.766967] ? rw_verify_area+0x118/0x360 [ 212.771105] do_splice_direct+0x2d4/0x420 [ 212.775251] ? splice_direct_to_actor+0x8f0/0x8f0 [ 212.780083] ? rw_verify_area+0x118/0x360 [ 212.784220] do_sendfile+0x62a/0xe20 [ 212.787928] ? do_compat_pwritev64+0x1c0/0x1c0 [ 212.792514] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 212.798161] ? _copy_from_user+0xdf/0x150 [ 212.802362] __x64_sys_sendfile64+0x15d/0x250 [ 212.806847] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 212.811426] do_syscall_64+0x1b9/0x820 [ 212.815313] ? finish_task_switch+0x1d3/0x870 [ 212.819904] ? syscall_return_slowpath+0x5e0/0x5e0 [ 212.824821] ? syscall_return_slowpath+0x31d/0x5e0 [ 212.829741] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 212.834752] ? prepare_exit_to_usermode+0x291/0x3b0 [ 212.839755] ? perf_trace_sys_enter+0xb10/0xb10 [ 212.844413] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 212.849266] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 212.854439] RIP: 0033:0x455e29 [ 212.857609] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 212.876794] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 212.884489] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 212.891746] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 212.899000] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 21:25:32 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r2, 0x800448d3, &(0x7f0000000040)={{0xaf5, 0x1, 0x1, 0x6, 0x0, 0x15}, 0x5, 0xfff, 0x8, 0x100, 0xbd, "b9a4e1150a981fa01666a94783e2d2a07f557be30b77f801fdc916d972527ae9f60251ec1a67f8f69189cb6f2573a7e025e641dda43139d7b50fcc24423138f0a64422bf18e7f66028628bb25109153b060d44624a34c473b5cf859917fffbc2c78f9f2c42f1178def902663295f113d2ff1e500a9c56d8848f93ae65412b650"}) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) setsockopt$inet6_MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f0000000000)={0xa11f, 0x1, 0x977, 0x100, 0xfff}, 0xc) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) [ 212.906352] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 212.913606] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000036 21:25:32 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x4c00000000000000}}) 21:25:32 executing program 2 (fault-call:9 fault-nth:55): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:32 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)) [ 213.062396] FAULT_INJECTION: forcing a failure. [ 213.062396] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 213.074462] CPU: 0 PID: 14227 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 213.082868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 213.092345] Call Trace: [ 213.094945] dump_stack+0x1c9/0x2b4 [ 213.098584] ? dump_stack_print_info.cold.2+0x52/0x52 [ 213.103802] should_fail.cold.4+0xa/0x11 [ 213.107883] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 213.112999] ? kasan_check_read+0x11/0x20 [ 213.117148] ? rcu_is_watching+0x8c/0x150 [ 213.121289] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 213.126815] ? xas_start+0x23d/0x740 [ 213.130519] ? trace_hardirqs_on+0x10/0x10 [ 213.134749] ? find_get_entry+0xa6d/0x1120 [ 213.138967] ? lock_downgrade+0x8f0/0x8f0 [ 213.143102] ? lock_acquire+0x1e4/0x540 [ 213.147061] ? fs_reclaim_acquire+0x20/0x20 [ 213.151380] ? lock_downgrade+0x8f0/0x8f0 [ 213.155526] ? check_same_owner+0x340/0x340 [ 213.159844] ? find_get_entry+0xa96/0x1120 [ 213.164069] ? rcu_note_context_switch+0x730/0x730 [ 213.168998] __alloc_pages_nodemask+0x36e/0xdb0 [ 213.173664] ? percpu_ref_put_many+0x119/0x240 [ 213.178231] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 213.183232] ? trace_hardirqs_on+0x10/0x10 [ 213.187456] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 213.192995] ? xas_start+0x23d/0x740 [ 213.196802] ? lock_acquire+0x1e4/0x540 [ 213.200760] ? xa_load+0x288/0x450 [ 213.204389] ? lock_downgrade+0x8f0/0x8f0 [ 213.208523] ? lock_release+0xa30/0xa30 21:25:33 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x3, r0) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 21:25:33 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x7400000000000000, 0x3, 0xf301}}) 21:25:33 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x12}) 21:25:33 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x1000000}}, 0x14}, 0x1}, 0x0) 21:25:33 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)) 21:25:33 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x5000000}}) 21:25:33 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @remote={0xfe, 0x80, [], 0xbb}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) [ 213.212495] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 213.218031] alloc_pages_current+0x10c/0x210 [ 213.222436] __page_cache_alloc+0x398/0x5e0 [ 213.226756] ? xa_load+0x2b1/0x450 [ 213.230302] ? xa_clear_tag+0x40/0x40 [ 213.234119] ? filemap_range_has_page+0x4c0/0x4c0 [ 213.238966] ? unwind_get_return_address+0x61/0xa0 [ 213.243908] __do_page_cache_readahead+0x24e/0x690 [ 213.248852] ? read_pages+0x680/0x680 [ 213.252670] ? lock_acquire+0x1e4/0x540 [ 213.256659] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 213.261769] ? lock_downgrade+0x8f0/0x8f0 [ 213.265926] ? lock_release+0xa30/0xa30 [ 213.269911] ondemand_readahead+0x550/0xc40 [ 213.274255] page_cache_sync_readahead+0x3a0/0x6d0 [ 213.279193] ? force_page_cache_readahead+0x360/0x360 [ 213.284375] ? lock_acquire+0x1e4/0x540 [ 213.288344] ? rcu_note_context_switch+0x730/0x730 [ 213.293267] ? check_same_owner+0x340/0x340 [ 213.297587] ? lock_release+0xa30/0xa30 [ 213.301554] generic_file_read_iter+0x1a87/0x2f10 [ 213.306410] ? filemap_write_and_wait_range+0xd0/0xd0 [ 213.311597] ? rcu_read_lock+0x70/0x70 [ 213.315487] ? __unlock_page_memcg+0x72/0x100 [ 213.319980] ? unlock_page_memcg+0x2c/0x40 [ 213.324214] ? page_add_file_rmap+0x781/0xe40 [ 213.328704] ? page_add_new_anon_rmap+0x870/0x870 [ 213.333551] ? lockdep_init_map+0x9/0x10 [ 213.337608] ? kasan_check_write+0x14/0x20 [ 213.341832] ? __init_rwsem+0x1cc/0x2a0 [ 213.345817] ? lock_acquire+0x1e4/0x540 [ 213.349779] ? alloc_set_pte+0x1133/0x1790 [ 213.354013] ? lock_release+0xa30/0xa30 [ 213.357989] ? xas_descend+0x20c/0x5f0 [ 213.361876] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 213.366887] ? check_pgprot+0xdf/0x180 [ 213.370771] ? put_page+0x280/0x280 [ 213.374399] ? kasan_check_write+0x14/0x20 [ 213.378625] ? do_raw_spin_lock+0xc1/0x200 [ 213.382857] ? alloc_set_pte+0xaf6/0x1790 [ 213.387002] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 213.392018] ? filemap_map_pages+0xca2/0x1990 [ 213.396594] ? trace_hardirqs_on+0x10/0x10 [ 213.400826] ? xa_set_tag+0x40/0x40 [ 213.404448] ? environ_open+0x90/0x90 [ 213.408241] ? trace_hardirqs_on+0x10/0x10 [ 213.412471] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 213.418091] ? trace_hardirqs_on+0x10/0x10 [ 213.422328] ? trace_hardirqs_on+0x10/0x10 [ 213.426569] ? find_get_entries_tag+0x1410/0x1410 [ 213.431403] ? trace_hardirqs_on+0x10/0x10 [ 213.435675] ? mntput_no_expire+0x18e/0xbc0 [ 213.439984] ? do_raw_spin_lock+0xc1/0x200 [ 213.444215] ? mnt_get_count+0x150/0x150 [ 213.448269] ? dput.part.26+0x276/0x7a0 [ 213.452231] ? shrink_dcache_sb+0x350/0x350 [ 213.456548] ? lock_acquire+0x1e4/0x540 [ 213.460510] ? __fdget_pos+0x1bb/0x200 [ 213.464394] ? lock_acquire+0x1e4/0x540 [ 213.468379] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 213.473906] ? fsnotify+0xbac/0x14e0 [ 213.477612] ext4_file_read_iter+0x18b/0x3c0 [ 213.482022] generic_file_splice_read+0x5a5/0x9a0 [ 213.486855] ? add_to_pipe+0x360/0x360 [ 213.490831] ? rw_verify_area+0x118/0x360 [ 213.494967] ? add_to_pipe+0x360/0x360 [ 213.498854] do_splice_to+0x12e/0x190 [ 213.502650] splice_direct_to_actor+0x270/0x8f0 [ 213.507324] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 213.512854] ? pipe_to_sendpage+0x400/0x400 [ 213.517168] ? do_splice_to+0x190/0x190 [ 213.521138] ? security_file_permission+0x1c2/0x230 [ 213.526156] ? rw_verify_area+0x118/0x360 [ 213.530309] do_splice_direct+0x2d4/0x420 [ 213.534463] ? splice_direct_to_actor+0x8f0/0x8f0 [ 213.540344] ? rw_verify_area+0x118/0x360 [ 213.544497] do_sendfile+0x62a/0xe20 [ 213.548208] ? do_compat_pwritev64+0x1c0/0x1c0 [ 213.552785] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 213.558312] ? _copy_from_user+0xdf/0x150 [ 213.562452] __x64_sys_sendfile64+0x15d/0x250 [ 213.566949] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 213.571529] do_syscall_64+0x1b9/0x820 [ 213.575416] ? finish_task_switch+0x1d3/0x870 [ 213.579904] ? syscall_return_slowpath+0x5e0/0x5e0 [ 213.584823] ? syscall_return_slowpath+0x31d/0x5e0 [ 213.589744] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 213.594759] ? prepare_exit_to_usermode+0x291/0x3b0 [ 213.599766] ? perf_trace_sys_enter+0xb10/0xb10 [ 213.604437] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 213.609285] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 213.614462] RIP: 0033:0x455e29 [ 213.617643] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 213.638153] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 213.646558] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 213.653828] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 213.661096] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 213.668354] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 213.675612] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000037 21:25:33 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x4801}}, 0x14}, 0x1}, 0x0) 21:25:33 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e23, 0x101, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:33 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x0, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)) 21:25:33 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x700000000000000, 0x3, 0xf301}}) 21:25:33 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x12}) 21:25:33 executing program 2 (fault-call:9 fault-nth:56): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:33 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0xffffff9e}}, 0x14}, 0x1}, 0x0) 21:25:33 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)) 21:25:33 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x20000, 0x0) ioctl$KVM_GET_CLOCK(r2, 0x8030ae7c, &(0x7f0000000080)) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20}, 0xfffffffffffffefe) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) ioctl$sock_SIOCOUTQ(r1, 0x5411, &(0x7f0000000000)) [ 213.871388] FAULT_INJECTION: forcing a failure. [ 213.871388] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 213.883307] CPU: 0 PID: 14283 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 213.891735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 213.901182] Call Trace: [ 213.903771] dump_stack+0x1c9/0x2b4 [ 213.907393] ? dump_stack_print_info.cold.2+0x52/0x52 [ 213.912582] should_fail.cold.4+0xa/0x11 [ 213.916640] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 213.921831] ? kasan_check_read+0x11/0x20 [ 213.925977] ? rcu_is_watching+0x8c/0x150 [ 213.930124] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 213.935664] ? xas_start+0x23d/0x740 [ 213.939388] ? trace_hardirqs_on+0x10/0x10 [ 213.943618] ? find_get_entry+0xa6d/0x1120 [ 213.948020] ? lock_downgrade+0x8f0/0x8f0 [ 213.952172] ? lock_acquire+0x1e4/0x540 [ 213.956148] ? fs_reclaim_acquire+0x20/0x20 [ 213.960462] ? lock_downgrade+0x8f0/0x8f0 [ 213.964609] ? check_same_owner+0x340/0x340 [ 213.968926] ? find_get_entry+0xa96/0x1120 [ 213.973160] ? rcu_note_context_switch+0x730/0x730 [ 213.978091] __alloc_pages_nodemask+0x36e/0xdb0 [ 213.982763] ? percpu_ref_put_many+0x119/0x240 [ 213.987349] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 213.992362] ? trace_hardirqs_on+0x10/0x10 [ 213.996610] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 214.002144] ? xas_start+0x23d/0x740 [ 214.005867] ? lock_acquire+0x1e4/0x540 [ 214.009844] ? xa_load+0x288/0x450 [ 214.013381] ? lock_downgrade+0x8f0/0x8f0 [ 214.017519] ? lock_release+0xa30/0xa30 [ 214.021491] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 214.027028] alloc_pages_current+0x10c/0x210 [ 214.031453] __page_cache_alloc+0x398/0x5e0 [ 214.035772] ? xa_load+0x2b1/0x450 [ 214.039299] ? xa_clear_tag+0x40/0x40 [ 214.043176] ? filemap_range_has_page+0x4c0/0x4c0 [ 214.048013] ? unwind_get_return_address+0x61/0xa0 [ 214.052949] __do_page_cache_readahead+0x24e/0x690 [ 214.057878] ? read_pages+0x680/0x680 [ 214.061671] ? lock_acquire+0x1e4/0x540 [ 214.065642] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 214.070735] ? lock_downgrade+0x8f0/0x8f0 [ 214.074883] ? lock_release+0xa30/0xa30 [ 214.078852] ondemand_readahead+0x550/0xc40 [ 214.083168] page_cache_sync_readahead+0x3a0/0x6d0 [ 214.088103] ? force_page_cache_readahead+0x360/0x360 [ 214.093284] ? lock_acquire+0x1e4/0x540 [ 214.097248] ? rcu_note_context_switch+0x730/0x730 [ 214.102165] ? check_same_owner+0x340/0x340 [ 214.106479] ? lock_release+0xa30/0xa30 [ 214.110448] generic_file_read_iter+0x1a87/0x2f10 [ 214.115307] ? filemap_write_and_wait_range+0xd0/0xd0 [ 214.120494] ? rcu_read_lock+0x70/0x70 [ 214.124386] ? __unlock_page_memcg+0x72/0x100 [ 214.128872] ? unlock_page_memcg+0x2c/0x40 [ 214.133103] ? page_add_file_rmap+0x781/0xe40 [ 214.137626] ? page_add_new_anon_rmap+0x870/0x870 [ 214.142464] ? lockdep_init_map+0x9/0x10 [ 214.146531] ? kasan_check_write+0x14/0x20 [ 214.150756] ? __init_rwsem+0x1cc/0x2a0 [ 214.154732] ? lock_acquire+0x1e4/0x540 [ 214.158701] ? alloc_set_pte+0x1133/0x1790 [ 214.162932] ? lock_release+0xa30/0xa30 [ 214.166894] ? xas_descend+0x20c/0x5f0 [ 214.170777] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 214.175800] ? check_pgprot+0xdf/0x180 [ 214.179681] ? put_page+0x280/0x280 [ 214.183307] ? kasan_check_write+0x14/0x20 [ 214.187542] ? do_raw_spin_lock+0xc1/0x200 [ 214.191797] ? alloc_set_pte+0xaf6/0x1790 [ 214.195948] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 214.200964] ? filemap_map_pages+0xca2/0x1990 [ 214.205457] ? trace_hardirqs_on+0x10/0x10 [ 214.209698] ? xa_set_tag+0x40/0x40 [ 214.213319] ? environ_open+0x90/0x90 [ 214.217125] ? trace_hardirqs_on+0x10/0x10 [ 214.221453] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 214.226988] ? trace_hardirqs_on+0x10/0x10 [ 214.231225] ? trace_hardirqs_on+0x10/0x10 [ 214.235456] ? find_get_entries_tag+0x1410/0x1410 [ 214.240310] ? trace_hardirqs_on+0x10/0x10 [ 214.244552] ? mntput_no_expire+0x18e/0xbc0 [ 214.248883] ? do_raw_spin_lock+0xc1/0x200 [ 214.253122] ? mnt_get_count+0x150/0x150 [ 214.257270] ? dput.part.26+0x276/0x7a0 [ 214.261243] ? shrink_dcache_sb+0x350/0x350 [ 214.265579] ? lock_acquire+0x1e4/0x540 [ 214.269541] ? __fdget_pos+0x1bb/0x200 [ 214.273429] ? lock_acquire+0x1e4/0x540 [ 214.277399] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 214.282933] ? fsnotify+0xbac/0x14e0 [ 214.286680] ext4_file_read_iter+0x18b/0x3c0 [ 214.291092] generic_file_splice_read+0x5a5/0x9a0 [ 214.295933] ? add_to_pipe+0x360/0x360 [ 214.299824] ? rw_verify_area+0x118/0x360 [ 214.303966] ? add_to_pipe+0x360/0x360 [ 214.307855] do_splice_to+0x12e/0x190 [ 214.311744] splice_direct_to_actor+0x270/0x8f0 [ 214.316406] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 214.321950] ? pipe_to_sendpage+0x400/0x400 [ 214.326789] ? do_splice_to+0x190/0x190 [ 214.330756] ? security_file_permission+0x1c2/0x230 [ 214.335775] ? rw_verify_area+0x118/0x360 [ 214.339924] do_splice_direct+0x2d4/0x420 [ 214.344066] ? splice_direct_to_actor+0x8f0/0x8f0 [ 214.348906] ? rw_verify_area+0x118/0x360 [ 214.353046] do_sendfile+0x62a/0xe20 [ 214.356760] ? do_compat_pwritev64+0x1c0/0x1c0 [ 214.361342] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 214.366885] ? _copy_from_user+0xdf/0x150 [ 214.371039] __x64_sys_sendfile64+0x15d/0x250 [ 214.375526] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 214.380107] do_syscall_64+0x1b9/0x820 [ 214.383984] ? finish_task_switch+0x1d3/0x870 [ 214.388467] ? syscall_return_slowpath+0x5e0/0x5e0 [ 214.393393] ? syscall_return_slowpath+0x31d/0x5e0 [ 214.398314] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 214.403331] ? prepare_exit_to_usermode+0x291/0x3b0 [ 214.408345] ? perf_trace_sys_enter+0xb10/0xb10 [ 214.413013] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 214.417853] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 214.423029] RIP: 0033:0x455e29 [ 214.426202] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 214.445491] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 214.453215] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 214.460574] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 214.467844] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 214.475115] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 214.482376] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000038 21:25:34 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r1) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) ioctl$VT_GETSTATE(r2, 0x5603, &(0x7f0000000000)={0x1, 0x4, 0x20}) 21:25:34 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x48000000, 0x3, 0xf301}}) 21:25:34 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x12}) 21:25:34 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x6000000}}) 21:25:34 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0xf0ffffff00000000}}, 0x14}, 0x1}, 0x0) 21:25:34 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r1, 0x84, 0x1c, &(0x7f0000000000), &(0x7f0000000040)=0x4) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000000080)={'sit0\x00', {0x2, 0x4e21, @loopback=0x7f000001}}) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:34 executing program 2 (fault-call:9 fault-nth:57): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:34 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)) 21:25:34 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x4c00}}) 21:25:34 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0xc00e000000000000}}, 0x14}, 0x1}, 0x0) 21:25:34 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x6c00, 0x3, 0xf301}}) [ 214.762874] FAULT_INJECTION: forcing a failure. [ 214.762874] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 214.774812] CPU: 0 PID: 14309 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 214.783217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 214.792571] Call Trace: [ 214.795171] dump_stack+0x1c9/0x2b4 [ 214.798817] ? dump_stack_print_info.cold.2+0x52/0x52 [ 214.804024] should_fail.cold.4+0xa/0x11 [ 214.808099] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 214.813218] ? kasan_check_read+0x11/0x20 [ 214.817378] ? rcu_is_watching+0x8c/0x150 [ 214.821535] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 214.827073] ? xas_start+0x23d/0x740 [ 214.830790] ? trace_hardirqs_on+0x10/0x10 [ 214.835025] ? find_get_entry+0xa6d/0x1120 [ 214.839258] ? lock_downgrade+0x8f0/0x8f0 [ 214.843402] ? lock_acquire+0x1e4/0x540 [ 214.847382] ? fs_reclaim_acquire+0x20/0x20 [ 214.851715] ? lock_downgrade+0x8f0/0x8f0 [ 214.855857] ? check_same_owner+0x340/0x340 [ 214.860182] ? find_get_entry+0xa96/0x1120 [ 214.864410] ? rcu_note_context_switch+0x730/0x730 [ 214.869339] __alloc_pages_nodemask+0x36e/0xdb0 [ 214.874001] ? percpu_ref_put_many+0x119/0x240 [ 214.878578] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 214.883598] ? trace_hardirqs_on+0x10/0x10 [ 214.887845] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 214.893374] ? xas_start+0x23d/0x740 [ 214.897085] ? lock_acquire+0x1e4/0x540 [ 214.901046] ? xa_load+0x288/0x450 [ 214.904576] ? lock_downgrade+0x8f0/0x8f0 [ 214.908717] ? lock_release+0xa30/0xa30 [ 214.912698] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 214.918234] alloc_pages_current+0x10c/0x210 [ 214.922650] __page_cache_alloc+0x398/0x5e0 [ 214.926962] ? xa_load+0x2b1/0x450 [ 214.930518] ? xa_clear_tag+0x40/0x40 [ 214.934322] ? filemap_range_has_page+0x4c0/0x4c0 [ 214.939157] ? unwind_get_return_address+0x61/0xa0 [ 214.944086] __do_page_cache_readahead+0x24e/0x690 [ 214.949020] ? read_pages+0x680/0x680 [ 214.952907] ? lock_acquire+0x1e4/0x540 [ 214.956872] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 214.962055] ? lock_downgrade+0x8f0/0x8f0 [ 214.966197] ? lock_release+0xa30/0xa30 [ 214.970177] ondemand_readahead+0x550/0xc40 [ 214.974853] page_cache_sync_readahead+0x3a0/0x6d0 [ 214.979790] ? force_page_cache_readahead+0x360/0x360 [ 214.984981] ? lock_acquire+0x1e4/0x540 [ 214.988946] ? rcu_note_context_switch+0x730/0x730 [ 214.993874] ? check_same_owner+0x340/0x340 [ 214.998188] ? lock_release+0xa30/0xa30 [ 215.002158] generic_file_read_iter+0x1a87/0x2f10 [ 215.007006] ? filemap_write_and_wait_range+0xd0/0xd0 [ 215.012188] ? rcu_read_lock+0x70/0x70 [ 215.016074] ? __unlock_page_memcg+0x72/0x100 [ 215.020556] ? unlock_page_memcg+0x2c/0x40 [ 215.024783] ? page_add_file_rmap+0x781/0xe40 [ 215.029367] ? page_add_new_anon_rmap+0x870/0x870 [ 215.034202] ? lockdep_init_map+0x9/0x10 [ 215.038261] ? kasan_check_write+0x14/0x20 [ 215.042586] ? __init_rwsem+0x1cc/0x2a0 [ 215.046570] ? lock_acquire+0x1e4/0x540 [ 215.050547] ? alloc_set_pte+0x1133/0x1790 [ 215.054776] ? lock_release+0xa30/0xa30 [ 215.058743] ? xas_descend+0x20c/0x5f0 [ 215.062622] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 215.067628] ? check_pgprot+0xdf/0x180 [ 215.071523] ? put_page+0x280/0x280 [ 215.075142] ? kasan_check_write+0x14/0x20 [ 215.079364] ? do_raw_spin_lock+0xc1/0x200 [ 215.083603] ? alloc_set_pte+0xaf6/0x1790 [ 215.087749] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 215.092755] ? filemap_map_pages+0xca2/0x1990 [ 215.097240] ? trace_hardirqs_on+0x10/0x10 [ 215.101474] ? xa_set_tag+0x40/0x40 [ 215.105112] ? environ_open+0x90/0x90 [ 215.108912] ? trace_hardirqs_on+0x10/0x10 [ 215.113138] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 215.118671] ? trace_hardirqs_on+0x10/0x10 [ 215.122894] ? trace_hardirqs_on+0x10/0x10 [ 215.127125] ? find_get_entries_tag+0x1410/0x1410 [ 215.131965] ? trace_hardirqs_on+0x10/0x10 [ 215.136200] ? mntput_no_expire+0x18e/0xbc0 [ 215.140518] ? do_raw_spin_lock+0xc1/0x200 [ 215.144750] ? mnt_get_count+0x150/0x150 [ 215.148807] ? dput.part.26+0x276/0x7a0 [ 215.152771] ? shrink_dcache_sb+0x350/0x350 [ 215.157094] ? lock_acquire+0x1e4/0x540 [ 215.161079] ? __fdget_pos+0x1bb/0x200 [ 215.164960] ? lock_acquire+0x1e4/0x540 [ 215.168968] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 215.174505] ? fsnotify+0xbac/0x14e0 [ 215.178304] ext4_file_read_iter+0x18b/0x3c0 [ 215.182802] generic_file_splice_read+0x5a5/0x9a0 [ 215.187644] ? add_to_pipe+0x360/0x360 [ 215.191544] ? rw_verify_area+0x118/0x360 [ 215.195683] ? add_to_pipe+0x360/0x360 [ 215.199584] do_splice_to+0x12e/0x190 [ 215.203390] splice_direct_to_actor+0x270/0x8f0 [ 215.208046] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 215.213575] ? pipe_to_sendpage+0x400/0x400 [ 215.217900] ? do_splice_to+0x190/0x190 [ 215.221872] ? security_file_permission+0x1c2/0x230 [ 215.226881] ? rw_verify_area+0x118/0x360 [ 215.231034] do_splice_direct+0x2d4/0x420 [ 215.235189] ? splice_direct_to_actor+0x8f0/0x8f0 [ 215.240035] ? rw_verify_area+0x118/0x360 [ 215.244182] do_sendfile+0x62a/0xe20 [ 215.247900] ? do_compat_pwritev64+0x1c0/0x1c0 [ 215.252492] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 215.258027] ? _copy_from_user+0xdf/0x150 [ 215.262170] __x64_sys_sendfile64+0x15d/0x250 [ 215.266656] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 215.271235] do_syscall_64+0x1b9/0x820 [ 215.275113] ? finish_task_switch+0x1d3/0x870 [ 215.279614] ? syscall_return_slowpath+0x5e0/0x5e0 [ 215.284545] ? syscall_return_slowpath+0x31d/0x5e0 [ 215.289503] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 215.294606] ? prepare_exit_to_usermode+0x291/0x3b0 [ 215.299612] ? perf_trace_sys_enter+0xb10/0xb10 [ 215.304274] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 215.309113] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 215.314298] RIP: 0033:0x455e29 [ 215.317486] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 215.336936] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 215.344634] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 215.351889] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 21:25:35 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)) 21:25:35 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x12}) [ 215.359143] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 215.366399] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 215.373654] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000039 21:25:35 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000000)={r1}) getsockopt$IPT_SO_GET_ENTRIES(r2, 0x0, 0x41, &(0x7f0000000040)={'raw\x00', 0xb0, "c92c5c23bcf6f1bf4a8c44b0153565701f5a38e27cb9147e0c8dd34eeb66fe96eece4150d6782fbfbbe2869b9162b49edc2ed7c1b405e2e526cbf34781f02ff4992d39d4a3baa85dfa3e95e442c2f670d439e24c7a56d5b35dd9b1ff4972e7372f8fa49c902e6aa7f61192ac90ccfe173f217dc3035675d329aadcbbf7f757488a036c1a72969746b208e36a44bf19de7973ce0df2940b54ae5015119a43b8c72246aef68aadc6cc32e465ebe6b8c981"}, &(0x7f0000000140)=0xd4) 21:25:35 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0xfffffdfd, 0x3, 0xf301}}) 21:25:35 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x54a2, &(0x7f0000000000)) 21:25:35 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x4001, 0x3) write$cgroup_int(r1, &(0x7f0000000080)=0xc38, 0x12) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r2, 0x2, r0) r3 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 21:25:35 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0x48010000}}, 0x14}, 0x1}, 0x0) 21:25:35 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x12}) 21:25:35 executing program 3 (fault-call:3 fault-nth:0): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)) 21:25:35 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x440000, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) recvfrom$inet(r1, &(0x7f0000000040)=""/229, 0xe5, 0x12000, &(0x7f0000000140)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x10) r2 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) getsockopt$inet6_int(r1, 0x29, 0x48, &(0x7f0000000180), &(0x7f00000001c0)=0x4) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000200)={0x0, 0xd81}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000280)={r3, 0x8001, 0x30}, &(0x7f00000002c0)=0xc) bind$inet6(r2, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r2, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:35 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x6, 0x3, 0xf301}}) 21:25:35 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x300}}) 21:25:35 executing program 2 (fault-call:9 fault-nth:58): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:35 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0x2}}, 0x14}, 0x1}, 0x0) 21:25:35 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x6}}) [ 215.719578] FAULT_INJECTION: forcing a failure. [ 215.719578] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 215.731491] CPU: 1 PID: 14372 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 215.739912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 215.749276] Call Trace: [ 215.751875] dump_stack+0x1c9/0x2b4 [ 215.755608] ? dump_stack_print_info.cold.2+0x52/0x52 [ 215.760815] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 215.765678] should_fail.cold.4+0xa/0x11 21:25:35 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0x148}}, 0x14}, 0x1}, 0x0) [ 215.769766] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 215.774902] ? kasan_check_read+0x11/0x20 [ 215.779068] ? rcu_is_watching+0x8c/0x150 [ 215.783231] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 215.788783] ? xas_start+0x23d/0x740 [ 215.792520] ? find_get_entry+0xa6d/0x1120 [ 215.796771] ? lock_downgrade+0x8f0/0x8f0 [ 215.800943] ? lock_acquire+0x1e4/0x540 [ 215.804992] ? fs_reclaim_acquire+0x20/0x20 [ 215.809349] ? lock_downgrade+0x8f0/0x8f0 [ 215.813530] ? check_same_owner+0x340/0x340 [ 215.817864] ? find_get_entry+0xa96/0x1120 [ 215.822113] ? rcu_note_context_switch+0x730/0x730 [ 215.827061] __alloc_pages_nodemask+0x36e/0xdb0 [ 215.831846] ? percpu_ref_put_many+0x119/0x240 [ 215.836450] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 215.841480] ? trace_hardirqs_on+0x10/0x10 [ 215.845901] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 215.850764] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 215.856310] ? xas_start+0x23d/0x740 [ 215.860061] ? lock_acquire+0x1e4/0x540 [ 215.864049] ? xa_load+0x288/0x450 [ 215.867582] ? lock_downgrade+0x8f0/0x8f0 [ 215.871716] ? lock_release+0xa30/0xa30 [ 215.875681] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 215.881216] alloc_pages_current+0x10c/0x210 [ 215.885625] __page_cache_alloc+0x398/0x5e0 [ 215.889953] ? xa_load+0x2b1/0x450 [ 215.893477] ? xa_clear_tag+0x40/0x40 [ 215.897266] ? filemap_range_has_page+0x4c0/0x4c0 [ 215.902095] ? unwind_get_return_address+0x61/0xa0 [ 215.907020] __do_page_cache_readahead+0x24e/0x690 [ 215.911955] ? read_pages+0x680/0x680 [ 215.915746] ? lock_acquire+0x1e4/0x540 [ 215.919709] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 215.924817] ? lock_downgrade+0x8f0/0x8f0 [ 215.928958] ? lock_release+0xa30/0xa30 [ 215.932932] ondemand_readahead+0x550/0xc40 [ 215.937245] page_cache_sync_readahead+0x3a0/0x6d0 [ 215.942224] ? force_page_cache_readahead+0x360/0x360 [ 215.947402] ? lock_acquire+0x1e4/0x540 [ 215.951363] ? rcu_note_context_switch+0x730/0x730 [ 215.956282] ? check_same_owner+0x340/0x340 [ 215.960593] ? lock_release+0xa30/0xa30 [ 215.964555] generic_file_read_iter+0x1a87/0x2f10 [ 215.969403] ? filemap_write_and_wait_range+0xd0/0xd0 [ 215.974578] ? rcu_read_lock+0x70/0x70 [ 215.978465] ? __unlock_page_memcg+0x72/0x100 [ 215.982949] ? unlock_page_memcg+0x2c/0x40 [ 215.987177] ? page_add_file_rmap+0x781/0xe40 [ 215.991749] ? page_add_new_anon_rmap+0x870/0x870 [ 215.996583] ? perf_trace_lock+0x920/0x920 [ 216.000820] ? lock_acquire+0x1e4/0x540 [ 216.004784] ? alloc_set_pte+0x1133/0x1790 [ 216.009023] ? lock_release+0xa30/0xa30 [ 216.013000] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 216.018011] ? check_pgprot+0xdf/0x180 [ 216.021893] ? put_page+0x280/0x280 [ 216.025512] ? kasan_check_write+0x14/0x20 [ 216.029734] ? do_raw_spin_lock+0xc1/0x200 [ 216.034396] ? alloc_set_pte+0xaf6/0x1790 [ 216.038535] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 216.043547] ? filemap_map_pages+0xca2/0x1990 [ 216.048034] ? trace_hardirqs_on+0x10/0x10 [ 216.052255] ? xa_set_tag+0x40/0x40 [ 216.055875] ? perf_trace_lock+0x920/0x920 [ 216.060098] ? environ_open+0x90/0x90 [ 216.063889] ? trace_hardirqs_on+0x10/0x10 [ 216.068116] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 216.073646] ? trace_hardirqs_on+0x10/0x10 [ 216.077869] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 216.082706] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 216.087542] ? perf_trace_lock+0x920/0x920 [ 216.091774] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 216.096610] ? perf_trace_lock+0x920/0x920 [ 216.100836] ? perf_trace_lock+0x920/0x920 [ 216.105145] ? shrink_dcache_sb+0x350/0x350 [ 216.109468] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 216.114301] ? __fdget_pos+0x1bb/0x200 [ 216.118183] ? lock_acquire+0x1e4/0x540 [ 216.122146] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 216.127678] ? fsnotify+0xbac/0x14e0 [ 216.131383] ext4_file_read_iter+0x18b/0x3c0 [ 216.135791] generic_file_splice_read+0x5a5/0x9a0 [ 216.140621] ? add_to_pipe+0x360/0x360 [ 216.144525] ? rw_verify_area+0x118/0x360 [ 216.148673] ? add_to_pipe+0x360/0x360 [ 216.152550] do_splice_to+0x12e/0x190 [ 216.156342] splice_direct_to_actor+0x270/0x8f0 [ 216.161018] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 216.166554] ? pipe_to_sendpage+0x400/0x400 [ 216.170864] ? do_splice_to+0x190/0x190 [ 216.174836] ? security_file_permission+0x1c2/0x230 [ 216.179853] ? rw_verify_area+0x118/0x360 [ 216.184010] do_splice_direct+0x2d4/0x420 [ 216.188178] ? splice_direct_to_actor+0x8f0/0x8f0 [ 216.193366] ? rw_verify_area+0x118/0x360 [ 216.197503] do_sendfile+0x62a/0xe20 [ 216.201210] ? do_compat_pwritev64+0x1c0/0x1c0 [ 216.205787] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 216.211317] ? _copy_from_user+0xdf/0x150 [ 216.215463] __x64_sys_sendfile64+0x15d/0x250 [ 216.219960] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 216.224552] do_syscall_64+0x1b9/0x820 [ 216.228427] ? finish_task_switch+0x1d3/0x870 [ 216.232929] ? syscall_return_slowpath+0x5e0/0x5e0 [ 216.237845] ? syscall_return_slowpath+0x31d/0x5e0 [ 216.242765] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 216.247768] ? prepare_exit_to_usermode+0x291/0x3b0 [ 216.252769] ? perf_trace_sys_enter+0xb10/0xb10 [ 216.257433] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 216.262274] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 216.267448] RIP: 0033:0x455e29 [ 216.270618] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 216.289820] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 216.297527] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 216.304793] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 216.312067] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 21:25:36 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x4c}}) 21:25:36 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0xfffff000}}, 0x14}, 0x1}, 0x0) 21:25:36 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)) 21:25:36 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x12}) [ 216.319335] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 216.326591] R13: 00000000004c1113 R14: 00000000004d1540 R15: 000000000000003a 21:25:36 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x7, 0x3, 0xf301}}) 21:25:36 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)={0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x100000001, 0xe26, 0x3, 0x40000000000, 0x0, 0xffffffffffffffff, 0x1}) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x10000080000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 21:25:36 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = creat(&(0x7f0000001a40)='./file0\x00', 0x1ec) bind$netlink(r1, &(0x7f0000001a80)={0x10, 0x0, 0x25dfdbfd}, 0xc) r2 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r2, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$describe(0x6, r3, &(0x7f0000000080)=""/148, 0x94) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:36 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0xf0ffffff}}, 0x14}, 0x1}, 0x0) 21:25:36 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x6800000000000000}}) 21:25:36 executing program 2 (fault-call:9 fault-nth:59): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:36 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x12}) 21:25:36 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x300000000000000, 0x3, 0xf301}}) 21:25:36 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40045402, &(0x7f0000000000)) [ 216.825789] FAULT_INJECTION: forcing a failure. [ 216.825789] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 216.837893] CPU: 0 PID: 14428 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 216.846297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 216.855656] Call Trace: [ 216.858259] dump_stack+0x1c9/0x2b4 [ 216.861901] ? dump_stack_print_info.cold.2+0x52/0x52 [ 216.867173] should_fail.cold.4+0xa/0x11 [ 216.871239] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 216.876353] ? kasan_check_read+0x11/0x20 [ 216.880495] ? rcu_is_watching+0x8c/0x150 [ 216.884649] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 216.890188] ? xas_start+0x23d/0x740 [ 216.893908] ? trace_hardirqs_on+0x10/0x10 [ 216.898147] ? find_get_entry+0xa6d/0x1120 [ 216.902380] ? lock_downgrade+0x8f0/0x8f0 [ 216.906536] ? lock_acquire+0x1e4/0x540 [ 216.910515] ? fs_reclaim_acquire+0x20/0x20 [ 216.914848] ? lock_downgrade+0x8f0/0x8f0 [ 216.919015] ? check_same_owner+0x340/0x340 [ 216.923373] ? find_get_entry+0xa96/0x1120 [ 216.927606] ? rcu_note_context_switch+0x730/0x730 [ 216.932549] __alloc_pages_nodemask+0x36e/0xdb0 [ 216.937308] ? percpu_ref_put_many+0x119/0x240 [ 216.941890] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 216.946900] ? trace_hardirqs_on+0x10/0x10 [ 216.951137] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 216.956684] ? xas_start+0x23d/0x740 [ 216.960397] ? lock_acquire+0x1e4/0x540 [ 216.964361] ? xa_load+0x288/0x450 [ 216.967896] ? lock_downgrade+0x8f0/0x8f0 [ 216.972126] ? lock_release+0xa30/0xa30 [ 216.976102] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 216.981641] alloc_pages_current+0x10c/0x210 [ 216.986046] __page_cache_alloc+0x398/0x5e0 [ 216.990363] ? xa_load+0x2b1/0x450 [ 216.993891] ? xa_clear_tag+0x40/0x40 [ 216.997684] ? filemap_range_has_page+0x4c0/0x4c0 [ 217.002777] ? unwind_get_return_address+0x61/0xa0 [ 217.007705] __do_page_cache_readahead+0x24e/0x690 [ 217.012643] ? read_pages+0x680/0x680 [ 217.016451] ? lock_acquire+0x1e4/0x540 [ 217.020428] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 217.025523] ? lock_downgrade+0x8f0/0x8f0 [ 217.029660] ? lock_release+0xa30/0xa30 [ 217.033635] ondemand_readahead+0x550/0xc40 [ 217.037955] page_cache_sync_readahead+0x3a0/0x6d0 [ 217.042891] ? force_page_cache_readahead+0x360/0x360 [ 217.048089] ? lock_acquire+0x1e4/0x540 [ 217.052054] ? rcu_note_context_switch+0x730/0x730 [ 217.056981] ? check_same_owner+0x340/0x340 [ 217.061296] ? lock_release+0xa30/0xa30 [ 217.065266] generic_file_read_iter+0x1a87/0x2f10 [ 217.070107] ? filemap_write_and_wait_range+0xd0/0xd0 [ 217.075283] ? rcu_read_lock+0x70/0x70 [ 217.079170] ? __unlock_page_memcg+0x72/0x100 [ 217.083653] ? unlock_page_memcg+0x2c/0x40 [ 217.087878] ? page_add_file_rmap+0x781/0xe40 [ 217.092368] ? page_add_new_anon_rmap+0x870/0x870 [ 217.097204] ? lockdep_init_map+0x9/0x10 [ 217.101260] ? kasan_check_write+0x14/0x20 [ 217.105485] ? __init_rwsem+0x1cc/0x2a0 [ 217.109460] ? lock_acquire+0x1e4/0x540 [ 217.113434] ? alloc_set_pte+0x1133/0x1790 [ 217.117661] ? lock_release+0xa30/0xa30 [ 217.121622] ? xas_descend+0x20c/0x5f0 [ 217.125508] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 217.130523] ? check_pgprot+0xdf/0x180 [ 217.134405] ? put_page+0x280/0x280 [ 217.138025] ? kasan_check_write+0x14/0x20 [ 217.142246] ? do_raw_spin_lock+0xc1/0x200 [ 217.146559] ? alloc_set_pte+0xaf6/0x1790 [ 217.150709] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 217.155714] ? filemap_map_pages+0xca2/0x1990 [ 217.160201] ? trace_hardirqs_on+0x10/0x10 [ 217.164443] ? xa_set_tag+0x40/0x40 [ 217.168061] ? environ_open+0x90/0x90 [ 217.171852] ? trace_hardirqs_on+0x10/0x10 [ 217.176075] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 217.181603] ? trace_hardirqs_on+0x10/0x10 [ 217.185827] ? trace_hardirqs_on+0x10/0x10 [ 217.190070] ? find_get_entries_tag+0x1410/0x1410 [ 217.194997] ? trace_hardirqs_on+0x10/0x10 [ 217.199229] ? mntput_no_expire+0x18e/0xbc0 [ 217.203725] ? do_raw_spin_lock+0xc1/0x200 [ 217.207955] ? mnt_get_count+0x150/0x150 [ 217.212014] ? dput.part.26+0x276/0x7a0 [ 217.215998] ? shrink_dcache_sb+0x350/0x350 [ 217.220324] ? lock_acquire+0x1e4/0x540 [ 217.224290] ? __fdget_pos+0x1bb/0x200 [ 217.228177] ? lock_acquire+0x1e4/0x540 [ 217.232142] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 217.237679] ? fsnotify+0xbac/0x14e0 [ 217.241397] ext4_file_read_iter+0x18b/0x3c0 [ 217.245803] generic_file_splice_read+0x5a5/0x9a0 [ 217.250636] ? add_to_pipe+0x360/0x360 [ 217.254532] ? rw_verify_area+0x118/0x360 [ 217.258669] ? add_to_pipe+0x360/0x360 [ 217.262547] do_splice_to+0x12e/0x190 [ 217.266340] splice_direct_to_actor+0x270/0x8f0 [ 217.270999] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 217.276527] ? pipe_to_sendpage+0x400/0x400 [ 217.280840] ? do_splice_to+0x190/0x190 [ 217.284813] ? security_file_permission+0x1c2/0x230 [ 217.289819] ? rw_verify_area+0x118/0x360 [ 217.293959] do_splice_direct+0x2d4/0x420 [ 217.298114] ? splice_direct_to_actor+0x8f0/0x8f0 [ 217.302973] ? rw_verify_area+0x118/0x360 [ 217.307113] do_sendfile+0x62a/0xe20 [ 217.310831] ? do_compat_pwritev64+0x1c0/0x1c0 [ 217.315411] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 217.320945] ? _copy_from_user+0xdf/0x150 [ 217.325085] __x64_sys_sendfile64+0x15d/0x250 [ 217.329581] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 217.334177] do_syscall_64+0x1b9/0x820 [ 217.338068] ? finish_task_switch+0x1d3/0x870 [ 217.342565] ? syscall_return_slowpath+0x5e0/0x5e0 [ 217.347484] ? syscall_return_slowpath+0x31d/0x5e0 [ 217.352403] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 217.357410] ? prepare_exit_to_usermode+0x291/0x3b0 [ 217.362415] ? perf_trace_sys_enter+0xb10/0xb10 [ 217.367086] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 217.372109] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 217.377285] RIP: 0033:0x455e29 [ 217.380554] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 217.399834] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 217.407532] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 217.414788] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 21:25:36 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x200000000000000, 0x3, 0xf301}}) 21:25:36 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0x1000000}}, 0x14}, 0x1}, 0x0) 21:25:36 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x500}}) 21:25:37 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x5420, &(0x7f0000000000)) 21:25:37 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000140)={0x101, 0x4, 0x4, 0x7ff, 0x100000001, 0x1, 0xc38, 0x7, 0x7, 0xffffffff, 0x8, 0xdc3}) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) accept4$packet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, &(0x7f00000000c0)=0x14, 0x80000) ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f0000000100)={@dev={0xfe, 0x80, [], 0xe}, 0x34, r2}) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) getpeername$inet6(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, @mcast1}, &(0x7f0000000040)=0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) [ 217.422342] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 217.429606] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 217.436870] R13: 00000000004c1113 R14: 00000000004d1540 R15: 000000000000003b 21:25:37 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r2, 0x12}) 21:25:37 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x100000000000000}}) 21:25:37 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0xc00e0000}}, 0x14}, 0x1}, 0x0) 21:25:37 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000380)={'team0\x00', 0x0}) setsockopt$inet6_mreq(r1, 0x29, 0x1f, &(0x7f00000003c0)={@dev={0xfe, 0x80, [], 0xf}, r2}, 0x14) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e21, 0x0, @remote={0xfe, 0x80, [], 0xbb}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) ioctl$void(r1, 0x5451) 21:25:37 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0xc020660b, &(0x7f0000000000)) 21:25:37 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 21:25:37 executing program 2 (fault-call:9 fault-nth:60): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:37 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0xf00}}, 0x14}, 0x1}, 0x0) 21:25:37 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x300, 0x3, 0xf301}}) 21:25:37 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x200000000000000}}) 21:25:37 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={0xffffffffffffffff, 0x12}) 21:25:37 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a3, &(0x7f0000000000)) 21:25:37 executing program 4: r0 = socket$inet6(0xa, 0x4, 0x4) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x2, 0x0) ioctl$TUNDETACHFILTER(r2, 0x401054d6, 0x0) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r1, 0x84, 0x1b, &(0x7f0000000000)={0x0, 0xef, "06c5f81593ccfe9d788c923edeee16d274b5ca638c85a1c8b8d8c3db7c89f9dc6f3fe6b8645f32be540eab22fd85f8d7101cb66b89c9ae8434f6828ceb65f177dc206f2a9020fb3af72beac732737adc37169a403f3bbce6a4889bd70dd36646d197a1821cfc603d7ce29388789c6464f42f388386fa100bab82d7e0f15e0aa0e770d0680b87c15d40174268cf0378eb32f7e6cde1b46bed60a69971ab3d8c39f40fd87d5258dd583a8ba3db4184c2bd862ece62561e46fef1c444c0e4d7aaa7d33a9d2c2ff3e951d603de31148f8dee989d49e788707bec74d6db16f1f65afd813714a6814c413a26d2f40a99d522"}, &(0x7f0000000100)=0xf7) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000140)={r3, 0x5}, 0x8) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:37 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x300000000000000}}) 21:25:37 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x500, 0x3, 0xf301}}) 21:25:37 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2}) 21:25:37 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0xc00e}}, 0x14}, 0x1}, 0x0) 21:25:37 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40485404, &(0x7f0000000000)) 21:25:38 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x7400, 0x3, 0xf301}}) 21:25:38 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x4c000000}}) 21:25:38 executing program 5 (fault-call:3 fault-nth:0): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2}) [ 218.157570] FAULT_INJECTION: forcing a failure. [ 218.157570] name failslab, interval 1, probability 0, space 0, times 0 [ 218.168899] CPU: 1 PID: 14550 Comm: syz-executor5 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 218.177405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 218.186763] Call Trace: [ 218.189351] dump_stack+0x1c9/0x2b4 [ 218.193112] ? dump_stack_print_info.cold.2+0x52/0x52 [ 218.198340] ? lock_release+0xa30/0xa30 [ 218.202311] should_fail.cold.4+0xa/0x11 [ 218.206366] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 218.211551] ? kasan_check_read+0x11/0x20 [ 218.215690] ? lock_page_memcg+0xf2/0x300 [ 218.219832] ? rcu_read_lock+0x70/0x70 [ 218.223716] ? __unlock_page_memcg+0x72/0x100 [ 218.228215] ? unlock_page_memcg+0x2c/0x40 [ 218.232445] ? page_add_file_rmap+0x781/0xe40 [ 218.236938] ? lock_acquire+0x1e4/0x540 [ 218.240904] ? fs_reclaim_acquire+0x20/0x20 [ 218.245227] ? lock_downgrade+0x8f0/0x8f0 [ 218.249374] ? check_same_owner+0x340/0x340 [ 218.253700] ? rcu_note_context_switch+0x730/0x730 [ 218.258628] ? alloc_set_pte+0x1133/0x1790 [ 218.262856] __should_failslab+0x124/0x180 [ 218.267087] should_failslab+0x9/0x14 [ 218.270881] kmem_cache_alloc_trace+0x2cb/0x780 [ 218.275669] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 218.280684] ? check_pgprot+0xdf/0x180 [ 218.284575] kvm_irqfd+0x18f/0x1ef0 [ 218.288195] ? perf_trace_lock+0x920/0x920 [ 218.292427] ? kvm_eventfd_init+0x2c0/0x2c0 [ 218.296855] ? trace_hardirqs_on+0x10/0x10 [ 218.301098] ? xa_set_tag+0x40/0x40 [ 218.304722] ? perf_trace_lock+0x920/0x920 [ 218.308950] ? environ_open+0x90/0x90 [ 218.312755] ? trace_hardirqs_on+0x10/0x10 [ 218.316984] ? lock_acquire+0x1e4/0x540 [ 218.320952] ? __might_fault+0x12b/0x1e0 [ 218.325022] ? lock_downgrade+0x8f0/0x8f0 [ 218.329165] ? lock_release+0xa30/0xa30 [ 218.333144] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 218.338676] ? _copy_from_user+0xdf/0x150 [ 218.342825] kvm_vm_ioctl+0xf80/0x1d80 [ 218.346711] ? perf_trace_lock+0x920/0x920 [ 218.350940] ? kvm_set_memory_region+0x50/0x50 [ 218.355531] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 218.360368] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 218.365208] ? perf_trace_lock+0x920/0x920 [ 218.369441] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 218.374973] ? _kstrtoull+0x188/0x250 [ 218.378766] ? _parse_integer+0x190/0x190 [ 218.382909] ? lock_release+0xa30/0xa30 [ 218.386886] ? lock_acquire+0x1e4/0x540 [ 218.390853] ? __fget+0x4ac/0x740 [ 218.394298] ? lock_downgrade+0x8f0/0x8f0 [ 218.398443] ? lock_release+0xa30/0xa30 [ 218.402410] ? pid_task+0x115/0x200 [ 218.406049] ? find_vpid+0xf0/0xf0 [ 218.409589] ? __fget+0x4d5/0x740 [ 218.413035] ? ksys_dup3+0x690/0x690 [ 218.416755] ? kasan_check_write+0x14/0x20 [ 218.420985] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 218.425906] ? fsnotify+0xbac/0x14e0 [ 218.429709] ? vfs_write+0x2f3/0x560 [ 218.433418] ? kvm_set_memory_region+0x50/0x50 [ 218.437993] do_vfs_ioctl+0x1de/0x1720 [ 218.441879] ? fsnotify_first_mark+0x350/0x350 [ 218.446455] ? __fsnotify_parent+0xcc/0x420 [ 218.450772] ? ioctl_preallocate+0x300/0x300 [ 218.455189] ? __fget_light+0x2f7/0x440 [ 218.459155] ? fget_raw+0x20/0x20 [ 218.462601] ? __sb_end_write+0xac/0xe0 [ 218.466574] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 218.472192] ? fput+0x130/0x1a0 [ 218.475472] ? ksys_write+0x1ae/0x260 [ 218.479265] ? security_file_ioctl+0x94/0xc0 [ 218.483667] ksys_ioctl+0xa9/0xd0 [ 218.487112] __x64_sys_ioctl+0x73/0xb0 [ 218.490993] do_syscall_64+0x1b9/0x820 [ 218.494874] ? finish_task_switch+0x1d3/0x870 [ 218.499370] ? syscall_return_slowpath+0x5e0/0x5e0 [ 218.504295] ? syscall_return_slowpath+0x31d/0x5e0 [ 218.509223] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 218.514323] ? prepare_exit_to_usermode+0x291/0x3b0 [ 218.519334] ? perf_trace_sys_enter+0xb10/0xb10 [ 218.524000] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 218.528875] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 218.534053] RIP: 0033:0x455e29 [ 218.537242] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 218.557183] RSP: 002b:00007fed6581ec68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 218.564973] RAX: ffffffffffffffda RBX: 00007fed6581f6d4 RCX: 0000000000455e29 [ 218.572667] RDX: 0000000020000040 RSI: 000000004020ae76 RDI: 0000000000000014 [ 218.579940] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 218.587204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000016 [ 218.594465] R13: 00000000004bdf94 R14: 00000000004cc800 R15: 0000000000000000 [ 218.621016] FAULT_INJECTION: forcing a failure. [ 218.621016] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 218.632944] CPU: 0 PID: 14537 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 218.641360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 218.650712] Call Trace: [ 218.653302] dump_stack+0x1c9/0x2b4 [ 218.656927] ? dump_stack_print_info.cold.2+0x52/0x52 [ 218.662207] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 218.667054] should_fail.cold.4+0xa/0x11 [ 218.671113] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 218.676217] ? kasan_check_read+0x11/0x20 [ 218.680447] ? rcu_is_watching+0x8c/0x150 [ 218.684682] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 218.690229] ? xas_start+0x23d/0x740 [ 218.693946] ? find_get_entry+0xa6d/0x1120 [ 218.698185] ? lock_downgrade+0x8f0/0x8f0 [ 218.702336] ? lock_acquire+0x1e4/0x540 [ 218.706334] ? fs_reclaim_acquire+0x20/0x20 [ 218.710666] ? lock_downgrade+0x8f0/0x8f0 [ 218.714823] ? check_same_owner+0x340/0x340 [ 218.719250] ? find_get_entry+0xa96/0x1120 [ 218.723555] ? rcu_note_context_switch+0x730/0x730 [ 218.728489] __alloc_pages_nodemask+0x36e/0xdb0 [ 218.733151] ? percpu_ref_put_many+0x119/0x240 [ 218.737737] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 218.742746] ? trace_hardirqs_on+0x10/0x10 [ 218.746979] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 218.751822] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 218.757363] ? xas_start+0x23d/0x740 [ 218.761082] ? lock_acquire+0x1e4/0x540 [ 218.765050] ? xa_load+0x288/0x450 [ 218.768598] ? lock_downgrade+0x8f0/0x8f0 [ 218.772747] ? lock_release+0xa30/0xa30 [ 218.776854] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 218.782388] alloc_pages_current+0x10c/0x210 [ 218.786809] __page_cache_alloc+0x398/0x5e0 [ 218.791133] ? xa_load+0x2b1/0x450 [ 218.794669] ? xa_clear_tag+0x40/0x40 [ 218.798478] ? filemap_range_has_page+0x4c0/0x4c0 [ 218.803316] ? unwind_get_return_address+0x61/0xa0 [ 218.808256] __do_page_cache_readahead+0x24e/0x690 [ 218.813197] ? read_pages+0x680/0x680 [ 218.817087] ? lock_acquire+0x1e4/0x540 [ 218.821086] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 218.826273] ? lock_downgrade+0x8f0/0x8f0 [ 218.830505] ? lock_release+0xa30/0xa30 [ 218.834568] ondemand_readahead+0x550/0xc40 [ 218.838896] page_cache_sync_readahead+0x3a0/0x6d0 [ 218.844001] ? force_page_cache_readahead+0x360/0x360 [ 218.849195] ? lock_acquire+0x1e4/0x540 [ 218.853185] ? rcu_note_context_switch+0x730/0x730 [ 218.858120] ? check_same_owner+0x340/0x340 [ 218.862537] ? lock_release+0xa30/0xa30 [ 218.866610] generic_file_read_iter+0x1a87/0x2f10 [ 218.871463] ? filemap_write_and_wait_range+0xd0/0xd0 [ 218.876658] ? rcu_read_lock+0x70/0x70 [ 218.880557] ? __unlock_page_memcg+0x72/0x100 [ 218.885049] ? unlock_page_memcg+0x2c/0x40 [ 218.889279] ? page_add_file_rmap+0x781/0xe40 [ 218.893770] ? page_add_new_anon_rmap+0x870/0x870 [ 218.898625] ? perf_trace_lock+0x920/0x920 [ 218.902868] ? lock_acquire+0x1e4/0x540 [ 218.906836] ? alloc_set_pte+0x1133/0x1790 [ 218.911075] ? lock_release+0xa30/0xa30 [ 218.915073] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 218.920083] ? check_pgprot+0xdf/0x180 [ 218.923963] ? put_page+0x280/0x280 [ 218.927587] ? kasan_check_write+0x14/0x20 [ 218.931828] ? do_raw_spin_lock+0xc1/0x200 [ 218.936070] ? alloc_set_pte+0xaf6/0x1790 [ 218.940220] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 218.945328] ? filemap_map_pages+0xca2/0x1990 [ 218.949827] ? trace_hardirqs_on+0x10/0x10 [ 218.954055] ? xa_set_tag+0x40/0x40 [ 218.957680] ? perf_trace_lock+0x920/0x920 [ 218.961909] ? environ_open+0x90/0x90 [ 218.965706] ? trace_hardirqs_on+0x10/0x10 [ 218.970028] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 218.975564] ? trace_hardirqs_on+0x10/0x10 [ 218.979794] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 218.984637] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 218.989493] ? perf_trace_lock+0x920/0x920 [ 218.993731] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 218.998579] ? perf_trace_lock+0x920/0x920 [ 219.002807] ? perf_trace_lock+0x920/0x920 [ 219.007045] ? shrink_dcache_sb+0x350/0x350 [ 219.011375] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 219.016218] ? __fdget_pos+0x1bb/0x200 [ 219.020118] ? lock_acquire+0x1e4/0x540 [ 219.024092] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 219.029624] ? fsnotify+0xbac/0x14e0 [ 219.033354] ext4_file_read_iter+0x18b/0x3c0 [ 219.037764] generic_file_splice_read+0x5a5/0x9a0 [ 219.042605] ? add_to_pipe+0x360/0x360 [ 219.046500] ? rw_verify_area+0x118/0x360 [ 219.050644] ? add_to_pipe+0x360/0x360 [ 219.054527] do_splice_to+0x12e/0x190 [ 219.058325] splice_direct_to_actor+0x270/0x8f0 [ 219.062995] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 219.068542] ? pipe_to_sendpage+0x400/0x400 [ 219.072859] ? do_splice_to+0x190/0x190 [ 219.076828] ? security_file_permission+0x1c2/0x230 [ 219.081852] ? rw_verify_area+0x118/0x360 [ 219.085996] do_splice_direct+0x2d4/0x420 [ 219.090150] ? splice_direct_to_actor+0x8f0/0x8f0 [ 219.094992] ? rw_verify_area+0x118/0x360 [ 219.099148] do_sendfile+0x62a/0xe20 [ 219.102874] ? do_compat_pwritev64+0x1c0/0x1c0 [ 219.107458] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 219.113010] ? _copy_from_user+0xdf/0x150 [ 219.117178] __x64_sys_sendfile64+0x15d/0x250 [ 219.121671] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 219.126259] do_syscall_64+0x1b9/0x820 [ 219.130139] ? finish_task_switch+0x1d3/0x870 [ 219.134634] ? syscall_return_slowpath+0x5e0/0x5e0 [ 219.139559] ? syscall_return_slowpath+0x31d/0x5e0 [ 219.144504] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 219.149700] ? prepare_exit_to_usermode+0x291/0x3b0 [ 219.154714] ? perf_trace_sys_enter+0xb10/0xb10 [ 219.159395] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 219.164246] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 219.169428] RIP: 0033:0x455e29 [ 219.172691] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 219.192178] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 219.199897] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 219.207166] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 219.214785] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 219.222048] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 219.229326] R13: 00000000004c1113 R14: 00000000004d1540 R15: 000000000000003c 21:25:39 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) r1 = socket$bt_rfcomm(0x1f, 0xd99d53bc0dac04e1, 0x3) getsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000400), 0x10) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r2, 0x2, r0) r3 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 21:25:39 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x2000, 0x0) setsockopt$l2tp_PPPOL2TP_SO_REORDERTO(r2, 0x111, 0x5, 0x4, 0x4) fanotify_mark(r2, 0x53, 0x11, r2, &(0x7f0000000040)='./file0\x00') bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f0000000040), 0x0, 0x20000004, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x3a8) 21:25:39 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x2, &(0x7f0000000000)) 21:25:39 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0xec0}}, 0x14}, 0x1}, 0x0) 21:25:39 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x7a, 0x3, 0xf301}}) 21:25:39 executing program 5 (fault-call:3 fault-nth:1): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2}) 21:25:39 executing program 2 (fault-call:9 fault-nth:61): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:39 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x48}}) [ 219.510817] FAULT_INJECTION: forcing a failure. [ 219.510817] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 219.522751] CPU: 1 PID: 14566 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 219.531143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 219.540482] Call Trace: [ 219.543063] dump_stack+0x1c9/0x2b4 [ 219.546697] ? dump_stack_print_info.cold.2+0x52/0x52 [ 219.551876] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 219.556710] should_fail.cold.4+0xa/0x11 [ 219.560776] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 219.565880] ? kasan_check_read+0x11/0x20 [ 219.570023] ? rcu_is_watching+0x8c/0x150 [ 219.574177] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 219.579717] ? xas_start+0x23d/0x740 [ 219.583425] ? find_get_entry+0xa6d/0x1120 [ 219.587661] ? lock_downgrade+0x8f0/0x8f0 [ 219.591807] ? lock_acquire+0x1e4/0x540 [ 219.595778] ? fs_reclaim_acquire+0x20/0x20 [ 219.600101] ? lock_downgrade+0x8f0/0x8f0 [ 219.604243] ? check_same_owner+0x340/0x340 [ 219.608552] ? find_get_entry+0xa96/0x1120 [ 219.612792] ? rcu_note_context_switch+0x730/0x730 [ 219.617739] __alloc_pages_nodemask+0x36e/0xdb0 [ 219.622413] ? percpu_ref_put_many+0x119/0x240 [ 219.626993] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 219.632010] ? trace_hardirqs_on+0x10/0x10 [ 219.636256] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 219.641109] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 219.646634] ? xas_start+0x23d/0x740 [ 219.650338] ? lock_acquire+0x1e4/0x540 [ 219.654385] ? xa_load+0x288/0x450 [ 219.657926] ? lock_downgrade+0x8f0/0x8f0 [ 219.662074] ? lock_release+0xa30/0xa30 [ 219.666039] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 219.671661] alloc_pages_current+0x10c/0x210 [ 219.676063] __page_cache_alloc+0x398/0x5e0 [ 219.680370] ? xa_load+0x2b1/0x450 [ 219.683914] ? xa_clear_tag+0x40/0x40 [ 219.687702] ? filemap_range_has_page+0x4c0/0x4c0 [ 219.692533] ? update_load_avg+0x2de/0x2590 [ 219.696851] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 219.701706] __do_page_cache_readahead+0x24e/0x690 [ 219.706634] ? read_pages+0x680/0x680 [ 219.710437] ? lock_acquire+0x1e4/0x540 [ 219.714402] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 219.719496] ? lock_downgrade+0x8f0/0x8f0 [ 219.723634] ? lock_release+0xa30/0xa30 [ 219.727608] ondemand_readahead+0x550/0xc40 [ 219.731947] page_cache_sync_readahead+0x3a0/0x6d0 [ 219.736870] ? force_page_cache_readahead+0x360/0x360 [ 219.742133] ? lock_acquire+0x1e4/0x540 [ 219.746096] ? rcu_note_context_switch+0x730/0x730 [ 219.751018] ? check_same_owner+0x340/0x340 [ 219.755348] ? lock_release+0xa30/0xa30 [ 219.759319] generic_file_read_iter+0x1a87/0x2f10 [ 219.764172] ? filemap_write_and_wait_range+0xd0/0xd0 [ 219.769350] ? rcu_read_lock+0x70/0x70 [ 219.773225] ? __unlock_page_memcg+0x72/0x100 [ 219.777709] ? unlock_page_memcg+0x2c/0x40 [ 219.781931] ? page_add_file_rmap+0x781/0xe40 [ 219.786424] ? page_add_new_anon_rmap+0x870/0x870 [ 219.791264] ? perf_trace_lock+0x920/0x920 [ 219.795505] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 219.801041] ? __perf_event_task_sched_in+0x24f/0xbb0 [ 219.806227] ? lock_acquire+0x1e4/0x540 [ 219.810273] ? alloc_set_pte+0x1133/0x1790 [ 219.814513] ? lock_release+0xa30/0xa30 [ 219.818477] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 219.823480] ? check_pgprot+0xdf/0x180 [ 219.827353] ? put_page+0x280/0x280 [ 219.830979] ? kasan_check_write+0x14/0x20 [ 219.835204] ? do_raw_spin_lock+0xc1/0x200 [ 219.839429] ? alloc_set_pte+0xaf6/0x1790 [ 219.843590] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 219.848610] ? filemap_map_pages+0xca2/0x1990 [ 219.853097] ? trace_hardirqs_on+0x10/0x10 [ 219.857328] ? xa_set_tag+0x40/0x40 [ 219.860940] ? perf_trace_lock+0x920/0x920 [ 219.865164] ? trace_hardirqs_on+0x10/0x10 [ 219.869390] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 219.874938] ? trace_hardirqs_on+0x10/0x10 [ 219.879169] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 219.884033] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 219.888878] ? perf_trace_lock+0x920/0x920 [ 219.893102] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 219.897933] ? perf_trace_lock+0x920/0x920 [ 219.902163] ? perf_trace_lock+0x920/0x920 [ 219.906383] ? shrink_dcache_sb+0x350/0x350 [ 219.910695] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 219.915522] ? __fdget_pos+0x1bb/0x200 [ 219.919399] ? lock_acquire+0x1e4/0x540 [ 219.923372] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 219.928900] ? fsnotify+0xbac/0x14e0 [ 219.932610] ext4_file_read_iter+0x18b/0x3c0 [ 219.937010] generic_file_splice_read+0x5a5/0x9a0 [ 219.941860] ? add_to_pipe+0x360/0x360 [ 219.945744] ? rw_verify_area+0x118/0x360 [ 219.949899] ? add_to_pipe+0x360/0x360 [ 219.953773] do_splice_to+0x12e/0x190 [ 219.957565] splice_direct_to_actor+0x270/0x8f0 [ 219.962244] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 219.967779] ? pipe_to_sendpage+0x400/0x400 [ 219.972184] ? do_splice_to+0x190/0x190 [ 219.976154] ? security_file_permission+0x1c2/0x230 [ 219.981161] ? rw_verify_area+0x118/0x360 [ 219.985297] do_splice_direct+0x2d4/0x420 [ 219.989442] ? splice_direct_to_actor+0x8f0/0x8f0 [ 219.994283] ? rw_verify_area+0x118/0x360 [ 219.998510] do_sendfile+0x62a/0xe20 [ 220.002229] ? do_compat_pwritev64+0x1c0/0x1c0 [ 220.007154] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 220.012677] ? _copy_from_user+0xdf/0x150 [ 220.016819] __x64_sys_sendfile64+0x15d/0x250 [ 220.021308] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 220.025891] do_syscall_64+0x1b9/0x820 [ 220.029778] ? finish_task_switch+0x1d3/0x870 [ 220.034355] ? syscall_return_slowpath+0x5e0/0x5e0 [ 220.039279] ? syscall_return_slowpath+0x31d/0x5e0 [ 220.044198] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 220.049224] ? prepare_exit_to_usermode+0x291/0x3b0 [ 220.054231] ? perf_trace_sys_enter+0xb10/0xb10 [ 220.058888] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 220.063723] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 220.068907] RIP: 0033:0x455e29 [ 220.072686] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 220.091893] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 220.099590] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 21:25:40 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x4c00000000000000, 0x3, 0xf301}}) 21:25:40 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0xfffffffffffff000}}, 0x14}, 0x1}, 0x0) 21:25:40 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) r1 = shmget$private(0x0, 0x4000, 0x100, &(0x7f0000ff9000/0x4000)=nil) shmctl$IPC_INFO(r1, 0x3, &(0x7f0000000000)=""/109) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r2 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r2, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r2, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) [ 220.106855] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 220.114111] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 220.121367] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 220.128623] R13: 00000000004c1113 R14: 00000000004d1540 R15: 000000000000003d 21:25:40 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x5}}) 21:25:40 executing program 2 (fault-call:9 fault-nth:62): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:40 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2}) 21:25:40 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x4020940d, &(0x7f0000000000)) 21:25:40 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0x40030000000000}}, 0x14}, 0x1}, 0x0) [ 220.302266] FAULT_INJECTION: forcing a failure. [ 220.302266] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 220.314201] CPU: 1 PID: 14603 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 220.322607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 220.331961] Call Trace: [ 220.334579] dump_stack+0x1c9/0x2b4 [ 220.338193] ? dump_stack_print_info.cold.2+0x52/0x52 [ 220.343373] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 220.348213] should_fail.cold.4+0xa/0x11 [ 220.352355] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 220.357451] ? kasan_check_read+0x11/0x20 [ 220.361595] ? rcu_is_watching+0x8c/0x150 [ 220.365734] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 220.371256] ? xas_start+0x23d/0x740 [ 220.374958] ? find_get_entry+0xa6d/0x1120 [ 220.379181] ? lock_downgrade+0x8f0/0x8f0 [ 220.383408] ? lock_acquire+0x1e4/0x540 [ 220.387370] ? fs_reclaim_acquire+0x20/0x20 [ 220.391676] ? lock_downgrade+0x8f0/0x8f0 [ 220.395816] ? check_same_owner+0x340/0x340 [ 220.400132] ? find_get_entry+0xa96/0x1120 [ 220.404360] ? rcu_note_context_switch+0x730/0x730 [ 220.409284] __alloc_pages_nodemask+0x36e/0xdb0 [ 220.413939] ? percpu_ref_put_many+0x119/0x240 [ 220.418618] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 220.423622] ? trace_hardirqs_on+0x10/0x10 [ 220.427854] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 220.432688] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 220.438213] ? xas_start+0x23d/0x740 [ 220.441932] ? lock_acquire+0x1e4/0x540 [ 220.445902] ? xa_load+0x288/0x450 [ 220.449439] ? lock_downgrade+0x8f0/0x8f0 [ 220.453576] ? lock_release+0xa30/0xa30 [ 220.457547] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 220.463084] alloc_pages_current+0x10c/0x210 [ 220.467484] __page_cache_alloc+0x398/0x5e0 [ 220.471791] ? xa_load+0x2b1/0x450 [ 220.475318] ? xa_clear_tag+0x40/0x40 [ 220.479108] ? filemap_range_has_page+0x4c0/0x4c0 [ 220.483935] ? unwind_get_return_address+0x61/0xa0 [ 220.488873] __do_page_cache_readahead+0x24e/0x690 [ 220.493802] ? read_pages+0x680/0x680 [ 220.497604] ? lock_acquire+0x1e4/0x540 [ 220.501571] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 220.506666] ? lock_downgrade+0x8f0/0x8f0 [ 220.510804] ? lock_release+0xa30/0xa30 [ 220.514769] ondemand_readahead+0x550/0xc40 [ 220.519083] page_cache_sync_readahead+0x3a0/0x6d0 [ 220.524004] ? force_page_cache_readahead+0x360/0x360 [ 220.529186] ? lock_acquire+0x1e4/0x540 [ 220.533583] ? rcu_note_context_switch+0x730/0x730 [ 220.538514] ? check_same_owner+0x340/0x340 [ 220.542855] ? lock_release+0xa30/0xa30 [ 220.546918] generic_file_read_iter+0x1a87/0x2f10 [ 220.551763] ? filemap_write_and_wait_range+0xd0/0xd0 [ 220.556946] ? rcu_read_lock+0x70/0x70 [ 220.560823] ? __unlock_page_memcg+0x72/0x100 [ 220.565307] ? unlock_page_memcg+0x2c/0x40 [ 220.569536] ? page_add_file_rmap+0x781/0xe40 [ 220.574025] ? page_add_new_anon_rmap+0x870/0x870 [ 220.578883] ? perf_trace_lock+0x920/0x920 [ 220.583109] ? lock_acquire+0x1e4/0x540 [ 220.587072] ? alloc_set_pte+0x1133/0x1790 [ 220.591303] ? lock_release+0xa30/0xa30 [ 220.595264] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 220.600276] ? check_pgprot+0xdf/0x180 [ 220.604150] ? put_page+0x280/0x280 [ 220.607762] ? kasan_check_write+0x14/0x20 [ 220.611983] ? do_raw_spin_lock+0xc1/0x200 [ 220.616208] ? alloc_set_pte+0xaf6/0x1790 [ 220.620360] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 220.625374] ? filemap_map_pages+0xca2/0x1990 [ 220.629868] ? trace_hardirqs_on+0x10/0x10 [ 220.634092] ? xa_set_tag+0x40/0x40 [ 220.637708] ? trace_hardirqs_on+0x10/0x10 [ 220.641932] ? trace_hardirqs_on+0x10/0x10 [ 220.646156] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 220.650996] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 220.655829] ? perf_trace_lock+0x920/0x920 [ 220.660053] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 220.664894] ? perf_trace_lock+0x920/0x920 [ 220.669115] ? perf_trace_lock+0x920/0x920 [ 220.673335] ? shrink_dcache_sb+0x350/0x350 [ 220.677644] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 220.682559] ? __fdget_pos+0x1bb/0x200 [ 220.686611] ? lock_acquire+0x1e4/0x540 [ 220.690570] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 220.696099] ? fsnotify+0xbac/0x14e0 [ 220.699801] ext4_file_read_iter+0x18b/0x3c0 [ 220.704198] generic_file_splice_read+0x5a5/0x9a0 [ 220.709031] ? add_to_pipe+0x360/0x360 [ 220.712919] ? rw_verify_area+0x118/0x360 [ 220.717074] ? add_to_pipe+0x360/0x360 [ 220.720952] do_splice_to+0x12e/0x190 [ 220.724761] splice_direct_to_actor+0x270/0x8f0 [ 220.729421] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 220.734949] ? pipe_to_sendpage+0x400/0x400 [ 220.739258] ? do_splice_to+0x190/0x190 [ 220.743219] ? security_file_permission+0x1c2/0x230 [ 220.748488] ? rw_verify_area+0x118/0x360 [ 220.752640] do_splice_direct+0x2d4/0x420 [ 220.756776] ? splice_direct_to_actor+0x8f0/0x8f0 [ 220.761621] ? rw_verify_area+0x118/0x360 [ 220.765772] do_sendfile+0x62a/0xe20 [ 220.769490] ? do_compat_pwritev64+0x1c0/0x1c0 [ 220.774082] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 220.779606] ? _copy_from_user+0xdf/0x150 [ 220.783745] __x64_sys_sendfile64+0x15d/0x250 [ 220.788225] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 220.792807] do_syscall_64+0x1b9/0x820 [ 220.796684] ? finish_task_switch+0x1d3/0x870 [ 220.801170] ? syscall_return_slowpath+0x5e0/0x5e0 [ 220.806099] ? syscall_return_slowpath+0x31d/0x5e0 [ 220.811020] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 220.816041] ? prepare_exit_to_usermode+0x291/0x3b0 [ 220.821132] ? perf_trace_sys_enter+0xb10/0xb10 [ 220.825796] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 220.830630] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 220.835814] RIP: 0033:0x455e29 [ 220.838982] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 220.858163] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 220.865858] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 220.873124] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 220.880410] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 220.887677] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 220.895028] R13: 00000000004c1113 R14: 00000000004d1540 R15: 000000000000003e 21:25:41 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000300)='/dev/rtc0\x00', 0x100, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000240)={0x0, @in={{0x2, 0x4e22, @local={0xac, 0x14, 0x14, 0xaa}}}, 0x1, 0x3}, &(0x7f0000000080)=0x90) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f00000000c0)={r2, 0x71a, 0x30}, &(0x7f00000001c0)=0xc) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r3, 0x2, r0) r4 = syz_open_pts(r0, 0x0) ioctl$EVIOCGUNIQ(r1, 0x80404508, &(0x7f0000000340)=""/121) ioctl$TCXONC(r4, 0x540a, 0x0) 21:25:41 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x68000000, 0x3, 0xf301}}) 21:25:41 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x4800000000000000}}) 21:25:41 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/vga_arbiter\x00', 0x20000, 0x0) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffff9c, 0x84, 0x71, &(0x7f0000001500)={0x0, 0x5}, &(0x7f0000001540)=0x8) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000001580)={r3, 0xfffffffffffff538}, 0x8) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:41 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0xf0ffffffffffff}}, 0x14}, 0x1}, 0x0) 21:25:41 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4040ae79, &(0x7f0000000040)={r2}) 21:25:41 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0xc0045877, &(0x7f0000000000)) 21:25:41 executing program 2 (fault-call:9 fault-nth:63): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) [ 221.274018] FAULT_INJECTION: forcing a failure. [ 221.274018] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 221.286076] CPU: 0 PID: 14631 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 221.294484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 221.303841] Call Trace: [ 221.306425] dump_stack+0x1c9/0x2b4 [ 221.310044] ? dump_stack_print_info.cold.2+0x52/0x52 [ 221.315311] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 221.320144] should_fail.cold.4+0xa/0x11 [ 221.324203] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 221.329316] ? kasan_check_read+0x11/0x20 [ 221.333451] ? rcu_is_watching+0x8c/0x150 [ 221.337589] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 221.343124] ? xas_start+0x23d/0x740 [ 221.346838] ? find_get_entry+0xa6d/0x1120 [ 221.351073] ? lock_downgrade+0x8f0/0x8f0 [ 221.355213] ? lock_acquire+0x1e4/0x540 [ 221.359204] ? fs_reclaim_acquire+0x20/0x20 [ 221.363520] ? lock_downgrade+0x8f0/0x8f0 [ 221.367676] ? check_same_owner+0x340/0x340 [ 221.372248] ? find_get_entry+0xa96/0x1120 [ 221.376570] ? rcu_note_context_switch+0x730/0x730 [ 221.381496] __alloc_pages_nodemask+0x36e/0xdb0 [ 221.386153] ? percpu_ref_put_many+0x119/0x240 [ 221.390814] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 221.395834] ? trace_hardirqs_on+0x10/0x10 [ 221.400061] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 221.404900] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 221.410425] ? xas_start+0x23d/0x740 [ 221.414132] ? lock_acquire+0x1e4/0x540 [ 221.418098] ? xa_load+0x288/0x450 [ 221.421644] ? lock_downgrade+0x8f0/0x8f0 [ 221.425793] ? lock_release+0xa30/0xa30 [ 221.429849] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 221.435374] alloc_pages_current+0x10c/0x210 [ 221.439805] __page_cache_alloc+0x398/0x5e0 [ 221.444111] ? xa_load+0x2b1/0x450 [ 221.447638] ? xa_clear_tag+0x40/0x40 [ 221.451436] ? filemap_range_has_page+0x4c0/0x4c0 [ 221.456269] ? unwind_get_return_address+0x61/0xa0 [ 221.461198] __do_page_cache_readahead+0x24e/0x690 [ 221.466132] ? read_pages+0x680/0x680 [ 221.469929] ? lock_acquire+0x1e4/0x540 [ 221.473906] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 221.478996] ? lock_downgrade+0x8f0/0x8f0 [ 221.483141] ? lock_release+0xa30/0xa30 [ 221.487106] ondemand_readahead+0x550/0xc40 [ 221.491429] page_cache_sync_readahead+0x3a0/0x6d0 [ 221.496349] ? force_page_cache_readahead+0x360/0x360 [ 221.501533] ? lock_acquire+0x1e4/0x540 [ 221.505504] ? rcu_note_context_switch+0x730/0x730 [ 221.510421] ? check_same_owner+0x340/0x340 [ 221.514733] ? lock_release+0xa30/0xa30 [ 221.518698] generic_file_read_iter+0x1a87/0x2f10 [ 221.523535] ? filemap_write_and_wait_range+0xd0/0xd0 [ 221.528723] ? rcu_read_lock+0x70/0x70 [ 221.532613] ? __unlock_page_memcg+0x72/0x100 [ 221.537106] ? unlock_page_memcg+0x2c/0x40 [ 221.541330] ? page_add_file_rmap+0x781/0xe40 [ 221.545810] ? page_add_new_anon_rmap+0x870/0x870 [ 221.550642] ? perf_trace_lock+0x920/0x920 [ 221.554888] ? lock_acquire+0x1e4/0x540 [ 221.559727] ? alloc_set_pte+0x1133/0x1790 [ 221.563962] ? lock_release+0xa30/0xa30 [ 221.567925] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 221.572938] ? check_pgprot+0xdf/0x180 [ 221.576815] ? put_page+0x280/0x280 [ 221.580444] ? kasan_check_write+0x14/0x20 [ 221.584665] ? do_raw_spin_lock+0xc1/0x200 [ 221.588886] ? alloc_set_pte+0xaf6/0x1790 [ 221.593026] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 221.598042] ? filemap_map_pages+0xca2/0x1990 [ 221.602528] ? trace_hardirqs_on+0x10/0x10 [ 221.606746] ? xa_set_tag+0x40/0x40 [ 221.610369] ? perf_trace_lock+0x920/0x920 [ 221.614591] ? environ_open+0x90/0x90 [ 221.618377] ? trace_hardirqs_on+0x10/0x10 [ 221.622612] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 221.628147] ? trace_hardirqs_on+0x10/0x10 [ 221.633504] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 221.638338] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 221.643176] ? perf_trace_lock+0x920/0x920 [ 221.647395] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 221.652225] ? perf_trace_lock+0x920/0x920 [ 221.656448] ? perf_trace_lock+0x920/0x920 [ 221.661023] ? shrink_dcache_sb+0x350/0x350 [ 221.665350] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 221.670181] ? __fdget_pos+0x1bb/0x200 [ 221.674061] ? lock_acquire+0x1e4/0x540 [ 221.678139] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 221.683670] ? fsnotify+0xbac/0x14e0 [ 221.687383] ext4_file_read_iter+0x18b/0x3c0 [ 221.692139] generic_file_splice_read+0x5a5/0x9a0 [ 221.696970] ? add_to_pipe+0x360/0x360 [ 221.700850] ? rw_verify_area+0x118/0x360 [ 221.705245] ? add_to_pipe+0x360/0x360 [ 221.709117] do_splice_to+0x12e/0x190 [ 221.712995] splice_direct_to_actor+0x270/0x8f0 [ 221.717671] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 221.723293] ? pipe_to_sendpage+0x400/0x400 [ 221.727603] ? do_splice_to+0x190/0x190 [ 221.731571] ? security_file_permission+0x1c2/0x230 [ 221.736582] ? rw_verify_area+0x118/0x360 [ 221.740718] do_splice_direct+0x2d4/0x420 [ 221.744859] ? splice_direct_to_actor+0x8f0/0x8f0 [ 221.749689] ? rw_verify_area+0x118/0x360 [ 221.753829] do_sendfile+0x62a/0xe20 [ 221.757543] ? do_compat_pwritev64+0x1c0/0x1c0 [ 221.762125] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 221.767659] ? _copy_from_user+0xdf/0x150 [ 221.771805] __x64_sys_sendfile64+0x15d/0x250 [ 221.776289] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 221.780873] do_syscall_64+0x1b9/0x820 [ 221.784756] ? finish_task_switch+0x1d3/0x870 [ 221.789236] ? syscall_return_slowpath+0x5e0/0x5e0 [ 221.794168] ? syscall_return_slowpath+0x31d/0x5e0 [ 221.799090] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 221.804101] ? prepare_exit_to_usermode+0x291/0x3b0 [ 221.809188] ? perf_trace_sys_enter+0xb10/0xb10 [ 221.813847] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 221.818690] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 221.823873] RIP: 0033:0x455e29 [ 221.827043] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 221.846231] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 221.853932] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 221.861709] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 221.868964] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 21:25:41 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x5422, &(0x7f0000000000)) 21:25:41 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0xffffff7f}}, 0x14}, 0x1}, 0x0) 21:25:41 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x7a000000}}) 21:25:41 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r1, 0x40bc5311, &(0x7f00000000c0)={0x80, 0x0, 'client1\x00', 0x1, "a91ca30d2ca9de42", "e4a6039747f3f6bbcd2187b1ad74db44aae5bc58dbe521543e25bc8652fa81fa", 0xff, 0x5}) r2 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r2, 0x1, 0x2c, &(0x7f0000687000)=0x100000000, 0x4) bind$inet6(r2, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r2, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) linkat(r1, &(0x7f0000000180)='./file0\x00', r1, &(0x7f00000001c0)='./file0\x00', 0x1400) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}, 0xd0a}, 0x1c) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x0, 0x0) ioctl$TIOCLINUX2(r3, 0x541c, &(0x7f0000000040)={0x2, 0x8, 0x1ff, 0x7, 0x7, 0xffffffffffff8001}) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:41 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x4c000000, 0x3, 0xf301}}) [ 221.876235] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 221.883501] R13: 00000000004c1113 R14: 00000000004d1540 R15: 000000000000003f 21:25:41 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4010ae67, &(0x7f0000000040)={r2}) 21:25:41 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0xf0}}, 0x14}, 0x1}, 0x0) 21:25:41 executing program 2 (fault-call:9 fault-nth:64): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) [ 222.076775] FAULT_INJECTION: forcing a failure. [ 222.076775] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 222.088689] CPU: 1 PID: 14675 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 222.097099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 222.106543] Call Trace: [ 222.109147] dump_stack+0x1c9/0x2b4 [ 222.112794] ? dump_stack_print_info.cold.2+0x52/0x52 [ 222.118002] ? rb_erase_cached+0xc82/0x32c0 [ 222.122347] should_fail.cold.4+0xa/0x11 [ 222.126574] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 222.131771] ? lock_downgrade+0x8f0/0x8f0 [ 222.135928] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 222.141470] ? xas_start+0x23d/0x740 [ 222.145184] ? trace_hardirqs_on+0x10/0x10 [ 222.149424] ? find_get_entry+0xa6d/0x1120 [ 222.153674] ? lock_downgrade+0x8f0/0x8f0 [ 222.157812] ? lock_acquire+0x1e4/0x540 [ 222.161775] ? fs_reclaim_acquire+0x20/0x20 [ 222.166082] ? lock_downgrade+0x8f0/0x8f0 [ 222.170215] ? check_same_owner+0x340/0x340 [ 222.174525] ? find_get_entry+0xa96/0x1120 [ 222.178752] ? rcu_note_context_switch+0x730/0x730 [ 222.183673] __alloc_pages_nodemask+0x36e/0xdb0 [ 222.188342] ? __perf_event_task_sched_out+0x2f0/0x1a60 [ 222.193724] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 222.198732] ? trace_hardirqs_on+0x10/0x10 [ 222.202968] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 222.208493] ? xas_start+0x23d/0x740 [ 222.212195] ? lock_acquire+0x1e4/0x540 [ 222.216155] ? xa_load+0x288/0x450 [ 222.219696] ? lock_downgrade+0x8f0/0x8f0 [ 222.223843] ? lock_release+0xa30/0xa30 [ 222.227810] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 222.233347] alloc_pages_current+0x10c/0x210 [ 222.237751] __page_cache_alloc+0x398/0x5e0 [ 222.242077] ? xa_load+0x2b1/0x450 [ 222.245611] ? xa_clear_tag+0x40/0x40 [ 222.249406] ? filemap_range_has_page+0x4c0/0x4c0 [ 222.254238] ? update_load_avg+0x2de/0x2590 [ 222.258547] ? unwind_get_return_address+0x61/0xa0 [ 222.263476] __do_page_cache_readahead+0x24e/0x690 [ 222.268410] ? read_pages+0x680/0x680 [ 222.272212] ? lock_acquire+0x1e4/0x540 21:25:42 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(r0, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r1, 0x0, 0x482, &(0x7f0000000080)=""/112, &(0x7f0000000000)=0x70) ioctl$TCXONC(r2, 0x540a, 0x0) 21:25:42 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x300}}) 21:25:42 executing program 4: r0 = socket$inet6(0xa, 0xb, 0xfffffffffffffff9) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000440)=0x100010, 0x4) ioctl$TIOCNXCL(r1, 0x540d) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r2 = socket$inet6(0xa, 0x2000000000001, 0x0) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000002c0)={0x0, 0x100000000}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000340)={r3, 0x7ff, 0x1c1, 0x400, 0x3ff, 0x7}, &(0x7f0000000380)=0x14) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r2, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r2, &(0x7f0000000180), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @mcast1={0xff, 0x1, [], 0x1}, 0x1000000000}, 0x4) set_mempolicy(0x3, &(0x7f0000000400)=0xc5, 0x400) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000280)=0x0) r5 = getpgrp(r4) ioctl$ASHMEM_SET_SIZE(r1, 0x40087703, 0xffffffffffffffff) sendto$inet(r1, &(0x7f0000000080)="6938e2e58a06df0a765097b0d31e5295368c97171c463aec61f6821b0363c90c8215fbb555c8a92eccc5bf97deb9547d3fa6ce00cf98a09a8c95fa9631f2d5ad3ff8eab9aa6deb8872a8dfca4b848f579c2144094ed11a0288dca2e0a6e57b4d643d01d36d07a69d5dcb669a2fc197779499dac21781e9a1770e5c5b1b84b46f53", 0x81, 0x4040884, &(0x7f0000000140)={0x2, 0x4e24, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$IP_VS_SO_SET_EDITDEST(r1, 0x0, 0x489, &(0x7f0000000200)={{0x2c, @remote={0xac, 0x14, 0x14, 0xbb}, 0x4e22, 0x4, 'nq\x00', 0x38, 0x80, 0x7f}, {@local={0xac, 0x14, 0x14, 0xaa}, 0x4e22, 0x3, 0x7fffffff, 0xffff, 0x7127}}, 0x44) sched_getaffinity(r5, 0x8, &(0x7f00000003c0)) sched_getattr(r5, &(0x7f0000000000), 0x30, 0x0) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000180), &(0x7f00000001c0)=0x4) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:42 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x5423, &(0x7f0000000000)) 21:25:42 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x5000000, 0x3, 0xf301}}) 21:25:42 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0xc008ae67, &(0x7f0000000040)={r2}) 21:25:42 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0xf}}, 0x14}, 0x1}, 0x0) [ 222.276183] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 222.281290] ? lock_downgrade+0x8f0/0x8f0 [ 222.285435] ? lock_release+0xa30/0xa30 [ 222.289398] ondemand_readahead+0x550/0xc40 [ 222.293737] page_cache_sync_readahead+0x3a0/0x6d0 [ 222.298697] ? force_page_cache_readahead+0x360/0x360 [ 222.303897] ? lock_acquire+0x1e4/0x540 [ 222.307885] ? rcu_note_context_switch+0x730/0x730 [ 222.312822] ? check_same_owner+0x340/0x340 [ 222.317157] ? lock_release+0xa30/0xa30 [ 222.321142] generic_file_read_iter+0x1a87/0x2f10 [ 222.326003] ? filemap_write_and_wait_range+0xd0/0xd0 [ 222.331232] ? rcu_read_lock+0x70/0x70 [ 222.335132] ? __unlock_page_memcg+0x72/0x100 [ 222.339629] ? unlock_page_memcg+0x2c/0x40 [ 222.343870] ? page_add_file_rmap+0x781/0xe40 [ 222.348379] ? page_add_new_anon_rmap+0x870/0x870 [ 222.353220] ? perf_event_update_userpage+0xd30/0xd30 [ 222.358413] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 222.363969] ? __perf_event_task_sched_in+0x24f/0xbb0 [ 222.369163] ? lock_acquire+0x1e4/0x540 [ 222.373135] ? alloc_set_pte+0x1133/0x1790 [ 222.377384] ? lock_release+0xa30/0xa30 [ 222.381354] ? xas_descend+0x20c/0x5f0 [ 222.385242] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 222.390248] ? check_pgprot+0xdf/0x180 [ 222.394125] ? put_page+0x280/0x280 [ 222.397742] ? kasan_check_write+0x14/0x20 [ 222.401974] ? do_raw_spin_lock+0xc1/0x200 [ 222.406221] ? alloc_set_pte+0xaf6/0x1790 [ 222.410385] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 222.415393] ? filemap_map_pages+0xca2/0x1990 [ 222.419890] ? trace_hardirqs_on+0x10/0x10 [ 222.424114] ? xa_set_tag+0x40/0x40 [ 222.427730] ? lock_repin_lock+0x430/0x430 [ 222.431954] ? kasan_check_write+0x14/0x20 [ 222.436182] ? trace_hardirqs_on+0x10/0x10 [ 222.440415] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 222.446037] ? trace_hardirqs_on+0x10/0x10 [ 222.450274] ? trace_hardirqs_on+0x10/0x10 [ 222.454513] ? find_get_entries_tag+0x1410/0x1410 [ 222.459359] ? trace_hardirqs_on+0x10/0x10 [ 222.463587] ? mntput_no_expire+0x18e/0xbc0 [ 222.467911] ? do_raw_spin_lock+0xc1/0x200 [ 222.472158] ? mnt_get_count+0x150/0x150 [ 222.476213] ? dput.part.26+0x276/0x7a0 [ 222.480175] ? shrink_dcache_sb+0x350/0x350 [ 222.484491] ? lock_acquire+0x1e4/0x540 [ 222.488462] ? __fdget_pos+0x1bb/0x200 [ 222.492346] ? lock_acquire+0x1e4/0x540 [ 222.496328] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 222.501866] ? fsnotify+0xbac/0x14e0 [ 222.505575] ext4_file_read_iter+0x18b/0x3c0 [ 222.509979] generic_file_splice_read+0x5a5/0x9a0 [ 222.514817] ? add_to_pipe+0x360/0x360 [ 222.518717] ? rw_verify_area+0x118/0x360 [ 222.522867] ? add_to_pipe+0x360/0x360 [ 222.526752] do_splice_to+0x12e/0x190 [ 222.530571] splice_direct_to_actor+0x270/0x8f0 [ 222.535243] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 222.540791] ? pipe_to_sendpage+0x400/0x400 [ 222.545134] ? do_splice_to+0x190/0x190 [ 222.549103] ? security_file_permission+0x1c2/0x230 [ 222.554120] ? rw_verify_area+0x118/0x360 [ 222.558270] do_splice_direct+0x2d4/0x420 [ 222.562435] ? splice_direct_to_actor+0x8f0/0x8f0 [ 222.567274] ? rw_verify_area+0x118/0x360 [ 222.571414] do_sendfile+0x62a/0xe20 [ 222.575138] ? do_compat_pwritev64+0x1c0/0x1c0 [ 222.579719] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 222.585271] ? _copy_from_user+0xdf/0x150 [ 222.589414] __x64_sys_sendfile64+0x15d/0x250 [ 222.593918] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 222.598502] do_syscall_64+0x1b9/0x820 [ 222.602381] ? finish_task_switch+0x1d3/0x870 [ 222.606880] ? syscall_return_slowpath+0x5e0/0x5e0 [ 222.611804] ? syscall_return_slowpath+0x31d/0x5e0 [ 222.616745] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 222.621754] ? prepare_exit_to_usermode+0x291/0x3b0 [ 222.626944] ? perf_trace_sys_enter+0xb10/0xb10 [ 222.631606] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 222.636455] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 222.641720] RIP: 0033:0x455e29 [ 222.644902] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 222.664183] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 222.671882] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 222.679139] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 222.686407] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 222.693665] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 222.700922] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000040 21:25:42 executing program 2 (fault-call:9 fault-nth:65): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:42 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x80045400, &(0x7f0000000000)) 21:25:42 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0x100000000000000}}, 0x14}, 0x1}, 0x0) 21:25:42 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x4800}}) 21:25:42 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0xfc5) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet6(0xa, 0x1, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r3 = userfaultfd(0x0) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000002000)={0xaa}) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000001000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqsrc(r4, 0x0, 0x4, &(0x7f0000013ff4)={@local={0xac, 0x14, 0x14, 0xaa}, @rand_addr, @multicast2=0xe0000002}, 0xc) getsockopt$IP_VS_SO_GET_DAEMON(r4, 0x0, 0x487, &(0x7f0000000000), &(0x7f0000000040)=0x30) close(r4) dup3(r2, r3, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r5 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r5, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x4e21, @remote={0xac, 0x14, 0x14, 0xbb}}, @in={0x2, 0x4e24, @loopback=0x7f000001}, @in={0x2, 0x4e24}, @in6={0xa, 0x4e21, 0x16d, @dev={0xfe, 0x80, [], 0x1f}, 0x7}, @in={0x2, 0x4e22, @broadcast=0xffffffff}], 0x5c) setsockopt$sock_int(r5, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) set_tid_address(&(0x7f00000000c0)) bind$inet6(r5, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r5, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) getsockname$inet6(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, @loopback}, &(0x7f0000000040)=0x1c) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r5, 0x84, 0x4, &(0x7f0000000240)=0x7, 0x4) getsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000100)={{{@in=@local, @in=@multicast1}}, {{}, 0x0, @in=@local}}, &(0x7f0000000200)=0xe8) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f0000000080)="a0fcdba06ac991000000000000004e51532193d9393fd4522878e802fe005cac000000000000000000000000000000", 0x2f, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) epoll_create(0x5) 21:25:42 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0xc0045878, &(0x7f0000000040)={r2}) [ 222.839966] FAULT_INJECTION: forcing a failure. [ 222.839966] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 222.851897] CPU: 0 PID: 14720 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 222.860304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 222.869662] Call Trace: [ 222.872277] dump_stack+0x1c9/0x2b4 [ 222.875921] ? dump_stack_print_info.cold.2+0x52/0x52 [ 222.881136] should_fail.cold.4+0xa/0x11 [ 222.885218] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 222.890365] ? kasan_check_read+0x11/0x20 [ 222.894524] ? rcu_is_watching+0x8c/0x150 [ 222.898680] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 222.904219] ? xas_start+0x23d/0x740 [ 222.908637] ? trace_hardirqs_on+0x10/0x10 [ 222.912873] ? find_get_entry+0xa6d/0x1120 [ 222.917113] ? lock_downgrade+0x8f0/0x8f0 [ 222.921262] ? lock_acquire+0x1e4/0x540 [ 222.925323] ? fs_reclaim_acquire+0x20/0x20 [ 222.929647] ? lock_downgrade+0x8f0/0x8f0 [ 222.933791] ? check_same_owner+0x340/0x340 [ 222.938192] ? find_get_entry+0xa96/0x1120 [ 222.942422] ? rcu_note_context_switch+0x730/0x730 [ 222.947347] __alloc_pages_nodemask+0x36e/0xdb0 [ 222.952007] ? percpu_ref_put_many+0x119/0x240 [ 222.957131] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 222.962156] ? trace_hardirqs_on+0x10/0x10 [ 222.966402] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 222.971939] ? xas_start+0x23d/0x740 [ 222.975654] ? lock_acquire+0x1e4/0x540 [ 222.979625] ? xa_load+0x288/0x450 [ 222.983163] ? lock_downgrade+0x8f0/0x8f0 [ 222.987302] ? lock_release+0xa30/0xa30 [ 222.991275] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 222.996829] alloc_pages_current+0x10c/0x210 [ 223.001259] __page_cache_alloc+0x398/0x5e0 [ 223.005573] ? xa_load+0x2b1/0x450 [ 223.009125] ? xa_clear_tag+0x40/0x40 [ 223.012920] ? filemap_range_has_page+0x4c0/0x4c0 [ 223.017754] ? unwind_get_return_address+0x61/0xa0 [ 223.022689] __do_page_cache_readahead+0x24e/0x690 [ 223.027624] ? read_pages+0x680/0x680 [ 223.031422] ? lock_acquire+0x1e4/0x540 [ 223.035392] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 223.040488] ? lock_downgrade+0x8f0/0x8f0 [ 223.044639] ? lock_release+0xa30/0xa30 [ 223.048612] ondemand_readahead+0x550/0xc40 [ 223.052940] page_cache_sync_readahead+0x3a0/0x6d0 [ 223.057867] ? force_page_cache_readahead+0x360/0x360 [ 223.063049] ? lock_acquire+0x1e4/0x540 [ 223.067032] ? rcu_note_context_switch+0x730/0x730 [ 223.071956] ? check_same_owner+0x340/0x340 [ 223.076275] ? lock_release+0xa30/0xa30 [ 223.080257] generic_file_read_iter+0x1a87/0x2f10 [ 223.085110] ? filemap_write_and_wait_range+0xd0/0xd0 [ 223.090307] ? rcu_read_lock+0x70/0x70 [ 223.094205] ? __unlock_page_memcg+0x72/0x100 [ 223.098702] ? unlock_page_memcg+0x2c/0x40 [ 223.102928] ? page_add_file_rmap+0x781/0xe40 [ 223.107416] ? page_add_new_anon_rmap+0x870/0x870 [ 223.112251] ? lockdep_init_map+0x9/0x10 [ 223.116314] ? kasan_check_write+0x14/0x20 [ 223.120553] ? __init_rwsem+0x1cc/0x2a0 [ 223.124524] ? lock_acquire+0x1e4/0x540 [ 223.128494] ? alloc_set_pte+0x1133/0x1790 [ 223.132731] ? lock_release+0xa30/0xa30 [ 223.136696] ? xas_descend+0x20c/0x5f0 [ 223.140597] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 223.145603] ? check_pgprot+0xdf/0x180 [ 223.149488] ? put_page+0x280/0x280 [ 223.153108] ? kasan_check_write+0x14/0x20 [ 223.157330] ? do_raw_spin_lock+0xc1/0x200 [ 223.161559] ? alloc_set_pte+0xaf6/0x1790 [ 223.165711] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 223.170721] ? filemap_map_pages+0xca2/0x1990 [ 223.175209] ? trace_hardirqs_on+0x10/0x10 [ 223.179434] ? xa_set_tag+0x40/0x40 [ 223.183052] ? environ_open+0x90/0x90 [ 223.186850] ? trace_hardirqs_on+0x10/0x10 [ 223.191093] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 223.196639] ? trace_hardirqs_on+0x10/0x10 [ 223.200864] ? trace_hardirqs_on+0x10/0x10 [ 223.205092] ? find_get_entries_tag+0x1410/0x1410 [ 223.209941] ? trace_hardirqs_on+0x10/0x10 [ 223.214169] ? mntput_no_expire+0x18e/0xbc0 [ 223.218475] ? do_raw_spin_lock+0xc1/0x200 [ 223.222698] ? mnt_get_count+0x150/0x150 [ 223.226751] ? dput.part.26+0x276/0x7a0 [ 223.230715] ? shrink_dcache_sb+0x350/0x350 [ 223.235036] ? lock_acquire+0x1e4/0x540 [ 223.239015] ? __fdget_pos+0x1bb/0x200 [ 223.242901] ? lock_acquire+0x1e4/0x540 [ 223.246868] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 223.252404] ? fsnotify+0xbac/0x14e0 [ 223.256129] ext4_file_read_iter+0x18b/0x3c0 [ 223.260541] generic_file_splice_read+0x5a5/0x9a0 [ 223.265385] ? add_to_pipe+0x360/0x360 [ 223.269280] ? rw_verify_area+0x118/0x360 [ 223.273432] ? add_to_pipe+0x360/0x360 [ 223.277314] do_splice_to+0x12e/0x190 [ 223.281123] splice_direct_to_actor+0x270/0x8f0 [ 223.285803] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 223.291334] ? pipe_to_sendpage+0x400/0x400 [ 223.295651] ? do_splice_to+0x190/0x190 [ 223.299614] ? security_file_permission+0x1c2/0x230 [ 223.304638] ? rw_verify_area+0x118/0x360 [ 223.308785] do_splice_direct+0x2d4/0x420 [ 223.312930] ? splice_direct_to_actor+0x8f0/0x8f0 [ 223.317769] ? rw_verify_area+0x118/0x360 [ 223.321929] do_sendfile+0x62a/0xe20 [ 223.325645] ? do_compat_pwritev64+0x1c0/0x1c0 [ 223.330231] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 223.335758] ? _copy_from_user+0xdf/0x150 [ 223.339916] __x64_sys_sendfile64+0x15d/0x250 [ 223.344433] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 223.349224] do_syscall_64+0x1b9/0x820 [ 223.353116] ? finish_task_switch+0x1d3/0x870 [ 223.357615] ? syscall_return_slowpath+0x5e0/0x5e0 [ 223.362548] ? syscall_return_slowpath+0x31d/0x5e0 [ 223.367480] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 223.372485] ? prepare_exit_to_usermode+0x291/0x3b0 [ 223.377494] ? perf_trace_sys_enter+0xb10/0xb10 [ 223.382153] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 223.387095] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 223.392285] RIP: 0033:0x455e29 [ 223.395457] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 223.414739] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 223.422442] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 223.429963] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 21:25:42 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x3, 0x3, 0xf301}}) 21:25:42 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0xc0505405, &(0x7f0000000000)) [ 223.437221] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 223.444480] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 223.451735] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000041 21:25:43 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x7}}) 21:25:43 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000000)={0x5, 0x2, 0x80000001, 0x5, 0x10000}) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 21:25:43 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0x400300}}, 0x14}, 0x1}, 0x0) 21:25:43 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0xc0145401, &(0x7f0000000000)) 21:25:43 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020940d, &(0x7f0000000040)={r2}) 21:25:43 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x4000000, 0x3, 0xf301}}) 21:25:43 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x200000000000000}}) 21:25:43 executing program 2 (fault-call:9 fault-nth:66): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) [ 223.776288] FAULT_INJECTION: forcing a failure. [ 223.776288] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 223.788403] CPU: 0 PID: 14774 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 223.796815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 223.806170] Call Trace: [ 223.808774] dump_stack+0x1c9/0x2b4 [ 223.812419] ? dump_stack_print_info.cold.2+0x52/0x52 [ 223.817717] should_fail.cold.4+0xa/0x11 [ 223.821801] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 223.826904] ? kasan_check_read+0x11/0x20 [ 223.831052] ? rcu_is_watching+0x8c/0x150 [ 223.835195] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 223.840744] ? xas_start+0x23d/0x740 [ 223.844462] ? trace_hardirqs_on+0x10/0x10 [ 223.848706] ? find_get_entry+0xa6d/0x1120 [ 223.852938] ? lock_downgrade+0x8f0/0x8f0 [ 223.857125] ? lock_acquire+0x1e4/0x540 [ 223.861262] ? fs_reclaim_acquire+0x20/0x20 [ 223.865668] ? lock_downgrade+0x8f0/0x8f0 [ 223.869820] ? check_same_owner+0x340/0x340 [ 223.874133] ? find_get_entry+0xa96/0x1120 [ 223.878372] ? rcu_note_context_switch+0x730/0x730 [ 223.883300] __alloc_pages_nodemask+0x36e/0xdb0 [ 223.887964] ? percpu_ref_put_many+0x119/0x240 [ 223.892540] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 223.897555] ? trace_hardirqs_on+0x10/0x10 [ 223.901786] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 223.907316] ? xas_start+0x23d/0x740 [ 223.911026] ? lock_acquire+0x1e4/0x540 [ 223.914993] ? xa_load+0x288/0x450 [ 223.918528] ? lock_downgrade+0x8f0/0x8f0 [ 223.922676] ? lock_release+0xa30/0xa30 [ 223.926657] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 223.932203] alloc_pages_current+0x10c/0x210 [ 223.936625] __page_cache_alloc+0x398/0x5e0 [ 223.940939] ? xa_load+0x2b1/0x450 [ 223.944469] ? xa_clear_tag+0x40/0x40 [ 223.948263] ? filemap_range_has_page+0x4c0/0x4c0 [ 223.953098] ? unwind_get_return_address+0x61/0xa0 [ 223.958024] __do_page_cache_readahead+0x24e/0x690 [ 223.962961] ? read_pages+0x680/0x680 [ 223.966764] ? lock_acquire+0x1e4/0x540 [ 223.970732] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 223.976084] ? lock_downgrade+0x8f0/0x8f0 [ 223.980222] ? lock_release+0xa30/0xa30 [ 223.984191] ondemand_readahead+0x550/0xc40 [ 223.988518] page_cache_sync_readahead+0x3a0/0x6d0 [ 223.993455] ? force_page_cache_readahead+0x360/0x360 [ 223.998636] ? lock_acquire+0x1e4/0x540 [ 224.002601] ? rcu_note_context_switch+0x730/0x730 [ 224.007528] ? check_same_owner+0x340/0x340 [ 224.011844] ? lock_release+0xa30/0xa30 [ 224.015813] generic_file_read_iter+0x1a87/0x2f10 [ 224.020659] ? filemap_write_and_wait_range+0xd0/0xd0 [ 224.025846] ? rcu_read_lock+0x70/0x70 [ 224.029732] ? __unlock_page_memcg+0x72/0x100 [ 224.034225] ? unlock_page_memcg+0x2c/0x40 [ 224.038453] ? page_add_file_rmap+0x781/0xe40 [ 224.042939] ? page_add_new_anon_rmap+0x870/0x870 [ 224.047778] ? lockdep_init_map+0x9/0x10 [ 224.051837] ? kasan_check_write+0x14/0x20 [ 224.056069] ? __init_rwsem+0x1cc/0x2a0 [ 224.060044] ? lock_acquire+0x1e4/0x540 [ 224.064028] ? alloc_set_pte+0x1133/0x1790 [ 224.068256] ? lock_release+0xa30/0xa30 [ 224.072218] ? xas_descend+0x20c/0x5f0 [ 224.076097] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 224.081102] ? check_pgprot+0xdf/0x180 [ 224.084981] ? put_page+0x280/0x280 [ 224.088606] ? kasan_check_write+0x14/0x20 [ 224.092843] ? do_raw_spin_lock+0xc1/0x200 [ 224.097096] ? alloc_set_pte+0xaf6/0x1790 [ 224.101252] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 224.106267] ? filemap_map_pages+0xca2/0x1990 [ 224.110761] ? trace_hardirqs_on+0x10/0x10 [ 224.114984] ? xa_set_tag+0x40/0x40 [ 224.118604] ? environ_open+0x90/0x90 [ 224.122395] ? trace_hardirqs_on+0x10/0x10 [ 224.126637] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 224.132173] ? trace_hardirqs_on+0x10/0x10 [ 224.136402] ? trace_hardirqs_on+0x10/0x10 [ 224.140640] ? find_get_entries_tag+0x1410/0x1410 [ 224.145480] ? trace_hardirqs_on+0x10/0x10 [ 224.149792] ? mntput_no_expire+0x18e/0xbc0 [ 224.154103] ? do_raw_spin_lock+0xc1/0x200 [ 224.158331] ? mnt_get_count+0x150/0x150 [ 224.162381] ? dput.part.26+0x276/0x7a0 [ 224.166361] ? shrink_dcache_sb+0x350/0x350 [ 224.170675] ? lock_acquire+0x1e4/0x540 [ 224.174638] ? __fdget_pos+0x1bb/0x200 [ 224.178525] ? lock_acquire+0x1e4/0x540 [ 224.182492] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 224.188028] ? fsnotify+0xbac/0x14e0 [ 224.191746] ext4_file_read_iter+0x18b/0x3c0 [ 224.196156] generic_file_splice_read+0x5a5/0x9a0 [ 224.200993] ? add_to_pipe+0x360/0x360 [ 224.204879] ? rw_verify_area+0x118/0x360 [ 224.209027] ? add_to_pipe+0x360/0x360 [ 224.212906] do_splice_to+0x12e/0x190 [ 224.216717] splice_direct_to_actor+0x270/0x8f0 [ 224.221376] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 224.226911] ? pipe_to_sendpage+0x400/0x400 [ 224.231222] ? do_splice_to+0x190/0x190 [ 224.235187] ? security_file_permission+0x1c2/0x230 [ 224.240195] ? rw_verify_area+0x118/0x360 [ 224.244354] do_splice_direct+0x2d4/0x420 [ 224.248496] ? splice_direct_to_actor+0x8f0/0x8f0 [ 224.253329] ? rw_verify_area+0x118/0x360 [ 224.257602] do_sendfile+0x62a/0xe20 [ 224.261323] ? do_compat_pwritev64+0x1c0/0x1c0 [ 224.265901] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 224.271431] ? _copy_from_user+0xdf/0x150 [ 224.275578] __x64_sys_sendfile64+0x15d/0x250 [ 224.280061] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 224.285178] do_syscall_64+0x1b9/0x820 [ 224.289142] ? finish_task_switch+0x1d3/0x870 [ 224.293631] ? syscall_return_slowpath+0x5e0/0x5e0 [ 224.298549] ? syscall_return_slowpath+0x31d/0x5e0 [ 224.303470] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 224.308482] ? prepare_exit_to_usermode+0x291/0x3b0 [ 224.313488] ? perf_trace_sys_enter+0xb10/0xb10 [ 224.318145] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 224.322983] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 224.328161] RIP: 0033:0x455e29 [ 224.331504] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 224.350787] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 224.358484] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 224.365740] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 21:25:43 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x700000000000000}}) 21:25:43 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x5450, &(0x7f0000000000)) 21:25:43 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0xf00000000000000}}, 0x14}, 0x1}, 0x0) 21:25:44 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x2, &(0x7f0000000040)={r2}) [ 224.373005] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 224.380353] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 224.387869] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000042 21:25:44 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x4, 0x1) connect$l2tp(r2, &(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, r1, 0x0, 0x1, 0x3, 0x0, {0xa, 0x4e21, 0x6, @mcast2={0xff, 0x2, [], 0x1}, 0x7}}}, 0x3a) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0x9, 0x30b) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:44 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x2000000, 0x3, 0xf301}}) 21:25:44 executing program 2 (fault-call:9 fault-nth:67): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:44 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0x200000000000000}}, 0x14}, 0x1}, 0x0) 21:25:44 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x6000000}}) [ 224.572413] FAULT_INJECTION: forcing a failure. [ 224.572413] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 224.584338] CPU: 0 PID: 14813 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 224.592748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 224.602105] Call Trace: [ 224.604714] dump_stack+0x1c9/0x2b4 [ 224.608353] ? dump_stack_print_info.cold.2+0x52/0x52 [ 224.613564] should_fail.cold.4+0xa/0x11 [ 224.617662] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 224.622779] ? kasan_check_read+0x11/0x20 [ 224.626916] ? rcu_is_watching+0x8c/0x150 [ 224.631069] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 224.636609] ? xas_start+0x23d/0x740 [ 224.640317] ? trace_hardirqs_on+0x10/0x10 [ 224.644557] ? find_get_entry+0xa6d/0x1120 [ 224.648797] ? lock_downgrade+0x8f0/0x8f0 [ 224.652962] ? lock_acquire+0x1e4/0x540 [ 224.657036] ? fs_reclaim_acquire+0x20/0x20 [ 224.661350] ? lock_downgrade+0x8f0/0x8f0 [ 224.665498] ? check_same_owner+0x340/0x340 [ 224.669825] ? find_get_entry+0xa96/0x1120 [ 224.674056] ? rcu_note_context_switch+0x730/0x730 [ 224.678978] __alloc_pages_nodemask+0x36e/0xdb0 [ 224.683636] ? percpu_ref_put_many+0x119/0x240 [ 224.688218] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 224.693234] ? trace_hardirqs_on+0x10/0x10 [ 224.697473] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 224.702995] ? xas_start+0x23d/0x740 [ 224.706711] ? lock_acquire+0x1e4/0x540 [ 224.710688] ? xa_load+0x288/0x450 [ 224.714211] ? lock_downgrade+0x8f0/0x8f0 [ 224.718349] ? lock_release+0xa30/0xa30 [ 224.722310] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 224.727842] alloc_pages_current+0x10c/0x210 [ 224.732242] __page_cache_alloc+0x398/0x5e0 [ 224.736548] ? xa_load+0x2b1/0x450 [ 224.740078] ? xa_clear_tag+0x40/0x40 [ 224.743873] ? filemap_range_has_page+0x4c0/0x4c0 [ 224.748708] ? unwind_get_return_address+0x61/0xa0 [ 224.753633] __do_page_cache_readahead+0x24e/0x690 [ 224.758579] ? read_pages+0x680/0x680 [ 224.762364] ? lock_acquire+0x1e4/0x540 [ 224.766328] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 224.771423] ? lock_downgrade+0x8f0/0x8f0 [ 224.775566] ? lock_release+0xa30/0xa30 [ 224.779531] ondemand_readahead+0x550/0xc40 [ 224.783847] page_cache_sync_readahead+0x3a0/0x6d0 [ 224.788759] ? force_page_cache_readahead+0x360/0x360 [ 224.793930] ? lock_acquire+0x1e4/0x540 [ 224.797886] ? rcu_note_context_switch+0x730/0x730 [ 224.802807] ? check_same_owner+0x340/0x340 [ 224.807111] ? lock_release+0xa30/0xa30 [ 224.811076] generic_file_read_iter+0x1a87/0x2f10 [ 224.815909] ? filemap_write_and_wait_range+0xd0/0xd0 [ 224.821083] ? rcu_read_lock+0x70/0x70 [ 224.824958] ? __unlock_page_memcg+0x72/0x100 [ 224.829696] ? unlock_page_memcg+0x2c/0x40 [ 224.833922] ? page_add_file_rmap+0x781/0xe40 [ 224.838403] ? page_add_new_anon_rmap+0x870/0x870 [ 224.843241] ? lockdep_init_map+0x9/0x10 [ 224.847305] ? kasan_check_write+0x14/0x20 [ 224.851524] ? __init_rwsem+0x1cc/0x2a0 [ 224.855489] ? lock_acquire+0x1e4/0x540 [ 224.859460] ? alloc_set_pte+0x1133/0x1790 [ 224.863692] ? lock_release+0xa30/0xa30 [ 224.867668] ? xas_descend+0x20c/0x5f0 [ 224.871552] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 224.876555] ? check_pgprot+0xdf/0x180 [ 224.880437] ? put_page+0x280/0x280 [ 224.884076] ? kasan_check_write+0x14/0x20 [ 224.888295] ? do_raw_spin_lock+0xc1/0x200 [ 224.892526] ? alloc_set_pte+0xaf6/0x1790 [ 224.896670] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 224.901696] ? filemap_map_pages+0xca2/0x1990 [ 224.906188] ? trace_hardirqs_on+0x10/0x10 [ 224.910415] ? xa_set_tag+0x40/0x40 [ 224.914043] ? environ_open+0x90/0x90 [ 224.917844] ? trace_hardirqs_on+0x10/0x10 [ 224.922083] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 224.927633] ? trace_hardirqs_on+0x10/0x10 [ 224.931887] ? trace_hardirqs_on+0x10/0x10 [ 224.936124] ? find_get_entries_tag+0x1410/0x1410 [ 224.940968] ? trace_hardirqs_on+0x10/0x10 [ 224.946570] ? mntput_no_expire+0x18e/0xbc0 [ 224.950890] ? do_raw_spin_lock+0xc1/0x200 [ 224.955125] ? mnt_get_count+0x150/0x150 [ 224.959178] ? dput.part.26+0x276/0x7a0 [ 224.963144] ? shrink_dcache_sb+0x350/0x350 [ 224.967466] ? lock_acquire+0x1e4/0x540 [ 224.971436] ? __fdget_pos+0x1bb/0x200 [ 224.975330] ? lock_acquire+0x1e4/0x540 [ 224.979292] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 224.984817] ? fsnotify+0xbac/0x14e0 [ 224.988519] ext4_file_read_iter+0x18b/0x3c0 [ 224.992925] generic_file_splice_read+0x5a5/0x9a0 [ 224.997772] ? add_to_pipe+0x360/0x360 [ 225.001662] ? rw_verify_area+0x118/0x360 [ 225.005798] ? add_to_pipe+0x360/0x360 [ 225.009682] do_splice_to+0x12e/0x190 [ 225.013480] splice_direct_to_actor+0x270/0x8f0 [ 225.018139] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 225.023663] ? pipe_to_sendpage+0x400/0x400 [ 225.027977] ? do_splice_to+0x190/0x190 [ 225.031955] ? security_file_permission+0x1c2/0x230 [ 225.036982] ? rw_verify_area+0x118/0x360 [ 225.041130] do_splice_direct+0x2d4/0x420 [ 225.045264] ? splice_direct_to_actor+0x8f0/0x8f0 [ 225.050102] ? rw_verify_area+0x118/0x360 [ 225.054237] do_sendfile+0x62a/0xe20 [ 225.057946] ? do_compat_pwritev64+0x1c0/0x1c0 [ 225.062514] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 225.068120] ? _copy_from_user+0xdf/0x150 [ 225.072256] __x64_sys_sendfile64+0x15d/0x250 [ 225.076735] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 225.081314] do_syscall_64+0x1b9/0x820 [ 225.085186] ? finish_task_switch+0x1d3/0x870 [ 225.089670] ? syscall_return_slowpath+0x5e0/0x5e0 [ 225.094588] ? syscall_return_slowpath+0x31d/0x5e0 [ 225.099506] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 225.104518] ? prepare_exit_to_usermode+0x291/0x3b0 [ 225.109531] ? perf_trace_sys_enter+0xb10/0xb10 [ 225.114191] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 225.119291] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 225.124484] RIP: 0033:0x455e29 [ 225.127655] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 225.146796] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 225.154500] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 225.161766] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 225.169029] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 225.176294] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 225.183556] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000043 21:25:45 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer\x00', 0x72901, 0x0) r2 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x4, 0x101080) ioctl$KVM_DIRTY_TLB(r2, 0x4010aeaa, &(0x7f0000000080)={0x4, 0x7fffffff}) ioctl$TIOCNOTTY(r0, 0x5422) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r3 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 21:25:45 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020aea5, &(0x7f0000000040)={r2}) 21:25:45 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x74000000, 0x3, 0xf301}}) 21:25:45 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40505412, &(0x7f0000000000)) 21:25:45 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x68000000}}) 21:25:45 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}, 0x100000}, 0xfffffffffffffe78) r2 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffff9c, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}]}, &(0x7f0000000180)=0x10) setsockopt$inet_sctp_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f00000001c0)={r3, 0xc9, 0x2, 0x1, 0x80000000, 0x38}, 0x14) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e24, 0xfffffffffffffff8, @mcast1={0xff, 0x1, [], 0x1}, 0x6}, 0x1c) r4 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x6, 0x1) ioctl$EVIOCGMTSLOTS(r4, 0x8040450a, &(0x7f0000000080)=""/96) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:45 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0xf0ffffff00000000}}, 0x14}, 0x1}, 0x0) 21:25:45 executing program 2 (fault-call:9 fault-nth:68): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:45 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0x4801000000000000}}, 0x14}, 0x1}, 0x0) [ 225.398590] FAULT_INJECTION: forcing a failure. [ 225.398590] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 225.410762] CPU: 1 PID: 14845 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 225.419168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 225.428531] Call Trace: [ 225.431135] dump_stack+0x1c9/0x2b4 [ 225.434848] ? dump_stack_print_info.cold.2+0x52/0x52 [ 225.440149] should_fail.cold.4+0xa/0x11 [ 225.444320] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 225.449438] ? kasan_check_read+0x11/0x20 [ 225.453613] ? rcu_is_watching+0x8c/0x150 [ 225.457866] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 225.463412] ? xas_start+0x23d/0x740 [ 225.468457] ? trace_hardirqs_on+0x10/0x10 [ 225.472700] ? find_get_entry+0xa6d/0x1120 [ 225.476939] ? lock_downgrade+0x8f0/0x8f0 [ 225.481089] ? lock_acquire+0x1e4/0x540 [ 225.485077] ? fs_reclaim_acquire+0x20/0x20 [ 225.489396] ? lock_downgrade+0x8f0/0x8f0 [ 225.493539] ? check_same_owner+0x340/0x340 [ 225.497871] ? find_get_entry+0xa96/0x1120 [ 225.502105] ? rcu_note_context_switch+0x730/0x730 [ 225.507038] __alloc_pages_nodemask+0x36e/0xdb0 [ 225.511699] ? percpu_ref_put_many+0x119/0x240 [ 225.516275] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 225.521282] ? trace_hardirqs_on+0x10/0x10 [ 225.525532] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 225.531063] ? xas_start+0x23d/0x740 [ 225.534776] ? lock_acquire+0x1e4/0x540 [ 225.538741] ? xa_load+0x288/0x450 [ 225.542370] ? lock_downgrade+0x8f0/0x8f0 [ 225.546514] ? lock_release+0xa30/0xa30 [ 225.550482] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 225.556027] alloc_pages_current+0x10c/0x210 [ 225.560440] __page_cache_alloc+0x398/0x5e0 [ 225.564774] ? xa_load+0x2b1/0x450 [ 225.568316] ? xa_clear_tag+0x40/0x40 [ 225.572125] ? filemap_range_has_page+0x4c0/0x4c0 [ 225.577235] ? unwind_get_return_address+0x61/0xa0 [ 225.582173] __do_page_cache_readahead+0x24e/0x690 [ 225.587107] ? read_pages+0x680/0x680 [ 225.590903] ? lock_acquire+0x1e4/0x540 [ 225.594868] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 225.599991] ? lock_downgrade+0x8f0/0x8f0 [ 225.604132] ? lock_release+0xa30/0xa30 [ 225.608107] ondemand_readahead+0x550/0xc40 [ 225.612435] page_cache_sync_readahead+0x3a0/0x6d0 [ 225.617363] ? force_page_cache_readahead+0x360/0x360 [ 225.622542] ? lock_acquire+0x1e4/0x540 [ 225.626507] ? rcu_note_context_switch+0x730/0x730 [ 225.631424] ? check_same_owner+0x340/0x340 [ 225.635772] ? lock_release+0xa30/0xa30 [ 225.639837] generic_file_read_iter+0x1a87/0x2f10 [ 225.644685] ? filemap_write_and_wait_range+0xd0/0xd0 [ 225.649863] ? rcu_read_lock+0x70/0x70 [ 225.653743] ? __unlock_page_memcg+0x72/0x100 [ 225.658228] ? unlock_page_memcg+0x2c/0x40 [ 225.662459] ? page_add_file_rmap+0x781/0xe40 [ 225.666947] ? page_add_new_anon_rmap+0x870/0x870 [ 225.671781] ? lockdep_init_map+0x9/0x10 [ 225.675833] ? kasan_check_write+0x14/0x20 [ 225.680055] ? __init_rwsem+0x1cc/0x2a0 [ 225.684033] ? lock_acquire+0x1e4/0x540 [ 225.687997] ? alloc_set_pte+0x1133/0x1790 [ 225.692231] ? lock_release+0xa30/0xa30 [ 225.696195] ? xas_descend+0x20c/0x5f0 [ 225.700081] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 225.705095] ? check_pgprot+0xdf/0x180 [ 225.708975] ? put_page+0x280/0x280 [ 225.712594] ? kasan_check_write+0x14/0x20 [ 225.716831] ? do_raw_spin_lock+0xc1/0x200 [ 225.721064] ? alloc_set_pte+0xaf6/0x1790 [ 225.725212] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 225.730227] ? filemap_map_pages+0xca2/0x1990 [ 225.734814] ? trace_hardirqs_on+0x10/0x10 [ 225.739038] ? xa_set_tag+0x40/0x40 [ 225.742657] ? environ_open+0x90/0x90 [ 225.746451] ? trace_hardirqs_on+0x10/0x10 [ 225.750676] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 225.756206] ? trace_hardirqs_on+0x10/0x10 [ 225.760433] ? trace_hardirqs_on+0x10/0x10 [ 225.764676] ? find_get_entries_tag+0x1410/0x1410 [ 225.769516] ? trace_hardirqs_on+0x10/0x10 [ 225.773740] ? mntput_no_expire+0x18e/0xbc0 [ 225.778051] ? do_raw_spin_lock+0xc1/0x200 [ 225.782299] ? mnt_get_count+0x150/0x150 [ 225.786353] ? dput.part.26+0x276/0x7a0 [ 225.790321] ? shrink_dcache_sb+0x350/0x350 [ 225.794639] ? lock_acquire+0x1e4/0x540 [ 225.798600] ? __fdget_pos+0x1bb/0x200 [ 225.802481] ? lock_acquire+0x1e4/0x540 [ 225.806446] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 225.811972] ? fsnotify+0xbac/0x14e0 [ 225.815687] ext4_file_read_iter+0x18b/0x3c0 [ 225.820098] generic_file_splice_read+0x5a5/0x9a0 [ 225.824948] ? add_to_pipe+0x360/0x360 [ 225.828842] ? rw_verify_area+0x118/0x360 [ 225.832986] ? add_to_pipe+0x360/0x360 [ 225.836874] do_splice_to+0x12e/0x190 [ 225.840672] splice_direct_to_actor+0x270/0x8f0 [ 225.845852] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 225.851380] ? pipe_to_sendpage+0x400/0x400 [ 225.855708] ? do_splice_to+0x190/0x190 [ 225.859683] ? security_file_permission+0x1c2/0x230 [ 225.864692] ? rw_verify_area+0x118/0x360 [ 225.868833] do_splice_direct+0x2d4/0x420 [ 225.872978] ? splice_direct_to_actor+0x8f0/0x8f0 [ 225.877836] ? rw_verify_area+0x118/0x360 [ 225.881976] do_sendfile+0x62a/0xe20 [ 225.885693] ? do_compat_pwritev64+0x1c0/0x1c0 [ 225.890293] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 225.895819] ? _copy_from_user+0xdf/0x150 [ 225.899978] __x64_sys_sendfile64+0x15d/0x250 [ 225.904467] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 225.909221] do_syscall_64+0x1b9/0x820 [ 225.913098] ? finish_task_switch+0x1d3/0x870 [ 225.917593] ? syscall_return_slowpath+0x5e0/0x5e0 [ 225.922512] ? syscall_return_slowpath+0x31d/0x5e0 [ 225.927443] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 225.932448] ? prepare_exit_to_usermode+0x291/0x3b0 [ 225.937455] ? perf_trace_sys_enter+0xb10/0xb10 [ 225.942118] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 225.946966] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 225.952404] RIP: 0033:0x455e29 [ 225.955585] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 225.974958] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 225.982658] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 225.989920] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 21:25:45 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x7a00, 0x3, 0xf301}}) 21:25:45 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x7a00}}) 21:25:45 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae46, &(0x7f0000000040)={r2}) 21:25:45 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x5421, &(0x7f0000000000)) [ 225.997175] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 226.004433] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 226.011693] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000044 21:25:46 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x80807, 0x1f) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000080)={{{@in, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}}}, &(0x7f0000000180)=0xe8) lstat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0xe93, @dev={0xfe, 0x80, [], 0x1f}, 0x9}, 0x1c) fchownat(r2, &(0x7f0000000040)='./file0\x00', r3, r4, 0x400) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:46 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0x9effffff}}, 0x14}, 0x1}, 0x0) 21:25:46 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x5421, &(0x7f0000000040)={r2}) 21:25:46 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)={0x7ff, 0x80, 0x0, 0x3, 0x0, 0x3f, 0x10001}) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp\x00', 0x0, 0x0) ioctl$KVM_ASSIGN_PCI_DEVICE(r3, 0x8040ae69, &(0x7f00000000c0)={0x6, 0x5, 0xff, 0x7, 0x227}) r4 = socket$inet(0x10, 0x3, 0x0) fcntl$dupfd(r2, 0x406, r4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r5 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r5, 0x540a, 0x0) 21:25:46 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x6c}}) 21:25:46 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40049409, &(0x7f0000000000)) 21:25:46 executing program 2 (fault-call:9 fault-nth:69): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:46 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_user\x00', 0x0, 0x0) ioctl$BLKSECDISCARD(r1, 0x127d, &(0x7f0000000040)=0x4) r2 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r2, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r2, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:46 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0x34000}}, 0x14}, 0x1}, 0x0) 21:25:46 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x600000000000000, 0x3, 0xf301}}) 21:25:46 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0xae03, &(0x7f0000000040)={r2}) [ 226.517629] FAULT_INJECTION: forcing a failure. [ 226.517629] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 226.529620] CPU: 1 PID: 14914 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 226.538125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 226.547482] Call Trace: [ 226.550066] dump_stack+0x1c9/0x2b4 [ 226.553701] ? dump_stack_print_info.cold.2+0x52/0x52 [ 226.558882] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 226.563722] should_fail.cold.4+0xa/0x11 [ 226.567780] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 226.572874] ? kasan_check_read+0x11/0x20 [ 226.577013] ? rcu_is_watching+0x8c/0x150 [ 226.581151] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 226.586677] ? xas_start+0x23d/0x740 [ 226.590389] ? find_get_entry+0xa6d/0x1120 [ 226.594618] ? lock_downgrade+0x8f0/0x8f0 [ 226.598759] ? lock_acquire+0x1e4/0x540 [ 226.602720] ? fs_reclaim_acquire+0x20/0x20 [ 226.607376] ? lock_downgrade+0x8f0/0x8f0 [ 226.611531] ? check_same_owner+0x340/0x340 [ 226.615842] ? find_get_entry+0xa96/0x1120 [ 226.620068] ? rcu_note_context_switch+0x730/0x730 [ 226.625001] __alloc_pages_nodemask+0x36e/0xdb0 [ 226.629673] ? percpu_ref_put_many+0x119/0x240 [ 226.634244] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 226.639260] ? trace_hardirqs_on+0x10/0x10 [ 226.643497] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 226.648334] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 226.653857] ? xas_start+0x23d/0x740 [ 226.657572] ? lock_acquire+0x1e4/0x540 [ 226.661544] ? xa_load+0x288/0x450 [ 226.665077] ? lock_downgrade+0x8f0/0x8f0 [ 226.669220] ? lock_release+0xa30/0xa30 [ 226.673191] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 226.678718] alloc_pages_current+0x10c/0x210 [ 226.683120] __page_cache_alloc+0x398/0x5e0 [ 226.687441] ? xa_load+0x2b1/0x450 [ 226.690968] ? xa_clear_tag+0x40/0x40 [ 226.694769] ? filemap_range_has_page+0x4c0/0x4c0 [ 226.699609] ? unwind_get_return_address+0x61/0xa0 [ 226.704543] __do_page_cache_readahead+0x24e/0x690 [ 226.709465] ? read_pages+0x680/0x680 [ 226.713256] ? lock_acquire+0x1e4/0x540 [ 226.717221] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 226.722314] ? lock_downgrade+0x8f0/0x8f0 [ 226.726450] ? lock_release+0xa30/0xa30 [ 226.730418] ondemand_readahead+0x550/0xc40 [ 226.734737] page_cache_sync_readahead+0x3a0/0x6d0 [ 226.739654] ? force_page_cache_readahead+0x360/0x360 [ 226.744840] ? lock_acquire+0x1e4/0x540 [ 226.748799] ? rcu_note_context_switch+0x730/0x730 [ 226.753724] ? check_same_owner+0x340/0x340 [ 226.758046] ? lock_release+0xa30/0xa30 [ 226.762028] generic_file_read_iter+0x1a87/0x2f10 [ 226.766866] ? filemap_write_and_wait_range+0xd0/0xd0 [ 226.772054] ? rcu_read_lock+0x70/0x70 [ 226.775932] ? __unlock_page_memcg+0x72/0x100 [ 226.780420] ? unlock_page_memcg+0x2c/0x40 [ 226.784641] ? page_add_file_rmap+0x781/0xe40 [ 226.789122] ? page_add_new_anon_rmap+0x870/0x870 [ 226.793952] ? perf_trace_lock+0x920/0x920 [ 226.798187] ? lock_acquire+0x1e4/0x540 [ 226.802147] ? alloc_set_pte+0x1133/0x1790 [ 226.806373] ? lock_release+0xa30/0xa30 [ 226.810345] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 226.815347] ? check_pgprot+0xdf/0x180 [ 226.819231] ? put_page+0x280/0x280 [ 226.822845] ? kasan_check_write+0x14/0x20 [ 226.827069] ? do_raw_spin_lock+0xc1/0x200 [ 226.831292] ? alloc_set_pte+0xaf6/0x1790 [ 226.835431] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 226.840438] ? filemap_map_pages+0xca2/0x1990 [ 226.845012] ? trace_hardirqs_on+0x10/0x10 [ 226.849236] ? xa_set_tag+0x40/0x40 [ 226.852858] ? perf_trace_lock+0x920/0x920 [ 226.857102] ? environ_open+0x90/0x90 [ 226.860907] ? trace_hardirqs_on+0x10/0x10 [ 226.865129] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 226.870655] ? trace_hardirqs_on+0x10/0x10 [ 226.874879] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 226.879717] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 226.884565] ? perf_trace_lock+0x920/0x920 [ 226.888788] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 226.893628] ? perf_trace_lock+0x920/0x920 [ 226.897851] ? perf_trace_lock+0x920/0x920 [ 226.902086] ? shrink_dcache_sb+0x350/0x350 [ 226.906402] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 226.911234] ? __fdget_pos+0x1bb/0x200 [ 226.915135] ? lock_acquire+0x1e4/0x540 [ 226.919108] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 226.924634] ? fsnotify+0xbac/0x14e0 [ 226.928348] ext4_file_read_iter+0x18b/0x3c0 [ 226.932750] generic_file_splice_read+0x5a5/0x9a0 [ 226.937584] ? add_to_pipe+0x360/0x360 [ 226.941555] ? rw_verify_area+0x118/0x360 [ 226.945712] ? add_to_pipe+0x360/0x360 [ 226.949599] do_splice_to+0x12e/0x190 [ 226.953912] splice_direct_to_actor+0x270/0x8f0 [ 226.958577] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 226.964110] ? pipe_to_sendpage+0x400/0x400 [ 226.968419] ? do_splice_to+0x190/0x190 [ 226.972389] ? security_file_permission+0x1c2/0x230 [ 226.977572] ? rw_verify_area+0x118/0x360 [ 226.981710] do_splice_direct+0x2d4/0x420 [ 226.985856] ? splice_direct_to_actor+0x8f0/0x8f0 [ 226.990689] ? rw_verify_area+0x118/0x360 [ 226.994911] do_sendfile+0x62a/0xe20 [ 226.998614] ? do_compat_pwritev64+0x1c0/0x1c0 [ 227.003197] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 227.008729] ? _copy_from_user+0xdf/0x150 [ 227.012866] __x64_sys_sendfile64+0x15d/0x250 [ 227.017352] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 227.021936] do_syscall_64+0x1b9/0x820 [ 227.025813] ? finish_task_switch+0x1d3/0x870 [ 227.030298] ? syscall_return_slowpath+0x5e0/0x5e0 [ 227.035307] ? syscall_return_slowpath+0x31d/0x5e0 [ 227.040226] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 227.045240] ? prepare_exit_to_usermode+0x291/0x3b0 [ 227.050343] ? perf_trace_sys_enter+0xb10/0xb10 [ 227.055002] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 227.059840] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 227.065024] RIP: 0033:0x455e29 [ 227.068193] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 227.087396] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 227.095092] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 227.102354] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 227.109638] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 21:25:47 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0xfffffff0}}, 0x14}, 0x1}, 0x0) 21:25:47 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x2}}) 21:25:47 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x7a00000000000000, 0x3, 0xf301}}) [ 227.116900] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 227.124155] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000045 21:25:47 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:47 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0xffffff7f00000000}}, 0x14}, 0x1}, 0x0) 21:25:47 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4010ae42, &(0x7f0000000040)={r2}) 21:25:47 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a0, &(0x7f0000000000)) 21:25:47 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x4800, 0x3, 0xf301}}) 21:25:47 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) ioctl$TIOCSBRK(r0, 0x5427) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) open_by_handle_at(r1, &(0x7f0000000080)={0x58, 0xc4fb, "e9c37b7e5d40de6e9bf9e2ee3fd681ec41a0ecc534dad59bc3d37e057a4534079cdb64947dae61d8f011e61b5659bad7e1e4e0010bb1f7fa8812c830031435798ed804734b383ab20f10db9cf92c9271"}, 0x101000) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 21:25:47 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x68}}) 21:25:47 executing program 2 (fault-call:9 fault-nth:70): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:47 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) r2 = msgget$private(0x0, 0x20) msgctl$IPC_INFO(r2, 0x3, &(0x7f0000000000)=""/192) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:47 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0x9effffff00000000}}, 0x14}, 0x1}, 0x0) 21:25:47 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0xc0189436, &(0x7f0000000000)) 21:25:47 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0xc0189436, &(0x7f0000000040)={r2}) 21:25:47 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x4c, 0x3, 0xf301}}) [ 227.766453] FAULT_INJECTION: forcing a failure. [ 227.766453] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 227.778385] CPU: 1 PID: 14980 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 227.786792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 227.796134] Call Trace: [ 227.798709] dump_stack+0x1c9/0x2b4 [ 227.802320] ? dump_stack_print_info.cold.2+0x52/0x52 [ 227.807502] should_fail.cold.4+0xa/0x11 [ 227.811566] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 227.816669] ? kasan_check_read+0x11/0x20 [ 227.820802] ? rcu_is_watching+0x8c/0x150 [ 227.825034] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 227.830573] ? xas_start+0x23d/0x740 [ 227.834276] ? trace_hardirqs_on+0x10/0x10 [ 227.838500] ? find_get_entry+0xa6d/0x1120 [ 227.842721] ? lock_downgrade+0x8f0/0x8f0 [ 227.846866] ? lock_acquire+0x1e4/0x540 [ 227.850828] ? fs_reclaim_acquire+0x20/0x20 [ 227.855134] ? lock_downgrade+0x8f0/0x8f0 [ 227.859279] ? check_same_owner+0x340/0x340 [ 227.863588] ? find_get_entry+0xa96/0x1120 [ 227.867810] ? rcu_note_context_switch+0x730/0x730 [ 227.872822] __alloc_pages_nodemask+0x36e/0xdb0 [ 227.877485] ? percpu_ref_put_many+0x119/0x240 [ 227.882054] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 227.887066] ? trace_hardirqs_on+0x10/0x10 [ 227.891294] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 227.896835] ? xas_start+0x23d/0x740 [ 227.900539] ? lock_acquire+0x1e4/0x540 [ 227.904594] ? xa_load+0x288/0x450 [ 227.908118] ? lock_downgrade+0x8f0/0x8f0 [ 227.912251] ? lock_release+0xa30/0xa30 [ 227.916215] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 227.921754] alloc_pages_current+0x10c/0x210 [ 227.926161] __page_cache_alloc+0x398/0x5e0 [ 227.930474] ? xa_load+0x2b1/0x450 [ 227.934019] ? xa_clear_tag+0x40/0x40 [ 227.937806] ? filemap_range_has_page+0x4c0/0x4c0 [ 227.942643] ? unwind_get_return_address+0x61/0xa0 [ 227.947562] __do_page_cache_readahead+0x24e/0x690 [ 227.952492] ? read_pages+0x680/0x680 [ 227.956282] ? lock_acquire+0x1e4/0x540 [ 227.960245] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 227.965340] ? lock_downgrade+0x8f0/0x8f0 [ 227.969476] ? lock_release+0xa30/0xa30 [ 227.973442] ondemand_readahead+0x550/0xc40 [ 227.977769] page_cache_sync_readahead+0x3a0/0x6d0 [ 227.982690] ? force_page_cache_readahead+0x360/0x360 [ 227.987870] ? lock_acquire+0x1e4/0x540 [ 227.991856] ? rcu_note_context_switch+0x730/0x730 [ 227.996787] ? check_same_owner+0x340/0x340 [ 228.001192] ? lock_release+0xa30/0xa30 [ 228.005159] generic_file_read_iter+0x1a87/0x2f10 [ 228.010004] ? filemap_write_and_wait_range+0xd0/0xd0 [ 228.015371] ? rcu_read_lock+0x70/0x70 [ 228.019248] ? __unlock_page_memcg+0x72/0x100 [ 228.023729] ? unlock_page_memcg+0x2c/0x40 [ 228.027948] ? page_add_file_rmap+0x781/0xe40 [ 228.032431] ? page_add_new_anon_rmap+0x870/0x870 [ 228.037521] ? lockdep_init_map+0x9/0x10 [ 228.041569] ? kasan_check_write+0x14/0x20 [ 228.045791] ? __init_rwsem+0x1cc/0x2a0 [ 228.049755] ? lock_acquire+0x1e4/0x540 [ 228.053712] ? alloc_set_pte+0x1133/0x1790 [ 228.057933] ? lock_release+0xa30/0xa30 [ 228.061901] ? xas_descend+0x20c/0x5f0 [ 228.065776] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 228.070777] ? check_pgprot+0xdf/0x180 [ 228.074646] ? put_page+0x280/0x280 [ 228.078268] ? kasan_check_write+0x14/0x20 [ 228.082575] ? do_raw_spin_lock+0xc1/0x200 [ 228.086805] ? alloc_set_pte+0xaf6/0x1790 [ 228.090951] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 228.096048] ? filemap_map_pages+0xca2/0x1990 [ 228.100541] ? trace_hardirqs_on+0x10/0x10 [ 228.104769] ? xa_set_tag+0x40/0x40 [ 228.108390] ? environ_open+0x90/0x90 [ 228.112197] ? trace_hardirqs_on+0x10/0x10 [ 228.116469] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 228.122095] ? trace_hardirqs_on+0x10/0x10 [ 228.126328] ? trace_hardirqs_on+0x10/0x10 [ 228.130557] ? find_get_entries_tag+0x1410/0x1410 [ 228.135388] ? trace_hardirqs_on+0x10/0x10 [ 228.139614] ? mntput_no_expire+0x18e/0xbc0 [ 228.143926] ? do_raw_spin_lock+0xc1/0x200 [ 228.148159] ? mnt_get_count+0x150/0x150 [ 228.152223] ? dput.part.26+0x276/0x7a0 [ 228.156187] ? shrink_dcache_sb+0x350/0x350 [ 228.160498] ? lock_acquire+0x1e4/0x540 [ 228.164455] ? __fdget_pos+0x1bb/0x200 [ 228.168340] ? lock_acquire+0x1e4/0x540 [ 228.172301] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 228.177821] ? fsnotify+0xbac/0x14e0 [ 228.181522] ext4_file_read_iter+0x18b/0x3c0 [ 228.185919] generic_file_splice_read+0x5a5/0x9a0 [ 228.190751] ? add_to_pipe+0x360/0x360 [ 228.194642] ? rw_verify_area+0x118/0x360 [ 228.198775] ? add_to_pipe+0x360/0x360 [ 228.202649] do_splice_to+0x12e/0x190 [ 228.206439] splice_direct_to_actor+0x270/0x8f0 [ 228.211098] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 228.216623] ? pipe_to_sendpage+0x400/0x400 [ 228.220935] ? do_splice_to+0x190/0x190 [ 228.226471] ? security_file_permission+0x1c2/0x230 [ 228.231906] ? rw_verify_area+0x118/0x360 [ 228.236041] do_splice_direct+0x2d4/0x420 [ 228.240179] ? splice_direct_to_actor+0x8f0/0x8f0 [ 228.245023] ? rw_verify_area+0x118/0x360 [ 228.249159] do_sendfile+0x62a/0xe20 [ 228.252881] ? do_compat_pwritev64+0x1c0/0x1c0 [ 228.257455] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 228.262980] ? _copy_from_user+0xdf/0x150 [ 228.267119] __x64_sys_sendfile64+0x15d/0x250 [ 228.271600] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 228.276171] do_syscall_64+0x1b9/0x820 [ 228.280058] ? syscall_return_slowpath+0x5e0/0x5e0 [ 228.284973] ? syscall_return_slowpath+0x31d/0x5e0 [ 228.289887] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 228.294889] ? prepare_exit_to_usermode+0x291/0x3b0 [ 228.299891] ? perf_trace_sys_enter+0xb10/0xb10 [ 228.304547] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 228.309379] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 228.314550] RIP: 0033:0x455e29 [ 228.317716] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 228.336889] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 228.344670] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 228.351931] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 228.359189] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 21:25:48 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0xc00e000000000000}}, 0x14}, 0x1}, 0x0) 21:25:48 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x100000000000000}}) 21:25:48 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4008ae61, &(0x7f0000000040)={r2}) 21:25:48 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0xc0f85403, &(0x7f0000000000)) [ 228.366442] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 228.373696] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000046 21:25:48 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x2, 0x3, 0xf301}}) 21:25:48 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = dup3(r0, r0, 0x80000) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) ioctl$KVM_PPC_GET_PVINFO(r2, 0x4080aea1, &(0x7f0000000000)=""/114) 21:25:48 executing program 2 (fault-call:9 fault-nth:71): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:48 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0xf000}}, 0x14}, 0x1}, 0x0) [ 228.527927] FAULT_INJECTION: forcing a failure. [ 228.527927] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 228.539991] CPU: 0 PID: 15018 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 228.548415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 228.557766] Call Trace: [ 228.560355] dump_stack+0x1c9/0x2b4 [ 228.563967] ? dump_stack_print_info.cold.2+0x52/0x52 [ 228.569142] ? _raw_spin_unlock_irq+0x27/0x70 [ 228.573622] ? finish_task_switch+0x1d3/0x870 [ 228.578109] should_fail.cold.4+0xa/0x11 [ 228.582158] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 228.587251] ? kasan_check_write+0x14/0x20 [ 228.591659] ? __schedule+0x884/0x1ed0 [ 228.595538] ? trace_hardirqs_on+0x10/0x10 [ 228.599770] ? __sched_text_start+0x8/0x8 [ 228.603907] ? lock_downgrade+0x8f0/0x8f0 [ 228.608050] ? lock_acquire+0x1e4/0x540 [ 228.612014] ? fs_reclaim_acquire+0x20/0x20 [ 228.616340] ? lock_downgrade+0x8f0/0x8f0 [ 228.620486] ? check_same_owner+0x340/0x340 [ 228.624799] ? rcu_note_context_switch+0x730/0x730 [ 228.629720] __alloc_pages_nodemask+0x36e/0xdb0 [ 228.634384] ? percpu_ref_put_many+0x119/0x240 [ 228.638967] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 228.643987] ? trace_hardirqs_on+0x10/0x10 [ 228.648230] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 228.653764] ? xas_start+0x23d/0x740 [ 228.657469] ? lock_acquire+0x1e4/0x540 [ 228.661430] ? xa_load+0x288/0x450 [ 228.664966] ? lock_downgrade+0x8f0/0x8f0 [ 228.669106] ? lock_release+0xa30/0xa30 [ 228.673069] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 228.678608] alloc_pages_current+0x10c/0x210 [ 228.683016] __page_cache_alloc+0x398/0x5e0 [ 228.687337] ? xa_load+0x2b1/0x450 [ 228.690862] ? xa_clear_tag+0x40/0x40 [ 228.694653] ? filemap_range_has_page+0x4c0/0x4c0 [ 228.699483] ? rb_next+0x140/0x140 [ 228.703014] __do_page_cache_readahead+0x24e/0x690 [ 228.707945] ? read_pages+0x680/0x680 [ 228.711736] ? lock_acquire+0x1e4/0x540 [ 228.715698] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 228.720796] ? lock_downgrade+0x8f0/0x8f0 [ 228.724933] ? lock_release+0xa30/0xa30 [ 228.728907] ondemand_readahead+0x550/0xc40 [ 228.733221] page_cache_sync_readahead+0x3a0/0x6d0 [ 228.739530] ? force_page_cache_readahead+0x360/0x360 [ 228.744708] ? lock_acquire+0x1e4/0x540 [ 228.748670] ? rcu_note_context_switch+0x730/0x730 [ 228.753582] ? check_same_owner+0x340/0x340 [ 228.757891] ? lock_release+0xa30/0xa30 [ 228.761942] generic_file_read_iter+0x1a87/0x2f10 [ 228.768605] ? filemap_write_and_wait_range+0xd0/0xd0 [ 228.773782] ? __update_load_avg_blocked_se.isra.34+0x460/0x460 [ 228.779916] ? update_load_avg+0x2de/0x2590 [ 228.784225] ? page_add_new_anon_rmap+0x870/0x870 [ 228.789054] ? attach_entity_load_avg+0x860/0x860 [ 228.793888] ? kasan_check_write+0x14/0x20 [ 228.798159] ? update_load_avg+0x2de/0x2590 [ 228.802607] ? attach_entity_load_avg+0x860/0x860 [ 228.807459] ? __sanitizer_cov_trace_const_cmp8+0x1/0x20 [ 228.812987] ? rb_erase+0x3550/0x3550 [ 228.816780] ? put_page+0x280/0x280 [ 228.820437] ? kasan_check_write+0x14/0x20 [ 228.824660] ? do_raw_spin_lock+0xc1/0x200 [ 228.829057] ? alloc_set_pte+0xaf6/0x1790 [ 228.833204] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 228.838217] ? filemap_map_pages+0xca2/0x1990 [ 228.842711] ? trace_hardirqs_on+0x10/0x10 [ 228.846936] ? xa_set_tag+0x40/0x40 [ 228.850556] ? environ_open+0x90/0x90 [ 228.854441] ? trace_hardirqs_on+0x10/0x10 [ 228.858668] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 228.864283] ? trace_hardirqs_on+0x10/0x10 [ 228.868511] ? trace_hardirqs_on+0x10/0x10 [ 228.872739] ? trace_hardirqs_on+0x10/0x10 [ 228.876966] ? find_get_entries_tag+0x1410/0x1410 [ 228.881807] ? __account_cfs_rq_runtime+0x770/0x770 [ 228.886819] ? trace_hardirqs_on+0x10/0x10 [ 228.891132] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 228.896664] ? __perf_event_task_sched_out+0x2f0/0x1a60 [ 228.902031] ? active_load_balance_cpu_stop+0x1030/0x1030 [ 228.907564] ? lock_acquire+0x1e4/0x540 [ 228.911530] ? __fdget_pos+0x1bb/0x200 [ 228.915406] ? __perf_event_task_sched_in+0x24f/0xbb0 [ 228.920588] ? lock_acquire+0x1e4/0x540 [ 228.924554] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 228.930173] ? fsnotify+0xbac/0x14e0 [ 228.933877] ext4_file_read_iter+0x18b/0x3c0 [ 228.938277] generic_file_splice_read+0x5a5/0x9a0 [ 228.943114] ? add_to_pipe+0x360/0x360 [ 228.947022] ? rw_verify_area+0x118/0x360 [ 228.951180] ? add_to_pipe+0x360/0x360 [ 228.955053] do_splice_to+0x12e/0x190 [ 228.958840] splice_direct_to_actor+0x270/0x8f0 [ 228.963499] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 228.969029] ? pipe_to_sendpage+0x400/0x400 [ 228.973341] ? do_splice_to+0x190/0x190 [ 228.977315] ? security_file_permission+0x1c2/0x230 [ 228.982321] ? rw_verify_area+0x118/0x360 [ 228.986648] do_splice_direct+0x2d4/0x420 [ 228.990873] ? splice_direct_to_actor+0x8f0/0x8f0 [ 228.995707] ? rw_verify_area+0x118/0x360 [ 228.999840] do_sendfile+0x62a/0xe20 [ 229.003546] ? do_compat_pwritev64+0x1c0/0x1c0 [ 229.008815] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 229.014339] ? _copy_from_user+0xdf/0x150 [ 229.018478] __x64_sys_sendfile64+0x15d/0x250 [ 229.022962] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 229.027537] do_syscall_64+0x1b9/0x820 [ 229.031411] ? syscall_slow_exit_work+0x500/0x500 [ 229.036245] ? syscall_return_slowpath+0x5e0/0x5e0 [ 229.041174] ? syscall_return_slowpath+0x31d/0x5e0 [ 229.046097] ? prepare_exit_to_usermode+0x291/0x3b0 [ 229.051104] ? perf_trace_sys_enter+0xb10/0xb10 [ 229.055762] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 229.060611] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 229.065783] RIP: 0033:0x455e29 [ 229.068955] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 229.088138] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 229.095842] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 229.103099] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 229.110351] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 229.117614] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 229.124873] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000047 21:25:49 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) r1 = getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x40000, 0x0) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r4 = epoll_create1(0x0) perf_event_open(&(0x7f0000000240)={0x0, 0x70, 0x7, 0x4, 0x8eb, 0x7fffffff, 0x0, 0x4, 0x80000, 0x1, 0x19b2, 0xd36f, 0x200, 0x94, 0xfffffffffffffff7, 0xc2fe, 0xfffffffe00, 0x3d, 0x0, 0x543c, 0x4, 0x600000000000, 0x7fffffff, 0x6, 0x1ff, 0xd71a, 0x4, 0x81, 0x6, 0x7ff, 0x8001, 0x76, 0x1, 0x1, 0x9, 0x3, 0x7, 0x3, 0x0, 0x7, 0x1, @perf_config_ext={0x1000, 0xe1}, 0x800, 0x9, 0x9, 0x0, 0x0, 0x1, 0x821e}, r1, 0x5, 0xffffffffffffff9c, 0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r4, 0x2, r0) r5 = syz_open_pts(r0, 0x0) sched_setattr(r1, &(0x7f00000000c0)={0x30, 0x7, 0x0, 0xfffffffffffffff7, 0x401, 0x5, 0x10001, 0x5}, 0x0) ioctl$TCXONC(r5, 0x540a, 0x0) 21:25:49 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x5000000}}) 21:25:49 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x5452, &(0x7f0000000000)) 21:25:49 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x48, 0x3, 0xf301}}) 21:25:49 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0xc020660b, &(0x7f0000000040)={r2}) 21:25:49 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000000)={0x0, @in={{0x2, 0x4e24, @broadcast=0xffffffff}}}, &(0x7f00000000c0)=0x84) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f0000000100)={r2, @in6={{0xa, 0x4e20, 0x9, @local={0xfe, 0x80, [], 0xaa}, 0xffffffffffffffff}}}, 0x84) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:49 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0xffffff9e}}, 0x14}, 0x1}, 0x0) 21:25:49 executing program 2 (fault-call:9 fault-nth:72): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:49 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0xf0ffff}}, 0x14}, 0x1}, 0x0) [ 229.401361] FAULT_INJECTION: forcing a failure. [ 229.401361] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 229.413360] CPU: 0 PID: 15038 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 229.421765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 229.431296] Call Trace: [ 229.433900] dump_stack+0x1c9/0x2b4 [ 229.437548] ? dump_stack_print_info.cold.2+0x52/0x52 [ 229.442755] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 229.447612] should_fail.cold.4+0xa/0x11 [ 229.451687] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 229.456827] ? kasan_check_write+0x14/0x20 [ 229.461079] ? __schedule+0x884/0x1ed0 [ 229.464985] ? __sched_text_start+0x8/0x8 [ 229.469147] ? lock_downgrade+0x8f0/0x8f0 [ 229.473339] ? lock_acquire+0x1e4/0x540 [ 229.477326] ? fs_reclaim_acquire+0x20/0x20 [ 229.481643] ? lock_downgrade+0x8f0/0x8f0 [ 229.485784] ? check_same_owner+0x340/0x340 [ 229.490111] ? rcu_note_context_switch+0x730/0x730 [ 229.495040] __alloc_pages_nodemask+0x36e/0xdb0 [ 229.499698] ? percpu_ref_put_many+0x119/0x240 [ 229.504276] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 229.509289] ? trace_hardirqs_on+0x10/0x10 [ 229.513528] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 229.518365] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 229.523893] ? xas_start+0x23d/0x740 [ 229.527617] ? lock_acquire+0x1e4/0x540 [ 229.531584] ? xa_load+0x288/0x450 [ 229.535122] ? lock_downgrade+0x8f0/0x8f0 [ 229.539286] ? lock_release+0xa30/0xa30 [ 229.543262] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 229.548796] alloc_pages_current+0x10c/0x210 [ 229.553201] __page_cache_alloc+0x398/0x5e0 [ 229.557511] ? xa_load+0x2b1/0x450 [ 229.561065] ? xa_clear_tag+0x40/0x40 [ 229.564855] ? filemap_range_has_page+0x4c0/0x4c0 [ 229.569694] ? unwind_get_return_address+0x61/0xa0 [ 229.574712] __do_page_cache_readahead+0x24e/0x690 [ 229.579644] ? read_pages+0x680/0x680 [ 229.583448] ? lock_acquire+0x1e4/0x540 [ 229.587415] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 229.592515] ? lock_downgrade+0x8f0/0x8f0 [ 229.596658] ? lock_release+0xa30/0xa30 [ 229.600629] ondemand_readahead+0x550/0xc40 [ 229.605122] page_cache_sync_readahead+0x3a0/0x6d0 [ 229.610312] ? force_page_cache_readahead+0x360/0x360 [ 229.615502] ? lock_acquire+0x1e4/0x540 [ 229.619476] ? rcu_note_context_switch+0x730/0x730 [ 229.624396] ? check_same_owner+0x340/0x340 [ 229.628712] ? lock_release+0xa30/0xa30 [ 229.633778] generic_file_read_iter+0x1a87/0x2f10 [ 229.638632] ? filemap_write_and_wait_range+0xd0/0xd0 [ 229.643808] ? rcu_read_lock+0x70/0x70 [ 229.647683] ? __unlock_page_memcg+0x72/0x100 [ 229.652168] ? unlock_page_memcg+0x2c/0x40 [ 229.656401] ? page_add_file_rmap+0x781/0xe40 [ 229.660887] ? page_add_new_anon_rmap+0x870/0x870 [ 229.665720] ? perf_trace_lock+0x920/0x920 [ 229.669951] ? lock_acquire+0x1e4/0x540 [ 229.673911] ? alloc_set_pte+0x1133/0x1790 [ 229.678142] ? lock_release+0xa30/0xa30 [ 229.682201] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 229.687606] ? check_pgprot+0xdf/0x180 [ 229.691499] ? put_page+0x280/0x280 [ 229.695113] ? kasan_check_write+0x14/0x20 [ 229.699336] ? do_raw_spin_lock+0xc1/0x200 [ 229.703560] ? alloc_set_pte+0xaf6/0x1790 [ 229.707703] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 229.712793] ? filemap_map_pages+0xca2/0x1990 [ 229.717283] ? trace_hardirqs_on+0x10/0x10 [ 229.721505] ? xa_set_tag+0x40/0x40 [ 229.725120] ? perf_trace_lock+0x920/0x920 [ 229.729354] ? environ_open+0x90/0x90 [ 229.733147] ? trace_hardirqs_on+0x10/0x10 [ 229.737369] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 229.742913] ? trace_hardirqs_on+0x10/0x10 [ 229.747136] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 229.751975] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 229.756816] ? perf_trace_lock+0x920/0x920 [ 229.761050] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 229.765881] ? perf_trace_lock+0x920/0x920 [ 229.770105] ? perf_trace_lock+0x920/0x920 [ 229.774327] ? shrink_dcache_sb+0x350/0x350 [ 229.778649] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 229.783493] ? __fdget_pos+0x1bb/0x200 [ 229.787373] ? lock_acquire+0x1e4/0x540 [ 229.791336] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 229.796858] ? fsnotify+0xbac/0x14e0 [ 229.800590] ext4_file_read_iter+0x18b/0x3c0 [ 229.804995] generic_file_splice_read+0x5a5/0x9a0 [ 229.809838] ? add_to_pipe+0x360/0x360 [ 229.813720] ? rw_verify_area+0x118/0x360 [ 229.817856] ? add_to_pipe+0x360/0x360 [ 229.821734] do_splice_to+0x12e/0x190 [ 229.825535] splice_direct_to_actor+0x270/0x8f0 [ 229.830193] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 229.835720] ? pipe_to_sendpage+0x400/0x400 [ 229.840035] ? do_splice_to+0x190/0x190 [ 229.844033] ? security_file_permission+0x1c2/0x230 [ 229.849038] ? rw_verify_area+0x118/0x360 [ 229.853177] do_splice_direct+0x2d4/0x420 [ 229.857492] ? splice_direct_to_actor+0x8f0/0x8f0 [ 229.862325] ? rw_verify_area+0x118/0x360 [ 229.866462] do_sendfile+0x62a/0xe20 [ 229.870258] ? do_compat_pwritev64+0x1c0/0x1c0 [ 229.874839] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 229.880365] ? _copy_from_user+0xdf/0x150 [ 229.884515] __x64_sys_sendfile64+0x15d/0x250 [ 229.889010] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 229.893675] do_syscall_64+0x1b9/0x820 [ 229.897559] ? finish_task_switch+0x1d3/0x870 [ 229.902042] ? syscall_return_slowpath+0x5e0/0x5e0 [ 229.907005] ? syscall_return_slowpath+0x31d/0x5e0 [ 229.911923] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 229.916925] ? prepare_exit_to_usermode+0x291/0x3b0 [ 229.921928] ? perf_trace_sys_enter+0xb10/0xb10 [ 229.926586] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 229.931419] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 229.936594] RIP: 0033:0x455e29 21:25:49 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0xfdfdffff00000000, 0x3, 0xf301}}) 21:25:49 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0xc0045878, &(0x7f0000000000)) [ 229.939775] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 229.958981] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 229.966784] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 229.974134] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 229.981388] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 229.988739] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 229.996001] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000048 21:25:50 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0xe, 0x4) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = dup2(r1, r0) ioctl$sock_inet_tcp_SIOCOUTQ(r2, 0x5411, &(0x7f0000000040)) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:50 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0xae41, &(0x7f0000000040)={r2}) 21:25:50 executing program 2 (fault-call:9 fault-nth:73): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:50 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0xf000000}}, 0x14}, 0x1}, 0x0) 21:25:50 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x6c000000}}) [ 230.144230] FAULT_INJECTION: forcing a failure. [ 230.144230] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 230.156335] CPU: 0 PID: 15085 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 230.164746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 230.174214] Call Trace: [ 230.176817] dump_stack+0x1c9/0x2b4 [ 230.180459] ? dump_stack_print_info.cold.2+0x52/0x52 [ 230.185670] should_fail.cold.4+0xa/0x11 [ 230.189753] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 230.194869] ? kasan_check_read+0x11/0x20 [ 230.199025] ? rcu_is_watching+0x8c/0x150 [ 230.203271] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 230.208817] ? xas_start+0x23d/0x740 [ 230.212521] ? trace_hardirqs_on+0x10/0x10 [ 230.216742] ? find_get_entry+0xa6d/0x1120 [ 230.220965] ? lock_downgrade+0x8f0/0x8f0 [ 230.225204] ? lock_acquire+0x1e4/0x540 [ 230.229173] ? fs_reclaim_acquire+0x20/0x20 [ 230.233496] ? lock_downgrade+0x8f0/0x8f0 [ 230.237720] ? check_same_owner+0x340/0x340 [ 230.242051] ? find_get_entry+0xa96/0x1120 [ 230.246269] ? rcu_note_context_switch+0x730/0x730 [ 230.251224] __alloc_pages_nodemask+0x36e/0xdb0 [ 230.255888] ? percpu_ref_put_many+0x119/0x240 [ 230.260555] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 230.265573] ? trace_hardirqs_on+0x10/0x10 [ 230.269886] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 230.275416] ? xas_start+0x23d/0x740 [ 230.279128] ? lock_acquire+0x1e4/0x540 [ 230.283085] ? xa_load+0x288/0x450 [ 230.286614] ? lock_downgrade+0x8f0/0x8f0 [ 230.290763] ? lock_release+0xa30/0xa30 [ 230.294725] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 230.300264] alloc_pages_current+0x10c/0x210 [ 230.304664] __page_cache_alloc+0x398/0x5e0 [ 230.308973] ? xa_load+0x2b1/0x450 [ 230.312508] ? xa_clear_tag+0x40/0x40 [ 230.316296] ? filemap_range_has_page+0x4c0/0x4c0 [ 230.321124] ? unwind_get_return_address+0x61/0xa0 [ 230.326043] __do_page_cache_readahead+0x24e/0x690 [ 230.330962] ? read_pages+0x680/0x680 [ 230.334750] ? lock_acquire+0x1e4/0x540 [ 230.338721] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 230.343810] ? lock_downgrade+0x8f0/0x8f0 [ 230.347956] ? lock_release+0xa30/0xa30 [ 230.351929] ondemand_readahead+0x550/0xc40 [ 230.356242] page_cache_sync_readahead+0x3a0/0x6d0 [ 230.361162] ? force_page_cache_readahead+0x360/0x360 [ 230.366344] ? lock_acquire+0x1e4/0x540 [ 230.370306] ? rcu_note_context_switch+0x730/0x730 [ 230.375222] ? check_same_owner+0x340/0x340 [ 230.379537] ? lock_release+0xa30/0xa30 [ 230.383499] generic_file_read_iter+0x1a87/0x2f10 [ 230.388341] ? filemap_write_and_wait_range+0xd0/0xd0 [ 230.393516] ? rcu_read_lock+0x70/0x70 [ 230.397389] ? __unlock_page_memcg+0x72/0x100 [ 230.401870] ? unlock_page_memcg+0x2c/0x40 [ 230.406105] ? page_add_file_rmap+0x781/0xe40 [ 230.410588] ? page_add_new_anon_rmap+0x870/0x870 [ 230.415417] ? lockdep_init_map+0x9/0x10 [ 230.419463] ? kasan_check_write+0x14/0x20 [ 230.423680] ? __init_rwsem+0x1cc/0x2a0 [ 230.427738] ? lock_acquire+0x1e4/0x540 [ 230.431701] ? alloc_set_pte+0x1133/0x1790 [ 230.435923] ? lock_release+0xa30/0xa30 [ 230.439879] ? xas_descend+0x20c/0x5f0 [ 230.443756] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 230.448763] ? check_pgprot+0xdf/0x180 [ 230.452644] ? put_page+0x280/0x280 [ 230.456260] ? kasan_check_write+0x14/0x20 [ 230.460489] ? do_raw_spin_lock+0xc1/0x200 [ 230.464803] ? alloc_set_pte+0xaf6/0x1790 [ 230.468966] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 230.473978] ? filemap_map_pages+0xca2/0x1990 [ 230.478460] ? trace_hardirqs_on+0x10/0x10 [ 230.482685] ? xa_set_tag+0x40/0x40 [ 230.486303] ? trace_hardirqs_on+0x10/0x10 [ 230.490527] ? filemap_map_pages+0xc43/0x1990 [ 230.495022] ? trace_hardirqs_on+0x10/0x10 [ 230.499430] ? trace_hardirqs_on+0x10/0x10 [ 230.503666] ? find_get_entries_tag+0x1410/0x1410 [ 230.508527] ? trace_hardirqs_on+0x10/0x10 [ 230.512924] ? mntput_no_expire+0x18e/0xbc0 [ 230.517230] ? do_raw_spin_lock+0xc1/0x200 [ 230.521451] ? mnt_get_count+0x150/0x150 [ 230.525671] ? dput.part.26+0x276/0x7a0 [ 230.529630] ? shrink_dcache_sb+0x350/0x350 [ 230.533937] ? lock_acquire+0x1e4/0x540 [ 230.537895] ? __fdget_pos+0x1bb/0x200 [ 230.541865] ? lock_acquire+0x1e4/0x540 [ 230.545839] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 230.551366] ? fsnotify+0xbac/0x14e0 [ 230.555073] ext4_file_read_iter+0x18b/0x3c0 [ 230.559474] generic_file_splice_read+0x5a5/0x9a0 [ 230.564305] ? add_to_pipe+0x360/0x360 [ 230.568194] ? rw_verify_area+0x118/0x360 [ 230.572340] ? add_to_pipe+0x360/0x360 [ 230.576217] do_splice_to+0x12e/0x190 [ 230.580012] splice_direct_to_actor+0x270/0x8f0 [ 230.584678] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 230.590213] ? pipe_to_sendpage+0x400/0x400 [ 230.594526] ? do_splice_to+0x190/0x190 [ 230.598487] ? security_file_permission+0x1c2/0x230 [ 230.603493] ? rw_verify_area+0x118/0x360 [ 230.607643] do_splice_direct+0x2d4/0x420 [ 230.611784] ? splice_direct_to_actor+0x8f0/0x8f0 [ 230.616617] ? rw_verify_area+0x118/0x360 [ 230.620757] do_sendfile+0x62a/0xe20 [ 230.624470] ? do_compat_pwritev64+0x1c0/0x1c0 [ 230.629058] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 230.634587] ? _copy_from_user+0xdf/0x150 [ 230.638737] __x64_sys_sendfile64+0x15d/0x250 [ 230.643223] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 230.647976] do_syscall_64+0x1b9/0x820 [ 230.651857] ? finish_task_switch+0x1d3/0x870 [ 230.656349] ? syscall_return_slowpath+0x5e0/0x5e0 [ 230.661272] ? syscall_return_slowpath+0x31d/0x5e0 [ 230.666200] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 230.671210] ? prepare_exit_to_usermode+0x291/0x3b0 [ 230.676299] ? perf_trace_sys_enter+0xb10/0xb10 [ 230.680967] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 230.686148] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 230.691328] RIP: 0033:0x455e29 [ 230.694659] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 230.713929] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 230.721624] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 230.728891] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 230.736161] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 230.743415] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 230.750668] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000049 21:25:50 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) fcntl$setstatus(r0, 0x4, 0x800) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2) ioctl$TIOCCONS(r3, 0x541d) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r3, 0x402c5342, &(0x7f0000000080)={0x2b, 0x5, 0x4, {0x77359400}, 0x0, 0x3}) 21:25:50 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x500000000000000, 0x3, 0xf301}}) 21:25:50 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a1, &(0x7f0000000000)) 21:25:50 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x12, &(0x7f0000000000)=0x100000001, 0x4) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:50 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0x2000000}}, 0x14}, 0x1}, 0x0) 21:25:50 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x5452, &(0x7f0000000040)={r2}) 21:25:50 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x500}}) 21:25:50 executing program 2 (fault-call:9 fault-nth:74): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) [ 231.001540] FAULT_INJECTION: forcing a failure. [ 231.001540] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 231.013673] CPU: 1 PID: 15113 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 231.022078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 231.031605] Call Trace: [ 231.034209] dump_stack+0x1c9/0x2b4 [ 231.037853] ? dump_stack_print_info.cold.2+0x52/0x52 [ 231.043056] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 231.047918] should_fail.cold.4+0xa/0x11 21:25:50 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)) 21:25:50 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x5}}) 21:25:51 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) socketpair$inet6_udplite(0xa, 0x2, 0x88, &(0x7f0000000000)) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) [ 231.052004] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 231.057123] ? kasan_check_read+0x11/0x20 [ 231.061279] ? rcu_is_watching+0x8c/0x150 [ 231.065444] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 231.070988] ? xas_start+0x23d/0x740 [ 231.074720] ? find_get_entry+0xa6d/0x1120 [ 231.079143] ? lock_downgrade+0x8f0/0x8f0 [ 231.083306] ? lock_acquire+0x1e4/0x540 [ 231.087301] ? fs_reclaim_acquire+0x20/0x20 [ 231.091642] ? lock_downgrade+0x8f0/0x8f0 [ 231.095805] ? check_same_owner+0x340/0x340 [ 231.100138] ? find_get_entry+0xa96/0x1120 [ 231.104408] ? rcu_note_context_switch+0x730/0x730 [ 231.109350] __alloc_pages_nodemask+0x36e/0xdb0 [ 231.114018] ? percpu_ref_put_many+0x119/0x240 [ 231.118601] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 231.123619] ? trace_hardirqs_on+0x10/0x10 [ 231.127842] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 231.132677] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 231.138210] ? xas_start+0x23d/0x740 [ 231.141925] ? lock_acquire+0x1e4/0x540 [ 231.145892] ? xa_load+0x288/0x450 [ 231.149420] ? lock_downgrade+0x8f0/0x8f0 [ 231.153645] ? lock_release+0xa30/0xa30 [ 231.157629] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 231.163172] alloc_pages_current+0x10c/0x210 [ 231.167572] __page_cache_alloc+0x398/0x5e0 [ 231.171883] ? xa_load+0x2b1/0x450 [ 231.175411] ? xa_clear_tag+0x40/0x40 [ 231.179204] ? filemap_range_has_page+0x4c0/0x4c0 [ 231.184048] ? unwind_get_return_address+0x61/0xa0 [ 231.188975] __do_page_cache_readahead+0x24e/0x690 [ 231.193894] ? read_pages+0x680/0x680 [ 231.197791] ? lock_acquire+0x1e4/0x540 [ 231.201759] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 231.206858] ? lock_downgrade+0x8f0/0x8f0 [ 231.210992] ? lock_release+0xa30/0xa30 [ 231.214955] ondemand_readahead+0x550/0xc40 [ 231.219270] page_cache_sync_readahead+0x3a0/0x6d0 [ 231.224288] ? force_page_cache_readahead+0x360/0x360 [ 231.229464] ? lock_acquire+0x1e4/0x540 [ 231.233429] ? rcu_note_context_switch+0x730/0x730 [ 231.238346] ? check_same_owner+0x340/0x340 [ 231.242656] ? lock_release+0xa30/0xa30 [ 231.246623] generic_file_read_iter+0x1a87/0x2f10 [ 231.251458] ? filemap_write_and_wait_range+0xd0/0xd0 [ 231.256630] ? rcu_read_lock+0x70/0x70 [ 231.260503] ? __unlock_page_memcg+0x72/0x100 [ 231.264981] ? unlock_page_memcg+0x2c/0x40 [ 231.269207] ? page_add_file_rmap+0x781/0xe40 [ 231.273698] ? page_add_new_anon_rmap+0x870/0x870 [ 231.278537] ? perf_trace_lock+0x920/0x920 [ 231.282761] ? lock_acquire+0x1e4/0x540 [ 231.286733] ? alloc_set_pte+0x1133/0x1790 [ 231.290954] ? lock_release+0xa30/0xa30 [ 231.294915] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 231.299919] ? check_pgprot+0xdf/0x180 [ 231.303792] ? put_page+0x280/0x280 [ 231.307406] ? kasan_check_write+0x14/0x20 [ 231.311625] ? do_raw_spin_lock+0xc1/0x200 [ 231.315860] ? alloc_set_pte+0xaf6/0x1790 [ 231.319995] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 231.325354] ? filemap_map_pages+0xca2/0x1990 [ 231.329839] ? trace_hardirqs_on+0x10/0x10 [ 231.334074] ? xa_set_tag+0x40/0x40 [ 231.337702] ? perf_trace_lock+0x920/0x920 [ 231.341930] ? environ_open+0x90/0x90 [ 231.345719] ? trace_hardirqs_on+0x10/0x10 [ 231.349941] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 231.355474] ? trace_hardirqs_on+0x10/0x10 [ 231.359696] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 231.364526] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 231.369353] ? perf_trace_lock+0x920/0x920 [ 231.373572] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 231.378400] ? perf_trace_lock+0x920/0x920 [ 231.382635] ? perf_trace_lock+0x920/0x920 [ 231.386863] ? shrink_dcache_sb+0x350/0x350 [ 231.391174] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 231.395999] ? __fdget_pos+0x1bb/0x200 [ 231.399877] ? lock_acquire+0x1e4/0x540 [ 231.403840] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 231.409361] ? fsnotify+0xbac/0x14e0 [ 231.413062] ext4_file_read_iter+0x18b/0x3c0 [ 231.417471] generic_file_splice_read+0x5a5/0x9a0 [ 231.422302] ? add_to_pipe+0x360/0x360 [ 231.426192] ? rw_verify_area+0x118/0x360 [ 231.430336] ? add_to_pipe+0x360/0x360 [ 231.434208] do_splice_to+0x12e/0x190 [ 231.437996] splice_direct_to_actor+0x270/0x8f0 [ 231.442657] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 231.448192] ? pipe_to_sendpage+0x400/0x400 [ 231.452500] ? do_splice_to+0x190/0x190 [ 231.457600] ? security_file_permission+0x1c2/0x230 [ 231.462621] ? rw_verify_area+0x118/0x360 [ 231.467669] do_splice_direct+0x2d4/0x420 [ 231.471819] ? splice_direct_to_actor+0x8f0/0x8f0 [ 231.476651] ? rw_verify_area+0x118/0x360 [ 231.480783] do_sendfile+0x62a/0xe20 [ 231.484486] ? do_compat_pwritev64+0x1c0/0x1c0 [ 231.489062] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 231.494597] ? _copy_from_user+0xdf/0x150 [ 231.498739] __x64_sys_sendfile64+0x15d/0x250 [ 231.503235] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 231.507810] do_syscall_64+0x1b9/0x820 [ 231.511686] ? finish_task_switch+0x1d3/0x870 [ 231.516254] ? syscall_return_slowpath+0x5e0/0x5e0 [ 231.521181] ? syscall_return_slowpath+0x31d/0x5e0 [ 231.526108] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 231.531113] ? prepare_exit_to_usermode+0x291/0x3b0 [ 231.536210] ? perf_trace_sys_enter+0xb10/0xb10 [ 231.540866] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 231.545699] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 231.550880] RIP: 0033:0x455e29 [ 231.554051] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 231.573224] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 231.580934] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 231.588188] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 231.595450] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 21:25:51 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4, 0x0, 0x4801}}, 0x14}, 0x1}, 0x0) 21:25:51 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x100000000000000, 0x3, 0xf301}}) [ 231.602800] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 231.610058] R13: 00000000004c1113 R14: 00000000004d1540 R15: 000000000000004a 21:25:51 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x7a}}) 21:25:51 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x5451, &(0x7f0000000000)) 21:25:51 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f0000000080)="4e39720368c9edb58ac7167fbd6ba521b05369560b0fb43d5fcc00000c0000000000f5485cf0deb705f20000", 0x2c, 0x1fffffff, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:51 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) ioctl$KDSETMODE(r0, 0x4b3a, 0xce) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 21:25:51 executing program 2 (fault-call:9 fault-nth:75): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:51 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0xfffffdef}, 0x1}, 0x0) 21:25:51 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000000)=ANY=[@ANYBLOB="a2070000000000000a004e2306000000ff020000000000000000000000000001a681000000000000068e3681b4dbad91b800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000020000000a004e2200000000fe8000000000000000000000000000aa06000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e24b6c9ffff00000000000000000000ffff000000000101000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0xfffffffffffffe67) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:51 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x1000000, 0x3, 0xf301}}) 21:25:51 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x74}}) 21:25:51 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x80605414, &(0x7f0000000000)) 21:25:51 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4010ae68, &(0x7f0000000040)={r2}) 21:25:52 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x80e85411, &(0x7f0000000000)) [ 232.022845] FAULT_INJECTION: forcing a failure. [ 232.022845] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 232.034801] CPU: 1 PID: 15173 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 232.043209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 232.052570] Call Trace: [ 232.055168] dump_stack+0x1c9/0x2b4 [ 232.058805] ? dump_stack_print_info.cold.2+0x52/0x52 [ 232.064011] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 232.068874] should_fail.cold.4+0xa/0x11 21:25:52 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x20000) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000000)={0x0, @multicast1=0xe0000001, 0x4e24, 0x3, 'fo\x00', 0x20, 0x1, 0x65}, 0x2c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:52 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x20000314}, 0x1}, 0x0) [ 232.072948] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 232.078068] ? kasan_check_read+0x11/0x20 [ 232.082224] ? rcu_is_watching+0x8c/0x150 [ 232.086416] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 232.091965] ? xas_start+0x23d/0x740 [ 232.095694] ? find_get_entry+0xa6d/0x1120 [ 232.099944] ? lock_downgrade+0x8f0/0x8f0 [ 232.104111] ? lock_acquire+0x1e4/0x540 [ 232.108097] ? fs_reclaim_acquire+0x20/0x20 [ 232.112431] ? lock_downgrade+0x8f0/0x8f0 [ 232.116684] ? check_same_owner+0x340/0x340 21:25:52 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x5460, &(0x7f0000000000)) 21:25:52 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x48000000}}) [ 232.121016] ? find_get_entry+0xa96/0x1120 [ 232.125259] ? rcu_note_context_switch+0x730/0x730 [ 232.130203] __alloc_pages_nodemask+0x36e/0xdb0 [ 232.134878] ? percpu_ref_put_many+0x119/0x240 [ 232.139473] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 232.144500] ? trace_hardirqs_on+0x10/0x10 [ 232.148763] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 232.153628] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 232.159176] ? xas_start+0x23d/0x740 [ 232.162907] ? lock_acquire+0x1e4/0x540 [ 232.166890] ? xa_load+0x288/0x450 21:25:52 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0x11, &(0x7f0000000040)=0xc, 0x1) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) setsockopt$inet6_MRT6_DEL_MFC_PROXY(r0, 0x29, 0xd3, &(0x7f0000000480)={{0xa, 0x4e21, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x1ff}, {0xa, 0x4e21, 0x7, @remote={0xfe, 0x80, [], 0xbb}, 0x80}, 0x1, [0x8b4, 0x9, 0x4, 0x80000001, 0x2f2, 0x6, 0xb2, 0x6]}, 0x5c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x10000, 0x210000) ioctl$KVM_GET_XSAVE(r2, 0x9000aea4, &(0x7f0000000080)) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f0000000000), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0xc) 21:25:52 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{0xfdfdffff00000000}}) 21:25:52 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x7400000000000000}}) [ 232.170532] ? lock_downgrade+0x8f0/0x8f0 [ 232.174693] ? lock_release+0xa30/0xa30 [ 232.178768] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 232.184313] alloc_pages_current+0x10c/0x210 [ 232.188732] __page_cache_alloc+0x398/0x5e0 [ 232.193058] ? xa_load+0x2b1/0x450 [ 232.196601] ? xa_clear_tag+0x40/0x40 [ 232.200411] ? filemap_range_has_page+0x4c0/0x4c0 [ 232.205260] ? unwind_get_return_address+0x61/0xa0 [ 232.210287] __do_page_cache_readahead+0x24e/0x690 [ 232.215225] ? read_pages+0x680/0x680 [ 232.219037] ? lock_acquire+0x1e4/0x540 [ 232.223034] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 232.228146] ? lock_downgrade+0x8f0/0x8f0 [ 232.232304] ? lock_release+0xa30/0xa30 [ 232.236359] ondemand_readahead+0x550/0xc40 [ 232.240685] page_cache_sync_readahead+0x3a0/0x6d0 [ 232.245606] ? force_page_cache_readahead+0x360/0x360 [ 232.250790] ? lock_acquire+0x1e4/0x540 [ 232.254752] ? rcu_note_context_switch+0x730/0x730 [ 232.259667] ? check_same_owner+0x340/0x340 [ 232.263981] ? lock_release+0xa30/0xa30 [ 232.267947] generic_file_read_iter+0x1a87/0x2f10 [ 232.272788] ? filemap_write_and_wait_range+0xd0/0xd0 [ 232.277981] ? rcu_read_lock+0x70/0x70 [ 232.281859] ? __unlock_page_memcg+0x72/0x100 [ 232.286337] ? unlock_page_memcg+0x2c/0x40 [ 232.290646] ? page_add_file_rmap+0x781/0xe40 [ 232.295128] ? page_add_new_anon_rmap+0x870/0x870 [ 232.299960] ? perf_trace_lock+0x920/0x920 [ 232.304189] ? lock_acquire+0x1e4/0x540 [ 232.308152] ? alloc_set_pte+0x1133/0x1790 [ 232.312376] ? lock_release+0xa30/0xa30 [ 232.316337] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 232.321337] ? check_pgprot+0xdf/0x180 [ 232.325209] ? put_page+0x280/0x280 [ 232.328820] ? kasan_check_write+0x14/0x20 [ 232.333047] ? do_raw_spin_lock+0xc1/0x200 [ 232.337268] ? alloc_set_pte+0xaf6/0x1790 [ 232.341403] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 232.346417] ? filemap_map_pages+0xca2/0x1990 [ 232.350901] ? trace_hardirqs_on+0x10/0x10 [ 232.355133] ? xa_set_tag+0x40/0x40 [ 232.358749] ? perf_trace_lock+0x920/0x920 [ 232.362969] ? environ_open+0x90/0x90 [ 232.366847] ? trace_hardirqs_on+0x10/0x10 [ 232.371069] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 232.376605] ? trace_hardirqs_on+0x10/0x10 [ 232.380826] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 232.385663] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 232.390511] ? perf_trace_lock+0x920/0x920 [ 232.394737] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 232.399570] ? perf_trace_lock+0x920/0x920 [ 232.403880] ? perf_trace_lock+0x920/0x920 [ 232.408114] ? shrink_dcache_sb+0x350/0x350 [ 232.412428] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 232.417256] ? __fdget_pos+0x1bb/0x200 [ 232.421145] ? lock_acquire+0x1e4/0x540 [ 232.425112] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 232.430645] ? fsnotify+0xbac/0x14e0 [ 232.434350] ext4_file_read_iter+0x18b/0x3c0 [ 232.438752] generic_file_splice_read+0x5a5/0x9a0 [ 232.443585] ? add_to_pipe+0x360/0x360 [ 232.447470] ? rw_verify_area+0x118/0x360 [ 232.451607] ? add_to_pipe+0x360/0x360 [ 232.455487] do_splice_to+0x12e/0x190 [ 232.459283] splice_direct_to_actor+0x270/0x8f0 [ 232.463942] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 232.469476] ? pipe_to_sendpage+0x400/0x400 [ 232.473793] ? do_splice_to+0x190/0x190 [ 232.477756] ? security_file_permission+0x1c2/0x230 [ 232.482762] ? rw_verify_area+0x118/0x360 [ 232.486896] do_splice_direct+0x2d4/0x420 [ 232.491038] ? splice_direct_to_actor+0x8f0/0x8f0 [ 232.495870] ? rw_verify_area+0x118/0x360 [ 232.500005] do_sendfile+0x62a/0xe20 [ 232.503732] ? do_compat_pwritev64+0x1c0/0x1c0 [ 232.508308] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 232.513833] ? _copy_from_user+0xdf/0x150 [ 232.517969] __x64_sys_sendfile64+0x15d/0x250 [ 232.522452] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 232.527044] do_syscall_64+0x1b9/0x820 [ 232.530916] ? finish_task_switch+0x1d3/0x870 [ 232.535412] ? syscall_return_slowpath+0x5e0/0x5e0 [ 232.540336] ? syscall_return_slowpath+0x31d/0x5e0 [ 232.545252] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 232.550256] ? prepare_exit_to_usermode+0x291/0x3b0 [ 232.555436] ? perf_trace_sys_enter+0xb10/0xb10 [ 232.560093] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 232.564939] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 232.570125] RIP: 0033:0x455e29 [ 232.573293] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 232.592504] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 232.600202] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 232.607456] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 232.614906] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 232.622164] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 232.629417] R13: 00000000004c1113 R14: 00000000004d1540 R15: 000000000000004b 21:25:52 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(r0, 0x0) socket$l2tp(0x18, 0x1, 0x1) ioctl$TCXONC(r2, 0x540a, 0x0) 21:25:52 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x33fe0}, 0x1}, 0x0) 21:25:52 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000000)={{{@in=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in=@remote}}, &(0x7f0000000100)=0xe8) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'nr0\x00', r2}) 21:25:52 executing program 2 (fault-call:9 fault-nth:76): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:52 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x5451, &(0x7f0000000040)={r2}) 21:25:52 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{0xfdfdffff}}) 21:25:52 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x74000000}}) 21:25:52 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x700, 0x3, 0xf301}}) [ 233.052522] FAULT_INJECTION: forcing a failure. [ 233.052522] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 233.064453] CPU: 1 PID: 15234 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 233.072863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 233.082217] Call Trace: [ 233.084802] dump_stack+0x1c9/0x2b4 [ 233.088419] ? dump_stack_print_info.cold.2+0x52/0x52 [ 233.093609] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 233.098451] should_fail.cold.4+0xa/0x11 [ 233.102503] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 233.107604] ? kasan_check_read+0x11/0x20 [ 233.111740] ? rcu_is_watching+0x8c/0x150 [ 233.115971] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 233.121495] ? xas_start+0x23d/0x740 [ 233.125373] ? find_get_entry+0xa6d/0x1120 [ 233.129617] ? lock_downgrade+0x8f0/0x8f0 [ 233.133765] ? lock_acquire+0x1e4/0x540 [ 233.137725] ? fs_reclaim_acquire+0x20/0x20 [ 233.142035] ? lock_downgrade+0x8f0/0x8f0 [ 233.146176] ? check_same_owner+0x340/0x340 [ 233.150490] ? find_get_entry+0xa96/0x1120 [ 233.154808] ? rcu_note_context_switch+0x730/0x730 [ 233.159749] __alloc_pages_nodemask+0x36e/0xdb0 [ 233.164412] ? percpu_ref_put_many+0x119/0x240 [ 233.168989] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 233.173997] ? trace_hardirqs_on+0x10/0x10 [ 233.178221] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 233.183056] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 233.188596] ? xas_start+0x23d/0x740 [ 233.192306] ? lock_acquire+0x1e4/0x540 [ 233.196267] ? xa_load+0x288/0x450 [ 233.199803] ? lock_downgrade+0x8f0/0x8f0 [ 233.203945] ? lock_release+0xa30/0xa30 [ 233.207907] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 233.213440] alloc_pages_current+0x10c/0x210 [ 233.217859] __page_cache_alloc+0x398/0x5e0 [ 233.222169] ? xa_load+0x2b1/0x450 [ 233.225691] ? xa_clear_tag+0x40/0x40 [ 233.229478] ? filemap_range_has_page+0x4c0/0x4c0 [ 233.234313] ? unwind_get_return_address+0x61/0xa0 [ 233.239240] __do_page_cache_readahead+0x24e/0x690 [ 233.244250] ? read_pages+0x680/0x680 [ 233.248040] ? lock_acquire+0x1e4/0x540 [ 233.252003] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 233.257095] ? lock_downgrade+0x8f0/0x8f0 [ 233.261230] ? lock_release+0xa30/0xa30 [ 233.265192] ondemand_readahead+0x550/0xc40 [ 233.269685] page_cache_sync_readahead+0x3a0/0x6d0 [ 233.274608] ? force_page_cache_readahead+0x360/0x360 [ 233.279784] ? lock_acquire+0x1e4/0x540 [ 233.283743] ? rcu_note_context_switch+0x730/0x730 [ 233.288662] ? check_same_owner+0x340/0x340 [ 233.292973] ? lock_release+0xa30/0xa30 [ 233.296941] generic_file_read_iter+0x1a87/0x2f10 [ 233.301784] ? filemap_write_and_wait_range+0xd0/0xd0 [ 233.306961] ? rcu_read_lock+0x70/0x70 [ 233.310855] ? __unlock_page_memcg+0x72/0x100 [ 233.315337] ? unlock_page_memcg+0x2c/0x40 [ 233.319819] ? page_add_file_rmap+0x781/0xe40 [ 233.324303] ? page_add_new_anon_rmap+0x870/0x870 [ 233.329438] ? perf_trace_lock+0x920/0x920 [ 233.333675] ? lock_acquire+0x1e4/0x540 [ 233.337637] ? alloc_set_pte+0x1133/0x1790 [ 233.342297] ? lock_release+0xa30/0xa30 [ 233.346264] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 233.351269] ? check_pgprot+0xdf/0x180 [ 233.355149] ? put_page+0x280/0x280 [ 233.359286] ? kasan_check_write+0x14/0x20 [ 233.363507] ? do_raw_spin_lock+0xc1/0x200 [ 233.367737] ? alloc_set_pte+0xaf6/0x1790 [ 233.371874] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 233.376880] ? filemap_map_pages+0xca2/0x1990 [ 233.381370] ? trace_hardirqs_on+0x10/0x10 [ 233.385590] ? xa_set_tag+0x40/0x40 [ 233.389214] ? perf_trace_lock+0x920/0x920 [ 233.393528] ? environ_open+0x90/0x90 [ 233.397316] ? trace_hardirqs_on+0x10/0x10 [ 233.401542] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 233.407077] ? trace_hardirqs_on+0x10/0x10 [ 233.411322] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 233.416162] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 233.421009] ? perf_trace_lock+0x920/0x920 [ 233.425254] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 233.430087] ? perf_trace_lock+0x920/0x920 [ 233.434315] ? perf_trace_lock+0x920/0x920 [ 233.438540] ? shrink_dcache_sb+0x350/0x350 [ 233.442862] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 233.447694] ? __fdget_pos+0x1bb/0x200 [ 233.451674] ? lock_acquire+0x1e4/0x540 [ 233.455640] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 233.461179] ? fsnotify+0xbac/0x14e0 [ 233.466120] ext4_file_read_iter+0x18b/0x3c0 [ 233.470523] generic_file_splice_read+0x5a5/0x9a0 [ 233.475358] ? add_to_pipe+0x360/0x360 [ 233.479241] ? rw_verify_area+0x118/0x360 [ 233.483390] ? add_to_pipe+0x360/0x360 [ 233.487277] do_splice_to+0x12e/0x190 [ 233.491070] splice_direct_to_actor+0x270/0x8f0 [ 233.495731] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 233.501267] ? pipe_to_sendpage+0x400/0x400 [ 233.505579] ? do_splice_to+0x190/0x190 [ 233.509544] ? security_file_permission+0x1c2/0x230 [ 233.514554] ? rw_verify_area+0x118/0x360 [ 233.518698] do_splice_direct+0x2d4/0x420 [ 233.522836] ? splice_direct_to_actor+0x8f0/0x8f0 [ 233.527683] ? rw_verify_area+0x118/0x360 [ 233.531836] do_sendfile+0x62a/0xe20 [ 233.535557] ? do_compat_pwritev64+0x1c0/0x1c0 [ 233.540220] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 233.545765] ? _copy_from_user+0xdf/0x150 [ 233.549920] __x64_sys_sendfile64+0x15d/0x250 [ 233.554427] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 233.559013] do_syscall_64+0x1b9/0x820 [ 233.562896] ? finish_task_switch+0x1d3/0x870 [ 233.567379] ? syscall_return_slowpath+0x5e0/0x5e0 [ 233.572296] ? syscall_return_slowpath+0x31d/0x5e0 [ 233.577216] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 233.582926] ? prepare_exit_to_usermode+0x291/0x3b0 [ 233.587935] ? perf_trace_sys_enter+0xb10/0xb10 [ 233.592603] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 233.597438] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 233.602627] RIP: 0033:0x455e29 [ 233.605799] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 233.625015] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 233.632723] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 233.639984] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 233.647384] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 21:25:53 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x4c00}}) 21:25:53 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{0xfffffdfd}}) 21:25:53 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x7ffff000}, 0x1}, 0x0) 21:25:53 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x40049409, &(0x7f0000000040)={r2}) [ 233.654647] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 233.661900] R13: 00000000004c1113 R14: 00000000004d1540 R15: 000000000000004c 21:25:53 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x7000000, 0x3, 0xf301}}) 21:25:53 executing program 2 (fault-call:9 fault-nth:77): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:53 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) semget$private(0x0, 0x71794431036a348d, 0x80) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000040)={0x8, 0x101}) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) [ 233.821157] FAULT_INJECTION: forcing a failure. [ 233.821157] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 233.833201] CPU: 1 PID: 15280 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 233.841619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 233.850975] Call Trace: [ 233.853570] dump_stack+0x1c9/0x2b4 [ 233.857209] ? dump_stack_print_info.cold.2+0x52/0x52 [ 233.862504] ? kasan_check_write+0x14/0x20 [ 233.866844] should_fail.cold.4+0xa/0x11 [ 233.870926] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 233.876057] ? kasan_check_write+0x14/0x20 [ 233.880314] ? __schedule+0x884/0x1ed0 [ 233.884224] ? trace_hardirqs_on+0x10/0x10 [ 233.888476] ? __sched_text_start+0x8/0x8 [ 233.892641] ? lock_downgrade+0x8f0/0x8f0 [ 233.896834] ? lock_acquire+0x1e4/0x540 [ 233.900846] ? fs_reclaim_acquire+0x20/0x20 [ 233.905169] ? lock_downgrade+0x8f0/0x8f0 [ 233.909322] ? check_same_owner+0x340/0x340 [ 233.913658] ? rcu_note_context_switch+0x730/0x730 [ 233.918601] __alloc_pages_nodemask+0x36e/0xdb0 [ 233.923269] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 233.928293] ? xas_descend+0x1f6/0x5f0 [ 233.932178] ? xas_descend+0x20c/0x5f0 [ 233.936061] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 233.941597] ? xas_start+0x23d/0x740 [ 233.945321] ? lock_acquire+0x1e4/0x540 [ 233.949296] ? xa_load+0x288/0x450 [ 233.952841] ? lock_downgrade+0x8f0/0x8f0 [ 233.956981] ? lock_release+0xa30/0xa30 [ 233.961654] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 233.967375] alloc_pages_current+0x10c/0x210 [ 233.971781] __page_cache_alloc+0x398/0x5e0 [ 233.976101] ? xa_load+0x2b1/0x450 [ 233.979633] ? xa_clear_tag+0x40/0x40 [ 233.983426] ? filemap_range_has_page+0x4c0/0x4c0 [ 233.988264] ? unwind_get_return_address+0x61/0xa0 [ 233.993191] __do_page_cache_readahead+0x24e/0x690 [ 233.998130] ? read_pages+0x680/0x680 [ 234.001934] ? lock_acquire+0x1e4/0x540 [ 234.005908] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 234.011014] ? lock_downgrade+0x8f0/0x8f0 [ 234.015165] ? lock_release+0xa30/0xa30 [ 234.019143] ondemand_readahead+0x550/0xc40 [ 234.023465] page_cache_sync_readahead+0x3a0/0x6d0 [ 234.028399] ? force_page_cache_readahead+0x360/0x360 [ 234.033607] ? lock_acquire+0x1e4/0x540 [ 234.037747] ? rcu_note_context_switch+0x730/0x730 [ 234.042674] ? check_same_owner+0x340/0x340 [ 234.047084] ? lock_release+0xa30/0xa30 [ 234.051063] generic_file_read_iter+0x1a87/0x2f10 [ 234.055929] ? filemap_write_and_wait_range+0xd0/0xd0 [ 234.061105] ? rcu_read_lock+0x70/0x70 [ 234.064998] ? __unlock_page_memcg+0x72/0x100 [ 234.069490] ? unlock_page_memcg+0x2c/0x40 [ 234.073723] ? page_add_file_rmap+0x781/0xe40 [ 234.078316] ? page_add_new_anon_rmap+0x870/0x870 [ 234.083158] ? lockdep_init_map+0x9/0x10 [ 234.087213] ? kasan_check_write+0x14/0x20 [ 234.091437] ? __init_rwsem+0x1cc/0x2a0 [ 234.095411] ? lock_acquire+0x1e4/0x540 [ 234.099397] ? alloc_set_pte+0x1133/0x1790 [ 234.103631] ? lock_release+0xa30/0xa30 [ 234.107600] ? xas_descend+0x20c/0x5f0 [ 234.111480] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 234.116504] ? check_pgprot+0xdf/0x180 [ 234.120386] ? put_page+0x280/0x280 [ 234.124007] ? kasan_check_write+0x14/0x20 [ 234.128233] ? do_raw_spin_lock+0xc1/0x200 [ 234.132483] ? alloc_set_pte+0xaf6/0x1790 [ 234.136638] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 234.141656] ? filemap_map_pages+0xca2/0x1990 [ 234.146146] ? trace_hardirqs_on+0x10/0x10 [ 234.150375] ? xa_set_tag+0x40/0x40 [ 234.153998] ? environ_open+0x90/0x90 [ 234.157800] ? trace_hardirqs_on+0x10/0x10 [ 234.162031] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 234.167577] ? trace_hardirqs_on+0x10/0x10 [ 234.171818] ? trace_hardirqs_on+0x10/0x10 [ 234.176055] ? find_get_entries_tag+0x1410/0x1410 [ 234.180894] ? trace_hardirqs_on+0x10/0x10 [ 234.185126] ? mntput_no_expire+0x18e/0xbc0 [ 234.189441] ? do_raw_spin_lock+0xc1/0x200 [ 234.193759] ? mnt_get_count+0x150/0x150 [ 234.197826] ? dput.part.26+0x276/0x7a0 [ 234.201802] ? shrink_dcache_sb+0x350/0x350 [ 234.206132] ? lock_acquire+0x1e4/0x540 [ 234.210096] ? __fdget_pos+0x1bb/0x200 [ 234.213986] ? lock_acquire+0x1e4/0x540 [ 234.217970] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 234.223506] ? fsnotify+0xbac/0x14e0 [ 234.227218] ext4_file_read_iter+0x18b/0x3c0 [ 234.231635] generic_file_splice_read+0x5a5/0x9a0 [ 234.236479] ? add_to_pipe+0x360/0x360 [ 234.240378] ? rw_verify_area+0x118/0x360 [ 234.244516] ? add_to_pipe+0x360/0x360 [ 234.248396] do_splice_to+0x12e/0x190 [ 234.252193] splice_direct_to_actor+0x270/0x8f0 [ 234.256869] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 234.262406] ? pipe_to_sendpage+0x400/0x400 [ 234.266734] ? do_splice_to+0x190/0x190 [ 234.270713] ? security_file_permission+0x1c2/0x230 [ 234.275727] ? rw_verify_area+0x118/0x360 [ 234.279891] do_splice_direct+0x2d4/0x420 [ 234.284039] ? splice_direct_to_actor+0x8f0/0x8f0 [ 234.288881] ? rw_verify_area+0x118/0x360 [ 234.293029] do_sendfile+0x62a/0xe20 [ 234.296745] ? do_compat_pwritev64+0x1c0/0x1c0 [ 234.301348] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 234.306963] ? _copy_from_user+0xdf/0x150 [ 234.311300] __x64_sys_sendfile64+0x15d/0x250 [ 234.315807] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 234.320399] do_syscall_64+0x1b9/0x820 [ 234.324278] ? finish_task_switch+0x1d3/0x870 [ 234.328764] ? syscall_return_slowpath+0x5e0/0x5e0 [ 234.333782] ? syscall_return_slowpath+0x31d/0x5e0 [ 234.338716] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 234.343835] ? prepare_exit_to_usermode+0x291/0x3b0 [ 234.349373] ? perf_trace_sys_enter+0xb10/0xb10 [ 234.354037] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 234.358902] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 234.364089] RIP: 0033:0x455e29 [ 234.367278] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 234.386565] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 234.394269] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 234.401532] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 234.408793] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 234.416055] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 21:25:53 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x7a000000, 0x3, 0xf301}}) [ 234.423328] R13: 00000000004c1113 R14: 00000000004d1540 R15: 000000000000004d 21:25:54 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000300)=0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000340)={0x1, r1}) r2 = socket(0x50c608bb0ff5417f, 0x7, 0xf7c) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r2, 0x84, 0x65, &(0x7f0000000380)=[@in6={0xa, 0x4e20, 0x8, @ipv4={[], [0xff, 0xff], @broadcast=0xffffffff}, 0x7e9}, @in={0x2, 0x4e23, @remote={0xac, 0x14, 0x14, 0xbb}}, @in6={0xa, 0x4e23, 0x80, @mcast1={0xff, 0x1, [], 0x1}, 0x8}, @in={0x2, 0x4e23, @multicast2=0xe0000002}], 0x58) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000240)='/dev/audio\x00', 0x200000, 0x0) r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000280)='/dev/dsp\x00', 0x200000, 0x0) ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f00000002c0)=r4) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x101201, 0x0) ioctl$EVIOCGABS0(r5, 0x80184540, &(0x7f0000000080)=""/101) read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000100)) r6 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r6, 0x2, r0) ioctl$VT_RESIZE(r0, 0x5609, &(0x7f00000001c0)={0x3, 0x400}) r7 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r7, 0x540a, 0x0) 21:25:54 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{0x0, 0xfffffdfd}}) 21:25:54 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0xc0}, 0x1}, 0x0) 21:25:54 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) recvfrom$inet6(r0, &(0x7f0000000000)=""/114, 0x72, 0x40010000, &(0x7f0000000080)={0xa, 0x4e24, 0x200, @mcast2={0xff, 0x2, [], 0x1}, 0x6}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) ioctl(r1, 0x4, &(0x7f00000000c0)="fbad94cb1ec5468ca025f7c94f90da6594b3ee015ce2bd29bd4ebbf430081c3fdb94829a02b03a6ef0b8857e0b688db87ed48764d1e99b865480a7795f43f6ac3a4ba55729be0c2b1e543e233acd941ab6f7b1b9a4bf82cbfcc6fa8a77185b4917d1af27ccf82a9961d7ffd4a70dbea5762bc45d1796906003451a1228a5e0701e863aaec26affab627870993f79f1e9c3e45835757c96257846c5996ad96847c3f6697e6f583a2d0145ed35d062cf71bd074cdbaa605cd4f72c90fb404af0d2b789faa2d76577ab0144f9e9eafb9b0ff7c45c06d0d7e940ad44f47f2ee2aaaf2a22ff97f0a112aeb0130f27d6167fa9bd601482a7f0688f7a1cdbb180e6b2a22747324679045862fdefa27e60af871381bf09792b67699b49ef4bf3479d73fe0f7e66c96a5781452776a144253fcded7db8f6580ed8105c9bb5cc877000931cef1cc5e6cfffe6474737071fe46f24c481ed11e5029118b44e161e7b0dd3e20165fe4a2fa08955420610cf85e995f628def6102769e469e05300cf4268115221297333bf421224f989be39b8e7d61f7bc10c59edab3a4cf51cfc79eddba650fd788740bbc763c0572c20cdaca196a69316adbf15f0d5e81a838702ad1bd73c60402f261c10de863002c49c68e2749e058dac7bb9f243681ee705f2984be814b455e418b9aeaf13b7246bd34757f65b6ef361eced28b898dd867d0a7502c7973d42e93ea65224c6d537eb41ed75ba65a1b81bb52349912b4d7a3437e74a5a05993993342e491898dfa630027ff572c217a9f1b9ee3edc2fc28bb6d32ad0990fa40866b7e03168d1795c9fa4fa31dcdc1e0ab547a6e7aaeeb3d9c16eb898006a207216b930ab481eb8d946e06e0ce83977b553ffa6115db21290c104ff8d05d4d1bd609112d8a4525a98d97fdaabf5c9d1f6b1d705a9dd99797a313899fcde8359c6676483abb7656b495b1fb3ba70c006f42a40e57b492fbd1d26aa45c5fddfbe64c6d48b0e1b6f49f2835baabbda7db28c048c3db3a13e89751cd7c50ec3e5bc8cc75a3d24f2eecb97579f31123dd2d798ae1a8e3545d48cfdea053e21c03e1f655ddf5b4563e6992273b2dad8d13854448ec4e907aff8be01c8e68238668c1d2ab3be8d88c03d2d92741d22e2e56afd5e969a0405335845239ab030629f21ec3aa889a990508bdfd59adeaa404f43cc041ce95fd19af74c95375025e0e47e03663cfbc0ab400deba27c40ce682014ebe07b8fe49714e467a7253a270c7fe748f51b1d6afe93a3da8931052a3e5bf3518ab3b8a0ebe800ee106561efdb3e12b9edbb97a7049025e0b081501d0821a30547d84c6614c36cb48267d72d879d7126053f5ae06ed08b35cdecac93dbbb25bdb575ed3e7078fcc34ac1c5c3bb0dfba726bfc4cf50d79bc848afd5be9b2d3ea6c9e5b4057870e70bc810447bd7623a4a5ed969e1f1f69c01accb97a6d4c85355cc2572cf312e7d69202521ceb2143279846aabd5c78de0fa839e31c9f7d66c19c9a66db0d1f1df2433840d690af799bfe2774f48b419ea7db1f6e10727bd0e154d2696b162282d115ddf10e071d78d85b642c33b83976f2f38d725c6df4586371f1b5f4552d78d881fda638b296eb94e7f14aad8fd30f38a97a9a42f9ace97903aaf0a5b462d552e905c5bd6c34efffbb84294ea08bd615d8db55f92ccb75d1d6e35627e52f243ffa21e3ae91d7241151b0008f7af337c45fb62d6e315c014277a05e56b3e21e31cf6d2ec3a99af8de31e4687c5e2c3d3949cc99c70b985def158fdc46dade95015f98148d19d1e87050d2e6860bddddb3066e7c4ffeb98692f759ebfe52b20b3b92756105ca3b386b81ba1b181eba07870ec7bd0dca930c7be7d11a85e76061755165a633f8ddc93f8e123e491a2bfbd767cd2b61fa6dcce326dfc05858d89a5e867b63403c765dd73722c82dc1548c250850fbae8b2aa2cd2137a2bcaeb7b5571f81f595d2c6c62b0ebdda9e805900420fc3dfc4670936b18e41919b00c5576162447da06cebbbbd139c3589bacd20d2bc86f069c26061a0318a2a165840009f794ddda40774bbbc3596af60dbf5fdee57be3eda209325e2191aae5a00c939a236b358ae262fc090a42976fe3ffe1fb6c4efbfc2b958c011796d7e773aee2b1e3fafeb977afcb3eccacefa5c9fed3ca0197499e50f24023cede5a957d2429925e983d154b9d5dbe6f6ecf7f2db5b65581a6d4eaeb17c9713c2d08df21fae763c231b23f8be9a4d7ed7e42e1f93611ce6004eb19fe6dcc835cdd95285c018aca8587c04d8e82e1272d0bd7def67b2a8a52b3ff5d09cb1bbaaa98e5fcb30a93b2e275a6de6dfde423b13cbf50f358cb76d80f29e8503499862b57588e7ad9e5b437a509a6063e0a534e8f3462cec9f6d3270d064f02c4ddd109f8cf75bac4dae46a0bd84f7773b38cd146dcdd25fdf33041cfbaa3ba86fd83dbdfb9af48e44de7fdbfdf6e1610c380de363b83e2d0001d32cd0f6524b1f98c44b94df3b61055108cc9aad1c0799488ba5a2ac2ef30103f3e995991862f0de8ad010f6ef7bc41d36d1fd132bcc334563fcfe65244b0a06f8dc06e212a0cb2843974543bbe4f98d34b53930e849ba4ac8f82b5cec1e4ce7c008ccd23f811c8962feb43af8fe28627c7e24dbdb61df5d1908b46f6e53addbb316d4bc03826ec119ccccabc09172fe4b1a9c45b01bd52d4d54b4967e75482039f5e4582879dc5a3a0c2e51dc6fa70218d337269752dc791674f3be93039965c300a5b294ce20d3cc04a94b9f0576fdf3ade42091767a15044367bab8a03862a6979c6c10121a085a04b72a7c9a1536528602818d026e8ae6eb988a2b5d8e96de43abc26dfaa7cdc65f750eb8f374716417aa81533e06ccbc60712e8a0881e81d9fbcf46f8c79498a15cfb9046f03908d41b739908d1ebd04217f71c2d579b274e500c743cef2256e8e9b4875ed74ac4dac34b50832616bdc7d1e3373a9f4a05214750bea4119dbc436769287ca495b276fe4545d3c44f94431f910dad62ad88be11809eb0f641c4afeb20c31a0ecc3b536e82975e95e55b7f6b4bf872c06cb08a8693af73cb2e8e02de2b6b62cfb84434519dd16b2b75b221e2a4de53d8c8d126794c71d641b0246ffd7797ebbb041be3f157e9ab2d0a3a4898298b341ae1c1933a3c4bd533224be92a322fb51db568a00f5733bee64552c25f9b650094172c745249794c69ad1405c647037b9a8d2012eee0c264e9fdca6b99591eb5860b6e2448c9aada10b275c4957ccdad7a6c888cb14a47b9ab5465de7e3a208d3a207bd78fbf2d200554c6affcc640017b3f99e62ebf2385ff70008d236d96575ef47c91e92870017db35a7714c4994890b0d7cecb191138389a57166e2959588ce4d34bd08fcc74e0adfc96528d88caef351aa78f443d61e44d8093963e6474ba7e5afcc28faca310191ecfd4a609470b93b8041e94184a1878be11b8aded4f304bb8d0027596e233c2a49e659233c1daff90b37336028ecb1341afb5f35cd1c97636882fb29010983ea607125433a264fe936a57953d082707f89733911a83372055c7e691dfd18489e515a87d626071b6a45fe6bbbfa714fb156340b0783d12f6be2a6e172da57226be15005249752466464d6652e0127b61f7ab3f4106d033a5d50253734c695a31f4b1502604c1e0a049dc00a7905409b4c380389e7c18eae823d3a2549ecd01dbd5f7de0ffdce9f7536f73aff5c506e48796189fd6521661189d29e1111d8ccd13cb412fe70499294b9efbe69989d5fb0f0148e6fbbdf6516846bb404802c833b356a471d9c3bbe7e581d471313d3bacee1efb20be1a99210b4ff55dd3829e7d4bb257be12991e5e2c1b71647485b32c805c32f7240966e62bda13311e7f9d090c32ccf790e6b9e05c9a50ac61025f5f3be11530ac6f30e158919fe06080837b50ad7c29ef3e93c7c55a765b8fd0a4636aac8b986d13a2942dc1dab58910157396a12dbd89b33412ddab08257c35aafac6e563f8c876456e6f98089b2271334c74b21de6ff623869c46e55a873232aeacf3544db62698d90c149b257af4fa021db989c73b1a16a60bfb11b465b988cbcc476f51fcc583d90d9a7ec0e5da6d03e30d0fdd57aae08eef9e3b1de6cbbd2c32afbaef338bab6a0d6c48afec899ef22660eddace70361efefdb22bd789809c83c959d7de75fb2f3b104246b81590871445f5b44c54715a69de8019661571c33feb294fd43ab676b92d9147e2bc28092f5e5851b83c30cc890a4de57173cc465023596a33edc8e9f8018c35b76a213f14c392b85c52d187c719a7ad17512080f5c6c284b0ee2434f54d571cfc9b31cdebd50f5bec48ab39b9f55054ade75d1599e8200637aa64a977b60a6212675c9955b480ab722eec62ea515015c7ba4e1b2d5f7eb3f8f22e44dc632d773958b6bb94c19bd1af16984f7d6bfb57e52108f51781fa3940782c0d64366929e20a2bae89e248c29b72eae91f5b01d1a1f756cefa8f4d50e428de8564f1f2ae6a4f25ee21e300e1f3f56c4bb4e96cef3f419352b5a6998c56e75b1f42d2a006c9a58a5c717ba768d4ad147166324a42a20983d90175cff3196dbb83e33c7d912a3ee142fff4fd27bf1ecc4b2fa8ecfbdf801bd9fa43ecc70c97a24650f5be51669df7077bba6b77076eac474216499f488a24ef2003759e9906e4e23cc66e84e64039f53c1b41a3ad42d306f6ac649f6457cdf9d3ae04829c82b70ef75b29623ba6b7edd8c6b89914a34969731dc1d073385d4f5867078b71663d01eb0350571ed0f2042504221da6e22fab9983c8e575449eec665d7a22a2ea40da2b9b1753e9e778415f2a5dd2d574ba5ae815b9c1ed3cbad81cdf21d44affc9d0e39fe4b3f8b52c1d191b6dbc4708ae7acc494b79e09cfed2e17530b7088cce785f500fe6e43943b00b3f6ed5a66d8d671a548705c0527057a4e1cda32e5886220be4f32f1c0f0c67e61053269ef9fcaa221e5a635de76b13f2bae330b36a89dab77758d8857d73423ae71dbb3843b6a043022096dae6397bd0d49249ec039ee857845c01b4d912393516b8c2f20b604ec0bce0d599570479e0666a16de64b88d3387f3475b8d61fc582b00bcbfcc4e401945419ad507ed07113231ec87dd8c416bff52783b95777112ea2064de43ee041b93b067a93f51e7cae888d20ccb1724f9f19fc581a61189c276b8676a4e24f9cf7befc43a47fc122a8031947d3a1e3211f278cb2949d6108c9d8a94023661b32233b5ac6e47d1597d98ce65af764c8bdef9c184d1965893947d46e0cea0db4be45aa7f507ed2f5b320679af4dd37bf29d837d6910eb00f93aeca368161842a67d0cb5952772dd07f63461384e7d7f609b14ccc5b383d68cf7f29bd72520b53dc32367971a18cf28e8d37374a29362f872e409ea3b6542abf6773d67f60075041ba2c6fe0a37b213ae040ad130ae8f448b3e4e0b137b9a046dde8e2935aaafe8351f83d3c777665b3f45f30d5461129f35d896a837cc0e68c27ca9385a3424ce58b59f9a03608498758889b96ac2252acb8a1797a8e2348d030c8c3514dfd10dd05d90041c4ea0e438c7f854ea215d1b55f8dd2a6bf234d5d8e2194638c6a4924fd2c3eb0386992e789329fcfb40384db6728bd37c604bf75d9fb67548de21e60ea6df36c87083bff10f9fe8ca0e7a06e6fbae90dc802f8e858fd94f23082d630757446ba6cac31dd95bc0ed67dfe8254562c0ae4a5390f72263f0a940fdf74ba9e78dad62b155b70228aa") 21:25:54 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0xc0045877, &(0x7f0000000040)={r2}) 21:25:54 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x700}}) 21:25:54 executing program 2 (fault-call:9 fault-nth:78): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:54 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x4c00, 0x3, 0xf301}}) [ 234.588659] FAULT_INJECTION: forcing a failure. [ 234.588659] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 234.600565] CPU: 1 PID: 15305 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 234.608959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 234.618324] Call Trace: [ 234.620912] dump_stack+0x1c9/0x2b4 [ 234.624539] ? dump_stack_print_info.cold.2+0x52/0x52 [ 234.629728] should_fail.cold.4+0xa/0x11 [ 234.633783] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 234.638889] ? kasan_check_read+0x11/0x20 [ 234.643037] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 234.647880] ? trace_hardirqs_on+0x10/0x10 [ 234.652116] ? error_exit+0xb/0x20 [ 234.655655] ? lock_acquire+0x1e4/0x540 [ 234.659618] ? fs_reclaim_acquire+0x20/0x20 [ 234.663928] ? lock_downgrade+0x8f0/0x8f0 [ 234.668067] ? check_same_owner+0x340/0x340 [ 234.672383] ? find_get_entry+0xa96/0x1120 [ 234.676619] ? rcu_note_context_switch+0x730/0x730 [ 234.681645] __alloc_pages_nodemask+0x36e/0xdb0 [ 234.686312] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 234.691320] ? error_exit+0xb/0x20 [ 234.694848] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 234.700373] ? xas_start+0x23d/0x740 [ 234.704078] ? lock_acquire+0x1e4/0x540 [ 234.708037] ? xa_load+0x288/0x450 [ 234.711572] ? lock_downgrade+0x8f0/0x8f0 [ 234.715719] ? lock_release+0xa30/0xa30 [ 234.719701] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 234.725318] alloc_pages_current+0x10c/0x210 [ 234.729720] __page_cache_alloc+0x398/0x5e0 [ 234.734028] ? xa_load+0x2b1/0x450 [ 234.737570] ? xa_clear_tag+0x40/0x40 [ 234.741966] ? filemap_range_has_page+0x4c0/0x4c0 [ 234.746805] ? unwind_get_return_address+0x61/0xa0 [ 234.751743] __do_page_cache_readahead+0x24e/0x690 [ 234.756673] ? read_pages+0x680/0x680 [ 234.760462] ? lock_acquire+0x1e4/0x540 [ 234.764424] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 234.769512] ? lock_downgrade+0x8f0/0x8f0 [ 234.773647] ? lock_release+0xa30/0xa30 [ 234.777621] ondemand_readahead+0x550/0xc40 [ 234.781941] page_cache_sync_readahead+0x3a0/0x6d0 [ 234.786875] ? force_page_cache_readahead+0x360/0x360 [ 234.792073] ? lock_acquire+0x1e4/0x540 [ 234.796131] ? rcu_note_context_switch+0x730/0x730 [ 234.801062] ? check_same_owner+0x340/0x340 [ 234.805384] ? lock_release+0xa30/0xa30 [ 234.809450] generic_file_read_iter+0x1a87/0x2f10 [ 234.814306] ? filemap_write_and_wait_range+0xd0/0xd0 [ 234.819485] ? rcu_read_lock+0x70/0x70 [ 234.823385] ? __unlock_page_memcg+0x72/0x100 [ 234.827958] ? unlock_page_memcg+0x2c/0x40 [ 234.832183] ? page_add_file_rmap+0x781/0xe40 [ 234.836665] ? page_add_new_anon_rmap+0x870/0x870 [ 234.841499] ? perf_trace_lock+0x920/0x920 [ 234.845728] ? lock_acquire+0x1e4/0x540 [ 234.849690] ? alloc_set_pte+0x1133/0x1790 [ 234.853916] ? lock_release+0xa30/0xa30 [ 234.857896] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 234.862928] ? check_pgprot+0xdf/0x180 [ 234.866807] ? put_page+0x280/0x280 [ 234.870422] ? kasan_check_write+0x14/0x20 [ 234.874645] ? do_raw_spin_lock+0xc1/0x200 [ 234.878869] ? alloc_set_pte+0xaf6/0x1790 [ 234.883009] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 234.888023] ? filemap_map_pages+0xca2/0x1990 [ 234.892525] ? trace_hardirqs_on+0x10/0x10 [ 234.896760] ? xa_set_tag+0x40/0x40 [ 234.900392] ? perf_trace_lock+0x920/0x920 [ 234.904613] ? environ_open+0x90/0x90 [ 234.908507] ? trace_hardirqs_on+0x10/0x10 [ 234.912730] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 234.918256] ? trace_hardirqs_on+0x10/0x10 [ 234.922489] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 234.927336] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 234.932168] ? perf_trace_lock+0x920/0x920 [ 234.936408] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 234.941250] ? perf_trace_lock+0x920/0x920 [ 234.945484] ? perf_trace_lock+0x920/0x920 [ 234.949717] ? shrink_dcache_sb+0x350/0x350 [ 234.954036] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 234.958868] ? __fdget_pos+0x1bb/0x200 [ 234.962753] ? lock_acquire+0x1e4/0x540 [ 234.966720] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 234.972251] ? fsnotify+0xbac/0x14e0 [ 234.975965] ext4_file_read_iter+0x18b/0x3c0 [ 234.980374] generic_file_splice_read+0x5a5/0x9a0 [ 234.985204] ? add_to_pipe+0x360/0x360 [ 234.989093] ? rw_verify_area+0x118/0x360 [ 234.993228] ? add_to_pipe+0x360/0x360 [ 234.997294] do_splice_to+0x12e/0x190 [ 235.001085] splice_direct_to_actor+0x270/0x8f0 [ 235.005742] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 235.011271] ? pipe_to_sendpage+0x400/0x400 [ 235.015585] ? do_splice_to+0x190/0x190 [ 235.019548] ? security_file_permission+0x1c2/0x230 [ 235.024565] ? rw_verify_area+0x118/0x360 [ 235.028710] do_splice_direct+0x2d4/0x420 [ 235.032850] ? splice_direct_to_actor+0x8f0/0x8f0 [ 235.037686] ? rw_verify_area+0x118/0x360 [ 235.041820] do_sendfile+0x62a/0xe20 [ 235.045532] ? do_compat_pwritev64+0x1c0/0x1c0 [ 235.050104] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 235.055628] ? _copy_from_user+0xdf/0x150 [ 235.059762] __x64_sys_sendfile64+0x15d/0x250 [ 235.064256] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 235.068839] do_syscall_64+0x1b9/0x820 [ 235.072720] ? finish_task_switch+0x1d3/0x870 [ 235.077203] ? syscall_return_slowpath+0x5e0/0x5e0 [ 235.082120] ? syscall_return_slowpath+0x31d/0x5e0 [ 235.087049] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 235.092139] ? prepare_exit_to_usermode+0x291/0x3b0 [ 235.097141] ? perf_trace_sys_enter+0xb10/0xb10 [ 235.101796] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 235.106627] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 235.111812] RIP: 0033:0x455e29 [ 235.114983] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 21:25:55 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf363}}) 21:25:55 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0xec0}, 0x1}, 0x0) 21:25:55 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x6}}) 21:25:55 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{0x0, 0xfdfdffff00000000}}) 21:25:55 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = dup2(r1, r1) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r3, 0x30a, 0x70bd26, 0x25dfdbfb, {0x2}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1ff}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x40000) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0x81) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) [ 235.134164] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 235.141859] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 235.149113] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 235.156366] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 235.163641] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 235.170905] R13: 00000000004c1113 R14: 00000000004d1540 R15: 000000000000004e 21:25:55 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0xc00caee0, &(0x7f0000000040)={r2}) 21:25:55 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf312}}) 21:25:55 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = gettid() ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000100)=0x0) kcmp(r1, r2, 0x3, r0, r0) r3 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r3, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r3, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r4, 0x80404509, &(0x7f0000000040)=""/185) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:56 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000000c0)=0x1010000008000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) socket$nl_crypto(0x10, 0x3, 0x15) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) socketpair(0x5, 0x1, 0x3f, &(0x7f0000000000)) 21:25:56 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0xf}, 0x1}, 0x0) 21:25:56 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{0x0, 0xfdfdffff}}) 21:25:56 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x7a00000000000000}}) 21:25:56 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf309}}) 21:25:56 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x5460, &(0x7f0000000040)={r2}) 21:25:56 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f00000001c0)={0x2, [0x6, 0xdc89]}, &(0x7f0000000200)=0x8) r2 = syz_open_dev$vcsn(&(0x7f00000002c0)='/dev/vcs#\x00', 0xffff, 0x8043) ioctl$PPPIOCGMRU(r2, 0x80047453, &(0x7f0000000180)) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)=0x0) r4 = syz_open_dev$sndpcmp(&(0x7f00000000c0)='/dev/snd/pcmC#D#p\x00', 0x4, 0x0) write$P9_RRENAMEAT(r4, &(0x7f0000000100)={0x7, 0x4b, 0x1}, 0x7) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000240)=0x20, 0x4) sched_rr_get_interval(r3, &(0x7f0000000040)) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:56 executing program 2 (fault-call:9 fault-nth:79): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) [ 236.175525] FAULT_INJECTION: forcing a failure. [ 236.175525] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 236.187788] CPU: 0 PID: 15369 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 236.196192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 236.205548] Call Trace: [ 236.208128] dump_stack+0x1c9/0x2b4 [ 236.211744] ? dump_stack_print_info.cold.2+0x52/0x52 [ 236.217018] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 236.221859] should_fail.cold.4+0xa/0x11 [ 236.225916] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 236.231033] ? kasan_check_read+0x11/0x20 [ 236.235183] ? rcu_is_watching+0x8c/0x150 [ 236.239343] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 236.244876] ? xas_start+0x23d/0x740 [ 236.248598] ? find_get_entry+0xa6d/0x1120 [ 236.252919] ? lock_downgrade+0x8f0/0x8f0 [ 236.257071] ? lock_acquire+0x1e4/0x540 [ 236.261046] ? fs_reclaim_acquire+0x20/0x20 [ 236.265370] ? lock_downgrade+0x8f0/0x8f0 [ 236.269511] ? check_same_owner+0x340/0x340 [ 236.273825] ? find_get_entry+0xa96/0x1120 [ 236.278050] ? rcu_note_context_switch+0x730/0x730 [ 236.283079] __alloc_pages_nodemask+0x36e/0xdb0 [ 236.287741] ? percpu_ref_put_many+0x119/0x240 [ 236.292327] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 236.297335] ? trace_hardirqs_on+0x10/0x10 [ 236.301565] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 236.306415] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 236.311957] ? xas_start+0x23d/0x740 [ 236.315758] ? lock_acquire+0x1e4/0x540 [ 236.319734] ? xa_load+0x288/0x450 [ 236.323263] ? lock_downgrade+0x8f0/0x8f0 [ 236.327402] ? lock_release+0xa30/0xa30 [ 236.331458] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 236.336990] alloc_pages_current+0x10c/0x210 [ 236.341392] __page_cache_alloc+0x398/0x5e0 [ 236.345709] ? xa_load+0x2b1/0x450 [ 236.349239] ? xa_clear_tag+0x40/0x40 [ 236.353039] ? filemap_range_has_page+0x4c0/0x4c0 [ 236.357869] ? unwind_get_return_address+0x61/0xa0 [ 236.362894] __do_page_cache_readahead+0x24e/0x690 [ 236.367815] ? read_pages+0x680/0x680 [ 236.371609] ? lock_acquire+0x1e4/0x540 [ 236.375586] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 236.380700] ? lock_downgrade+0x8f0/0x8f0 [ 236.384841] ? lock_release+0xa30/0xa30 [ 236.388820] ondemand_readahead+0x550/0xc40 [ 236.393136] page_cache_sync_readahead+0x3a0/0x6d0 [ 236.398062] ? force_page_cache_readahead+0x360/0x360 [ 236.403247] ? lock_acquire+0x1e4/0x540 [ 236.407219] ? rcu_note_context_switch+0x730/0x730 [ 236.412756] ? check_same_owner+0x340/0x340 [ 236.417070] ? lock_release+0xa30/0xa30 [ 236.421050] generic_file_read_iter+0x1a87/0x2f10 [ 236.425982] ? filemap_write_and_wait_range+0xd0/0xd0 [ 236.431160] ? rcu_read_lock+0x70/0x70 [ 236.435041] ? __unlock_page_memcg+0x72/0x100 [ 236.439527] ? unlock_page_memcg+0x2c/0x40 [ 236.443925] ? page_add_file_rmap+0x781/0xe40 [ 236.448408] ? page_add_new_anon_rmap+0x870/0x870 [ 236.453246] ? perf_trace_lock+0x920/0x920 [ 236.457483] ? lock_acquire+0x1e4/0x540 [ 236.461450] ? alloc_set_pte+0x1133/0x1790 [ 236.465682] ? lock_release+0xa30/0xa30 [ 236.469651] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 236.474663] ? check_pgprot+0xdf/0x180 [ 236.478538] ? put_page+0x280/0x280 [ 236.482152] ? kasan_check_write+0x14/0x20 [ 236.486472] ? do_raw_spin_lock+0xc1/0x200 [ 236.490699] ? alloc_set_pte+0xaf6/0x1790 [ 236.494851] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 236.499867] ? filemap_map_pages+0xca2/0x1990 [ 236.504360] ? trace_hardirqs_on+0x10/0x10 [ 236.508580] ? xa_set_tag+0x40/0x40 [ 236.512197] ? perf_trace_lock+0x920/0x920 [ 236.516421] ? environ_open+0x90/0x90 [ 236.520210] ? trace_hardirqs_on+0x10/0x10 [ 236.524443] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 236.529987] ? trace_hardirqs_on+0x10/0x10 [ 236.534215] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 236.539053] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 236.543886] ? perf_trace_lock+0x920/0x920 [ 236.548205] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 236.553039] ? perf_trace_lock+0x920/0x920 [ 236.557272] ? perf_trace_lock+0x920/0x920 [ 236.561499] ? shrink_dcache_sb+0x350/0x350 [ 236.565815] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 236.570660] ? __fdget_pos+0x1bb/0x200 [ 236.574583] ? lock_acquire+0x1e4/0x540 [ 236.578550] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 236.584083] ? fsnotify+0xbac/0x14e0 [ 236.587791] ext4_file_read_iter+0x18b/0x3c0 [ 236.592191] generic_file_splice_read+0x5a5/0x9a0 [ 236.597037] ? add_to_pipe+0x360/0x360 [ 236.600920] ? rw_verify_area+0x118/0x360 [ 236.605055] ? add_to_pipe+0x360/0x360 [ 236.608930] do_splice_to+0x12e/0x190 [ 236.612728] splice_direct_to_actor+0x270/0x8f0 [ 236.617385] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 236.622911] ? pipe_to_sendpage+0x400/0x400 [ 236.627237] ? do_splice_to+0x190/0x190 [ 236.631212] ? security_file_permission+0x1c2/0x230 [ 236.636231] ? rw_verify_area+0x118/0x360 [ 236.640371] do_splice_direct+0x2d4/0x420 [ 236.644513] ? splice_direct_to_actor+0x8f0/0x8f0 [ 236.649347] ? rw_verify_area+0x118/0x360 [ 236.653496] do_sendfile+0x62a/0xe20 [ 236.657204] ? do_compat_pwritev64+0x1c0/0x1c0 [ 236.661781] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 236.667313] ? _copy_from_user+0xdf/0x150 [ 236.671450] __x64_sys_sendfile64+0x15d/0x250 [ 236.675935] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 236.680512] do_syscall_64+0x1b9/0x820 [ 236.684488] ? syscall_return_slowpath+0x5e0/0x5e0 [ 236.689416] ? syscall_return_slowpath+0x31d/0x5e0 [ 236.694428] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 236.699436] ? prepare_exit_to_usermode+0x291/0x3b0 [ 236.704876] ? perf_trace_sys_enter+0xb10/0xb10 [ 236.709534] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 236.714393] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 236.719661] RIP: 0033:0x455e29 [ 236.722831] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 236.742682] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 236.750390] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 236.757652] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 236.764909] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 21:25:56 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{0x0, 0x0, 0xfffffdfd}}) 21:25:56 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x4}, 0x0) 21:25:56 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x8140, 0x0) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000040)={0x0, 0x1}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r2, 0x84, 0x79, &(0x7f00000000c0)={r3, 0x3, 0xa67}, 0x8) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:56 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x600000000000000}}) [ 236.772276] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 236.779541] R13: 00000000004c1113 R14: 00000000004d1540 R15: 000000000000004f 21:25:56 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4008ae6a, &(0x7f0000000040)={r2}) 21:25:56 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x600000000000000}}) 21:25:56 executing program 2 (fault-call:9 fault-nth:80): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:56 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x2}, 0x0) [ 236.951489] FAULT_INJECTION: forcing a failure. [ 236.951489] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 236.963408] CPU: 1 PID: 15409 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 236.971814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 236.981165] Call Trace: [ 236.983761] dump_stack+0x1c9/0x2b4 [ 236.987389] ? dump_stack_print_info.cold.2+0x52/0x52 [ 236.992571] should_fail.cold.4+0xa/0x11 [ 236.996650] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 237.001831] ? kasan_check_read+0x11/0x20 [ 237.005971] ? rcu_is_watching+0x8c/0x150 [ 237.010112] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 237.015637] ? xas_start+0x23d/0x740 [ 237.019358] ? trace_hardirqs_on+0x10/0x10 [ 237.023595] ? find_get_entry+0xa6d/0x1120 [ 237.027831] ? lock_downgrade+0x8f0/0x8f0 [ 237.031981] ? lock_acquire+0x1e4/0x540 [ 237.035941] ? fs_reclaim_acquire+0x20/0x20 [ 237.040967] ? lock_downgrade+0x8f0/0x8f0 [ 237.045103] ? check_same_owner+0x340/0x340 [ 237.049419] ? find_get_entry+0xa96/0x1120 [ 237.053641] ? rcu_note_context_switch+0x730/0x730 [ 237.058575] __alloc_pages_nodemask+0x36e/0xdb0 [ 237.063243] ? percpu_ref_put_many+0x119/0x240 [ 237.067824] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 237.072827] ? trace_hardirqs_on+0x10/0x10 [ 237.077058] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 237.082676] ? xas_start+0x23d/0x740 [ 237.086383] ? lock_acquire+0x1e4/0x540 [ 237.090350] ? xa_load+0x288/0x450 [ 237.093877] ? lock_downgrade+0x8f0/0x8f0 [ 237.098023] ? lock_release+0xa30/0xa30 [ 237.102095] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 237.107629] alloc_pages_current+0x10c/0x210 [ 237.112046] __page_cache_alloc+0x398/0x5e0 [ 237.116354] ? xa_load+0x2b1/0x450 [ 237.119887] ? xa_clear_tag+0x40/0x40 [ 237.123674] ? filemap_range_has_page+0x4c0/0x4c0 [ 237.128505] ? unwind_get_return_address+0x61/0xa0 [ 237.133435] __do_page_cache_readahead+0x24e/0x690 [ 237.138356] ? read_pages+0x680/0x680 [ 237.142163] ? lock_acquire+0x1e4/0x540 [ 237.146125] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 237.151224] ? lock_downgrade+0x8f0/0x8f0 [ 237.155358] ? lock_release+0xa30/0xa30 [ 237.159321] ondemand_readahead+0x550/0xc40 [ 237.163633] page_cache_sync_readahead+0x3a0/0x6d0 [ 237.168551] ? force_page_cache_readahead+0x360/0x360 [ 237.173735] ? lock_acquire+0x1e4/0x540 [ 237.177698] ? rcu_note_context_switch+0x730/0x730 [ 237.182623] ? check_same_owner+0x340/0x340 [ 237.186933] ? lock_release+0xa30/0xa30 [ 237.190984] generic_file_read_iter+0x1a87/0x2f10 [ 237.195830] ? filemap_write_and_wait_range+0xd0/0xd0 [ 237.201019] ? rcu_read_lock+0x70/0x70 [ 237.204894] ? __unlock_page_memcg+0x72/0x100 [ 237.209462] ? unlock_page_memcg+0x2c/0x40 [ 237.213692] ? page_add_file_rmap+0x781/0xe40 [ 237.218183] ? page_add_new_anon_rmap+0x870/0x870 [ 237.223383] ? lockdep_init_map+0x9/0x10 [ 237.227436] ? kasan_check_write+0x14/0x20 [ 237.231675] ? __init_rwsem+0x1cc/0x2a0 [ 237.235654] ? lock_acquire+0x1e4/0x540 [ 237.239629] ? alloc_set_pte+0x1133/0x1790 [ 237.243852] ? lock_release+0xa30/0xa30 [ 237.247823] ? xas_descend+0x20c/0x5f0 [ 237.251707] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 237.256725] ? check_pgprot+0xdf/0x180 [ 237.260607] ? put_page+0x280/0x280 [ 237.264761] ? kasan_check_write+0x14/0x20 [ 237.269004] ? do_raw_spin_lock+0xc1/0x200 [ 237.273327] ? alloc_set_pte+0xaf6/0x1790 [ 237.277475] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 237.282489] ? filemap_map_pages+0xca2/0x1990 [ 237.286988] ? trace_hardirqs_on+0x10/0x10 [ 237.291217] ? xa_set_tag+0x40/0x40 [ 237.294840] ? environ_open+0x90/0x90 [ 237.298651] ? trace_hardirqs_on+0x10/0x10 [ 237.302872] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 237.308400] ? trace_hardirqs_on+0x10/0x10 [ 237.312629] ? trace_hardirqs_on+0x10/0x10 [ 237.316855] ? find_get_entries_tag+0x1410/0x1410 [ 237.321698] ? trace_hardirqs_on+0x10/0x10 [ 237.325935] ? mntput_no_expire+0x18e/0xbc0 [ 237.330249] ? do_raw_spin_lock+0xc1/0x200 [ 237.334476] ? mnt_get_count+0x150/0x150 [ 237.338525] ? dput.part.26+0x276/0x7a0 [ 237.342494] ? shrink_dcache_sb+0x350/0x350 [ 237.346827] ? lock_acquire+0x1e4/0x540 [ 237.350801] ? __fdget_pos+0x1bb/0x200 [ 237.354691] ? lock_acquire+0x1e4/0x540 [ 237.358656] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 237.364179] ? fsnotify+0xbac/0x14e0 [ 237.367896] ext4_file_read_iter+0x18b/0x3c0 [ 237.372300] generic_file_splice_read+0x5a5/0x9a0 [ 237.377130] ? add_to_pipe+0x360/0x360 [ 237.381010] ? rw_verify_area+0x118/0x360 [ 237.385158] ? add_to_pipe+0x360/0x360 [ 237.389042] do_splice_to+0x12e/0x190 [ 237.392853] splice_direct_to_actor+0x270/0x8f0 [ 237.397540] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 237.403084] ? pipe_to_sendpage+0x400/0x400 [ 237.407395] ? do_splice_to+0x190/0x190 [ 237.411366] ? security_file_permission+0x1c2/0x230 [ 237.416378] ? rw_verify_area+0x118/0x360 [ 237.420522] do_splice_direct+0x2d4/0x420 [ 237.424670] ? splice_direct_to_actor+0x8f0/0x8f0 [ 237.429504] ? rw_verify_area+0x118/0x360 [ 237.433639] do_sendfile+0x62a/0xe20 [ 237.437358] ? do_compat_pwritev64+0x1c0/0x1c0 [ 237.441933] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 237.447461] ? _copy_from_user+0xdf/0x150 [ 237.451600] __x64_sys_sendfile64+0x15d/0x250 [ 237.456099] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 237.460766] do_syscall_64+0x1b9/0x820 [ 237.465834] ? finish_task_switch+0x1d3/0x870 [ 237.470327] ? syscall_return_slowpath+0x5e0/0x5e0 [ 237.475251] ? syscall_return_slowpath+0x31d/0x5e0 [ 237.480252] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 237.485253] ? prepare_exit_to_usermode+0x291/0x3b0 [ 237.490266] ? perf_trace_sys_enter+0xb10/0xb10 [ 237.494919] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 237.499758] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 237.504931] RIP: 0033:0x455e29 [ 237.508102] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 237.527282] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 237.534995] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 237.542254] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 237.549517] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 237.556771] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 237.564029] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000050 21:25:57 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x80000, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0x1523d0f21e2119f2) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, r0) syz_open_pts(r0, 0x0) 21:25:57 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{0x0, 0x0, 0xfdfdffff00000000}}) 21:25:57 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x4800000000000000}}) 21:25:57 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x4800000000000000}}) 21:25:57 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e24, 0x40, @mcast2={0xff, 0x2, [], 0x1}, 0x5}, 0x1c) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x3f, &(0x7f0000000000)=0xa71, 0x4) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:57 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x10}, 0x0) 21:25:57 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x5450, &(0x7f0000000040)={r2}) 21:25:57 executing program 2 (fault-call:9 fault-nth:81): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) [ 237.820715] FAULT_INJECTION: forcing a failure. [ 237.820715] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 237.832826] CPU: 1 PID: 15432 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 237.841235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 237.850615] Call Trace: [ 237.853363] dump_stack+0x1c9/0x2b4 [ 237.857007] ? dump_stack_print_info.cold.2+0x52/0x52 [ 237.862215] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 237.867059] should_fail.cold.4+0xa/0x11 [ 237.871140] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 237.876236] ? kasan_check_write+0x14/0x20 [ 237.880469] ? __schedule+0x884/0x1ed0 [ 237.884471] ? __sched_text_start+0x8/0x8 [ 237.888615] ? lock_downgrade+0x8f0/0x8f0 [ 237.892936] ? lock_acquire+0x1e4/0x540 [ 237.896898] ? fs_reclaim_acquire+0x20/0x20 [ 237.901294] ? lock_downgrade+0x8f0/0x8f0 [ 237.905438] ? check_same_owner+0x340/0x340 [ 237.909872] ? rcu_note_context_switch+0x730/0x730 [ 237.914807] __alloc_pages_nodemask+0x36e/0xdb0 [ 237.919476] ? percpu_ref_put_many+0x119/0x240 [ 237.924051] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 237.929062] ? retint_kernel+0x10/0x10 [ 237.932951] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 237.938478] ? xas_start+0x23d/0x740 [ 237.942182] ? lock_acquire+0x1e4/0x540 [ 237.946148] ? xa_load+0x288/0x450 [ 237.949682] ? lock_downgrade+0x8f0/0x8f0 [ 237.953832] ? lock_release+0xa30/0xa30 [ 237.957822] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 237.963451] alloc_pages_current+0x10c/0x210 [ 237.967943] __page_cache_alloc+0x398/0x5e0 [ 237.972257] ? xa_load+0x2b1/0x450 [ 237.975785] ? xa_clear_tag+0x40/0x40 [ 237.979593] ? filemap_range_has_page+0x4c0/0x4c0 [ 237.984427] ? unwind_get_return_address+0x61/0xa0 [ 237.989364] __do_page_cache_readahead+0x24e/0x690 [ 237.994300] ? read_pages+0x680/0x680 [ 237.998097] ? lock_acquire+0x1e4/0x540 [ 238.002071] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 238.007259] ? lock_downgrade+0x8f0/0x8f0 [ 238.011403] ? lock_release+0xa30/0xa30 [ 238.015371] ondemand_readahead+0x550/0xc40 [ 238.019691] page_cache_sync_readahead+0x3a0/0x6d0 [ 238.024613] ? force_page_cache_readahead+0x360/0x360 [ 238.029792] ? lock_acquire+0x1e4/0x540 [ 238.033765] ? rcu_note_context_switch+0x730/0x730 [ 238.040160] ? check_same_owner+0x340/0x340 [ 238.044479] ? lock_release+0xa30/0xa30 [ 238.048446] generic_file_read_iter+0x1a87/0x2f10 [ 238.053286] ? filemap_write_and_wait_range+0xd0/0xd0 [ 238.058466] ? rcu_read_lock+0x70/0x70 [ 238.062352] ? __unlock_page_memcg+0x72/0x100 [ 238.066838] ? unlock_page_memcg+0x2c/0x40 [ 238.071066] ? page_add_file_rmap+0x781/0xe40 [ 238.075556] ? page_add_new_anon_rmap+0x870/0x870 [ 238.080395] ? perf_trace_lock+0x920/0x920 [ 238.084629] ? lock_acquire+0x1e4/0x540 [ 238.088597] ? alloc_set_pte+0x1133/0x1790 [ 238.092835] ? lock_release+0xa30/0xa30 [ 238.096809] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 238.101819] ? check_pgprot+0xdf/0x180 [ 238.105695] ? put_page+0x280/0x280 [ 238.109331] ? kasan_check_write+0x14/0x20 [ 238.113552] ? do_raw_spin_lock+0xc1/0x200 [ 238.117780] ? alloc_set_pte+0xaf6/0x1790 [ 238.121926] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 238.126939] ? filemap_map_pages+0xca2/0x1990 [ 238.131435] ? trace_hardirqs_on+0x10/0x10 [ 238.135661] ? xa_set_tag+0x40/0x40 [ 238.139291] ? perf_trace_lock+0x920/0x920 [ 238.143610] ? environ_open+0x90/0x90 [ 238.147404] ? trace_hardirqs_on+0x10/0x10 [ 238.151722] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 238.157264] ? trace_hardirqs_on+0x10/0x10 [ 238.161494] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 238.166465] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 238.171303] ? perf_trace_lock+0x920/0x920 [ 238.175559] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 238.180408] ? perf_trace_lock+0x920/0x920 [ 238.184774] ? perf_trace_lock+0x920/0x920 [ 238.188998] ? shrink_dcache_sb+0x350/0x350 [ 238.193338] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 238.198176] ? __fdget_pos+0x1bb/0x200 [ 238.202058] ? lock_acquire+0x1e4/0x540 [ 238.206048] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 238.211576] ? fsnotify+0xbac/0x14e0 [ 238.215283] ext4_file_read_iter+0x18b/0x3c0 [ 238.219690] generic_file_splice_read+0x5a5/0x9a0 [ 238.224527] ? add_to_pipe+0x360/0x360 [ 238.228427] ? rw_verify_area+0x118/0x360 [ 238.232584] ? add_to_pipe+0x360/0x360 [ 238.236465] do_splice_to+0x12e/0x190 [ 238.240267] splice_direct_to_actor+0x270/0x8f0 [ 238.244931] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 238.250478] ? pipe_to_sendpage+0x400/0x400 [ 238.254800] ? do_splice_to+0x190/0x190 [ 238.258773] ? security_file_permission+0x1c2/0x230 [ 238.263778] ? rw_verify_area+0x118/0x360 [ 238.267930] do_splice_direct+0x2d4/0x420 [ 238.272068] ? splice_direct_to_actor+0x8f0/0x8f0 [ 238.276909] ? rw_verify_area+0x118/0x360 [ 238.281048] do_sendfile+0x62a/0xe20 [ 238.284850] ? do_compat_pwritev64+0x1c0/0x1c0 [ 238.289428] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 238.295038] ? _copy_from_user+0xdf/0x150 [ 238.299176] __x64_sys_sendfile64+0x15d/0x250 [ 238.303665] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 238.308240] do_syscall_64+0x1b9/0x820 [ 238.312124] ? finish_task_switch+0x1d3/0x870 [ 238.316616] ? syscall_return_slowpath+0x5e0/0x5e0 [ 238.321535] ? syscall_return_slowpath+0x31d/0x5e0 [ 238.326452] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 238.331475] ? prepare_exit_to_usermode+0x291/0x3b0 [ 238.337086] ? perf_trace_sys_enter+0xb10/0xb10 [ 238.341838] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 238.346676] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 238.351858] RIP: 0033:0x455e29 21:25:58 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x804, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x9, 0x80100) connect$pptp(r2, &(0x7f0000000040)={0x18, 0x2, {0x0, @local={0xac, 0x14, 0x14, 0xaa}}}, 0x1e) 21:25:58 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x4}}) 21:25:58 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x8}, 0x0) [ 238.355041] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 238.374279] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 238.381981] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 238.389242] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 238.396501] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 238.403754] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 238.411184] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000051 21:25:58 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x6c000000}}) 21:25:58 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x1000000000000}) 21:25:58 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x400000000000000}}) 21:25:58 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1300}, 0x0) 21:25:58 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x4c000000}}) 21:25:58 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) r1 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x62cb4077, 0x0) ioctl$EVIOCSFF(r1, 0x40304580, &(0x7f00000000c0)=ANY=[@ANYBLOB="56000000ff7f00807f0000000010000005000300080066070400c2cc186fdf72b2a8"]) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) ftruncate(r1, 0x7) r2 = epoll_create1(0x80000004000000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r2, 0x2, r0) r3 = syz_open_pts(r1, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 21:25:58 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{0x0, 0x0, 0xfdfdffff}}) 21:25:58 executing program 4: r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x8, 0x121000) ioctl$KVM_X86_SETUP_MCE(r0, 0x4008ae9c, &(0x7f0000000040)={0x4, 0x1, 0x7fff}) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r2 = socket$inet6(0xa, 0x2000000000003, 0x3) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r2, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r2, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:58 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0xfffffffffffff000}, 0x0) 21:25:58 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x68}}) 21:25:58 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x4000000}}) 21:25:58 executing program 2 (fault-call:9 fault-nth:82): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:58 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x1000000}) 21:25:58 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x7400}}) [ 238.717868] FAULT_INJECTION: forcing a failure. [ 238.717868] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 238.729814] CPU: 0 PID: 15511 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 238.738234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 238.747777] Call Trace: [ 238.750380] dump_stack+0x1c9/0x2b4 [ 238.754019] ? dump_stack_print_info.cold.2+0x52/0x52 [ 238.759219] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 238.764056] should_fail.cold.4+0xa/0x11 [ 238.768106] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 238.773202] ? kasan_check_write+0x14/0x20 [ 238.777437] ? __schedule+0x884/0x1ed0 [ 238.781326] ? __sched_text_start+0x8/0x8 [ 238.785465] ? lock_downgrade+0x8f0/0x8f0 [ 238.789604] ? lock_acquire+0x1e4/0x540 [ 238.793567] ? fs_reclaim_acquire+0x20/0x20 [ 238.798069] ? lock_downgrade+0x8f0/0x8f0 [ 238.802217] ? check_same_owner+0x340/0x340 [ 238.806551] ? rcu_note_context_switch+0x730/0x730 [ 238.811481] __alloc_pages_nodemask+0x36e/0xdb0 [ 238.816137] ? percpu_ref_put_many+0x119/0x240 [ 238.820709] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 238.825724] ? trace_hardirqs_on+0x10/0x10 [ 238.829948] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 238.834790] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 238.840323] ? xas_start+0x23d/0x740 [ 238.844029] ? lock_acquire+0x1e4/0x540 [ 238.847989] ? xa_load+0x288/0x450 [ 238.851528] ? lock_downgrade+0x8f0/0x8f0 [ 238.855666] ? lock_release+0xa30/0xa30 [ 238.859639] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 238.865178] alloc_pages_current+0x10c/0x210 [ 238.869596] __page_cache_alloc+0x398/0x5e0 [ 238.873989] ? xa_load+0x2b1/0x450 [ 238.877522] ? xa_clear_tag+0x40/0x40 [ 238.881410] ? filemap_range_has_page+0x4c0/0x4c0 [ 238.886253] ? __do_page_cache_readahead+0x25f/0x690 [ 238.891350] __do_page_cache_readahead+0x24e/0x690 [ 238.896285] ? read_pages+0x680/0x680 [ 238.900075] ? lock_acquire+0x1e4/0x540 [ 238.904124] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 238.909222] ? lock_downgrade+0x8f0/0x8f0 [ 238.913374] ? lock_release+0xa30/0xa30 [ 238.917352] ondemand_readahead+0x550/0xc40 [ 238.921669] page_cache_sync_readahead+0x3a0/0x6d0 [ 238.926588] ? force_page_cache_readahead+0x360/0x360 [ 238.931965] ? lock_acquire+0x1e4/0x540 [ 238.935929] ? rcu_note_context_switch+0x730/0x730 [ 238.940844] ? check_same_owner+0x340/0x340 [ 238.945164] ? lock_release+0xa30/0xa30 [ 238.949127] generic_file_read_iter+0x1a87/0x2f10 [ 238.953965] ? filemap_write_and_wait_range+0xd0/0xd0 [ 238.959138] ? rcu_read_lock+0x70/0x70 [ 238.963101] ? __unlock_page_memcg+0x72/0x100 [ 238.967613] ? unlock_page_memcg+0x2c/0x40 [ 238.971855] ? page_add_file_rmap+0x781/0xe40 [ 238.976436] ? page_add_new_anon_rmap+0x870/0x870 [ 238.981279] ? perf_trace_lock+0x920/0x920 [ 238.985507] ? lock_acquire+0x1e4/0x540 [ 238.989479] ? alloc_set_pte+0x1133/0x1790 [ 238.993701] ? lock_release+0xa30/0xa30 [ 238.997660] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 239.002666] ? check_pgprot+0xdf/0x180 [ 239.006539] ? put_page+0x280/0x280 [ 239.010154] ? kasan_check_write+0x14/0x20 [ 239.014382] ? do_raw_spin_lock+0xc1/0x200 [ 239.018606] ? alloc_set_pte+0xaf6/0x1790 [ 239.022751] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 239.027764] ? filemap_map_pages+0xca2/0x1990 [ 239.032335] ? trace_hardirqs_on+0x10/0x10 [ 239.036565] ? xa_set_tag+0x40/0x40 [ 239.040179] ? perf_trace_lock+0x920/0x920 [ 239.044402] ? environ_open+0x90/0x90 [ 239.048190] ? trace_hardirqs_on+0x10/0x10 [ 239.052409] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 239.057941] ? trace_hardirqs_on+0x10/0x10 [ 239.062169] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 239.067004] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 239.071852] ? perf_trace_lock+0x920/0x920 [ 239.076085] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 239.080912] ? perf_trace_lock+0x920/0x920 [ 239.085141] ? perf_trace_lock+0x920/0x920 [ 239.089389] ? shrink_dcache_sb+0x350/0x350 [ 239.093712] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 239.098540] ? __fdget_pos+0x1bb/0x200 [ 239.102419] ? lock_acquire+0x1e4/0x540 [ 239.106398] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 239.111924] ? fsnotify+0xbac/0x14e0 [ 239.115629] ext4_file_read_iter+0x18b/0x3c0 [ 239.120037] generic_file_splice_read+0x5a5/0x9a0 [ 239.124954] ? add_to_pipe+0x360/0x360 [ 239.128836] ? rw_verify_area+0x118/0x360 [ 239.132971] ? add_to_pipe+0x360/0x360 [ 239.136848] do_splice_to+0x12e/0x190 [ 239.140637] splice_direct_to_actor+0x270/0x8f0 [ 239.145314] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 239.150841] ? pipe_to_sendpage+0x400/0x400 [ 239.155152] ? do_splice_to+0x190/0x190 [ 239.159120] ? security_file_permission+0x1c2/0x230 [ 239.164219] ? rw_verify_area+0x118/0x360 [ 239.168373] do_splice_direct+0x2d4/0x420 [ 239.172519] ? splice_direct_to_actor+0x8f0/0x8f0 [ 239.177350] ? rw_verify_area+0x118/0x360 [ 239.181486] do_sendfile+0x62a/0xe20 [ 239.185190] ? do_compat_pwritev64+0x1c0/0x1c0 [ 239.189764] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 239.195294] ? _copy_from_user+0xdf/0x150 [ 239.199522] __x64_sys_sendfile64+0x15d/0x250 [ 239.204005] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 239.208589] do_syscall_64+0x1b9/0x820 [ 239.212472] ? finish_task_switch+0x1d3/0x870 [ 239.216957] ? syscall_return_slowpath+0x5e0/0x5e0 [ 239.221886] ? syscall_return_slowpath+0x31d/0x5e0 [ 239.226803] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 239.231808] ? prepare_exit_to_usermode+0x291/0x3b0 [ 239.236821] ? perf_trace_sys_enter+0xb10/0xb10 [ 239.241482] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 239.246318] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 239.251493] RIP: 0033:0x455e29 [ 239.254750] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 239.273953] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 239.281658] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 239.288914] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 239.296167] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 239.303431] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 239.310687] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000052 21:25:59 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x500000000000000}}) 21:25:59 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0xc00e000000000000}, 0x0) 21:25:59 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x48}}) [ 239.318934] irq bypass consumer (token 00000000ea5738d6) registration fails: -16 21:25:59 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0xfffffffffffffffc) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) getsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000000), &(0x7f0000000040)=0xb) r2 = syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x5, 0x10100) ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ff2000/0xe000)=nil, 0x1000, 0x1}) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e21, 0x1, @mcast1={0xff, 0x1, [], 0x1}, 0x2}, 0x1c) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000200)={{{@in6=@mcast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in=@loopback}}, &(0x7f0000000300)=0xe8) ioctl$sock_inet6_SIOCDIFADDR(r1, 0x8936, &(0x7f0000000340)={@loopback={0x0, 0x1}, 0x54, r3}) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f00000001c0)) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r2, 0xc02c5341, &(0x7f0000000140)) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) inotify_init() sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:59 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x7000000}}) 21:25:59 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0xfdfdffff}) 21:25:59 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0xf0ffffffffffff}, 0x0) 21:25:59 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x7a00000000000000}}) 21:25:59 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x300000000000000}}) 21:25:59 executing program 4: r0 = add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={0x73, 0x79, 0x7a, 0x0}, 0x0, 0x0, 0xfffffffffffffffa) request_key(&(0x7f0000000000)='pkcs7_test\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a, 0x2}, &(0x7f0000000080)='\x00', r0) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r2 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r2, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r2, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:25:59 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{0x0, 0x0, 0x0, 0xfffffdfd}}) 21:25:59 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) r1 = getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) r2 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x100, 0x0) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r3, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000200)={&(0x7f0000000100)={0x2c, r4, 0xd05, 0x70bd2c, 0x25dfdbfd, {0x9}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x4}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}]}, 0x2c}, 0x1}, 0x40) move_pages(r1, 0x1, &(0x7f0000000340)=[&(0x7f0000ffe000/0x2000)=nil], &(0x7f0000000380)=[0x100000000, 0x1000, 0x2, 0x606, 0x4, 0x3, 0x3], &(0x7f00000003c0)=[0x0, 0x0, 0x0], 0x2) epoll_ctl$EPOLL_CTL_DEL(r2, 0x2, r0) ioctl$EVIOCGSW(r3, 0x8040451b, &(0x7f0000000280)=""/172) ioctl$RTC_UIE_ON(r3, 0x7003) r5 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r5, 0x540a, 0x0) 21:25:59 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0xf}, 0x0) 21:25:59 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x80ffff00000000}) 21:25:59 executing program 2 (fault-call:9 fault-nth:83): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:25:59 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x7000000}}) [ 239.646242] FAULT_INJECTION: forcing a failure. [ 239.646242] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 239.658245] CPU: 0 PID: 15568 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 239.666756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 239.676204] Call Trace: [ 239.678801] dump_stack+0x1c9/0x2b4 [ 239.682455] ? dump_stack_print_info.cold.2+0x52/0x52 [ 239.687652] should_fail.cold.4+0xa/0x11 [ 239.691703] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 239.696792] ? kasan_check_read+0x11/0x20 [ 239.700932] ? rcu_is_watching+0x8c/0x150 [ 239.705073] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 239.710696] ? xas_start+0x23d/0x740 [ 239.714403] ? trace_hardirqs_on+0x10/0x10 [ 239.718626] ? find_get_entry+0xa6d/0x1120 [ 239.722850] ? lock_downgrade+0x8f0/0x8f0 [ 239.726995] ? lock_acquire+0x1e4/0x540 [ 239.730959] ? fs_reclaim_acquire+0x20/0x20 [ 239.735280] ? lock_downgrade+0x8f0/0x8f0 [ 239.739420] ? check_same_owner+0x340/0x340 [ 239.743738] ? find_get_entry+0xa96/0x1120 [ 239.747962] ? rcu_note_context_switch+0x730/0x730 [ 239.752880] __alloc_pages_nodemask+0x36e/0xdb0 [ 239.757535] ? percpu_ref_put_many+0x119/0x240 [ 239.762191] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 239.767211] ? trace_hardirqs_on+0x10/0x10 [ 239.771443] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 239.776966] ? xas_start+0x23d/0x740 [ 239.780672] ? lock_acquire+0x1e4/0x540 [ 239.784640] ? xa_load+0x288/0x450 [ 239.788166] ? lock_downgrade+0x8f0/0x8f0 [ 239.792311] ? lock_release+0xa30/0xa30 [ 239.796281] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 239.801810] alloc_pages_current+0x10c/0x210 [ 239.806215] __page_cache_alloc+0x398/0x5e0 [ 239.810522] ? xa_load+0x2b1/0x450 [ 239.814049] ? xa_clear_tag+0x40/0x40 [ 239.817844] ? filemap_range_has_page+0x4c0/0x4c0 [ 239.822676] ? unwind_get_return_address+0x61/0xa0 [ 239.827603] __do_page_cache_readahead+0x24e/0x690 [ 239.832529] ? read_pages+0x680/0x680 [ 239.836317] ? lock_acquire+0x1e4/0x540 [ 239.840277] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 239.845379] ? lock_downgrade+0x8f0/0x8f0 [ 239.849616] ? lock_release+0xa30/0xa30 [ 239.853581] ondemand_readahead+0x550/0xc40 [ 239.857893] page_cache_sync_readahead+0x3a0/0x6d0 [ 239.862845] ? force_page_cache_readahead+0x360/0x360 [ 239.868026] ? lock_acquire+0x1e4/0x540 [ 239.871999] ? rcu_note_context_switch+0x730/0x730 [ 239.876920] ? check_same_owner+0x340/0x340 [ 239.881245] ? lock_release+0xa30/0xa30 [ 239.885211] generic_file_read_iter+0x1a87/0x2f10 [ 239.890044] ? filemap_write_and_wait_range+0xd0/0xd0 [ 239.895219] ? rcu_read_lock+0x70/0x70 [ 239.899096] ? __unlock_page_memcg+0x72/0x100 [ 239.903587] ? unlock_page_memcg+0x2c/0x40 [ 239.907817] ? page_add_file_rmap+0x781/0xe40 [ 239.912318] ? page_add_new_anon_rmap+0x870/0x870 [ 239.917158] ? lockdep_init_map+0x9/0x10 [ 239.921206] ? kasan_check_write+0x14/0x20 [ 239.925424] ? __init_rwsem+0x1cc/0x2a0 [ 239.929398] ? lock_acquire+0x1e4/0x540 [ 239.933363] ? alloc_set_pte+0x1133/0x1790 [ 239.937584] ? lock_release+0xa30/0xa30 [ 239.941542] ? xas_descend+0x20c/0x5f0 [ 239.945415] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 239.950416] ? check_pgprot+0xdf/0x180 [ 239.954289] ? put_page+0x280/0x280 [ 239.957911] ? kasan_check_write+0x14/0x20 [ 239.962130] ? do_raw_spin_lock+0xc1/0x200 [ 239.966371] ? alloc_set_pte+0xaf6/0x1790 [ 239.970507] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 239.975511] ? filemap_map_pages+0xca2/0x1990 [ 239.980030] ? trace_hardirqs_on+0x10/0x10 [ 239.984258] ? xa_set_tag+0x40/0x40 [ 239.987875] ? environ_open+0x90/0x90 [ 239.991663] ? trace_hardirqs_on+0x10/0x10 [ 239.995903] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 240.001442] ? trace_hardirqs_on+0x10/0x10 [ 240.005665] ? trace_hardirqs_on+0x10/0x10 [ 240.009912] ? find_get_entries_tag+0x1410/0x1410 [ 240.014744] ? trace_hardirqs_on+0x10/0x10 [ 240.018983] ? mntput_no_expire+0x18e/0xbc0 [ 240.023311] ? do_raw_spin_lock+0xc1/0x200 [ 240.027533] ? mnt_get_count+0x150/0x150 [ 240.031582] ? dput.part.26+0x276/0x7a0 [ 240.035543] ? shrink_dcache_sb+0x350/0x350 [ 240.039851] ? lock_acquire+0x1e4/0x540 [ 240.043812] ? __fdget_pos+0x1bb/0x200 [ 240.047689] ? lock_acquire+0x1e4/0x540 [ 240.051648] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 240.057169] ? fsnotify+0xbac/0x14e0 [ 240.060874] ext4_file_read_iter+0x18b/0x3c0 [ 240.065272] generic_file_splice_read+0x5a5/0x9a0 [ 240.070114] ? add_to_pipe+0x360/0x360 [ 240.073995] ? rw_verify_area+0x118/0x360 [ 240.078132] ? add_to_pipe+0x360/0x360 [ 240.082008] do_splice_to+0x12e/0x190 [ 240.085802] splice_direct_to_actor+0x270/0x8f0 [ 240.090459] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 240.095994] ? pipe_to_sendpage+0x400/0x400 [ 240.100306] ? do_splice_to+0x190/0x190 [ 240.104269] ? security_file_permission+0x1c2/0x230 [ 240.109272] ? rw_verify_area+0x118/0x360 [ 240.113409] do_splice_direct+0x2d4/0x420 [ 240.117556] ? splice_direct_to_actor+0x8f0/0x8f0 [ 240.122384] ? rw_verify_area+0x118/0x360 [ 240.126517] do_sendfile+0x62a/0xe20 [ 240.130229] ? do_compat_pwritev64+0x1c0/0x1c0 [ 240.134804] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 240.140328] ? _copy_from_user+0xdf/0x150 [ 240.144468] __x64_sys_sendfile64+0x15d/0x250 [ 240.148964] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 240.153536] do_syscall_64+0x1b9/0x820 [ 240.157416] ? finish_task_switch+0x1d3/0x870 [ 240.161899] ? syscall_return_slowpath+0x5e0/0x5e0 [ 240.166816] ? syscall_return_slowpath+0x31d/0x5e0 [ 240.171740] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 240.176750] ? prepare_exit_to_usermode+0x291/0x3b0 [ 240.181756] ? perf_trace_sys_enter+0xb10/0xb10 [ 240.186424] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 240.191257] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 240.196435] RIP: 0033:0x455e29 [ 240.199624] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 240.218807] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 240.226503] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 240.233770] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 240.241039] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 21:26:00 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{0x0, 0x0, 0x0, 0xfdfdffff00000000}}) 21:26:00 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0x400300}, 0x0) 21:26:00 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x6c00000000000000}}) [ 240.248295] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 240.255746] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000053 21:26:00 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) r1 = syz_open_dev$adsp(&(0x7f0000000080)='/dev/adsp#\x00', 0x7571096, 0x100) inotify_add_watch(r1, &(0x7f00000000c0)='./file0\x00', 0xa88) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r2 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) ioctl$FICLONERANGE(r1, 0x4020940d, &(0x7f00000001c0)={r0, 0x0, 0x20, 0x1}) epoll_ctl$EPOLL_CTL_DEL(r2, 0x2, r0) r3 = syz_open_pts(r0, 0x0) ioctl$TCGETA(r0, 0x5405, &(0x7f0000000000)) ioctl$TCXONC(r3, 0x540a, 0x0) 21:26:00 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0x1000000}, 0x0) 21:26:00 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0xffff8000}) 21:26:00 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x60880, 0x0) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000800}, 0xc, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="502d1a102ea46b7f5e5ac186edeb53ae00000000000000000000000000000000000000000000", @ANYRES16=r3, @ANYBLOB="010828bd7000fedbdf25020000000800060001000000080006000700000008000500010000001c0003000800010002000000080007004e240000080007004e2000000800060003000000"], 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x4) bind$inet6(r1, &(0x7f00000001c0)={0xa, 0x4e22, 0x0, @remote={0xfe, 0x80, [], 0xbb}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x3, @empty, 0x7fffffff}, 0xfffffea0) 21:26:00 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x4c000000}}) 21:26:00 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{0x0, 0x0, 0x0, 0xfdfdffff}}) 21:26:00 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x300000000000000}}) 21:26:00 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0xffffff7f}, 0x0) 21:26:00 executing program 2 (fault-call:9 fault-nth:84): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:26:00 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x6800}}) 21:26:00 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x100000000000000}) [ 240.519124] FAULT_INJECTION: forcing a failure. [ 240.519124] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 240.531078] CPU: 0 PID: 15636 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 240.540097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 240.549453] Call Trace: [ 240.552043] dump_stack+0x1c9/0x2b4 [ 240.555708] ? dump_stack_print_info.cold.2+0x52/0x52 [ 240.560912] should_fail.cold.4+0xa/0x11 [ 240.564982] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 240.570083] ? kasan_check_read+0x11/0x20 [ 240.574234] ? rcu_is_watching+0x8c/0x150 [ 240.578386] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 240.583923] ? xas_start+0x23d/0x740 [ 240.587638] ? trace_hardirqs_on+0x10/0x10 [ 240.591870] ? find_get_entry+0xa6d/0x1120 [ 240.596102] ? lock_downgrade+0x8f0/0x8f0 [ 240.600255] ? lock_acquire+0x1e4/0x540 [ 240.604237] ? fs_reclaim_acquire+0x20/0x20 [ 240.608558] ? lock_downgrade+0x8f0/0x8f0 [ 240.612706] ? check_same_owner+0x340/0x340 [ 240.617044] ? find_get_entry+0xa96/0x1120 [ 240.621284] ? rcu_note_context_switch+0x730/0x730 [ 240.626219] __alloc_pages_nodemask+0x36e/0xdb0 [ 240.630888] ? percpu_ref_put_many+0x119/0x240 [ 240.635472] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 240.640502] ? retint_kernel+0x10/0x10 [ 240.644392] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 240.649937] ? xas_start+0x23d/0x740 [ 240.653650] ? lock_acquire+0x1e4/0x540 [ 240.657625] ? xa_load+0x288/0x450 [ 240.661161] ? lock_downgrade+0x8f0/0x8f0 [ 240.665329] ? lock_release+0xa30/0xa30 [ 240.669308] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 240.674844] alloc_pages_current+0x10c/0x210 [ 240.679266] __page_cache_alloc+0x398/0x5e0 [ 240.683597] ? xa_load+0x2b1/0x450 [ 240.687167] ? xa_clear_tag+0x40/0x40 [ 240.690965] ? filemap_range_has_page+0x4c0/0x4c0 [ 240.695804] ? unwind_get_return_address+0x61/0xa0 [ 240.700744] __do_page_cache_readahead+0x24e/0x690 [ 240.705680] ? read_pages+0x680/0x680 [ 240.709478] ? lock_acquire+0x1e4/0x540 [ 240.713459] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 240.718558] ? lock_downgrade+0x8f0/0x8f0 [ 240.722704] ? lock_release+0xa30/0xa30 [ 240.726682] ondemand_readahead+0x550/0xc40 [ 240.731019] page_cache_sync_readahead+0x3a0/0x6d0 [ 240.735950] ? force_page_cache_readahead+0x360/0x360 [ 240.741135] ? lock_acquire+0x1e4/0x540 [ 240.745103] ? rcu_note_context_switch+0x730/0x730 [ 240.750030] ? check_same_owner+0x340/0x340 [ 240.754348] ? lock_release+0xa30/0xa30 [ 240.758322] generic_file_read_iter+0x1a87/0x2f10 [ 240.763164] ? filemap_write_and_wait_range+0xd0/0xd0 [ 240.768341] ? rcu_read_lock+0x70/0x70 [ 240.772219] ? __unlock_page_memcg+0x72/0x100 [ 240.776700] ? unlock_page_memcg+0x2c/0x40 [ 240.780923] ? page_add_file_rmap+0x781/0xe40 [ 240.785404] ? page_add_new_anon_rmap+0x870/0x870 [ 240.790239] ? lockdep_init_map+0x9/0x10 [ 240.794291] ? kasan_check_write+0x14/0x20 [ 240.798510] ? __init_rwsem+0x1cc/0x2a0 [ 240.802474] ? lock_acquire+0x1e4/0x540 [ 240.806436] ? alloc_set_pte+0x1133/0x1790 [ 240.810662] ? lock_release+0xa30/0xa30 [ 240.814626] ? xas_descend+0x20c/0x5f0 [ 240.818502] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 240.823505] ? check_pgprot+0xdf/0x180 [ 240.827382] ? put_page+0x280/0x280 [ 240.830995] ? kasan_check_write+0x14/0x20 [ 240.835217] ? do_raw_spin_lock+0xc1/0x200 [ 240.839442] ? alloc_set_pte+0xaf6/0x1790 [ 240.843581] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 240.848583] ? filemap_map_pages+0xca2/0x1990 [ 240.853078] ? trace_hardirqs_on+0x10/0x10 [ 240.857342] ? xa_set_tag+0x40/0x40 [ 240.860956] ? environ_open+0x90/0x90 [ 240.864749] ? trace_hardirqs_on+0x10/0x10 [ 240.868976] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 240.874522] ? trace_hardirqs_on+0x10/0x10 [ 240.878769] ? trace_hardirqs_on+0x10/0x10 [ 240.883003] ? find_get_entries_tag+0x1410/0x1410 [ 240.887850] ? trace_hardirqs_on+0x10/0x10 [ 240.892162] ? mntput_no_expire+0x18e/0xbc0 [ 240.896485] ? do_raw_spin_lock+0xc1/0x200 [ 240.901490] ? mnt_get_count+0x150/0x150 [ 240.905548] ? dput.part.26+0x276/0x7a0 [ 240.909512] ? shrink_dcache_sb+0x350/0x350 [ 240.913826] ? lock_acquire+0x1e4/0x540 [ 240.917786] ? __fdget_pos+0x1bb/0x200 [ 240.921663] ? lock_acquire+0x1e4/0x540 [ 240.925637] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 240.931338] ? fsnotify+0xbac/0x14e0 [ 240.935042] ext4_file_read_iter+0x18b/0x3c0 [ 240.939442] generic_file_splice_read+0x5a5/0x9a0 [ 240.944277] ? add_to_pipe+0x360/0x360 [ 240.948182] ? rw_verify_area+0x118/0x360 [ 240.952319] ? add_to_pipe+0x360/0x360 [ 240.956194] do_splice_to+0x12e/0x190 [ 240.960000] splice_direct_to_actor+0x270/0x8f0 [ 240.964671] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 240.970217] ? pipe_to_sendpage+0x400/0x400 [ 240.974537] ? do_splice_to+0x190/0x190 [ 240.978603] ? security_file_permission+0x1c2/0x230 [ 240.983610] ? rw_verify_area+0x118/0x360 [ 240.987750] do_splice_direct+0x2d4/0x420 [ 240.991889] ? splice_direct_to_actor+0x8f0/0x8f0 [ 240.996720] ? rw_verify_area+0x118/0x360 [ 241.000865] do_sendfile+0x62a/0xe20 [ 241.004570] ? do_compat_pwritev64+0x1c0/0x1c0 [ 241.009147] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 241.014675] ? _copy_from_user+0xdf/0x150 [ 241.018809] __x64_sys_sendfile64+0x15d/0x250 [ 241.023295] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 241.027867] do_syscall_64+0x1b9/0x820 [ 241.031737] ? finish_task_switch+0x1d3/0x870 [ 241.036222] ? syscall_return_slowpath+0x5e0/0x5e0 [ 241.041143] ? syscall_return_slowpath+0x31d/0x5e0 [ 241.046067] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 241.051071] ? prepare_exit_to_usermode+0x291/0x3b0 [ 241.056079] ? perf_trace_sys_enter+0xb10/0xb10 [ 241.060734] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 241.065570] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 241.070758] RIP: 0033:0x455e29 [ 241.073931] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 241.093153] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 241.100866] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 241.108133] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 21:26:01 executing program 4: socketpair$inet(0x2, 0x5, 0x100, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000140), &(0x7f0000000180)=0x4) r2 = socket$inet6(0xa, 0x2000000000001, 0x0) r3 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r3, 0x1, 0x18, &(0x7f0000687000)=0x9, 0xffffffffffffff6a) bind$inet6(r3, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r3, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r2, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000040)={0x9, 0xfffffffffffffffe, 0x3, 0x6, 0x8000, 0x98, 0x6, 0xd3c, 0x0}, &(0x7f0000000080)=0x20) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f00000000c0)={r4, 0xfffffffffffffffd}, &(0x7f0000000100)=0x8) sendto$inet6(r2, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000001c0)={{{@in6=@mcast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6=@mcast2}}, &(0x7f00000002c0)=0xe8) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000300)={'team0\x00', r5}) 21:26:01 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0xf000}, 0x0) 21:26:01 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x4c00000000000000}}) 21:26:01 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{0x0, 0x0, 0x0, 0x0, 0xfffffdfd}}) [ 241.115402] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 241.122661] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 241.129916] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000054 21:26:01 executing program 2 (fault-call:9 fault-nth:85): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) [ 241.301868] FAULT_INJECTION: forcing a failure. [ 241.301868] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 241.313913] CPU: 1 PID: 15670 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 241.322348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 241.331699] Call Trace: [ 241.334276] dump_stack+0x1c9/0x2b4 [ 241.337895] ? dump_stack_print_info.cold.2+0x52/0x52 [ 241.343080] should_fail.cold.4+0xa/0x11 [ 241.347139] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 241.352246] ? kasan_check_read+0x11/0x20 [ 241.356398] ? rcu_is_watching+0x8c/0x150 [ 241.360634] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 241.366161] ? xas_start+0x23d/0x740 [ 241.369869] ? trace_hardirqs_on+0x10/0x10 [ 241.374110] ? find_get_entry+0xa6d/0x1120 [ 241.378360] ? lock_downgrade+0x8f0/0x8f0 [ 241.382526] ? lock_acquire+0x1e4/0x540 [ 241.386516] ? fs_reclaim_acquire+0x20/0x20 [ 241.390847] ? lock_downgrade+0x8f0/0x8f0 [ 241.395012] ? check_same_owner+0x340/0x340 [ 241.399355] ? find_get_entry+0xa96/0x1120 [ 241.403605] ? rcu_note_context_switch+0x730/0x730 [ 241.408543] __alloc_pages_nodemask+0x36e/0xdb0 [ 241.413208] ? percpu_ref_put_many+0x119/0x240 [ 241.417798] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 241.422810] ? trace_hardirqs_on+0x10/0x10 [ 241.427045] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 241.432574] ? xas_start+0x23d/0x740 [ 241.436372] ? lock_acquire+0x1e4/0x540 [ 241.440344] ? xa_load+0x288/0x450 [ 241.443880] ? lock_downgrade+0x8f0/0x8f0 [ 241.448024] ? lock_release+0xa30/0xa30 [ 241.452008] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 241.457545] alloc_pages_current+0x10c/0x210 [ 241.461956] __page_cache_alloc+0x398/0x5e0 [ 241.467495] ? xa_load+0x2b1/0x450 [ 241.471114] ? xa_clear_tag+0x40/0x40 [ 241.474996] ? filemap_range_has_page+0x4c0/0x4c0 [ 241.479842] ? unwind_get_return_address+0x61/0xa0 [ 241.484773] __do_page_cache_readahead+0x24e/0x690 [ 241.489700] ? read_pages+0x680/0x680 [ 241.493510] ? lock_acquire+0x1e4/0x540 [ 241.497477] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 241.502583] ? lock_downgrade+0x8f0/0x8f0 [ 241.506743] ? lock_release+0xa30/0xa30 [ 241.510711] ondemand_readahead+0x550/0xc40 [ 241.515047] page_cache_sync_readahead+0x3a0/0x6d0 [ 241.519976] ? force_page_cache_readahead+0x360/0x360 [ 241.525158] ? lock_acquire+0x1e4/0x540 [ 241.529136] ? rcu_note_context_switch+0x730/0x730 [ 241.534053] ? check_same_owner+0x340/0x340 [ 241.538370] ? lock_release+0xa30/0xa30 [ 241.542342] generic_file_read_iter+0x1a87/0x2f10 [ 241.547192] ? filemap_write_and_wait_range+0xd0/0xd0 [ 241.552372] ? rcu_read_lock+0x70/0x70 [ 241.556252] ? __unlock_page_memcg+0x72/0x100 [ 241.560751] ? unlock_page_memcg+0x2c/0x40 [ 241.564984] ? page_add_file_rmap+0x781/0xe40 [ 241.569470] ? page_add_new_anon_rmap+0x870/0x870 [ 241.574315] ? lockdep_init_map+0x9/0x10 [ 241.578367] ? kasan_check_write+0x14/0x20 [ 241.582595] ? __init_rwsem+0x1cc/0x2a0 [ 241.586579] ? lock_acquire+0x1e4/0x540 [ 241.590555] ? alloc_set_pte+0x1133/0x1790 [ 241.594789] ? lock_release+0xa30/0xa30 [ 241.598751] ? xas_descend+0x20c/0x5f0 [ 241.602641] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 241.607649] ? check_pgprot+0xdf/0x180 [ 241.611536] ? put_page+0x280/0x280 [ 241.615158] ? kasan_check_write+0x14/0x20 [ 241.619386] ? do_raw_spin_lock+0xc1/0x200 [ 241.623618] ? alloc_set_pte+0xaf6/0x1790 [ 241.627780] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 241.633329] ? filemap_map_pages+0xca2/0x1990 [ 241.637818] ? trace_hardirqs_on+0x10/0x10 [ 241.642043] ? xa_set_tag+0x40/0x40 [ 241.645659] ? environ_open+0x90/0x90 [ 241.649459] ? trace_hardirqs_on+0x10/0x10 [ 241.653687] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 241.659224] ? trace_hardirqs_on+0x10/0x10 [ 241.663461] ? trace_hardirqs_on+0x10/0x10 [ 241.667700] ? find_get_entries_tag+0x1410/0x1410 [ 241.672633] ? trace_hardirqs_on+0x10/0x10 [ 241.676862] ? mntput_no_expire+0x18e/0xbc0 [ 241.681181] ? do_raw_spin_lock+0xc1/0x200 [ 241.685405] ? mnt_get_count+0x150/0x150 [ 241.689458] ? dput.part.26+0x276/0x7a0 [ 241.693424] ? shrink_dcache_sb+0x350/0x350 [ 241.697744] ? lock_acquire+0x1e4/0x540 [ 241.701710] ? __fdget_pos+0x1bb/0x200 [ 241.705593] ? lock_acquire+0x1e4/0x540 [ 241.709560] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 241.715085] ? fsnotify+0xbac/0x14e0 [ 241.718792] ext4_file_read_iter+0x18b/0x3c0 [ 241.723197] generic_file_splice_read+0x5a5/0x9a0 [ 241.728300] ? add_to_pipe+0x360/0x360 [ 241.732197] ? rw_verify_area+0x118/0x360 [ 241.736339] ? add_to_pipe+0x360/0x360 [ 241.740219] do_splice_to+0x12e/0x190 [ 241.744019] splice_direct_to_actor+0x270/0x8f0 [ 241.748695] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 241.754237] ? pipe_to_sendpage+0x400/0x400 [ 241.758564] ? do_splice_to+0x190/0x190 [ 241.762542] ? security_file_permission+0x1c2/0x230 [ 241.767567] ? rw_verify_area+0x118/0x360 [ 241.771718] do_splice_direct+0x2d4/0x420 [ 241.775863] ? splice_direct_to_actor+0x8f0/0x8f0 [ 241.780706] ? rw_verify_area+0x118/0x360 [ 241.784857] do_sendfile+0x62a/0xe20 [ 241.788566] ? do_compat_pwritev64+0x1c0/0x1c0 [ 241.793149] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 241.798691] ? _copy_from_user+0xdf/0x150 [ 241.802841] __x64_sys_sendfile64+0x15d/0x250 [ 241.807335] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 241.811916] do_syscall_64+0x1b9/0x820 [ 241.815794] ? finish_task_switch+0x1d3/0x870 [ 241.820287] ? syscall_return_slowpath+0x5e0/0x5e0 [ 241.825211] ? syscall_return_slowpath+0x31d/0x5e0 [ 241.830143] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 241.835153] ? prepare_exit_to_usermode+0x291/0x3b0 [ 241.840159] ? perf_trace_sys_enter+0xb10/0xb10 [ 241.844817] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 241.849668] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 241.854849] RIP: 0033:0x455e29 [ 241.858027] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 241.877305] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 241.885024] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 241.892369] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 21:26:01 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x200, 0x0) ioctl$VHOST_GET_VRING_BASE(r1, 0xc008af12, &(0x7f0000000080)) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r2, 0x2, r0) r3 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 21:26:01 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000}}) 21:26:01 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0xfdfdffff00000000}) 21:26:01 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3}}) 21:26:01 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0xf00}, 0x0) 21:26:01 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0x20f, &(0x7f0000687000)=0x9, 0x4) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e21, 0x101, @loopback={0x0, 0x1}}, 0xffffffffffffff6b) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:26:01 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x1000000}}) [ 241.899719] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 241.906998] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 241.914259] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000055 21:26:01 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0x200000000000000}, 0x0) 21:26:01 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x6c00000000000000}}) 21:26:01 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x80ffff}) 21:26:01 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) getsockopt$SO_COOKIE(r1, 0x1, 0x39, &(0x7f0000000000), &(0x7f0000000040)=0x8) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:26:01 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x2}}) 21:26:02 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{0x0, 0x0, 0x0, 0x0, 0xfdfdffff}}) 21:26:02 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0x48010000}, 0x0) 21:26:02 executing program 2 (fault-call:9 fault-nth:86): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:26:02 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x8) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) [ 242.168568] FAULT_INJECTION: forcing a failure. [ 242.168568] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 242.180499] CPU: 1 PID: 15728 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 242.188901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 242.198255] Call Trace: [ 242.200854] dump_stack+0x1c9/0x2b4 [ 242.204494] ? dump_stack_print_info.cold.2+0x52/0x52 [ 242.209698] ? _raw_spin_unlock_irq+0x27/0x70 [ 242.214304] ? finish_task_switch+0x1d3/0x870 [ 242.218816] should_fail.cold.4+0xa/0x11 [ 242.222899] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 242.228016] ? kasan_check_write+0x14/0x20 [ 242.232256] ? __schedule+0x884/0x1ed0 [ 242.236147] ? trace_hardirqs_on+0x10/0x10 [ 242.240391] ? __sched_text_start+0x8/0x8 [ 242.244543] ? lock_downgrade+0x8f0/0x8f0 [ 242.248705] ? lock_acquire+0x1e4/0x540 [ 242.252698] ? fs_reclaim_acquire+0x20/0x20 [ 242.257032] ? lock_downgrade+0x8f0/0x8f0 [ 242.261179] ? check_same_owner+0x340/0x340 [ 242.265495] ? rcu_note_context_switch+0x730/0x730 [ 242.270426] __alloc_pages_nodemask+0x36e/0xdb0 [ 242.275089] ? percpu_ref_put_many+0x119/0x240 [ 242.279691] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 242.284694] ? trace_hardirqs_on+0x10/0x10 [ 242.288921] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 242.294442] ? xas_start+0x23d/0x740 [ 242.298145] ? lock_acquire+0x1e4/0x540 [ 242.302113] ? xa_load+0x288/0x450 [ 242.305660] ? lock_downgrade+0x8f0/0x8f0 [ 242.309800] ? lock_release+0xa30/0xa30 [ 242.313766] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 242.319304] alloc_pages_current+0x10c/0x210 [ 242.323733] __page_cache_alloc+0x398/0x5e0 [ 242.328046] ? xa_load+0x2b1/0x450 [ 242.331587] ? xa_clear_tag+0x40/0x40 [ 242.335374] ? filemap_range_has_page+0x4c0/0x4c0 [ 242.340264] ? __do_page_cache_readahead+0x3de/0x690 [ 242.345362] __do_page_cache_readahead+0x24e/0x690 [ 242.350279] ? read_pages+0x680/0x680 [ 242.354070] ? lock_acquire+0x1e4/0x540 [ 242.358036] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 242.363124] ? lock_downgrade+0x8f0/0x8f0 [ 242.367258] ? lock_release+0xa30/0xa30 [ 242.371224] ondemand_readahead+0x550/0xc40 [ 242.375533] page_cache_sync_readahead+0x3a0/0x6d0 [ 242.380451] ? force_page_cache_readahead+0x360/0x360 [ 242.385644] ? lock_acquire+0x1e4/0x540 [ 242.389628] ? rcu_note_context_switch+0x730/0x730 [ 242.394565] ? check_same_owner+0x340/0x340 [ 242.398888] ? lock_release+0xa30/0xa30 [ 242.402850] generic_file_read_iter+0x1a87/0x2f10 [ 242.407779] ? filemap_write_and_wait_range+0xd0/0xd0 [ 242.412962] ? rcu_read_lock+0x70/0x70 [ 242.416843] ? __unlock_page_memcg+0x72/0x100 [ 242.421325] ? unlock_page_memcg+0x2c/0x40 [ 242.425547] ? page_add_file_rmap+0x781/0xe40 [ 242.430044] ? page_add_new_anon_rmap+0x870/0x870 [ 242.434963] ? lockdep_init_map+0x9/0x10 [ 242.439012] ? kasan_check_write+0x14/0x20 [ 242.443240] ? __init_rwsem+0x1cc/0x2a0 [ 242.447217] ? lock_acquire+0x1e4/0x540 [ 242.451178] ? alloc_set_pte+0x1133/0x1790 [ 242.455406] ? lock_release+0xa30/0xa30 [ 242.459377] ? xas_descend+0x20c/0x5f0 [ 242.463257] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 242.468264] ? check_pgprot+0xdf/0x180 [ 242.472154] ? put_page+0x280/0x280 [ 242.475773] ? kasan_check_write+0x14/0x20 [ 242.479996] ? do_raw_spin_lock+0xc1/0x200 [ 242.484225] ? alloc_set_pte+0xaf6/0x1790 [ 242.488362] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 242.493373] ? filemap_map_pages+0xca2/0x1990 [ 242.497856] ? trace_hardirqs_on+0x10/0x10 [ 242.502080] ? xa_set_tag+0x40/0x40 [ 242.505716] ? environ_open+0x90/0x90 [ 242.509517] ? trace_hardirqs_on+0x10/0x10 [ 242.513740] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 242.519267] ? trace_hardirqs_on+0x10/0x10 [ 242.523492] ? trace_hardirqs_on+0x10/0x10 [ 242.527731] ? find_get_entries_tag+0x1410/0x1410 [ 242.532576] ? trace_hardirqs_on+0x10/0x10 [ 242.536799] ? mntput_no_expire+0x18e/0xbc0 [ 242.541110] ? do_raw_spin_lock+0xc1/0x200 [ 242.545330] ? mnt_get_count+0x150/0x150 [ 242.549378] ? dput.part.26+0x276/0x7a0 [ 242.553339] ? shrink_dcache_sb+0x350/0x350 [ 242.557651] ? lock_acquire+0x1e4/0x540 [ 242.561615] ? __fdget_pos+0x1bb/0x200 [ 242.565595] ? lock_acquire+0x1e4/0x540 [ 242.569566] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 242.575097] ? fsnotify+0xbac/0x14e0 [ 242.578800] ext4_file_read_iter+0x18b/0x3c0 [ 242.583199] generic_file_splice_read+0x5a5/0x9a0 [ 242.588045] ? add_to_pipe+0x360/0x360 [ 242.591924] ? rw_verify_area+0x118/0x360 [ 242.596059] ? add_to_pipe+0x360/0x360 [ 242.600026] do_splice_to+0x12e/0x190 [ 242.603822] splice_direct_to_actor+0x270/0x8f0 [ 242.608482] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 242.614013] ? pipe_to_sendpage+0x400/0x400 [ 242.618339] ? do_splice_to+0x190/0x190 [ 242.622310] ? security_file_permission+0x1c2/0x230 [ 242.627326] ? rw_verify_area+0x118/0x360 [ 242.631477] do_splice_direct+0x2d4/0x420 [ 242.635634] ? splice_direct_to_actor+0x8f0/0x8f0 [ 242.640478] ? rw_verify_area+0x118/0x360 [ 242.644624] do_sendfile+0x62a/0xe20 [ 242.648336] ? do_compat_pwritev64+0x1c0/0x1c0 [ 242.652915] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 242.658459] ? _copy_from_user+0xdf/0x150 [ 242.662603] __x64_sys_sendfile64+0x15d/0x250 [ 242.667101] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 242.671702] do_syscall_64+0x1b9/0x820 [ 242.675582] ? finish_task_switch+0x1d3/0x870 [ 242.680075] ? syscall_return_slowpath+0x5e0/0x5e0 [ 242.685003] ? syscall_return_slowpath+0x31d/0x5e0 [ 242.689926] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 242.694935] ? prepare_exit_to_usermode+0x291/0x3b0 [ 242.699943] ? perf_trace_sys_enter+0xb10/0xb10 [ 242.704615] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 242.709451] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 242.714632] RIP: 0033:0x455e29 [ 242.717804] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 242.737061] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 242.744779] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 242.752044] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 242.759318] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 242.766582] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 242.773838] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000056 21:26:02 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000000)=0x7fff) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 21:26:02 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x2000000}}) 21:26:02 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0xfffffdfd}) 21:26:02 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x7400000000000000}}) 21:26:02 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{}, [0xfffffdfd]}) 21:26:02 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0xf0ffffff}, 0x0) 21:26:02 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e21, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = dup3(r0, r0, 0x80000) setsockopt$bt_BT_VOICE(r2, 0x112, 0xb, &(0x7f0000000000)=0x7, 0x2) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:26:02 executing program 2 (fault-call:9 fault-nth:87): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:26:03 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0xfffffff0}, 0x0) [ 243.058785] FAULT_INJECTION: forcing a failure. [ 243.058785] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 243.070928] CPU: 1 PID: 15761 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 243.079357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 243.088729] Call Trace: [ 243.091326] dump_stack+0x1c9/0x2b4 [ 243.094990] ? dump_stack_print_info.cold.2+0x52/0x52 [ 243.100196] should_fail.cold.4+0xa/0x11 21:26:03 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x0, 0xfffffdfd}) 21:26:03 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0xf00000000000000}, 0x0) 21:26:03 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x4000000}}) [ 243.104275] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 243.109396] ? kasan_check_read+0x11/0x20 [ 243.113554] ? rcu_is_watching+0x8c/0x150 [ 243.117717] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 243.123284] ? xas_start+0x23d/0x740 [ 243.127007] ? trace_hardirqs_on+0x10/0x10 [ 243.131251] ? find_get_entry+0xa6d/0x1120 [ 243.135494] ? lock_downgrade+0x8f0/0x8f0 [ 243.139657] ? lock_acquire+0x1e4/0x540 [ 243.143640] ? fs_reclaim_acquire+0x20/0x20 [ 243.147975] ? lock_downgrade+0x8f0/0x8f0 [ 243.152138] ? check_same_owner+0x340/0x340 [ 243.156640] ? find_get_entry+0xa96/0x1120 [ 243.160870] ? rcu_note_context_switch+0x730/0x730 [ 243.165813] __alloc_pages_nodemask+0x36e/0xdb0 [ 243.170475] ? percpu_ref_put_many+0x119/0x240 [ 243.175049] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 243.180062] ? trace_hardirqs_on+0x10/0x10 [ 243.184289] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 243.189811] ? xas_start+0x23d/0x740 [ 243.193513] ? lock_acquire+0x1e4/0x540 [ 243.197471] ? xa_load+0x288/0x450 [ 243.200997] ? lock_downgrade+0x8f0/0x8f0 [ 243.205133] ? lock_release+0xa30/0xa30 [ 243.209097] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 243.214732] alloc_pages_current+0x10c/0x210 [ 243.219133] __page_cache_alloc+0x398/0x5e0 [ 243.223438] ? xa_load+0x2b1/0x450 [ 243.226979] ? xa_clear_tag+0x40/0x40 [ 243.230782] ? filemap_range_has_page+0x4c0/0x4c0 [ 243.235610] ? unwind_get_return_address+0x61/0xa0 [ 243.240544] __do_page_cache_readahead+0x24e/0x690 [ 243.245548] ? read_pages+0x680/0x680 [ 243.249333] ? lock_acquire+0x1e4/0x540 [ 243.253295] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 243.258384] ? lock_downgrade+0x8f0/0x8f0 [ 243.262517] ? lock_release+0xa30/0xa30 [ 243.266479] ondemand_readahead+0x550/0xc40 [ 243.270792] page_cache_sync_readahead+0x3a0/0x6d0 [ 243.275712] ? force_page_cache_readahead+0x360/0x360 [ 243.280888] ? lock_acquire+0x1e4/0x540 [ 243.284855] ? rcu_note_context_switch+0x730/0x730 [ 243.289767] ? check_same_owner+0x340/0x340 [ 243.294075] ? lock_release+0xa30/0xa30 [ 243.298035] generic_file_read_iter+0x1a87/0x2f10 [ 243.302878] ? filemap_write_and_wait_range+0xd0/0xd0 [ 243.308052] ? rcu_read_lock+0x70/0x70 [ 243.311927] ? __unlock_page_memcg+0x72/0x100 [ 243.316406] ? unlock_page_memcg+0x2c/0x40 [ 243.320627] ? page_add_file_rmap+0x781/0xe40 [ 243.325204] ? page_add_new_anon_rmap+0x870/0x870 [ 243.330034] ? lockdep_init_map+0x9/0x10 [ 243.334172] ? kasan_check_write+0x14/0x20 [ 243.338394] ? __init_rwsem+0x1cc/0x2a0 [ 243.342370] ? lock_acquire+0x1e4/0x540 [ 243.346335] ? alloc_set_pte+0x1133/0x1790 [ 243.350558] ? lock_release+0xa30/0xa30 [ 243.354522] ? xas_descend+0x20c/0x5f0 [ 243.358413] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 243.363419] ? check_pgprot+0xdf/0x180 [ 243.367292] ? put_page+0x280/0x280 [ 243.370903] ? kasan_check_write+0x14/0x20 [ 243.375125] ? do_raw_spin_lock+0xc1/0x200 [ 243.379360] ? alloc_set_pte+0xaf6/0x1790 [ 243.383501] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 243.388513] ? filemap_map_pages+0xca2/0x1990 [ 243.392997] ? trace_hardirqs_on+0x10/0x10 [ 243.397318] ? xa_set_tag+0x40/0x40 [ 243.400939] ? environ_open+0x90/0x90 [ 243.404724] ? trace_hardirqs_on+0x10/0x10 [ 243.408943] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 243.414469] ? trace_hardirqs_on+0x10/0x10 [ 243.418702] ? trace_hardirqs_on+0x10/0x10 [ 243.422936] ? find_get_entries_tag+0x1410/0x1410 [ 243.427770] ? trace_hardirqs_on+0x10/0x10 [ 243.431995] ? mntput_no_expire+0x18e/0xbc0 [ 243.436312] ? do_raw_spin_lock+0xc1/0x200 [ 243.440530] ? mnt_get_count+0x150/0x150 [ 243.444598] ? dput.part.26+0x276/0x7a0 [ 243.448583] ? shrink_dcache_sb+0x350/0x350 [ 243.452894] ? lock_acquire+0x1e4/0x540 [ 243.456857] ? __fdget_pos+0x1bb/0x200 [ 243.460737] ? lock_acquire+0x1e4/0x540 [ 243.465614] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 243.471150] ? fsnotify+0xbac/0x14e0 [ 243.474862] ext4_file_read_iter+0x18b/0x3c0 [ 243.479270] generic_file_splice_read+0x5a5/0x9a0 [ 243.484101] ? add_to_pipe+0x360/0x360 [ 243.487995] ? rw_verify_area+0x118/0x360 [ 243.492143] ? add_to_pipe+0x360/0x360 [ 243.496034] do_splice_to+0x12e/0x190 [ 243.499825] splice_direct_to_actor+0x270/0x8f0 [ 243.504488] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 243.510021] ? pipe_to_sendpage+0x400/0x400 [ 243.514333] ? do_splice_to+0x190/0x190 [ 243.518295] ? security_file_permission+0x1c2/0x230 [ 243.523476] ? rw_verify_area+0x118/0x360 [ 243.527617] do_splice_direct+0x2d4/0x420 [ 243.531764] ? splice_direct_to_actor+0x8f0/0x8f0 [ 243.536595] ? rw_verify_area+0x118/0x360 [ 243.540732] do_sendfile+0x62a/0xe20 [ 243.544529] ? do_compat_pwritev64+0x1c0/0x1c0 [ 243.549107] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 243.554643] ? _copy_from_user+0xdf/0x150 [ 243.558789] __x64_sys_sendfile64+0x15d/0x250 [ 243.563270] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 243.567841] do_syscall_64+0x1b9/0x820 [ 243.571975] ? finish_task_switch+0x1d3/0x870 [ 243.576466] ? syscall_return_slowpath+0x5e0/0x5e0 [ 243.581391] ? syscall_return_slowpath+0x31d/0x5e0 [ 243.586306] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 243.591325] ? prepare_exit_to_usermode+0x291/0x3b0 [ 243.596327] ? perf_trace_sys_enter+0xb10/0xb10 [ 243.600983] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 243.605816] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 243.610996] RIP: 0033:0x455e29 [ 243.614168] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 243.633345] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 243.641044] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 243.648315] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 21:26:03 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0x2000000d, &(0x7f0000687000)=0x9, 0x4) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$KDGKBMETA(r3, 0x4b62, &(0x7f00000000c0)) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000000100), &(0x7f0000000180)=0x4) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f0000000100), 0x0, 0x20000000, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r4 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x7, 0x88000) ioctl$KDGETMODE(r4, 0x4b3b, &(0x7f0000000040)) 21:26:03 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x6c00}}) [ 243.655569] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 243.662825] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 243.670079] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000057 21:26:03 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{}, [0xfdfdffff00000000]}) 21:26:03 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x1000000}}) 21:26:03 executing program 2 (fault-call:9 fault-nth:88): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:26:03 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x5000000}}) 21:26:03 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0xfffff000}, 0x0) 21:26:03 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x0, 0x1000000000000}) 21:26:03 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = fcntl$dupfd(r0, 0x406, r0) recvmsg$kcm(r1, &(0x7f0000000480)={&(0x7f0000000040)=@generic, 0x80, &(0x7f0000000380)=[{&(0x7f00000000c0)=""/192, 0xffffffffffffff27}, {&(0x7f0000000180)=""/67, 0x43}, {&(0x7f0000000200)=""/92, 0x5c}, {&(0x7f0000000280)=""/201, 0xc9}], 0x4, &(0x7f00000003c0)=""/132, 0x84, 0x1ff}, 0x0) r2 = socket$inet6(0xa, 0xe, 0x8000000005) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) read$eventfd(r1, &(0x7f00000004c0), 0x8) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x3, @loopback={0x0, 0x1}, 0xfffffffffffffffc}, 0xfffffffffffffef1) sendto$inet6(r2, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:26:03 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3000000}}) 21:26:03 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x80) ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0) pipe2(&(0x7f0000000400)={0xffffffffffffffff}, 0x0) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r1, 0x84, 0x1b, &(0x7f0000000540)={0x0, 0x7a, "9b6b6788a72ca9061a7d76bf9c0c74b6b10d651e9d2d6fb03c7938b528b1d12339d60c586a036edce9e6ece9d7622b3db3c2dad6a60a99470e2a5cc85f1d2f20d449da38e07926ea3f6cb79611025e856ddd419dfbcd5354a47296d8ecfcce06089854ab0c2a3a2a9c170efec77910c63530b8f582c57fc0f905"}, &(0x7f0000000600)=0x82) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r2, 0x84, 0x19, &(0x7f0000000640)={r3, 0x8}, 0x8) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r4 = epoll_create1(0x0) accept$packet(r2, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000480)=0x14) ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f00000004c0)={@mcast2={0xff, 0x2, [], 0x1}, @ipv4={[], [0xff, 0xff], @remote={0xac, 0x14, 0x14, 0xbb}}, @empty, 0xb0c, 0x6, 0x1, 0x100, 0x7, 0x100000, r5}) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000240)={{{@in6=@loopback, @in6}}, {{@in=@multicast1}, 0x0, @in=@multicast2}}, &(0x7f0000000080)=0xe8) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r4, 0x2, r0) r6 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r6, 0x540a, 0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, &(0x7f0000000340)={0x0, 0x78, "916128a5001e557863969884222fff1acdb923681e96667f6ecdcae78f7a47d2a7d5029abf7e9df82079c01d16346411cba93c58afcc170b7ab225c558108d5f8a5cda2475a48b7ef891df0cafd7b8ff48dfcb0e89a6334049432e8dd54e0b5db8c05c001fad794916dccb68dd49bc137a65f94bef9dd4f7"}, &(0x7f00000000c0)=0x80) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f00000001c0)={r7, 0x1, 0x2, 0x5, 0x4a56, 0x45}, &(0x7f00000003c0)=0x14) 21:26:03 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{}, [0xfdfdffff]}) 21:26:04 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x600}}) 21:26:04 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0x10800f, &(0x7f0000687000)=0x40000000000000d, 0x2c0) getsockopt$IP6T_SO_GET_REVISION_TARGET(r0, 0x29, 0x45, &(0x7f0000000100)={'ipvs\x00'}, &(0x7f0000000140)=0x1e) r2 = accept(r0, &(0x7f0000000000)=@ipx, &(0x7f0000000080)=0x80) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000000c0)="f9398a7d233a9be0d02bd7f29636a8a3", 0x10) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r2, 0x0, 0x61, &(0x7f0000000180)={'filter\x00', 0x4}, 0x68) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:26:04 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x4800}}) 21:26:04 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0x148}, 0x0) 21:26:04 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{}, [0x0, 0xfffffdfd]}) [ 244.104497] FAULT_INJECTION: forcing a failure. [ 244.104497] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 244.116484] CPU: 0 PID: 15836 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 244.124896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 244.134255] Call Trace: [ 244.136854] dump_stack+0x1c9/0x2b4 [ 244.140495] ? dump_stack_print_info.cold.2+0x52/0x52 [ 244.145703] should_fail.cold.4+0xa/0x11 [ 244.149786] ? fault_create_debugfs_attr+0x1f0/0x1f0 21:26:04 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0x2}, 0x0) 21:26:04 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x0, 0xfdfdffff}) [ 244.154910] ? kasan_check_read+0x11/0x20 [ 244.159068] ? rcu_is_watching+0x8c/0x150 [ 244.163244] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 244.168790] ? xas_start+0x23d/0x740 [ 244.172712] ? trace_hardirqs_on+0x10/0x10 [ 244.176963] ? find_get_entry+0xa6d/0x1120 [ 244.181247] ? lock_downgrade+0x8f0/0x8f0 [ 244.185419] ? lock_acquire+0x1e4/0x540 [ 244.189400] ? fs_reclaim_acquire+0x20/0x20 [ 244.193737] ? lock_downgrade+0x8f0/0x8f0 [ 244.197880] ? check_same_owner+0x340/0x340 [ 244.202198] ? find_get_entry+0xa96/0x1120 [ 244.206427] ? rcu_note_context_switch+0x730/0x730 [ 244.211440] __alloc_pages_nodemask+0x36e/0xdb0 [ 244.216097] ? percpu_ref_put_many+0x119/0x240 [ 244.220668] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 244.225671] ? trace_hardirqs_on+0x10/0x10 [ 244.230073] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 244.234943] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 244.240465] ? xas_start+0x23d/0x740 [ 244.244177] ? lock_acquire+0x1e4/0x540 [ 244.248138] ? xa_load+0x288/0x450 [ 244.251668] ? lock_downgrade+0x8f0/0x8f0 [ 244.255822] ? lock_release+0xa30/0xa30 [ 244.259789] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 244.265324] alloc_pages_current+0x10c/0x210 [ 244.270763] __page_cache_alloc+0x398/0x5e0 [ 244.275069] ? xa_load+0x2b1/0x450 [ 244.278599] ? xa_clear_tag+0x40/0x40 [ 244.282395] ? filemap_range_has_page+0x4c0/0x4c0 [ 244.287225] ? rb_next+0x140/0x140 [ 244.290770] __do_page_cache_readahead+0x24e/0x690 [ 244.295707] ? read_pages+0x680/0x680 [ 244.299495] ? lock_acquire+0x1e4/0x540 [ 244.303452] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 244.308537] ? lock_downgrade+0x8f0/0x8f0 [ 244.312669] ? lock_release+0xa30/0xa30 [ 244.316628] ondemand_readahead+0x550/0xc40 [ 244.320957] page_cache_sync_readahead+0x3a0/0x6d0 [ 244.325887] ? force_page_cache_readahead+0x360/0x360 [ 244.331072] ? lock_acquire+0x1e4/0x540 [ 244.335034] ? rcu_note_context_switch+0x730/0x730 [ 244.339959] ? check_same_owner+0x340/0x340 [ 244.344283] ? lock_release+0xa30/0xa30 [ 244.348256] generic_file_read_iter+0x1a87/0x2f10 [ 244.353097] ? filemap_write_and_wait_range+0xd0/0xd0 [ 244.358272] ? __update_load_avg_blocked_se.isra.34+0x460/0x460 [ 244.364315] ? update_load_avg+0x2de/0x2590 [ 244.368635] ? page_add_new_anon_rmap+0x870/0x870 [ 244.373463] ? attach_entity_load_avg+0x860/0x860 [ 244.378294] ? perf_trace_lock+0x920/0x920 [ 244.382513] ? update_load_avg+0x2de/0x2590 [ 244.386830] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 244.391668] ? attach_entity_load_avg+0x860/0x860 [ 244.396496] ? perf_trace_lock+0x920/0x920 [ 244.400726] ? alloc_set_pte+0x1133/0x1790 [ 244.404948] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 244.409788] ? lock_release+0xa30/0xa30 [ 244.413762] ? rb_erase+0x3550/0x3550 [ 244.417546] ? perf_trace_lock+0x920/0x920 [ 244.422028] ? do_raw_spin_lock+0xc1/0x200 [ 244.426254] ? lock_acquire+0x1e4/0x540 [ 244.430220] ? cpuacct_charge+0x2eb/0x5d0 [ 244.434357] ? lock_downgrade+0x8f0/0x8f0 [ 244.438494] ? trace_hardirqs_on+0x10/0x10 [ 244.442717] ? lock_acquire+0x1e4/0x540 [ 244.446681] ? update_curr+0x4c8/0xc00 [ 244.450561] ? trace_hardirqs_on+0x10/0x10 [ 244.454787] ? lock_release+0xa30/0xa30 [ 244.458946] ? cpuacct_charge+0x30a/0x5d0 [ 244.463100] ? trace_hardirqs_on+0x10/0x10 [ 244.467325] ? trace_hardirqs_on+0x10/0x10 [ 244.471553] ? trace_hardirqs_on+0x10/0x10 [ 244.475784] ? update_curr+0x4e7/0xc00 [ 244.479660] ? __account_cfs_rq_runtime+0x770/0x770 [ 244.484662] ? trace_hardirqs_on+0x10/0x10 [ 244.488896] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 244.494516] ? __perf_event_task_sched_out+0x2f0/0x1a60 [ 244.499870] ? active_load_balance_cpu_stop+0x1030/0x1030 [ 244.505403] ? lock_acquire+0x1e4/0x540 [ 244.509362] ? __fdget_pos+0x1bb/0x200 [ 244.513238] ? __perf_event_task_sched_in+0x24f/0xbb0 [ 244.518419] ? lock_acquire+0x1e4/0x540 [ 244.522380] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 244.527902] ? fsnotify+0xbac/0x14e0 [ 244.531601] ext4_file_read_iter+0x18b/0x3c0 [ 244.536019] generic_file_splice_read+0x5a5/0x9a0 [ 244.541025] ? add_to_pipe+0x360/0x360 [ 244.544904] ? rw_verify_area+0x118/0x360 [ 244.549047] ? add_to_pipe+0x360/0x360 [ 244.552931] do_splice_to+0x12e/0x190 [ 244.556721] splice_direct_to_actor+0x270/0x8f0 [ 244.561374] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 244.566928] ? pipe_to_sendpage+0x400/0x400 [ 244.571244] ? do_splice_to+0x190/0x190 [ 244.575212] ? security_file_permission+0x1c2/0x230 [ 244.580216] ? rw_verify_area+0x118/0x360 [ 244.584351] do_splice_direct+0x2d4/0x420 [ 244.588487] ? splice_direct_to_actor+0x8f0/0x8f0 [ 244.593328] ? rw_verify_area+0x118/0x360 [ 244.597471] do_sendfile+0x62a/0xe20 [ 244.601266] ? do_compat_pwritev64+0x1c0/0x1c0 [ 244.605846] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 244.611374] ? _copy_from_user+0xdf/0x150 [ 244.615516] __x64_sys_sendfile64+0x15d/0x250 [ 244.620024] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 244.624611] do_syscall_64+0x1b9/0x820 [ 244.628495] ? syscall_slow_exit_work+0x500/0x500 [ 244.633330] ? syscall_return_slowpath+0x5e0/0x5e0 [ 244.638252] ? syscall_return_slowpath+0x31d/0x5e0 [ 244.643179] ? prepare_exit_to_usermode+0x291/0x3b0 [ 244.648186] ? perf_trace_sys_enter+0xb10/0xb10 [ 244.652843] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 244.657677] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 244.662860] RIP: 0033:0x455e29 [ 244.666035] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 244.685220] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 244.692923] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 244.700180] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 244.707435] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 244.714693] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 244.721952] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000058 21:26:04 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x0, 0xffff8000}) 21:26:04 executing program 2 (fault-call:9 fault-nth:89): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:26:04 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{}, [0x0, 0xfdfdffff00000000]}) 21:26:04 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x4c}}) 21:26:04 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0x40030000000000}, 0x0) 21:26:04 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x6800}}) 21:26:04 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000001340)=0x9, 0x2a6) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) getsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000000), &(0x7f0000000040)=0x4) membarrier(0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000001180)='/dev/cuse\x00', 0x80000, 0x0) mlockall(0x2) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000001300)=@req3={0xfffffffffffffe21, 0x6, 0x7, 0x5, 0x3, 0x8e, 0x3}, 0x1c) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f00000011c0)={0x2, 0x0, @ioapic={0x0, 0x80, 0x3de, 0x7, 0x0, [{0xfffffffffffffff8, 0xffffffffffffffff, 0x13, [], 0x4}, {0x3, 0x3, 0x2, [], 0x401}, {0x2, 0x76892ce3, 0x7, [], 0x4}, {0x200, 0xfffffffffffffff8, 0x4, [], 0x1}, {0x1, 0x5, 0x9, [], 0xff}, {0x40, 0x1, 0x0, [], 0x1f}, {0x9e53, 0x9ca, 0x1ff, [], 0xf7fe}, {0x7, 0xe2, 0x6, [], 0x3ff}, {0x80, 0x5, 0x8, [], 0x3}, {0x8001, 0x6, 0x5, [], 0x5}, {0xfffffffffffffffe, 0x1ff, 0xf09, [], 0xfffffffffffffd68}, {0x8, 0x10000, 0x2, [], 0x3}, {0x200, 0x25, 0x1, [], 0x1f}, {0x1, 0x20, 0x5, [], 0x2e7}, {0x3, 0x2, 0x7, [], 0x5f}, {0x2, 0x0, 0x1c000000, [], 0x1}, {0x28000000000, 0x9, 0x9, [], 0x6}, {0x0, 0x8001, 0x1, [], 0xfffffffffffffc00}, {0x2, 0x120000000000, 0x5da, [], 0x100000000}, {0x101, 0x8, 0x4, [], 0x81}, {0xd9, 0x2, 0x87}, {0x9, 0x8, 0x3df, [], 0x3}, {0x28000000, 0x4, 0x1ff, [], 0xc27d}, {0x5c3800000000, 0x1000, 0x6, [], 0xe94}]}}) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) io_setup(0x9, &(0x7f0000000080)=0x0) r4 = openat$null(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/null\x00', 0x88080, 0x0) io_cancel(r3, &(0x7f0000001100)={0x0, 0x0, 0x0, 0x0, 0xd732, r0, &(0x7f00000000c0)="c699efeefce05e4b27b040a705557002656cfe21afbf7dd2c9b7be5a4a0dcf41aa74ef1aa254038991dbce33ee76ed4e31dd82d70ea11ce290ce758f771725a450d2df9644448e610a999c0739d0c1074e86df8a6b09894f15558544ee6b34ee378a10ae588b95e46db5f3ce30878163e84c3d56cc4321a7a7eb697a323b04dcfa42a471aa4d34643efa8bcd45b372b313a00e2b40945ecd6172ba82b1c9e5ea71eddbc86966c4ea872aaa2a105709749c8d9d1270a48db2ee3adcfb3d6cf022c06a1fc88335e799f2d16785803996d5fa4a99325701fd2ea22103a33f3c2f68a716a5751d4d693333a99c4c562421746a61dd31d1d17a64179d2d3077f2b4f3ec99c7a97f78a95a6f8b2da70ae50ede70322944d510acf8e83255c8aae015a6c45e26d1009aaf860e42e532f8b5b89440170cf852837440b77c95cc14f1807f616032aa7efd6c64e66c61a783569f0a8c55763004e0910d77fe7c77192f90834b92e2ca5346610d10a1a27a3550439ee085411a89e4b78c0874146af48dab2efd7f977242989b48e4076fd4a5915d7c1b1b9bf39ad7bcc17c272eb9d4b22e1c032077a8b44d2d316c63debe2c167448f90eb6746fc8493f27cef3bf10951544d71f389cbec572957953f23adf1fa47eef8b4b0fed1397a9ea2dde62ab304a5e3d7820db71a7284f5330c4dac85edcbc229ae20d651686f3b157e3372d264ff867009785d5e714f86ebad5903838669c7c511387bb1ade65865d2edcd70079b6ac31da310aee962a69fc1e38a27d0b75c6865e91e0f8b5294a879b9a5e69d3cb5793f8c95bec98341257aee2e15ba9c1b2dc440ed4bc55e424dcfd4f07dd7265a37b447210622bb8beb7a682cd8a31f6f049b49289d1182bc5cefced870591ed12d0a0e36f8c6e4868d6a702e1e2dbdd0c8057a5145e7b2b165997e7ebca36ad4ffab2df372839c65b192e688995b97ca2e3aae2b23d9c4387f2a7cc296005abd309bd0fff04acb6f51a9c244692f8fd91157604e0df6d1a80e2ce2576e4fb9ec193fdf65d2278d6a375fb24161de45eff4ca3616fd0758ac20eb375a3ae494daafd634c7329000d1d5c81f48f369aeb8604130829629902334bb512fc285a27069c1997bda2b4d136eee3ae156ed5740145633232071c384b6da05d75d2e6b28c6cfb7bde492ce9d3e6d3f1be7fdd3e2d34c5ca9bd550b0d23f8826d4954e965a7985c4867d16c4705284073516bce397cdbf1982bd5a14ea137f5062e231f654161bb42d3958276dab01f4a34099d2041ec9f267e3cd26c5fda3bbf361623c3e3e2ad5a381c3619777001a3d8ad4c203c52ab6c0c836b0c5d79148981a18040f85aefe28134bade52a6cdd1d6dffe630152446f4b791b42b098591b1f2c0f57d2988b89d7b275121efb674b6d36117ba5c8697cd19e4f5fdd22fcfd64439e77e76f457ae9d01e1eda0cddf8c17f6425b6172d214bd6928db111b9289a47b720bbea1d1ce9cf7135625859531a0a749b252ac07ab554b9eff15518edf5fcd12ed2121d5d95b5770690f4768bc518f084d6e7a6192643cde41b61e01170d77453ec5ba9ab1afcdbe6aa7d0c05e3b32cbe76e0141de64e29d229f2e5b08afcd691472ffca0719e7c311094b22ce6e57f77cb3a7fbade363a2ae09455f5e770cf166fde824dfff18df7d73df84169d221419824cfe91f865e73d95c708f8b0ef783e47383b18eb81f5676b5a5ed3ca11094ec31838d0413f107be117f4e2af5b12b6d1f893d262fff98bd20c66748ccfcd76d4cf9d1618a73eaab8d7a13fed81b1116d3cbebf06e03f0e2c3bb86490c0dccb2959a6954be089d3956df74091c3ca4c197172d6c1745e437835622481a20d8781c382b03bb677f5244bfc7a2d3f69ddaf480929232bef13fa3a67acc4bdcc5f908391a54ee5197e1c85ea16059e3906b0baee8b93725a3ac2abae38b2f9fe4951cde4fd4bb2000920bacce9b86238670105bfe49335198b064e43cadd23ceaf78a432d123513330b166c0f4b421e364782e8644dacd368882fa03de3cb539252bc784fa2fb0eb1f0699b41a65347d8d9f47d27ca8bdd639c29dfd1eb5948646fe60bbf972006b08e7bcbd4004c06520697845712868acbc7dd6bb347b81603080c46077a088c5f62e8effc8d6c90d0ba0a9731eda7a3fb5abd3142b14b084763c23fc87f6b6a517a074d3d37d94d062792882bae0f8c5b33f738b643f77f4df705f65296775a067c80ae654e5771f37103960fdd78dd867ab9802d0db45fac5644716230e1828c243c911abe5ab3c4353e8322ea72fd3ba4bfc11020d48fa9b7982cfabf4bb4e6c56553452b32404bceb239b80f45e08268fb5eb6c9102158b1409b0142f31342fdc952ea397f010f0d04e7d8e2994bb437719231283bd6e52dedac1eb81b80eeda78312115681f4ffe0c67934c8ed1a92efc7f8ef4c311ceb8fe026375e45df76671da5acec1ea9f846c868d4e136117454098a2b98fc3d19c8642528d5ca17b601dd3432406ce85d19a4a35f90800638d6b3a59debebe390589e3b6b84c1b8d47db3ccc51a8deecbaf783ce808eb1e1071fe489de487e3937ab1f8c3f9f174a6cb33553abf522ec5d80432c829600072732f7e7324b2edf306ad5079a51538903e4cd8ef518c56670222071c034d2755fdfb2ea16cc277659cfa7e7d0f30026927423ca2c5d894130ceb58902052fec7a1b879b6f5c1ac857f6dd3d7366c532c718b2f19acfadfc4d31d33d43f1f452f694341f260634fa17461f3cc734212d8c8623029b0bdc31e0dcc65545ddbf2d09855bbc40a54cb45ccc4c3c4e6c9f73a4cbcb0b05185991df14ec4b96d78d1e5c4abe783d0bacd229c789a8c261467c2db15fe3e4c7c61b6484ea9fff50c5399b004bb71e7799214259d9fd2107ba00dd28acd0bd1687882d72a1be4295bfb7a717bd2825aa1d3ed2c6a71afe874f405cc2e3f4d5e4aa74c0cbf23212ca6adf17d8667d1bb1f82ae89387bd250ee572f0173f8553d31be8e9d79cb2af4e4cbe3645378ec9fd603938bfeaafdd3a865c7cad0cfac353c24f08e1eb55f76d4e442dcb2a77c1ab9b705727115c006c0b9c7d1880d5f2e14f8bdbfe06bab640fd4fec5735c0b5ea6c0430ce94041ec68e188f97aef279e9da7a38aa6909bfc47fc5ed4d9643e71ab583da0dc78590fac484826cda86fe90f11b6696844b822eff086f0382942b36610ad27a262f4eaa2a7ae7af34e7f73e1ab9e701a06c320e157dedcff2781fcbbce3f9009392ab703f9fb1dc31612f2db7972da9fd167c02b0e8fd4ca7a1a3ced540863fd62792908d163981728bfa1039a1ab5943f52e5f9e9480f575ad8499b636fb131e8f8eb435caeceb1b9a83ea47d9c532d980c5357272de2a610e34020c2162dd9e550ebacb94997301992798da1b30bc7e6b2e9f2b9d7c5126eb33319d09fa187e2af50ea7bb07532ed67ce487e9009a5393e2106332df650fc31111c08fe6a0f5a11c19c9f134b9d63ad98b50dc2661306448f13bede84271c5be91503439e08249fcbffb124a1117c2a1606be6429f96c99ac0e73e9019f849d30969591243c3f7b24761c62121f52d53c932be3cb5a76a2142fd111f2bbe5afe3c3821fff64e77a0632ba1f410c28d83fbfd9db0cf55d9706aad49250d8872167bd2146369e63b830b7665b4c857bcc9fd60b455628b6cff2fbee950e809af8796f253692502065664cbbc55e0d96a654aa51abbd5a31de043fdc0db38a22a022d1b8a339f2ffa888f364f9b8b0b1e24cb9a3994148bd0eabe7262ac56ab373344d7bcd1e7c77cf27ddf88605055fcdfdda65dc5fc5a80e56fddcf937dd03a98751f608c885788a2d783635a0efa53963d0aaa67836394ef58d800466c38a02849b4899c01011d9ecf4db88af53d451980e05916254679a74b0418dd7498e96e3ce0b31d63eb9735965d545720effb2b22953547190e7a48af875e1d66e2bb07bfdd638cd0c9b630bf5b8ca8ce1e3834c8a670dc58fffe3c202918ef9a54b9a8397fd7ab8844f6d434ef3fa60f948713078748aae7b5686a7213d569375c72e32b08332e8b81ca17199a969885dff0eda250d965199134047be2b97c4868f926223eae2b4f785e9e2fe3af9d0ca9c157c9b4492420b5ac0d3968338c433cbeed0a0c10697a3c1e7177c4abf41ed295476ce6730625dcf5cc8112607dd5fdda968614a160e48bd9351b2acaaaaf085414d04ed4a366191cbe154a618dbb1d2e55a25e6d77f5d8724faaed6183580560390254e5461a7c3facca5cca19b1e06076b68aea7184403b884f061b7bfc4b05ddf625f14d60f7ddb798d93cc956e4011ceba27be63cca1a8412a0bc17f391cc36689bf3d4bd3502b77c9d43cf2a83dcc994fcd0515ea2fcbe2732732a075d061a042fc2674251dfb7bb738f59ae4967908c60998c6eef67bfdc3835076e54a04c15e934e8c5e5b30d142ab9b246e0ce2d15c440dfb3813197301de6da4ed5ecf523bfef6d8128e8b94b7918bd258eb03d39de17b31a6c48b7739f2cfbd3fff6bc4dbe6172e4e72b4e30512593fdbe6a3c39c05fa8082c336a984d6851574063253ba0c08713f26c2d32ec06035cd91a71305a8273c35091abf454e5fc98d941f9efebf271f3d6c320c21d99c82e8f38b500bf36cd0d876ebd7c42cd1a6faeb04e2d0450d6dc05359b660e99895c36d37aed66b279a4e99ab53b0c234bb3ba8a3e17860a0f59c1a9636c12e7285093ca05eae22804d5dad3d1f5252838fc6fad5db9fe1305a7d84a37c2301fe7c2e0cb330ac73d2642e98776151fdab04999648a25c1a7b28ae93817372a559bea196c5019896615b28c26726890d377d07f2596c396a0a9dfa1bd51c0490d713ef88e2664fb6b67b277fd2da87b2f1841bc91c7c472890f6882d6bacb58f8644856e311b480eced04befe34e8c6e9bb73eeac0c8d033579394c20af4d51c9b0ba50669553e9dc1fff62908c10e28902ad2e20d435798ea3396f6ddb0427e1392947c64bf600556cae12484af57e01a89ac3c6a59b83c55ca9f353ffcfecc093184a454652ce753552a54a40c620b94891b05bb3c9c20a1892b1a7b00fac99ee58e2003c8c74fe0fe7cc115450dd963f2db0dccc6ad028327115779e3ecf3eda196ce653d8946fa745d350994dddbc0c32c8bec168fc14ae1e2091205f41e931944aa6403ca1b7e47ca57d4ab7f342492da64fc4fc1d6e234ab533930fac6ffdfbad48ba93a3f80f4ccc6fe494337314de351292462752adb9923fb8a137d4cd51a94d2e285e0ee7eed032a2f2f05056c8f8a3090af979b2d2c7cc026f9289309c320bb1d0ddd2e8fa6ae360cd242c1896a7459a5543475d38e82bdc05299fae916d6b6aa24d2c991f8216d16a3123c5391ff4040a67734a53d95088ac1b01ff66f4fff065eb2bdd88dd6dfc3d283e17e38b6f80f723458937ced28d3ccc341611ac318c0e4c45dd79245d9c14e59922c7aadbf0187ee6e1d6aafcd361fa95c4be6665dd8b91ad35c9efc2f3d0fbd9ae88d9bb0358397b3bbc8b7eb6a7d75708431633ac281b75b997b8d5cc2c829dacec2e78cdd646a101a62618d96d9f2b92ece7bc3ab72412440e2e8738b827e56c6d98fb02a8a6a99fd797042214a42b3605a9682d59835da587410844d88be81e66b63362efd01099d126e779dd488c3a702558bc92710f2c3ef93a24a3430a69bfc1c8df587187a29ab7ccb3a9daa55b0114cdba95b0aaf9d53605d4572431d15b33252fdd2b4", 0x1000, 0x31c, 0x0, 0x0, r4}, &(0x7f0000001140)) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f00000012c0)={0xa, 0x4e20, 0x7, @loopback={0x0, 0x1}, 0x20}, 0x1c) sendto$inet6(r0, &(0x7f0000000080), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e22, 0x0, @loopback={0x0, 0x1}}, 0xfffffffffffffd58) [ 244.913656] FAULT_INJECTION: forcing a failure. [ 244.913656] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 244.925642] CPU: 0 PID: 15895 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 244.934052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 244.943408] Call Trace: [ 244.946016] dump_stack+0x1c9/0x2b4 [ 244.949651] ? dump_stack_print_info.cold.2+0x52/0x52 [ 244.954864] ? _raw_spin_unlock_irq+0x27/0x70 [ 244.959374] ? finish_task_switch+0x1d3/0x870 [ 244.963897] should_fail.cold.4+0xa/0x11 [ 244.967994] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 244.973112] ? kasan_check_write+0x14/0x20 [ 244.977368] ? __schedule+0x884/0x1ed0 [ 244.981258] ? trace_hardirqs_on+0x10/0x10 [ 244.985483] ? __sched_text_start+0x8/0x8 [ 244.989619] ? lock_downgrade+0x8f0/0x8f0 [ 244.993751] ? lock_acquire+0x1e4/0x540 [ 244.997721] ? fs_reclaim_acquire+0x20/0x20 [ 245.002046] ? lock_downgrade+0x8f0/0x8f0 [ 245.006185] ? check_same_owner+0x340/0x340 [ 245.010504] ? rcu_note_context_switch+0x730/0x730 [ 245.015430] __alloc_pages_nodemask+0x36e/0xdb0 [ 245.020108] ? percpu_ref_put_many+0x119/0x240 [ 245.024679] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 245.029691] ? trace_hardirqs_on+0x10/0x10 [ 245.033940] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 245.039470] ? xas_start+0x23d/0x740 [ 245.043189] ? lock_acquire+0x1e4/0x540 [ 245.047234] ? xa_load+0x288/0x450 [ 245.050760] ? lock_downgrade+0x8f0/0x8f0 [ 245.054905] ? lock_release+0xa30/0xa30 [ 245.058876] ? alloc_pages_current+0xd0/0x210 [ 245.063360] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 245.068889] alloc_pages_current+0x10c/0x210 [ 245.073317] __page_cache_alloc+0x398/0x5e0 [ 245.077635] ? xa_load+0x2b1/0x450 [ 245.081196] ? xa_clear_tag+0x40/0x40 [ 245.084988] ? filemap_range_has_page+0x4c0/0x4c0 [ 245.089828] ? rb_next+0x140/0x140 [ 245.093356] __do_page_cache_readahead+0x24e/0x690 [ 245.098366] ? read_pages+0x680/0x680 [ 245.102172] ? lock_acquire+0x1e4/0x540 [ 245.106131] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 245.111229] ? lock_downgrade+0x8f0/0x8f0 [ 245.115367] ? lock_release+0xa30/0xa30 [ 245.119328] ondemand_readahead+0x550/0xc40 [ 245.123638] page_cache_sync_readahead+0x3a0/0x6d0 [ 245.128556] ? force_page_cache_readahead+0x360/0x360 [ 245.133737] ? lock_acquire+0x1e4/0x540 [ 245.137710] ? rcu_note_context_switch+0x730/0x730 [ 245.142622] ? check_same_owner+0x340/0x340 [ 245.146933] ? lock_release+0xa30/0xa30 [ 245.150904] generic_file_read_iter+0x1a87/0x2f10 [ 245.155759] ? filemap_write_and_wait_range+0xd0/0xd0 [ 245.160942] ? __update_load_avg_blocked_se.isra.34+0x460/0x460 [ 245.167003] ? update_load_avg+0x2de/0x2590 [ 245.171317] ? page_add_new_anon_rmap+0x870/0x870 [ 245.176159] ? attach_entity_load_avg+0x860/0x860 [ 245.180999] ? kasan_check_write+0x14/0x20 [ 245.185236] ? update_load_avg+0x2de/0x2590 [ 245.189545] ? attach_entity_load_avg+0x860/0x860 [ 245.194378] ? alloc_set_pte+0x1133/0x1790 [ 245.198595] ? lock_release+0xa30/0xa30 [ 245.202554] ? rb_erase+0x3550/0x3550 [ 245.206341] ? put_page+0x280/0x280 [ 245.209952] ? kasan_check_write+0x14/0x20 [ 245.214170] ? do_raw_spin_lock+0xc1/0x200 [ 245.218391] ? alloc_set_pte+0xaf6/0x1790 [ 245.222526] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 245.227527] ? filemap_map_pages+0xca2/0x1990 [ 245.232017] ? trace_hardirqs_on+0x10/0x10 [ 245.236250] ? xa_set_tag+0x40/0x40 [ 245.239883] ? trace_hardirqs_on+0x10/0x10 [ 245.244121] ? trace_hardirqs_on+0x10/0x10 [ 245.248347] ? trace_hardirqs_on+0x10/0x10 [ 245.252567] ? trace_hardirqs_on+0x10/0x10 [ 245.256788] ? find_get_entries_tag+0x1410/0x1410 [ 245.261615] ? __account_cfs_rq_runtime+0x770/0x770 [ 245.266621] ? trace_hardirqs_on+0x10/0x10 [ 245.270854] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 245.276393] ? __perf_event_task_sched_out+0x2f0/0x1a60 [ 245.281781] ? active_load_balance_cpu_stop+0x1030/0x1030 [ 245.287319] ? lock_acquire+0x1e4/0x540 [ 245.291292] ? __fdget_pos+0x1bb/0x200 [ 245.295167] ? __perf_event_task_sched_in+0x24f/0xbb0 [ 245.300351] ? lock_acquire+0x1e4/0x540 [ 245.304325] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 245.309878] ? fsnotify+0xbac/0x14e0 [ 245.313636] ext4_file_read_iter+0x18b/0x3c0 [ 245.318038] generic_file_splice_read+0x5a5/0x9a0 [ 245.322867] ? add_to_pipe+0x360/0x360 [ 245.326752] ? rw_verify_area+0x118/0x360 [ 245.330890] ? add_to_pipe+0x360/0x360 [ 245.335113] do_splice_to+0x12e/0x190 [ 245.338910] splice_direct_to_actor+0x270/0x8f0 [ 245.343567] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 245.349090] ? pipe_to_sendpage+0x400/0x400 [ 245.353414] ? do_splice_to+0x190/0x190 [ 245.357388] ? security_file_permission+0x1c2/0x230 [ 245.362492] ? rw_verify_area+0x118/0x360 [ 245.366633] do_splice_direct+0x2d4/0x420 [ 245.370770] ? splice_direct_to_actor+0x8f0/0x8f0 [ 245.375602] ? rw_verify_area+0x118/0x360 [ 245.379741] do_sendfile+0x62a/0xe20 [ 245.383451] ? do_compat_pwritev64+0x1c0/0x1c0 [ 245.388028] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 245.393569] ? _copy_from_user+0xdf/0x150 [ 245.397710] __x64_sys_sendfile64+0x15d/0x250 [ 245.402296] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 245.406871] do_syscall_64+0x1b9/0x820 [ 245.410747] ? syscall_slow_exit_work+0x500/0x500 [ 245.415598] ? syscall_return_slowpath+0x5e0/0x5e0 [ 245.420519] ? syscall_return_slowpath+0x31d/0x5e0 [ 245.425434] ? prepare_exit_to_usermode+0x291/0x3b0 [ 245.430437] ? perf_trace_sys_enter+0xb10/0xb10 [ 245.435276] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 245.440106] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 245.445276] RIP: 0033:0x455e29 [ 245.448443] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 245.467571] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 245.475449] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 245.482706] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 245.489960] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 245.497212] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 245.504551] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000059 21:26:05 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{}, [0x0, 0xfdfdffff]}) 21:26:05 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x0, 0x80ffff00000000}) 21:26:05 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x500000000000000}}) 21:26:05 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0x100000000000000}, 0x0) 21:26:05 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0xfffffdfd}}) 21:26:05 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000000), &(0x7f0000000040)=0x4) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:26:05 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) socketpair(0x1b, 0x80003, 0x490d, &(0x7f0000000300)) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./file0\x00', 0x7, 0x7, &(0x7f00000036c0)=[{&(0x7f00000003c0)="0cadbbbe95e93b33afb8cffbfe7cdfabcc2f9d38e6fc63355c655fdd14976b4a227021209e28e0d92cfce1db2ae95de4f8de4dc6a89782454d1d1a27fd5be47834e74ee7b1a6a7e430a964227b6361391f6b686a0cad71727380d46fc7beff66c24a03de76ed0751e7f1c8f8cfe5ab63c2d8f48fe823fcaa53978b9cf7bc9cfa0a2ac4558534cc00a0ec7cca22e054c03b715f4a128058cf7d7fada539b6ee8bf7be503b", 0xa4, 0x5}, {&(0x7f0000000480)="9e91ac3cac59bd75bdad9748d5634750753dae695eb94843dbcd059b4f4da92dbcb800af77ce9f65e12e795e2815b9e716129a2cb262b205484823595f2b16aa821eee2aa5ab0c3cae66dc1e81b99d6d698e405f37164be51bbd28a4c96ae6c3cd21c8a3341c16bbbb4b2a1c16d5218c0e02e558dc26b4aeec465d33a3bec00b597a459f152b59eee13c1b71d8df16eaf447ad64544d1a", 0x97, 0xda0}, {&(0x7f0000000540)="b2665b6abeb849f5c9e23e634a156391acf85d9849e556dc57d317ea4a9991214bc669fe5bdd0b9ed697263c03eccd61d9835489832208488ba908223f8ade262253c4be13e42b0dfa2a3efdb2775fc9d1fd8362dcf60b7ac05eb5da815d21e6ec28ec0d2c122028470d951f355ed9cc4404def4120ab2e1f6580215f265d566d1723d9d00d1cb9063f0fcd8cc8b8cfb18e7e41019c5f4136c081d466dcbd87734e328c4f834fe2bea14de5bbdaebb7dfaf76b2ab8f99570f9be5bc73ee7ef6e643cdbf749f5843ba91911a7faa2822c2ea5", 0xd2, 0x800}, {&(0x7f0000000640)="66159bd44f1c183bedcefa1b39cc195023c3ca8d48d9909d9f0ae2544869d900d0605a65aabc853569911825369b71d2bfbd5474ccf5271098790fca6505b45fcc7996face338cab743c431514f4143dd07b1fa6fff1fe605ed5487d4d2dbe74c0061630e8ae3c046db16d7b01", 0x6d, 0x9}, {&(0x7f00000006c0)="8ca8f84e20afa83747cb79f4abd0e5e1e221c4ec4c61e59cfb6174e5cc0b264df4ddf655b3e6ec73ef5c2406befb9c701c4fa1c513e98957d5e2a671de7cffc046fd6002c82eda980afc90e5e825c8d86c7809c53ac738d05436535d7e887516ea4a851c6d99174feff24e67a9b71b9eba45590ea6331883766f521d9106302a853764ab13a639b091396008aeb561f4a4d03fe42f54246812fad6db59cc8f2a55bb662eb367a030ac2181143da982eee037cbf77ec745b5ef90f6d0b61f521af7d2144ac594a0a8630b5258997789273b389a17efb4cc9626852150de7be24fb886dc3572045062f8c3013a7171733ae0b2586b43ff7400a26b2f69dae699e62d1adcf6e968c2fe87390a7256220350395e5b5fa98a6d61803d955c320f1afb4573cdbc49e4aacbf2d8b847fcb755c0df1629bdbfb141c97f8d33bc2cfbff883d7e2925199c6cac601e6e507900bb8a9e6d20b4c78641bfc317f6ba24e5d74038364907499da32fdccff6b113590ad238d036ad087bc52a6f173a5cfcc8ec7a77878a5eec9b4522355865ab20a6f996ffec09d6e9b0a60b7c219c51048781ed819fe826c93f6eea5d2666dff89f395a02cdf04957775fd42fd80b96f3996731a95e32c263a8803f4a608ab52b7d5e390966375125bcde962d9fb46c6a41712caa68673fc48928618bd3658eb7f317b69ed49f182340fe6c9cc5dd525d353c0182b942f60b4ee2c8490b45303a3b40fe90ea9f115f7b81e73522abdd321377781c2e866bf7239a38c685f1f428aca514c9790079308528bfe0e7edf61877d6fcbfd1148a1b94fabf17ac4ca87c33112f70ecbb2d92cb0ae8adb62da3900468483296bb40636fbd898a3d0ca28a09c7b961fc2295682f399f9050b4c3bd3aa7ffb02e26ea94f4eeb486941ef958993909ca194c9d4776f31b05dbc944271f67409360eed104c348b1070d078476cd5fee658a6523ed0210c320b083e5686db624a588ea5de26fc64fc77d3fb44d0f382277036cd9f57b2cf6ae9d7e1bbb5ba8e4716d114af75f6d6fcf8da76321cc3516fdea4d9794e9f23b5b62aebf5b461e6d720503527fc370ab8d1dda1afbe0231d394eb1c1be5004d15940dbfc4f8c5538d1a53465a60023e4f3887b4454bc3bb2b1b6467520c4bac0bee8d6d0700afb5d9ba6ae727e81e82083e2225f688cb1b7ae183c58898f959c2b4716268e16193e494de2a49654c99222b82883c59454a2a78df565cbd1d03ec720993fb1a4050d2c2fb96b7a12fa2c774998b17a13fa8715daece59cd6be6e42ba504af457217687f33e663ab4225339732c4345e3aa05adb315b55846820cc9fdc72b6a4d0e9724af92afc19131ed921762973e7340eef4dc36f3d8a899366702da3c7d398aafa9016159743b9d614e14499ec2b5f1a8d07a44fbfb9e6aea916cdeaceaa2b9b7b6e51016d702d34f61c142a75f94a1203a624e5bcadf989f8398b3ceb46311cd7b6b10146a3e8f4f31e3f5077aadc65f9e08f65a2285975183a8f4e585c6e8e61b19f60aff4825469423768ec387c09a323abed1b27cee84e661347f94a48d3470f10e48a76c58dfa870775062cf14a929e95f4220173cffb4cd965b973d0d71d02df9ec89650997c4b914c1ec56b9cf862ca9eaf1a2d2db14643fb0285110ba582a6408799695d61a8e62cd7d058792634221d031459dd0096716bc47ae2bdc9c69f4792515d00d49d69f513532076f944745fadefb31c23d47da20d1e672f11d1bc6cae8c75d20ca85fb33d5b64354c9f69ea8cf6756a33d185970be29f58509bf4b48be445072f899f055794a901e421b09fe18e7c5f400e5a6ab1515b846a925bf31ca912f601dc24d01ddec8588d0e844069096353eecafffb162229237cdb053eeba90f466de2b0c15b1bbdce5d068b08af4f28381a942e3d2d4e1f5329f358d3e9522277ba2c07c3060b7c1c68222b2cd99ab3db21f846dc7ddb807e64f5d4e064243fc2f873012ea17d3efbf2817a319b04326c77f9a8985cce7b45475359e276bdac355bd36c3a73cd908bed29483ee980f33c01e30b5f1e39644d0df45e7b825fbd7bf8932ebdc519c50d26a91cebf4af653972de31550f63b3f339f4db3bf0dd827a90bd6f85533cc6d87cb090062a0a7359fdb1bd0ef8af72dca47075dd95df2ba9016695b9f53682fa2391e74a38f4050196fbfc45aa387e2b5ced4caca904ad4580b627ce51e5503ad22df1898da64c89662f7ffcb3a679c2f893141b8412ef78452354ec26654cb62b111ab4e8d257b86d3bdd7f7b86b7392cbe17e878cc742e442ebe9426675022f94ee91581d2dc2aa14568e309371853d3192371d0b28fa6f96158be775a317a5ee45b8708bda9580d87b1698b000b90ad81e21a362d689baebf6284d0d8d82e78f330650a3595fa9b6f1b6584cca0d79afe1dd2a5af0eedc31968117c0f7406dba3e8707d061fa8b8d1f8d82195f0e2100637e5725538d175042a501a7b00ac6604837a462dfb43b0e4b8720a64386c5b22f117af9367e502e3de84df51289900d69d88e1efbc3c4f72d25a34d7f45cb0c2d979ab95f4e9af00f11fa8daaf776fc13cea8c5c10c12a0e6824dcb914621c8e9aa00603785931c5e2ad4827ebc652628da112098d1349daca60ceb5bdad421fd5a6993dd97731fc3125141498ab5aed5df976f52bb42cae997fe581fbcac54541f5be94d8edf6d62576c1c18fa55257699c7b44167e71e95c6ee0a07dbe556423472007f4173abe491c7538de68a7389a91595e55732fdcec8fd2f02bf211d1c719b73cbd5026a322116100d90909b62ae76d598a30e609e5d5fcfc7de8fcb0844ca4bcc9182bc9f0aa555091e3738a37d2f9b4c1b0db2d9c871e95c0580fbff70a37f25357171d2f2c3faaf02585a351da9892df69c81e32ecbe43ae369d5f521fd8af5ba4df6e20977409e52af5cdaece2900df77c7d05600835ccde97c4afd3dc81ed6a18e9983bb6193819112ac94c4ba795d760aeec4eb5cbaf48046d83023704db29e79df94bfa751bfe13f396a1e9aae3f70732e41eb5d923fe5889789f70e244abc7a446cfb6545ccdde8c6dedf9c0b1e3f1d76c2d92d4b8488487672fdbf5acc5b91d6d572d43d56a8cf60191c1977b06143083db4933c61fb16bf11135ddd7ca9a1ee7112f733132540fae758fc93676e959f863b488954bc222d280ba9fcf073923ec85d303e76dccd58479cfa4e04d69fed237baa50f14f7555a46df0525060603db26d5fe6c4394b3025014fddecfec62282a3f8e0828b13a375f789a770a283202faefc325a79da75dfdf25f8581486c846523d74ebf5212db3212351e2547be230707b840933edffc5435bb3629786370b9e2fa9ffecb413c44468125e6059e963a43c8543f566d45122032c89f2115c39c9979bae60a418b305a49f87ee71644dfab5fd19afb6c58216531ee564bad27939b479b7d96c8366d4d314544004f0240af10901e6ead61794f74c6e06266c37943891daa8c89506a249e2fee26d743d51c93bd7ccd874b898088991a9484b6e5694f2fde86a92f0a5edc5815e34bb0657fcd82ea7039bc9934fb06b626cfeada90dadeccc30f09f7794fe554f84d909a8b478b998780ff70dcc45d5804d5ccd956d7be8d60b1259dc3dfd2e1391f843e3a4c1e98c414e9ad34103d866ac69062cab6a1b573a5ec2748bef0073de8762abb2cf585f8f58f0ace5e512bd7218695f164bec08f3e4f9fd35bf0a79b4a5634b491fcf858005fe6cd7378c267e8cd621f7dabbd154b8f439c16ed1596041e3bdc37cb6943e52d6dc1674074fced764c15783e685faa3f34a3529c073fe4e8deadd460ada85f148215e208a6f3ec9eb80c5f59948bf2af997d2b9dae7e5bb1beee5e87309d222a3a15089636210af5f8ae409116064626bb6bc43360bfda536c3ac51d0e6af49629ca10c049ed5079433938160672d868978fe0c1c0d39326181e65456bc2c4a0cb8ff556f9857c28d9cd52673d057891354db38ff776ebe7fc4c8709139d0e26b467f955bb3a328239c6cf97e1bb9794a34d041876a9574c6366b1246e8bf71fbccc290b59060f1f31cfcb40eddb523c6e10f365572fb3485c935da75374918e649cb22bdd0ac37595c2bdb9ae328f5fd781457da0f56ae3bc2545254865734881a2229836811b6942122bf71e7c1e1740a3df8d87331ff47e05550b7d485bff75f0d97b156aaf9dcbd84cd22beee5a35a043bc90e448927e180619fb002d104d0cc45cabec342f84a37a9459271295385830e867d4d65e9a0587fdb8c825f688bed5a1b7f0de66eeeb3d543b3d6a061e35a1055c099ef912854ca5684b3d351b80b55c12426970d6aa13b0fd1f5132fc469bee47cd1c851456c8ace35c4500212bde6ce247b2cd1514b7c6690bdcd198591bf0f3907eb98020649ba081a7731c99f53ba3e459432dc3e447de77d95ee980cb27e04a796a9ab795b64c86edac218336d4b692dfb8c9e3352ea0804992f52436f9465fc8e01afe2e0557ec31b3d93e8bfcbe86785cdae72c7fa99ee529b91409329d51ef845256e08b1ef140b28e69ef40a65a8bab4e5e3c3169bbb98fbd3d1e1811760c1e3525cd5452a2b4dcb71ce7cfe30f611ec465f2b1fb5fc9214a1e6ba5b61c2e27ed582031388779f9614edc382826bc4b2fe1997e83b37c2940cde8a615b63f6c51bc31382eb13ea2377c663b648ad37a89d88ae5fe277636dcfe3a903407fd755fcc9286cadf4204d45cc00f50686c7c10086fea0d57ceb0c6dd7f1478dffcf990b16688bd08453f6e4965109fc89802fd13a1c4f2ce0820fc0a960138ed26cac504283b040ac1d607d8e62ac0381d07076fde0986a41000f10ccc365c25515f7d9263c6688172b4d974c992bce987ec7c87f7ac2111557bf8a9700367540b4e9335f963685900d0e67bb4ced2fe53e2915f0aff58c41507a39d9034c3918f11648428a178a2c49fc9886fcbe8bdad557a50f168378ba8a254db74c1df39bdacd128b857385284514b7c37ef0dc7d2c24900079218fa68fe03af47a4ab6a25f43b85424143097373884e65aa0cc0b01c19d68953e70d0b74527b38f71fad2d41928fe275f61b37c333915ae67c68278228da50ebbded747a5d153537e426b70681a80628b2334e477fac7f27155736dbe4ce0591c6171e63751f4eb12a2ec1aa9839c91a10300323b1b156b843926dfd74d8b5255a554dce2ca3c72de7dccd316dd01cc165dbb4312cdf69ae7e1ef266643568ccc235530b1df565bd332b93081ce113a82dc8946215ede523f7b0972912777dd7eb31b7fa61a1a395094c58ee9a370557764670369aea6256d7935a58f4a9b2d931c235c9b40071a62ba19dc85398665944694f81e0e0c83358578688840d9861e62d7c3d6544aed540fd5c2519299b268359bcf757e2effdff3715645267b6bbfcfc8920a09656771008def541e73adc06abe9c2913a3b1c0680bbe1b78531edc5bf4c81d1af4700f2aa8004da591b897327e6e5c9394d6d5e9071e6f81b1689dc2e5c8f05584294ed44b3889816063452f4c945dfdb5ab34c0da94b83132fb7419676d011ec419ab04117bdba176f80049c5a222aeca317865458ed39cdba2a19248c7b0e9bf3e27e6b088327cabe15c51764c14473060585cb3e802bceb6167635f9906cabef1e111e8b6c2d3ab271e2bd17bfd347dc63dd2653605e68409bfb864771435710ce7c28e2c7eb58601b6aa4771f3e7d933e9fa39e1a405b34977aa9e", 0x1000, 0x4}, {&(0x7f00000016c0)="7539619be8d70f0caf6fe52b92a0371d394dffd841428e3faa8615084e827a39f8e4879f88b193f5ec18c42a900624f24cd6e5956334f6267af5e4e9e05fc1a45c43d9d0a6fdc7a304a0087fe199e44d8d56cc914e1eb2483dc15ea8500ddf8d78484ad6c4a6c59934f91e4dd6b024f559d60dd6f1179fd415e791bb118d26a60694f3bcb758915c28959ba716cc2be02d7c340980b031d6d7906b7375024874e4d6ada854ff66c6d577bfc178dc30939b546fd413d6c842ce37ae9d0933430245775d6c9e4e8d6567959ab41c35432b07f1c0034e2600cd7308b3453aa75b440aa57b1307b29a667afb77450bd058edd6e9f570d44153250bdbf9504a43ac65a32abaafb63f362500f0bfb261094ebe02e7ca8913c555c3272f150045ccf1cce3c836a24896baf3a6aeefc3af73eff46e9d74d13ab544af1949b40432ab68df0c285c1e1cc9c93dba7214f3f56394461cc4cb19aa2c1c297ac8775dcacfeef3224fa75f2a0087e8e30d37ddd650edd3fece8e70522f669561c70427b23e212583482a2b499fd70992b110a55fc24e8fb2c5af6c10d535ec51f0b3b59b87dc56882ecad99a3947645545edfe084cd7327b02452f5abd9c29ac9d681546a22a05ded4ddf134761bf88f6295ab52b46704ddd92f8f9f99c2a6ccd597b97836e1473d83cc627a47264992152a62106b1fc189987918eeaa532dae42ac610449f83e9e5e1b721cb59ea49c58ef4181aa9c09198b2c779a18a69a8599f78a7152ea60a7b8aa9e343be48194a22c4a7d0b09c43219ce1c26515672571ec22534bb5bb1829b1b29583c6ceef68b3c9cde65946318edcd61d2654073dc0ef5ca02385c09807e60b4f0ba38cb9960f309fe02ec28402128e9a2b93f316ff916865f5089e5b8866d1621e52553ad26f2942ed7306efc69dd8e6040c551ff779bf1052167aad28b965669d878398d5970954f7fd469ac55bf18f84d818525b3ee3e0ce8d9507bc5d80ad52056d123caea3ec56a9883dcecabcf08d44a31df211ea638795a6e98d096e7e830f6eb3c687cae85a4160ec4718c4d12ac1efedafd89a06458df04973741cd17557029a46e04253d34dc93920d332e48e4f86cdc4af6f974c5ade28177f8cac5287d0d30204e14c0b47ef15167bcf9c43508578a48e866f1d9501469ad2cd5cfc1b7d16ece63cdf58da9319a780bf06bac6177c9f0db87e08bcb378dd39d84a0098b40649bc057d451f65ef14b077379467d60faae6139d6f0cfcff077c370805cace6e05ebdc6f94e44f7822c58a8cc66943e9c622b244097b63d965887fa572a7e7fc4136a90549967836f9ea441838502f30204b63b643d73f6b954b5ea197f3565935c90c48ef9bbd71e09362b3a3bb5b89827f29d7de78f1bcc0618f56edfdddde3f0c67e6987090c34483ca7bc1d1d47dbef1e173561fa9e3d8e4b26875a107343c8fc92ec3c8b5b07dd669b8ab47e1cc70c834ac76839bb6870fe68a464dc88cf71f548addcc98abbb106976487ce4ae2c8d9c64aa1fcbb751ec93640ea7e9a6db4aaf8d2119bd9ace2c51a7f23ee66131b2f6716eecc4790b6ea27a60951fdd0b9315d317c95e5c3ba4a389c46a310da5c2631a9beb19d169be93bae5ec7120227f8df45dfb401e8be93eac2d6cf0405a284f1825500c7939e56b1e438558bcad8fe098ad4facf2b64b95a5f979e5a8ebade6cc8b1a3e702cf5294fbbb519b53f50db43d5065b418e13d57a359b1a45ea9e2f01517df745e8c1f57105f8e63de8abc2075ae558b85aa9579353431dc547ee1cb9fd031db97cb9fa6803557aaa14c846d970acba7f4fda6437308df35273106087ac58c0620e0e83bbce185a2e6b24b49b55fec15a7133f073cef96bca9ed182ec2084b625b5298eec85a720ab25e765f6b60b0c02d016cdce25ee85998f6540f51b2153311edb0dc70ef4d92d518406d9cf2825f54c4e4320c9f762d47c6b2a622df5e165cbc8510601a54d4312971e6e528b00305d394ad70b7b5515aea8deab995f41dae149463ab7aa73dd2686f7a7f2b879b3f9f8ec15d46b01f7ba55fde95550c87a3c8e85a63ead802f64e11b2bebf0f95320943ccda791c4b4ab52fe3a40c1f562bdb52beb34f4091031b70dc3e590f61a0b635ebbea49e2ac50aaffcb72bebece40ca4eda3b4b4f5f0bf0f35650654a17a3c0c222c822959ae5787e9ab0a0184fba9e7c0c3a96e7292b8f69502369dab0f560b227771991ec9d850c830457bb81cc008ade61acc79ac706b82b5cb147fab98fa550be6a24efad076acc165ffed4e7927f336f2d12c219588414bdc0d1c1177883b90ef0c149e596208d5d6adeacf532d8997e927459f3d0f6082ec6a1ac86254e9972e65379c0bf0bb88e1e42522cf09d598ef52220605e360fb546fa000742f148699e1bb5902d086684b72175129c635cbaf4380d8ac03915b2a3acf42ee0085a107fab35f1c7fbb71705c26311c45f22aa28b1e72439474c3590e0815bfc5149482534533870df2323e21a300f6671924132f6803c31439d1b1fb16519d670384410e42b0ce2cd8e709ee5670cdd107de7d1e7d4fbc0cc53911bf196539018a19744ecc1c75a80bade1aafb382fae1b8106d578a986f9c57686d10063b2393ee117f721f78d3c0a52e7a7ac4a4a3e7a8a6290439b7f3e0db68c0df4eaf5bd9bfc1628f95e289d0306d8e22efdf9b3451c1691f2c6eaa21867c1ec55fe0e5b6a792da5d032b86cd168cd4ec56d60501c430a391896126a5b1c39a211278eabec338149ea195b1434131188808db050a004d32bb6d49a706d79eaaac7dc365cd3d441dc8b468b522670ba41968bc7fe60a0f5db2cdcd00365e3227462f9c5cab6a9e0f4e609002e4d09b776bc1da922708e3cc026aea3018c1db9d961428fb7c55fd432ab0e63a2a98fdd399edf39f8caee5d440490c180ea97f69e2160b499ab81fac869327ea0b1d15967ebf4b7f7b4da5a0651e78c52e765bc434ab16d1a6dbf1f319a825982b1f16272b50d089fddf2950de7e006c3a111a68821e9576d6bfdb4bc3f9b2268e918b711089ed1b580446a89bbb255bda039a383f185081b2ab6b6355bcb17b2d35de27a091507bc418445a752419e3a229c7d4dfa5e68b55b03e55934e90cbf2cc11c26f08b4f82e2de05ae6a80a29c6010202e99f816ece18f10e8ca0f36a2454327d4791a09bff4bcfb867cc955ebd512dad509f9dfb0968f052d7737cd8c8b47c7489631039a63a6fb03faebec6129a2795877304dbea90a6ff81a297f2a69d790d12b8b09c48374a3540b5711f4fdd4caac7b8cdfbf99d2e911a321107df25af41dcf3ea6a6c44e0c193badc6f2640adf617caabacc8c372d9f3ad8f47e8426875f434019873f80ef88345e96925463ec79c353740c241e01d8bdb50ddeaaaa00fdf9eeba5f4be81c310bfca7e7a1fad7d077429f5ccff59236a5305a606a81e39ebb2033239d318b2edee1c5dc295a2ee3debb4f459e597c679edf7da88c09442998449ce240be9429f4b3271976b9ce1011e548ea7ef807ff0d931ea5a238f24f2b92ab5b08f82003afb4b24f0a07307dd2887574382262ccb935352754a361a0426a49fcf4a0c91dc38aa228a8c4e9d96f25ddefcee5f0e61d550020743a2af9e52881edc27d3525ccb499eca3538157ad61e8dc98c4512f9b97aa3765b7156038428b405f8ead15ee7424766114ce561795085d4fa442f3223bdb14fc1c819c7f26cd2b5ac9f8544ededa809c3d00e8a2d3f8dee713b39a9698004022319d8b58fd4b3ffa826305687f36f776a148215ead8865e046b18563899d59b9fb62c2c52e3a543629fbe41e328341c627c52d50293ba0e3bd6226b1376476cd8bcce4f0e65a2c3834676347a5a31eb933926512efb208e0f47ad3c4171c11312dcad7afe39bc82fe881c2b16250bede46bce4d433aed612bf2d7bcfc66786acec823992d944b7f87ec9b40d576f57c4d1f05bfeab20a5ffd9fafe06cf49cee9c5ebda64bea7bfced3935b66bff161319468c3f1fc14637cd26500350357df30cb28fa72b721dc98944bcef8f182804a408c1f5a18f321d064bb254cbb00b0be295c65881a306c044aa83cdf0f9c04b67574f8cdcce47635cac2127dcd0844572c0e2b74ab987b528a68bef2a88cfd14ecde191838bde411e393072779fc28526abe186005534cb4ed5fed322a7c0164995cdf6d80fbc68c64c935bd12b107674d87096e69b07a21d345978448cab8daba04903764f27f4b390c241855844dc9ba318b54cd4efef0fc2686d06cffbe0c09fe41194e406bbec21f27f30bc3ba40c1e4780408574c079eee0c5d94a290e0dbd061f4e21fe31174e568938b00fc6108fb88a09b8d61649303efb12de9bf87b8d6fdc0aca926b8d6d3a1ee8465949923e494569d571d5b9cd514b4e85261e76048fb82e72b59fffa6104032d18d723abe0cf89a315e7c19a827fafefe4a975a703cb8b660afe51f430c592df2f113fe06f5a204fb9a6f46bf08ec717baac98d984bc8c5c873140a3b903559ddff1b52a4d175ca3791c73bff8827b4cef5e3d21c1d5ad6862a2f1f6e082280e3e791ee635dc053aab559084b9181397934d45673629dc6747978ed46ddc2f8488ecea77455d8e83a3ec01ae3f75a44f4cfaee12db8f39dc332e44a28189106dc5b8b96ecbc47053a37695b9a63d59764d89e205ef35a140a83a096ac49f43c10b701cadbfc0474f0e581878d82d0d36a9b930f36e0e7752a46e56df67c707cd3f1bed518f85e15b75d80f3a9884043e4344da5608b8c705736adc8818a4da1c6eff4e6999dbd5c79f24d8c8af6f5c7385dca81307df7aaa4915c1bc98884ff9bece6e6182678a3226d9d2e54f9785834061a6a8a4615635b235795a6b25921ef6ea77c0d3f673ad3920c58b71b2f4d81d2a314149a72f4fc44a812fe4453e7bfcad8799874af0ddd567ed9933bf91c513f4ee92de03a8eab1e11f529736e51cdbeb7a5493aad474e39a21f6926084bc829cd9c8905e954c68b5d094b566eea1789f64ad2a3c948c29e71ba38fb4b38c6e2a52164d38446b1a2fdb5fef63500a7eb5d7690e5e9e51bbca0d4f0249e70e7ae52a213ef6253ace5991249df18291847373617fc2dbc650946a7c653733068b4b24ec93a9d421c7339b2e618c8fc7f98306bece0dc01f517a08ca9575397dac4eda1eca8ebdf5abb099be3042fa5c70e6e4a49ca77b080bada9c4ac4ab638b84586445e42143358deafa5863d1cea17da858a3cfbfeae520dd24f6e200ee580dd4bc0bc56dd9f07381b269075df0daf40d61211d34a443686e403ae9434222472558a6512b0fbdc265b1e5fc59fc1d752d55dedff526191a54c0fe15f4ea0c873c4fe101f075ca5233edbf9e8fd64ae37c626dfec010f68db74c81731b3deffb5c02683d8a5f72f1adefc26b8c2f2058d1088f25373f0c0aab4947702fbe458c31d0d92ebc5e6e8499e7b2b32ce6ffb645d707ecc79c927cf08d19a4240cf8b73854ff1b89f0ef49537ec0675a5f8bf45b9f0b003fc77985ded416cba02dd51db89f5f3704d69595be5cc69d93644edc9fc99df12decc4dc32971eb3e79a416a0da53b314fa1f76618c108bb318f554a59716c9409e8a0c681848298b7c5f2ef1318d42040171182e96ebf4493c7ce4ce47e49b911e7dc3e001ca95ede865e95854ddf28b7d9459f7427d8cfe8df2f093d3d7f2f045d6d4af0babb5e449e0227dfb7abf433504970bffb835747e448b403498f484cd", 0x1000, 0x80000001}, {&(0x7f00000026c0)="1a8ee07910cd0f3bc559ea0b590e55adaf8c874f477073b57a5f1db411bcb77ed6e6f41fef8b9a3d24d2e0fd4ccb5d1ed7d0d218b0b86760a8800a3f31dbafee500bd42dedce1419e17ef764be3889e3b86ef020b08c8645c8f61038c6a1ba021423115b0729f56e17a673bcdca5bdc581922844985392c2093367aae71651e7b02a18eb3a90044cac26dfe8c7626ecffe178a025a158eda4ab4e1def248beb9a44079912ac09d6165bea7977ad4b95375e334b0009a022353ec20f82b602dc7e9cbbeed12735986c92d5d9e310d8f49584ccefcf0846e93894102bbeec74337453877d7321a07239eb4845492e9d2cf61bba7073875bdf287126a5a6ed84459fe22d601f0efd224d57a999240256dfb705b64f28ae31854724b3deebaed4378d222e211b55a206e92a0bb3b13d75b785529bc520cefddfccfca1ef0deab19fde74b95d129d0c0c406ccbee6391ad8139c88d2fa0cdad02381bdf3bf7cefeb67e26e2f17a488317e75e3d40c5e7f64ac08a133994d5a9de52fc15a0733dfa1a21d45b036d7831978ab52d2e3d61ae4c0e3158889690709cd737c2eb08209a33e5b719ddaf413b59dcedfeccde467edb779e9fa6a422dbc15f9c3abe90334d796a4516c2aa470e86c7daed1ed62059772b5b3c758cc245126d38d57ce8a70873460f92721b0057f8e0aebce1347a2df388bebd08ea172b8913006cdcc7e1d6531fe53ec34493d772e0bb5a9554eb815c03ecd6aba9d810e4fe8b57b64282e0dd3e5c8af41e51661acad698ebb7bb87a366965f5b904a59ff74341ac66f1f8213c9ad22436115024e193dacad626522a5e88287f2ec6ae9e0142717c6e7427daf3a17d02e2c81c16957c6cc94dced19c9bf469bd7787183eabdd9297e6c916fe3a93fcc02224e798c1b80fbea6d291fe7872f05d60ee3fe3c1f8b59104be850835ccb74275587e20eb4c6be1ece90bec5bac4c924d667b597e93df18b36e9e6901da8a440294379cd3bb6c7f888fc1f95929cd95047e3732f1a0e559b903b3ec489dcd9e02e8d071fd4cb2751e31f93f854beafc81373edfca42ebc9c05c065b8379057dfa4e3fd41e50d79d47a13870db153304eccf4c60ca1a2baed5b57c7fff8cfcba7c2ef608d87d4554ad72b878661fb4c5a0c653aaebeeb0257d82beefc06ee03c28d40bc93dabc7963e50c3c782f741da5dacce43abf4fd3439af6aac28815f29701d98d2737bdc04bd93e1234b4e066f8dc6e07088e1ba5b833a114a6ebdd67b72d1a887d04c98ceabbd258e53634f4ecd1102e3678cd6009d52ec8ee5c407c18731af03e98eb79ccb1e9799a5be9fb24f5028a1a2a9402b5ddcd473cfcadc6336d597f9ce6168ec7732d34a72a30e24915c311dcb951674b3673063179ed9036d8897afde4372c82fd3e874d05d25570809f19ee57a7a63f827d4379bf7e8c5f094ecdcaeaa2eb9ae2749bdd46d746fbf280b54cde1fcc1a17c79cf152c825da95db7b9de78ec1910da4dee35b2545486a17f1cdc65d514df1dfaecd85f46d575a545e2b4d6bcc46d1f62f77bab3f6ede9a8c9df9437994155cb5f5c5d6e476249a23fd4e609d5283f1c52beaf6eb1ac6f22ce8bb29f7412ceba0b50914fe4755a3278d1ef27075d63bb547b3d4b2907f17719fca11f8ffbfa3df6129268886601e35e4774256ad27f07c4a170e43358735cfb0465b0a2510f3f98a3b22c0817a6b66bd1e0f728df92f797068398753eb4e1342d760f94eb58e300ddd6e64304979f5f3d5db54bd474465a9d607fc3af2ac6c59a893d57686b5dc1d4187a09baf862addeb505b674d041430e4e78a352b6ced6b708dc2e2284c914b985fb17604f7c5df103a6084506276d2f8e3c286dce090a859c3d2a61dc4c7958c0250563d57127c698fdbf345d85d8037c35cc70cb4850f25a0a07c20737be67180293abd1d6eaaedd1e0c1364dcd910af8dad04571fbee187a0e7208ff71c4b7e7b06748bdfa0465007ea4b3e46307d4bdd99f0ea94d137bcf17eef7952b75b69310db648be0ae4b92a8374f826a62596a01e5332e62e1d874778f5d919da5cb7637b4532008432c225fc7b8f21644d941924d475bdbef9fd86af5c80b79e82d3eb4fa2593d5e48e6f2fa40cda1c84702dbd31424b5d5d7facdcf21033d34b6dddc8836ba2b056e85f30a1951e4f82dbe03aefebd728cc872c7bb8442178e3fac04bc00bc265bcccd8793a14fb9704eea68443d33515917426ae13ec81c68d70d2e7300f73906eeccb8c0279053997f3b15a58602ef6f8f7e4f2d31b190ff87720884d5cf99133b9535a4ea46a315053e5f0e863c8723c8bea92813daf1ce3be8c56832dfd2ad96604941f4d55eea6770c3c3709c7dad66a3a155dc1add03b671a924f45548b02e93893840d5a8ca721f602ef75f028daf2c426bd94057830383de1257f562cb04175c7fa8122bd879bb791fea67f08c36d23638bb359a71f58d789e7f16fe9fae10f4e41317d522cbce0cf34119732a0f6876fee47eb3b45abf8b31d50772fd49fd55a03e28c7eeb59b11350b83b52f6b1f28540948ea88aa59c62b45b529546dcf9b975e8bd91e01c8214360f1f053c1dc6262fc94508757252d7cdbdc828ea6cc9e4f558512a9c946c0cdadc7bcd3801c24212b756237a1e934c09df8b0ce248524c3fd72f4af3e00156b3b94a6401c17c36839b36b6c9b0055cf5e028a78276ec6ee2e4b38215c681133263bda6839d39abb1e414ea7aa9c763798f1c444365452e5a351e2e08ffc3e29f04ca64b0a38ab5b4f88940fd274a30bf0ce49b16abd3855d0a61968229120d26967a45442b50e8cffaf3e7746f4c1ed9bba0846ec4ebc8176f16607bdd327698913e8265c9f9fd46d65df309c0cdbb33bff2457e329ebebe71b24d94b0acdee74cb35808491765b7957f324a6291656770c17e7f1911ba3d33aad382cc37e9a9103741341f46ef818062a5bf1ed17c3ac9e50394ac4c6a3209e5ca79a2308419191a25a79749bbf4292b9d987a5df0787c8cd1b5983263d73006d8ff5b598338e00757930ec40b90614f1245b42bc261761e0631d93bb74a7e333aa57034482f2af5b91ca925005b64aa40f2e7adb122a6f32b924e293b25b71dabde2b0320c3a885143b27581849744517a52887103f9995fe1d04fed9591f29d993e3183393887f2027003e55c30c2745550e7f963b23c054ac49bf703525e89a5e81ab8327a09676eea9d94889c54052c7966f82bcec1c416c9d5d7e0ba0620414ffc3bc3124e8cd3843595c53c4e9e386d291d25d3e78639a7d1011e7da5207cd01f38f0be77985eba37c9d6d97dbca2c5a561fda19f93123446d8720fed38f619fee058ed1fc85f91b1c3ab21e452b7572564dd59149efc57df14c9d81a716f6498eaea8b3ce8383a81d73f765d9917d9bbd0dde8b764e338dc739f34df32f2fc7c961d2817b5b24f7006a809087a8adf8470205f852e026e58e1b59ac8e47d45ff4878e9e742c2d55913cf37bda98ca71780dff4eb5675d8e7398f078bf39f7a77e3bca89fe97bf9a3a817490d6f38998400d14bc2f0197146f2039768e3c0bd622b2f9f9c943f2e5f47054490f624426e4251243e5d9dc34d7347ea8f348518b790f878650cce5f652117695e1602c5f3083c915c0fe780bc8b666b55b6b0c98dfb868d883bc8eeb66e00cdbc1c6761920cc4bab6be749d76b940d84f757a75ed0eeb0199b5efa1c42b45d7df1dc4f2e5a21c581177bb898dadaac656bd9dc22503d9a88ea5138dce3a8e11db3f27888aff51e6a314e9c95635ba6a2395b5db585671e15ccaa6d7a7c49b955f2b34e0043032bb8840f0870623273665a014bdd7d611c201efa776fa08244844a26c2324f6d031b702ac460b9686df954d9f323f4b1ed07a64875219903f9408b04ed236ae0b1e9902f71fb5285ffa8cb7b63bde1703809754babbd14ca84e4b78124b9884459ed245c921c20192771f4ee8e4746a7cd98582101344d20a8c3c09971d99bb8a81d846ed1e3cfac319f6e74444493c30b4836e7ffb6608cc38dfab07a8b2e1bdc292d2f054d5b9b05f4751f48229d486de1225a90231ff5594dd6bfed17e18ddacd5b07fc579a4e54c08206dc13ea8b46ad4e50be11f42d9f9548f2ab6ef4ae7b13ec85cf49eecb82332481f46c18badc98ef1df11932d1f2826d65b5b3d55f811846f0efdb029d488ce554523d06d2d5283e7e2b24aa1550b892cf73a22b53f2660fe37868bc3d04ec9b417050e0f820d29ef4d3e2d3b0ce478bd274b131d33c6355dad63d5b8d51ed70bacbb7853d612d44b4277165d31587517874abc0e7688be99c3039d86d77132c8ce1194016e3cd1952b223591494020abf60075446f68200b5af74cc3e9967fcb841f0146542a6b444090b65443c0792f80d8452a77f3b4acefb6ed79a0251ca05879c3e2814a66d2014fabeb0e41557b9452c47b08c53bbff8f67579e9d4d96284a672769132b9a41fe4e6910e33621ae660d96b4a106abc75b87c85be3fa01548a8b265c87fed07b70352afaa644fa9b9b14386466487f38f45cad4055ead915c486a186791c77400c31905f1b3a693482ad5ecc53eca3f61706ff577abc926ef1c4e0c6dbddb748bf5c119e5ab8df14c91f46ff6252213b89363d7a5307a3e887f9194fe8090ec354528615e343a0bfbb0fbab1f5e63d4d248aa4d9396f889c55f10ddc078686600cd1bc1cf2c13aefbe3086443153f8deb26b8cc60ee9dbfee255b8424d9dcb76d74978c67e246ceadbabd0c64fd3d6263f5c9064ed0882f6b6eef48bb0f587f58b10385c7fb9d3eebe0fe197153903ff3c3513e622d903e6018cd41448e474bc33dc8800615ee60702e61fcf86989a6b24cefb9ab052aa65f3f9d0a2fcd7eeaa7ebc138be9ddab7ce0b9a60385b42ed6c9ccd12fee1c6342bd385da64589a3105c1451068e2ca9c72ca5137c53d5247398a780e4209d4046486d39a579a23d61080b349eecc3ae3edce5725bd9c8628791ae2793d17f39d380e1da2397516f1254bc082ffcc06c599c5d599a682ef9fe9e57efcfa2c898f3fcc2e190d933656871cf9ff491cc3ffc3f8144ff42176afec9c80ec0098d02aa3f9e28a617d047cbc0851c5a0e99bb50b01328f5a6a377a1b332d6c9b4eedf37a160e932f39487fe97a52fa6ec3e80f7a176d65d169a91b82e637eb070ab45b407ff26c5652f8bb5239549a8e82c9963ed56d3ca97499a2331001a22685e1627f7174c62763bdca377891237a1434ab8ea46a050de46a6ea19555715ddb3e232191fe2bba9f3d442d0877cb64546d6a96e04e9e9f901883278b4b2ef542455f32e530f27a8ee1623c201b8631a414ba653df21dbac256998e8d0671798ee1839ca0342f95aa943d2bdbba8ced8cc1ad4e8b945416b178a646f01fc5e19d5d630df3ee3d3b7df6f06302eb70a090bfd1aa15a8e357d7d2a7c6f71271ab1243a31c01f4720ddfa5f2a5ada676978e8a2cbca869d8bf9380bd001fd007061b182434ac96310ffb566ccf33a48ba0d55ad9a475c12df1931e1ac883b7e691574dbd6e8ae53dee49dfb9e89ea807071aa9a04e48d4458185e0d3e20af5c5791c42a7bb8a698206862bf716caac79846d449f2d3c8dd9b354d611bff08ee0040243900a7ded15145663c31fa52b2d6cfb0a2a141fbb7f8f4acf21178e46e9e90492cd735431831ce6dbdbc0e01b4144d3a2b57da4d2395bf42593bf1bd9b68b6c5a73ea024821eb39ad0e755fc5c50f4446bf9f371", 0x1000, 0x796}], 0x2000000, &(0x7f0000003780)={[{@resize_auto='resize=auto', 0x2c}]}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0xf, 0x3, @thr={&(0x7f0000000080)="4503fe71ae0d8f6c862c9aeedc5632e9595f4709e1bda9254da65b8baff41a678a7ec00ecb711bfbd2afff3dbdf766d1396bf035c42bce80452b438b85954c346d63d4d0c1e29356b1a36e7f6103933a1de5841dbdec6aacde9c281eadcbf1f9369ddea5db8b9447c615e57b79e8bb5cba9d", &(0x7f0000000240)="86b3b478391b8d33d38bc727c657483002cf65e9787daa5f28e481b93ffca14a3f4fff6bc8010451696c7b47d47623953089bd595f922196cfad654c47d65d5824809a557daa90711e80fd00ee967312481f152fd2303c3f51ea2a2c0f6a4d25740627eecc0ea3c3be4ccc1629cb819c79e4cb9638644f8f674f744d3b8e54e964bd10f4ea206635d1f7d34cb6e9be6ef0c4fe547f56d818456ad78bd1d05fd89524b21b"}}, &(0x7f00000001c0)) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 21:26:05 executing program 2 (fault-call:9 fault-nth:90): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) [ 245.708527] FAULT_INJECTION: forcing a failure. [ 245.708527] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 245.720444] CPU: 0 PID: 15914 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 245.728857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 245.738220] Call Trace: [ 245.740807] dump_stack+0x1c9/0x2b4 [ 245.744425] ? dump_stack_print_info.cold.2+0x52/0x52 [ 245.749725] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 245.754568] should_fail.cold.4+0xa/0x11 [ 245.758622] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 245.763721] ? kasan_check_read+0x11/0x20 [ 245.767865] ? rcu_is_watching+0x8c/0x150 [ 245.772030] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 245.777561] ? xas_start+0x23d/0x740 [ 245.781273] ? find_get_entry+0xa6d/0x1120 [ 245.785498] ? lock_downgrade+0x8f0/0x8f0 [ 245.789643] ? lock_acquire+0x1e4/0x540 [ 245.793605] ? fs_reclaim_acquire+0x20/0x20 [ 245.797918] ? lock_downgrade+0x8f0/0x8f0 [ 245.802073] ? check_same_owner+0x340/0x340 [ 245.806385] ? find_get_entry+0xa96/0x1120 [ 245.810610] ? rcu_note_context_switch+0x730/0x730 [ 245.815544] __alloc_pages_nodemask+0x36e/0xdb0 [ 245.820204] ? percpu_ref_put_many+0x119/0x240 [ 245.824788] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 245.829793] ? trace_hardirqs_on+0x10/0x10 [ 245.834019] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 245.838871] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 245.844487] ? xas_start+0x23d/0x740 [ 245.848197] ? lock_acquire+0x1e4/0x540 [ 245.852174] ? xa_load+0x288/0x450 [ 245.855711] ? lock_downgrade+0x8f0/0x8f0 [ 245.859860] ? lock_release+0xa30/0xa30 [ 245.863864] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 245.869405] alloc_pages_current+0x10c/0x210 [ 245.873811] __page_cache_alloc+0x398/0x5e0 [ 245.878146] ? xa_load+0x2b1/0x450 [ 245.881786] ? xa_clear_tag+0x40/0x40 [ 245.885583] ? filemap_range_has_page+0x4c0/0x4c0 [ 245.890428] ? unwind_get_return_address+0x61/0xa0 [ 245.895442] __do_page_cache_readahead+0x24e/0x690 [ 245.900377] ? read_pages+0x680/0x680 [ 245.904181] ? lock_acquire+0x1e4/0x540 [ 245.908142] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 245.913240] ? lock_downgrade+0x8f0/0x8f0 [ 245.917390] ? lock_release+0xa30/0xa30 [ 245.921359] ondemand_readahead+0x550/0xc40 [ 245.925678] page_cache_sync_readahead+0x3a0/0x6d0 [ 245.930601] ? force_page_cache_readahead+0x360/0x360 [ 245.935779] ? lock_acquire+0x1e4/0x540 [ 245.939752] ? rcu_note_context_switch+0x730/0x730 [ 245.944671] ? check_same_owner+0x340/0x340 [ 245.948986] ? lock_release+0xa30/0xa30 [ 245.952955] generic_file_read_iter+0x1a87/0x2f10 [ 245.957801] ? filemap_write_and_wait_range+0xd0/0xd0 [ 245.962977] ? rcu_read_lock+0x70/0x70 [ 245.966862] ? __unlock_page_memcg+0x72/0x100 [ 245.971349] ? unlock_page_memcg+0x2c/0x40 [ 245.975748] ? page_add_file_rmap+0x781/0xe40 [ 245.980234] ? page_add_new_anon_rmap+0x870/0x870 [ 245.985073] ? perf_trace_lock+0x920/0x920 [ 245.989306] ? lock_acquire+0x1e4/0x540 [ 245.993269] ? alloc_set_pte+0x1133/0x1790 [ 245.997496] ? lock_release+0xa30/0xa30 [ 246.001461] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 246.006465] ? check_pgprot+0xdf/0x180 [ 246.010341] ? put_page+0x280/0x280 [ 246.013973] ? kasan_check_write+0x14/0x20 [ 246.018197] ? do_raw_spin_lock+0xc1/0x200 [ 246.022428] ? alloc_set_pte+0xaf6/0x1790 [ 246.026571] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 246.031575] ? filemap_map_pages+0xca2/0x1990 [ 246.036060] ? trace_hardirqs_on+0x10/0x10 [ 246.040281] ? xa_set_tag+0x40/0x40 [ 246.043898] ? perf_trace_lock+0x920/0x920 [ 246.048134] ? environ_open+0x90/0x90 [ 246.051927] ? trace_hardirqs_on+0x10/0x10 [ 246.056149] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 246.061684] ? trace_hardirqs_on+0x10/0x10 [ 246.065909] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 246.070746] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 246.075584] ? perf_trace_lock+0x920/0x920 [ 246.079809] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 246.084645] ? perf_trace_lock+0x920/0x920 [ 246.088878] ? perf_trace_lock+0x920/0x920 [ 246.093113] ? shrink_dcache_sb+0x350/0x350 [ 246.097435] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 246.102266] ? __fdget_pos+0x1bb/0x200 [ 246.106148] ? lock_acquire+0x1e4/0x540 [ 246.110111] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 246.115634] ? fsnotify+0xbac/0x14e0 [ 246.119348] ext4_file_read_iter+0x18b/0x3c0 [ 246.123752] generic_file_splice_read+0x5a5/0x9a0 [ 246.128604] ? add_to_pipe+0x360/0x360 [ 246.132492] ? rw_verify_area+0x118/0x360 [ 246.136628] ? add_to_pipe+0x360/0x360 [ 246.140506] do_splice_to+0x12e/0x190 [ 246.144298] splice_direct_to_actor+0x270/0x8f0 [ 246.148966] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 246.154493] ? pipe_to_sendpage+0x400/0x400 [ 246.158822] ? do_splice_to+0x190/0x190 [ 246.162812] ? security_file_permission+0x1c2/0x230 [ 246.167842] ? rw_verify_area+0x118/0x360 [ 246.172004] do_splice_direct+0x2d4/0x420 [ 246.176157] ? splice_direct_to_actor+0x8f0/0x8f0 [ 246.181005] ? rw_verify_area+0x118/0x360 [ 246.185146] do_sendfile+0x62a/0xe20 [ 246.188876] ? do_compat_pwritev64+0x1c0/0x1c0 [ 246.193554] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 246.199115] ? _copy_from_user+0xdf/0x150 [ 246.203255] __x64_sys_sendfile64+0x15d/0x250 [ 246.207744] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 246.212338] do_syscall_64+0x1b9/0x820 [ 246.216219] ? finish_task_switch+0x1d3/0x870 [ 246.220716] ? syscall_return_slowpath+0x5e0/0x5e0 [ 246.225638] ? syscall_return_slowpath+0x31d/0x5e0 [ 246.230571] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 246.235590] ? prepare_exit_to_usermode+0x291/0x3b0 [ 246.240605] ? perf_trace_sys_enter+0xb10/0xb10 [ 246.245269] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 246.250107] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 246.255286] RIP: 0033:0x455e29 [ 246.258467] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 246.277835] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 246.285631] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 246.292889] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 246.300148] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 21:26:06 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{}, [0x0, 0x0, 0xfffffdfd]}) 21:26:06 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x5}}) 21:26:06 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0x4801000000000000}, 0x0) [ 246.307417] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 246.314676] R13: 00000000004c1113 R14: 00000000004d1540 R15: 000000000000005a 21:26:06 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x800000000000009, 0x4) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [], 0xaa}}, 0x1c) 21:26:06 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x4c00000000000000}}) 21:26:06 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x0, 0x100000000000000}) [ 246.372535] irq bypass consumer (token 00000000fd63d1f0) registration fails: -16 21:26:06 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x6}}) 21:26:06 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{}, [0x0, 0x0, 0xfdfdffff00000000]}) 21:26:06 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0xf0ffffff00000000}, 0x0) 21:26:06 executing program 4: r0 = socket$inet6(0xa, 0x20000000006, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000000040)=0x6, 0x4) r2 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r2, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r2, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r1, 0xc0a85322, &(0x7f0000000080)) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:26:06 executing program 2 (fault-call:9 fault-nth:91): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:26:06 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0xffffff7f00000000}, 0x0) 21:26:06 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0xfdfdffff00000000}}) 21:26:06 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{}, [0x0, 0x0, 0xfdfdffff]}) [ 246.552438] REISERFS warning (device loop6): super-6502 reiserfs_getopt: unknown mount option "" [ 246.612773] FAULT_INJECTION: forcing a failure. [ 246.612773] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 246.624699] CPU: 0 PID: 15977 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 246.633110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 246.642604] Call Trace: [ 246.645211] dump_stack+0x1c9/0x2b4 [ 246.648850] ? dump_stack_print_info.cold.2+0x52/0x52 [ 246.654070] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 246.658930] should_fail.cold.4+0xa/0x11 [ 246.662997] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 246.668093] ? kasan_check_write+0x14/0x20 [ 246.672328] ? __schedule+0x884/0x1ed0 [ 246.676219] ? __sched_text_start+0x8/0x8 [ 246.680724] ? lock_acquire+0x1e4/0x540 [ 246.684691] ? fs_reclaim_acquire+0x20/0x20 [ 246.689012] ? lock_downgrade+0x8f0/0x8f0 [ 246.693154] ? check_same_owner+0x340/0x340 [ 246.697466] ? rcu_note_context_switch+0x730/0x730 [ 246.702402] __alloc_pages_nodemask+0x36e/0xdb0 [ 246.707148] ? percpu_ref_put_many+0x119/0x240 [ 246.711722] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 246.716731] ? trace_hardirqs_on+0x10/0x10 [ 246.720960] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 246.725810] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 246.731337] ? xas_start+0x23d/0x740 [ 246.735039] ? lock_acquire+0x1e4/0x540 [ 246.739018] ? xa_load+0x288/0x450 [ 246.742547] ? lock_downgrade+0x8f0/0x8f0 [ 246.746685] ? lock_release+0xa30/0xa30 [ 246.750650] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 246.756193] alloc_pages_current+0x10c/0x210 [ 246.760597] __page_cache_alloc+0x398/0x5e0 [ 246.764905] ? xa_load+0x2b1/0x450 [ 246.768436] ? xa_clear_tag+0x40/0x40 [ 246.772227] ? filemap_range_has_page+0x4c0/0x4c0 [ 246.777066] ? unwind_get_return_address+0x61/0xa0 [ 246.781990] __do_page_cache_readahead+0x24e/0x690 [ 246.786924] ? read_pages+0x680/0x680 [ 246.790720] ? lock_acquire+0x1e4/0x540 [ 246.794694] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 246.799796] ? lock_downgrade+0x8f0/0x8f0 [ 246.803948] ? lock_release+0xa30/0xa30 [ 246.807917] ondemand_readahead+0x550/0xc40 [ 246.812245] page_cache_sync_readahead+0x3a0/0x6d0 [ 246.817166] ? force_page_cache_readahead+0x360/0x360 [ 246.822356] ? lock_acquire+0x1e4/0x540 [ 246.826329] ? rcu_note_context_switch+0x730/0x730 [ 246.831258] ? check_same_owner+0x340/0x340 [ 246.835585] ? lock_release+0xa30/0xa30 [ 246.839559] generic_file_read_iter+0x1a87/0x2f10 [ 246.844602] ? filemap_write_and_wait_range+0xd0/0xd0 [ 246.849787] ? rcu_read_lock+0x70/0x70 [ 246.853666] ? __unlock_page_memcg+0x72/0x100 [ 246.858164] ? unlock_page_memcg+0x2c/0x40 [ 246.862402] ? page_add_file_rmap+0x781/0xe40 [ 246.866976] ? page_add_new_anon_rmap+0x870/0x870 [ 246.871811] ? perf_trace_lock+0x920/0x920 [ 246.876127] ? lock_acquire+0x1e4/0x540 [ 246.880180] ? alloc_set_pte+0x1133/0x1790 [ 246.884410] ? lock_release+0xa30/0xa30 [ 246.888381] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 246.893389] ? check_pgprot+0xdf/0x180 [ 246.897281] ? put_page+0x280/0x280 [ 246.900899] ? kasan_check_write+0x14/0x20 [ 246.905125] ? do_raw_spin_lock+0xc1/0x200 [ 246.909356] ? alloc_set_pte+0xaf6/0x1790 [ 246.913507] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 246.918523] ? filemap_map_pages+0xca2/0x1990 [ 246.923022] ? trace_hardirqs_on+0x10/0x10 [ 246.927245] ? xa_set_tag+0x40/0x40 [ 246.930865] ? perf_trace_lock+0x920/0x920 [ 246.935089] ? environ_open+0x90/0x90 [ 246.938883] ? trace_hardirqs_on+0x10/0x10 [ 246.943111] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 246.948651] ? trace_hardirqs_on+0x10/0x10 [ 246.952877] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 246.957884] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 246.962727] ? perf_trace_lock+0x920/0x920 [ 246.966953] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 246.971789] ? perf_trace_lock+0x920/0x920 [ 246.976014] ? perf_trace_lock+0x920/0x920 [ 246.980253] ? shrink_dcache_sb+0x350/0x350 [ 246.984566] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 246.989404] ? __fdget_pos+0x1bb/0x200 [ 246.993294] ? lock_acquire+0x1e4/0x540 [ 246.997257] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 247.002787] ? fsnotify+0xbac/0x14e0 [ 247.006504] ext4_file_read_iter+0x18b/0x3c0 [ 247.010905] generic_file_splice_read+0x5a5/0x9a0 [ 247.015746] ? add_to_pipe+0x360/0x360 [ 247.019643] ? rw_verify_area+0x118/0x360 [ 247.023784] ? add_to_pipe+0x360/0x360 [ 247.027657] do_splice_to+0x12e/0x190 [ 247.031450] splice_direct_to_actor+0x270/0x8f0 [ 247.036194] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 247.041729] ? pipe_to_sendpage+0x400/0x400 [ 247.046056] ? do_splice_to+0x190/0x190 [ 247.050022] ? security_file_permission+0x1c2/0x230 [ 247.055028] ? rw_verify_area+0x118/0x360 [ 247.059164] do_splice_direct+0x2d4/0x420 [ 247.063303] ? splice_direct_to_actor+0x8f0/0x8f0 [ 247.068135] ? rw_verify_area+0x118/0x360 [ 247.072277] do_sendfile+0x62a/0xe20 [ 247.075993] ? do_compat_pwritev64+0x1c0/0x1c0 [ 247.080577] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 247.086109] ? _copy_from_user+0xdf/0x150 [ 247.090254] __x64_sys_sendfile64+0x15d/0x250 [ 247.094741] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 247.099328] do_syscall_64+0x1b9/0x820 [ 247.103203] ? finish_task_switch+0x1d3/0x870 [ 247.107697] ? syscall_return_slowpath+0x5e0/0x5e0 [ 247.112615] ? syscall_return_slowpath+0x31d/0x5e0 [ 247.117547] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 247.122553] ? prepare_exit_to_usermode+0x291/0x3b0 [ 247.127557] ? perf_trace_sys_enter+0xb10/0xb10 [ 247.132223] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 247.137057] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 247.142239] RIP: 0033:0x455e29 [ 247.145419] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 21:26:07 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) fcntl$notify(r0, 0x402, 0x80000000) socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) ioctl$KDGKBENT(r1, 0x4b46, &(0x7f0000000000)={0x0, 0x80000001, 0x5}) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 21:26:07 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x6800000000000000}}) 21:26:07 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{}, [0x0, 0x0, 0x0, 0xfffffdfd]}) 21:26:07 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0x2000000}, 0x0) 21:26:07 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x0, 0xfdfdffff00000000}) 21:26:07 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) exit(0x5) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20500, 0x40) ioctl$KVM_S390_UCAS_MAP(r2, 0x4018ae50, &(0x7f0000000040)={0x10000, 0x3, 0x400}) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) [ 247.164620] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 247.172323] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 247.179591] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 247.186939] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 247.194209] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 247.201485] R13: 00000000004c1113 R14: 00000000004d1540 R15: 000000000000005b 21:26:07 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x0, 0x4c}}) 21:26:07 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0xf000000}, 0x0) 21:26:07 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{}, [0x0, 0x0, 0x0, 0xfdfdffff00000000]}) 21:26:07 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x48000000}}) 21:26:07 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x0, 0x80ffff}) 21:26:07 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0xc00e0000}, 0x0) 21:26:07 executing program 2 (fault-call:9 fault-nth:92): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:26:07 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{}, [0x0, 0x0, 0x0, 0xfdfdffff]}) 21:26:07 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x7400}}) 21:26:07 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x0, 0x6c000000}}) [ 247.496313] FAULT_INJECTION: forcing a failure. [ 247.496313] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 247.508306] CPU: 0 PID: 16048 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 247.516722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 247.526092] Call Trace: [ 247.528691] dump_stack+0x1c9/0x2b4 [ 247.532337] ? dump_stack_print_info.cold.2+0x52/0x52 [ 247.537550] should_fail.cold.4+0xa/0x11 [ 247.541634] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 247.546756] ? kasan_check_read+0x11/0x20 [ 247.550920] ? rcu_is_watching+0x8c/0x150 [ 247.555078] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 247.560628] ? xas_start+0x23d/0x740 [ 247.564333] ? trace_hardirqs_on+0x10/0x10 [ 247.568557] ? find_get_entry+0xa6d/0x1120 [ 247.572782] ? lock_downgrade+0x8f0/0x8f0 [ 247.576943] ? lock_acquire+0x1e4/0x540 [ 247.580916] ? fs_reclaim_acquire+0x20/0x20 [ 247.585312] ? lock_downgrade+0x8f0/0x8f0 [ 247.589460] ? check_same_owner+0x340/0x340 [ 247.593775] ? find_get_entry+0xa96/0x1120 [ 247.598020] ? rcu_note_context_switch+0x730/0x730 [ 247.602958] __alloc_pages_nodemask+0x36e/0xdb0 [ 247.607626] ? percpu_ref_put_many+0x119/0x240 [ 247.612211] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 247.617229] ? trace_hardirqs_on+0x10/0x10 [ 247.622246] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 247.627780] ? xas_start+0x23d/0x740 [ 247.632191] ? lock_acquire+0x1e4/0x540 [ 247.636152] ? xa_load+0x288/0x450 [ 247.639691] ? lock_downgrade+0x8f0/0x8f0 [ 247.643835] ? lock_release+0xa30/0xa30 [ 247.647800] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 247.653323] alloc_pages_current+0x10c/0x210 [ 247.657726] __page_cache_alloc+0x398/0x5e0 [ 247.662034] ? xa_load+0x2b1/0x450 [ 247.665564] ? xa_clear_tag+0x40/0x40 [ 247.669362] ? filemap_range_has_page+0x4c0/0x4c0 [ 247.674200] ? unwind_get_return_address+0x61/0xa0 [ 247.679119] __do_page_cache_readahead+0x24e/0x690 [ 247.684047] ? read_pages+0x680/0x680 [ 247.687836] ? lock_acquire+0x1e4/0x540 [ 247.691803] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 247.696904] ? lock_downgrade+0x8f0/0x8f0 [ 247.701061] ? lock_release+0xa30/0xa30 [ 247.705031] ondemand_readahead+0x550/0xc40 [ 247.709362] page_cache_sync_readahead+0x3a0/0x6d0 [ 247.714281] ? force_page_cache_readahead+0x360/0x360 [ 247.719464] ? lock_acquire+0x1e4/0x540 [ 247.723419] ? rcu_note_context_switch+0x730/0x730 [ 247.728334] ? check_same_owner+0x340/0x340 [ 247.732654] ? lock_release+0xa30/0xa30 [ 247.736618] generic_file_read_iter+0x1a87/0x2f10 [ 247.741452] ? filemap_write_and_wait_range+0xd0/0xd0 [ 247.746623] ? rcu_read_lock+0x70/0x70 [ 247.750496] ? __unlock_page_memcg+0x72/0x100 [ 247.754976] ? unlock_page_memcg+0x2c/0x40 [ 247.759209] ? page_add_file_rmap+0x781/0xe40 [ 247.763696] ? page_add_new_anon_rmap+0x870/0x870 [ 247.768526] ? lockdep_init_map+0x9/0x10 [ 247.772573] ? kasan_check_write+0x14/0x20 [ 247.776791] ? __init_rwsem+0x1cc/0x2a0 [ 247.780763] ? lock_acquire+0x1e4/0x540 [ 247.784729] ? alloc_set_pte+0x1133/0x1790 [ 247.788956] ? lock_release+0xa30/0xa30 [ 247.792911] ? xas_descend+0x20c/0x5f0 [ 247.796781] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 247.801785] ? check_pgprot+0xdf/0x180 [ 247.805654] ? put_page+0x280/0x280 [ 247.809279] ? kasan_check_write+0x14/0x20 [ 247.813505] ? do_raw_spin_lock+0xc1/0x200 [ 247.817726] ? alloc_set_pte+0xaf6/0x1790 [ 247.821863] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 247.826864] ? filemap_map_pages+0xca2/0x1990 [ 247.831360] ? trace_hardirqs_on+0x10/0x10 [ 247.835584] ? xa_set_tag+0x40/0x40 [ 247.839204] ? environ_open+0x90/0x90 [ 247.843012] ? trace_hardirqs_on+0x10/0x10 [ 247.847250] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 247.852777] ? trace_hardirqs_on+0x10/0x10 [ 247.857003] ? trace_hardirqs_on+0x10/0x10 [ 247.861233] ? find_get_entries_tag+0x1410/0x1410 [ 247.866064] ? trace_hardirqs_on+0x10/0x10 [ 247.870468] ? mntput_no_expire+0x18e/0xbc0 [ 247.874786] ? do_raw_spin_lock+0xc1/0x200 [ 247.879014] ? mnt_get_count+0x150/0x150 [ 247.883077] ? dput.part.26+0x276/0x7a0 [ 247.887053] ? shrink_dcache_sb+0x350/0x350 [ 247.891368] ? lock_acquire+0x1e4/0x540 [ 247.895345] ? __fdget_pos+0x1bb/0x200 [ 247.899218] ? lock_acquire+0x1e4/0x540 [ 247.903350] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 247.908872] ? fsnotify+0xbac/0x14e0 [ 247.912578] ext4_file_read_iter+0x18b/0x3c0 [ 247.916977] generic_file_splice_read+0x5a5/0x9a0 [ 247.921991] ? add_to_pipe+0x360/0x360 [ 247.925874] ? rw_verify_area+0x118/0x360 [ 247.930021] ? add_to_pipe+0x360/0x360 [ 247.933968] do_splice_to+0x12e/0x190 [ 247.937753] splice_direct_to_actor+0x270/0x8f0 [ 247.942411] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 247.947936] ? pipe_to_sendpage+0x400/0x400 [ 247.952249] ? do_splice_to+0x190/0x190 [ 247.956209] ? security_file_permission+0x1c2/0x230 [ 247.961208] ? rw_verify_area+0x118/0x360 [ 247.965342] do_splice_direct+0x2d4/0x420 [ 247.969483] ? splice_direct_to_actor+0x8f0/0x8f0 [ 247.974320] ? rw_verify_area+0x118/0x360 [ 247.978457] do_sendfile+0x62a/0xe20 [ 247.982160] ? do_compat_pwritev64+0x1c0/0x1c0 [ 247.986730] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 247.992264] ? _copy_from_user+0xdf/0x150 [ 247.996417] __x64_sys_sendfile64+0x15d/0x250 [ 248.000924] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 248.005511] do_syscall_64+0x1b9/0x820 [ 248.009389] ? finish_task_switch+0x1d3/0x870 [ 248.013895] ? syscall_return_slowpath+0x5e0/0x5e0 [ 248.018818] ? syscall_return_slowpath+0x31d/0x5e0 [ 248.023748] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 248.028755] ? prepare_exit_to_usermode+0x291/0x3b0 [ 248.033760] ? perf_trace_sys_enter+0xb10/0xb10 [ 248.038427] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 248.043271] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 248.048459] RIP: 0033:0x455e29 [ 248.051635] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 248.070815] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 248.078535] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 248.085797] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 248.093069] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 248.100338] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 248.107602] R13: 00000000004c1113 R14: 00000000004d1540 R15: 000000000000005c 21:26:08 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x7f) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 21:26:08 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x0, 0x4000000}}) 21:26:08 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x0, 0x1000000}) 21:26:08 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x3}}) 21:26:08 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0xf0}, 0x0) 21:26:08 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x28002, 0x0) ioctl$BLKBSZSET(r1, 0x40081271, &(0x7f00000000c0)) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0xfffffffffffffedd) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'rose0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x37, 0x2, 0xffffffffffffffe1, [0x6]}}) r2 = socket$inet6(0xa, 0x6000000000001, 0x0) mount$9p_fd(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x400, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_fscache='cache=fscache', 0x2c}, {@uname={'uname', 0x3d, '/dev/uinput\x00'}, 0x2c}]}}) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) fcntl$dupfd(r2, 0x406, r0) bind$inet6(r2, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r2, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:26:08 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{}, [0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}) 21:26:08 executing program 2 (fault-call:9 fault-nth:93): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:26:08 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x4}}) 21:26:08 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x0, 0x6800}}) 21:26:08 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0x4801}, 0x0) 21:26:08 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x0, 0x0, 0xffffffffffffffff, [0x1000000]}) [ 248.372669] FAULT_INJECTION: forcing a failure. [ 248.372669] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 248.384616] CPU: 0 PID: 16083 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 248.393037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 248.402388] Call Trace: [ 248.404988] dump_stack+0x1c9/0x2b4 [ 248.408603] ? dump_stack_print_info.cold.2+0x52/0x52 [ 248.413789] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 248.418640] should_fail.cold.4+0xa/0x11 [ 248.422701] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 248.427811] ? kasan_check_read+0x11/0x20 [ 248.431965] ? rcu_is_watching+0x8c/0x150 [ 248.436283] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 248.441814] ? xas_start+0x23d/0x740 [ 248.445535] ? find_get_entry+0xa6d/0x1120 [ 248.449763] ? lock_downgrade+0x8f0/0x8f0 [ 248.453912] ? lock_acquire+0x1e4/0x540 [ 248.457880] ? fs_reclaim_acquire+0x20/0x20 [ 248.462197] ? lock_downgrade+0x8f0/0x8f0 [ 248.466344] ? check_same_owner+0x340/0x340 [ 248.470663] ? find_get_entry+0xa96/0x1120 [ 248.474888] ? rcu_note_context_switch+0x730/0x730 [ 248.479826] __alloc_pages_nodemask+0x36e/0xdb0 [ 248.484498] ? percpu_ref_put_many+0x119/0x240 [ 248.489075] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 248.494085] ? trace_hardirqs_on+0x10/0x10 [ 248.498322] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 248.503175] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 248.508707] ? xas_start+0x23d/0x740 [ 248.512415] ? lock_acquire+0x1e4/0x540 [ 248.516385] ? xa_load+0x288/0x450 [ 248.519928] ? lock_downgrade+0x8f0/0x8f0 [ 248.524070] ? lock_release+0xa30/0xa30 [ 248.528041] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 248.533584] alloc_pages_current+0x10c/0x210 [ 248.537997] __page_cache_alloc+0x398/0x5e0 [ 248.542311] ? xa_load+0x2b1/0x450 [ 248.545847] ? xa_clear_tag+0x40/0x40 [ 248.549642] ? filemap_range_has_page+0x4c0/0x4c0 [ 248.554478] ? unwind_get_return_address+0x61/0xa0 [ 248.559412] __do_page_cache_readahead+0x24e/0x690 [ 248.564344] ? read_pages+0x680/0x680 [ 248.568139] ? lock_acquire+0x1e4/0x540 [ 248.572103] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 248.577197] ? lock_downgrade+0x8f0/0x8f0 [ 248.581339] ? lock_release+0xa30/0xa30 [ 248.585309] ondemand_readahead+0x550/0xc40 [ 248.589643] page_cache_sync_readahead+0x3a0/0x6d0 [ 248.594575] ? force_page_cache_readahead+0x360/0x360 [ 248.599759] ? lock_acquire+0x1e4/0x540 [ 248.603733] ? rcu_note_context_switch+0x730/0x730 [ 248.608665] ? check_same_owner+0x340/0x340 [ 248.612980] ? lock_release+0xa30/0xa30 [ 248.616956] generic_file_read_iter+0x1a87/0x2f10 [ 248.621806] ? filemap_write_and_wait_range+0xd0/0xd0 [ 248.626982] ? rcu_read_lock+0x70/0x70 [ 248.630861] ? __unlock_page_memcg+0x72/0x100 [ 248.635343] ? unlock_page_memcg+0x2c/0x40 [ 248.639571] ? page_add_file_rmap+0x781/0xe40 [ 248.644067] ? page_add_new_anon_rmap+0x870/0x870 [ 248.648911] ? perf_trace_lock+0x920/0x920 [ 248.653142] ? lock_acquire+0x1e4/0x540 [ 248.657108] ? alloc_set_pte+0x1133/0x1790 [ 248.661343] ? lock_release+0xa30/0xa30 [ 248.665312] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 248.670325] ? check_pgprot+0xdf/0x180 [ 248.674196] ? put_page+0x280/0x280 [ 248.677811] ? kasan_check_write+0x14/0x20 [ 248.682030] ? do_raw_spin_lock+0xc1/0x200 [ 248.686253] ? alloc_set_pte+0xaf6/0x1790 [ 248.690394] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 248.695402] ? filemap_map_pages+0xca2/0x1990 [ 248.699888] ? trace_hardirqs_on+0x10/0x10 [ 248.704114] ? xa_set_tag+0x40/0x40 [ 248.707733] ? perf_trace_lock+0x920/0x920 [ 248.711958] ? environ_open+0x90/0x90 [ 248.715747] ? trace_hardirqs_on+0x10/0x10 [ 248.719971] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 248.725498] ? trace_hardirqs_on+0x10/0x10 [ 248.729806] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 248.734641] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 248.739487] ? perf_trace_lock+0x920/0x920 [ 248.743710] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 248.748549] ? perf_trace_lock+0x920/0x920 [ 248.752772] ? perf_trace_lock+0x920/0x920 [ 248.757094] ? shrink_dcache_sb+0x350/0x350 [ 248.761405] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 248.766233] ? __fdget_pos+0x1bb/0x200 [ 248.770121] ? lock_acquire+0x1e4/0x540 [ 248.774082] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 248.779618] ? fsnotify+0xbac/0x14e0 [ 248.783321] ext4_file_read_iter+0x18b/0x3c0 [ 248.787720] generic_file_splice_read+0x5a5/0x9a0 [ 248.792552] ? add_to_pipe+0x360/0x360 [ 248.796446] ? rw_verify_area+0x118/0x360 [ 248.800581] ? add_to_pipe+0x360/0x360 [ 248.804463] do_splice_to+0x12e/0x190 [ 248.808258] splice_direct_to_actor+0x270/0x8f0 [ 248.812914] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 248.818438] ? pipe_to_sendpage+0x400/0x400 [ 248.822747] ? do_splice_to+0x190/0x190 [ 248.826709] ? security_file_permission+0x1c2/0x230 [ 248.831713] ? rw_verify_area+0x118/0x360 [ 248.835852] do_splice_direct+0x2d4/0x420 [ 248.839989] ? splice_direct_to_actor+0x8f0/0x8f0 [ 248.844831] ? rw_verify_area+0x118/0x360 [ 248.848966] do_sendfile+0x62a/0xe20 [ 248.852672] ? do_compat_pwritev64+0x1c0/0x1c0 [ 248.857268] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 248.862795] ? _copy_from_user+0xdf/0x150 [ 248.867107] __x64_sys_sendfile64+0x15d/0x250 [ 248.871772] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 248.876351] do_syscall_64+0x1b9/0x820 [ 248.880226] ? finish_task_switch+0x1d3/0x870 [ 248.884712] ? syscall_return_slowpath+0x5e0/0x5e0 [ 248.889632] ? syscall_return_slowpath+0x31d/0x5e0 [ 248.894562] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 248.899568] ? prepare_exit_to_usermode+0x291/0x3b0 [ 248.904584] ? perf_trace_sys_enter+0xb10/0xb10 [ 248.909252] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 248.914084] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 248.919444] RIP: 0033:0x455e29 [ 248.922621] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 248.941843] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 248.949542] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 248.956794] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 248.964048] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 21:26:08 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0x9effffff}, 0x0) 21:26:08 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{}, [0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]}) 21:26:08 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x6800000000000000}}) [ 248.971392] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 248.978739] R13: 00000000004c1113 R14: 00000000004d1540 R15: 000000000000005d 21:26:09 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x0, 0x5}}) 21:26:09 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000580)=0x9, 0x4) ioctl$TCSETAW(r0, 0x5407, &(0x7f0000000000)={0x9, 0x79, 0x1, 0x3f, 0x2, 0x1, 0x8, 0x10000, 0x4, 0x7}) modify_ldt$read(0x0, &(0x7f0000000240)=""/141, 0x8d) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) r2 = accept$inet6(0xffffffffffffff9c, &(0x7f0000000080), &(0x7f00000000c0)=0x1c) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000300)={{{@in6=@loopback, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in=@broadcast}}, &(0x7f00000001c0)=0xe8) r4 = dup(r0) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, &(0x7f0000000440)={r2}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000400)={'ifb0\x00', r3}) fgetxattr(r2, &(0x7f00000005c0)=ANY=[@ANYBLOB="5d747266732e6d643573756d766d6e65743073656375726974795e2300d52cafbb83cb50951b4430ddc0e57ddbf62f598c5340a0302bcbc49b2bb05cafe0b7ca56e51b6325bfff150965142e19f3f1a625aab5ac2d4153c8026d4df2a82aa157be592dd6ca2d113fad815046040386a3dcf3e6154c68cdba62896847d107ffea5c83781babafffe334daee13f580c1ea04ea5e6a693cfb09c4a342e2346f86313a9f4e8b905578f69fce012371a140206140ecfd82d134c05348659c15021069d3343f98c34f19970389ca5b2085e775a85515e974cd1d194937e5c0d87b35be82c403191d1cf5a465c0c62976123adbfd9984c26af1bc5635ec4cc1e5e732b7e6d9b3043560e40225705593bac7a18a7f3cf083e1e9a579b880d0ce205bae94433403b9d579"], &(0x7f00000004c0)=""/145, 0x91) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r5 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r5, 0x540a, 0x0) 21:26:09 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x0, 0x0, 0xffffffffffffffff, [0xffff8000]}) 21:26:09 executing program 2 (fault-call:9 fault-nth:94): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:26:09 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0xf0ffff}, 0x0) 21:26:09 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x68000000}}) 21:26:09 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)={&(0x7f0000000080)='./file0\x00', 0x0, 0x8}, 0x10) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000040)={0x20000000}) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:26:09 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{}, [0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}) 21:26:09 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x0, 0x7400000000000000}}) [ 249.299191] FAULT_INJECTION: forcing a failure. [ 249.299191] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 249.311184] CPU: 0 PID: 16143 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 249.319591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 249.328948] Call Trace: [ 249.331560] dump_stack+0x1c9/0x2b4 [ 249.335204] ? dump_stack_print_info.cold.2+0x52/0x52 [ 249.340408] ? _raw_spin_unlock_irq+0x27/0x70 [ 249.344915] ? finish_task_switch+0x1d3/0x870 [ 249.349429] should_fail.cold.4+0xa/0x11 [ 249.353503] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 249.358616] ? kasan_check_write+0x14/0x20 [ 249.362866] ? __schedule+0x884/0x1ed0 [ 249.366851] ? trace_hardirqs_on+0x10/0x10 [ 249.371107] ? __sched_text_start+0x8/0x8 [ 249.375274] ? retint_kernel+0x10/0x10 [ 249.379174] ? lock_acquire+0x1e4/0x540 [ 249.383167] ? fs_reclaim_acquire+0x20/0x20 [ 249.387500] ? lock_downgrade+0x8f0/0x8f0 [ 249.391748] ? check_same_owner+0x340/0x340 21:26:09 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0xc00e}, 0x0) 21:26:09 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0x34000}, 0x0) 21:26:09 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{}, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}) 21:26:09 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x3000000}}) [ 249.396089] ? rcu_note_context_switch+0x730/0x730 [ 249.401041] __alloc_pages_nodemask+0x36e/0xdb0 [ 249.405723] ? percpu_ref_put_many+0x119/0x240 [ 249.410490] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 249.415505] ? trace_hardirqs_on+0x10/0x10 [ 249.419735] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 249.425281] ? xas_start+0x23d/0x740 [ 249.429001] ? lock_acquire+0x1e4/0x540 [ 249.433138] ? xa_load+0x288/0x450 [ 249.436674] ? lock_downgrade+0x8f0/0x8f0 [ 249.440810] ? lock_release+0xa30/0xa30 [ 249.444878] ? retint_kernel+0x10/0x10 [ 249.448755] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 249.454282] alloc_pages_current+0x10c/0x210 [ 249.458678] __page_cache_alloc+0x398/0x5e0 [ 249.463000] ? xa_load+0x2b1/0x450 [ 249.466535] ? xa_clear_tag+0x40/0x40 [ 249.470342] ? filemap_range_has_page+0x4c0/0x4c0 [ 249.475170] ? unwind_get_return_address+0x61/0xa0 [ 249.480086] __do_page_cache_readahead+0x24e/0x690 [ 249.485008] ? read_pages+0x680/0x680 [ 249.488801] ? lock_acquire+0x1e4/0x540 [ 249.492857] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 249.497956] ? lock_downgrade+0x8f0/0x8f0 [ 249.502092] ? lock_release+0xa30/0xa30 [ 249.506053] ondemand_readahead+0x550/0xc40 [ 249.510376] page_cache_sync_readahead+0x3a0/0x6d0 [ 249.515313] ? force_page_cache_readahead+0x360/0x360 [ 249.520496] ? lock_acquire+0x1e4/0x540 [ 249.524472] ? rcu_note_context_switch+0x730/0x730 [ 249.529391] ? check_same_owner+0x340/0x340 [ 249.533740] ? lock_release+0xa30/0xa30 [ 249.537720] generic_file_read_iter+0x1a87/0x2f10 [ 249.542646] ? filemap_write_and_wait_range+0xd0/0xd0 [ 249.547819] ? rcu_read_lock+0x70/0x70 [ 249.551699] ? __unlock_page_memcg+0x72/0x100 [ 249.556316] ? unlock_page_memcg+0x2c/0x40 [ 249.560553] ? page_add_file_rmap+0x781/0xe40 [ 249.565040] ? page_add_new_anon_rmap+0x870/0x870 [ 249.569884] ? lockdep_init_map+0x9/0x10 [ 249.573937] ? kasan_check_write+0x14/0x20 [ 249.578170] ? __init_rwsem+0x1cc/0x2a0 [ 249.582146] ? lock_acquire+0x1e4/0x540 [ 249.586111] ? alloc_set_pte+0x1133/0x1790 [ 249.590372] ? lock_release+0xa30/0xa30 [ 249.594338] ? xas_descend+0x20c/0x5f0 [ 249.598215] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 249.603219] ? check_pgprot+0xdf/0x180 [ 249.607093] ? put_page+0x280/0x280 [ 249.610708] ? kasan_check_write+0x14/0x20 [ 249.614932] ? do_raw_spin_lock+0xc1/0x200 [ 249.619157] ? alloc_set_pte+0xaf6/0x1790 [ 249.623299] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 249.628391] ? filemap_map_pages+0xca2/0x1990 [ 249.633976] ? trace_hardirqs_on+0x10/0x10 [ 249.638197] ? xa_set_tag+0x40/0x40 [ 249.641826] ? environ_open+0x90/0x90 [ 249.645612] ? trace_hardirqs_on+0x10/0x10 [ 249.649836] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 249.655472] ? trace_hardirqs_on+0x10/0x10 [ 249.659700] ? trace_hardirqs_on+0x10/0x10 [ 249.663933] ? find_get_entries_tag+0x1410/0x1410 [ 249.668777] ? trace_hardirqs_on+0x10/0x10 [ 249.673018] ? mntput_no_expire+0x18e/0xbc0 [ 249.677331] ? do_raw_spin_lock+0xc1/0x200 [ 249.681558] ? mnt_get_count+0x150/0x150 [ 249.685607] ? dput.part.26+0x276/0x7a0 [ 249.689596] ? shrink_dcache_sb+0x350/0x350 [ 249.693919] ? lock_acquire+0x1e4/0x540 [ 249.697878] ? __fdget_pos+0x1bb/0x200 [ 249.702018] ? lock_acquire+0x1e4/0x540 [ 249.705986] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 249.711533] ? fsnotify+0xbac/0x14e0 [ 249.715238] ext4_file_read_iter+0x18b/0x3c0 [ 249.719638] generic_file_splice_read+0x5a5/0x9a0 [ 249.724565] ? add_to_pipe+0x360/0x360 [ 249.728446] ? rw_verify_area+0x118/0x360 [ 249.732578] ? add_to_pipe+0x360/0x360 [ 249.736451] do_splice_to+0x12e/0x190 [ 249.740244] splice_direct_to_actor+0x270/0x8f0 [ 249.744899] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 249.750424] ? pipe_to_sendpage+0x400/0x400 [ 249.754744] ? do_splice_to+0x190/0x190 [ 249.758703] ? security_file_permission+0x1c2/0x230 [ 249.763706] ? rw_verify_area+0x118/0x360 [ 249.767841] do_splice_direct+0x2d4/0x420 [ 249.771986] ? splice_direct_to_actor+0x8f0/0x8f0 [ 249.776815] ? rw_verify_area+0x118/0x360 [ 249.780950] do_sendfile+0x62a/0xe20 [ 249.784664] ? do_compat_pwritev64+0x1c0/0x1c0 [ 249.789249] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 249.794774] ? _copy_from_user+0xdf/0x150 [ 249.798910] __x64_sys_sendfile64+0x15d/0x250 [ 249.803391] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 249.807971] do_syscall_64+0x1b9/0x820 [ 249.811843] ? finish_task_switch+0x1d3/0x870 [ 249.816332] ? syscall_return_slowpath+0x5e0/0x5e0 [ 249.821249] ? syscall_return_slowpath+0x31d/0x5e0 [ 249.826168] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 249.831170] ? prepare_exit_to_usermode+0x291/0x3b0 [ 249.836172] ? perf_trace_sys_enter+0xb10/0xb10 [ 249.840845] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 249.845684] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 249.850951] RIP: 0033:0x455e29 [ 249.854122] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 249.873385] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 249.881170] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 249.888447] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 21:26:09 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x0, 0x500}}) 21:26:09 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0xffffff9e}, 0x0) 21:26:09 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{}, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]}) [ 249.895699] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 249.902955] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 249.910212] R13: 00000000004c1113 R14: 00000000004d1540 R15: 000000000000005e 21:26:09 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) io_setup(0x4, &(0x7f0000000040)=0x0) io_pgetevents(r2, 0x2, 0x7, &(0x7f0000000080)=[{}, {}, {}, {}, {}, {}, {}], &(0x7f0000000180)={0x77359400}, &(0x7f0000000200)={&(0x7f00000001c0)={0x3}, 0x8}) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f0000000000)={0x6}, 0x4) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:26:10 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)={0x80000000}) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 21:26:10 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x74000000}}) 21:26:10 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0xec0}, 0x0) 21:26:10 executing program 2 (fault-call:9 fault-nth:95): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:26:10 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{}, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}) 21:26:10 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x0, 0x74}}) 21:26:10 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x0, 0x0, 0xffffffffffffffff, [0xfffffdfd]}) 21:26:10 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x2000000}}) [ 250.406861] FAULT_INJECTION: forcing a failure. [ 250.406861] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 250.418801] CPU: 1 PID: 16201 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 250.427209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 250.436653] Call Trace: [ 250.439362] dump_stack+0x1c9/0x2b4 [ 250.443007] ? dump_stack_print_info.cold.2+0x52/0x52 [ 250.448388] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 250.453254] should_fail.cold.4+0xa/0x11 21:26:10 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0x9effffff00000000}, 0x0) [ 250.457334] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 250.462661] ? update_load_avg+0x2de/0x2590 [ 250.466997] ? rcu_is_watching+0x8c/0x150 [ 250.471162] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 250.471222] irq bypass consumer (token 00000000e6953b38) registration fails: -16 [ 250.476701] ? xas_start+0x23d/0x740 [ 250.476724] ? find_get_entry+0xa6d/0x1120 [ 250.476744] ? lock_downgrade+0x8f0/0x8f0 [ 250.476763] ? lock_acquire+0x1e4/0x540 [ 250.476780] ? fs_reclaim_acquire+0x20/0x20 21:26:10 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x300}}) [ 250.504822] ? lock_downgrade+0x8f0/0x8f0 [ 250.508997] ? check_same_owner+0x340/0x340 [ 250.513338] ? find_get_entry+0xa96/0x1120 [ 250.517589] ? rcu_note_context_switch+0x730/0x730 [ 250.522541] __alloc_pages_nodemask+0x36e/0xdb0 [ 250.527221] ? percpu_ref_put_many+0x119/0x240 [ 250.531817] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 250.536843] ? trace_hardirqs_on+0x10/0x10 [ 250.541089] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 250.545956] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 250.551509] ? xas_start+0x23d/0x740 [ 250.555217] ? lock_acquire+0x1e4/0x540 [ 250.559177] ? xa_load+0x288/0x450 [ 250.562707] ? lock_downgrade+0x8f0/0x8f0 [ 250.566847] ? lock_release+0xa30/0xa30 [ 250.570823] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 250.576360] alloc_pages_current+0x10c/0x210 [ 250.580779] __page_cache_alloc+0x398/0x5e0 [ 250.585091] ? xa_load+0x2b1/0x450 [ 250.588621] ? xa_clear_tag+0x40/0x40 [ 250.592424] ? filemap_range_has_page+0x4c0/0x4c0 [ 250.597260] ? unwind_get_return_address+0x61/0xa0 [ 250.602191] __do_page_cache_readahead+0x24e/0x690 [ 250.607131] ? read_pages+0x680/0x680 [ 250.610924] ? lock_acquire+0x1e4/0x540 [ 250.614891] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 250.619992] ? lock_downgrade+0x8f0/0x8f0 [ 250.624130] ? lock_release+0xa30/0xa30 [ 250.628107] ondemand_readahead+0x550/0xc40 [ 250.632433] page_cache_sync_readahead+0x3a0/0x6d0 [ 250.637380] ? force_page_cache_readahead+0x360/0x360 [ 250.642578] ? lock_acquire+0x1e4/0x540 [ 250.646542] ? rcu_note_context_switch+0x730/0x730 [ 250.651461] ? check_same_owner+0x340/0x340 [ 250.655783] ? lock_release+0xa30/0xa30 [ 250.659753] generic_file_read_iter+0x1a87/0x2f10 [ 250.664593] ? filemap_write_and_wait_range+0xd0/0xd0 [ 250.669777] ? rcu_read_lock+0x70/0x70 [ 250.673657] ? __unlock_page_memcg+0x72/0x100 [ 250.678324] ? unlock_page_memcg+0x2c/0x40 [ 250.682548] ? page_add_file_rmap+0x781/0xe40 [ 250.687032] ? page_add_new_anon_rmap+0x870/0x870 [ 250.691865] ? perf_trace_lock+0x920/0x920 [ 250.696097] ? lock_acquire+0x1e4/0x540 [ 250.700174] ? alloc_set_pte+0x1133/0x1790 [ 250.704411] ? lock_release+0xa30/0xa30 [ 250.708638] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 250.713639] ? check_pgprot+0xdf/0x180 [ 250.717773] ? put_page+0x280/0x280 [ 250.721385] ? kasan_check_write+0x14/0x20 [ 250.725612] ? do_raw_spin_lock+0xc1/0x200 [ 250.729836] ? alloc_set_pte+0xaf6/0x1790 [ 250.733977] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 250.738985] ? filemap_map_pages+0xca2/0x1990 [ 250.743475] ? trace_hardirqs_on+0x10/0x10 [ 250.747701] ? xa_set_tag+0x40/0x40 [ 250.751319] ? perf_trace_lock+0x920/0x920 [ 250.755545] ? environ_open+0x90/0x90 [ 250.759336] ? trace_hardirqs_on+0x10/0x10 [ 250.763557] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 250.769090] ? trace_hardirqs_on+0x10/0x10 [ 250.773315] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 250.778153] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 250.782985] ? perf_trace_lock+0x920/0x920 [ 250.787215] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 250.792056] ? perf_trace_lock+0x920/0x920 [ 250.796279] ? perf_trace_lock+0x920/0x920 [ 250.800511] ? shrink_dcache_sb+0x350/0x350 [ 250.804830] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 250.809657] ? __fdget_pos+0x1bb/0x200 [ 250.813538] ? lock_acquire+0x1e4/0x540 [ 250.817501] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 250.823036] ? fsnotify+0xbac/0x14e0 [ 250.826741] ext4_file_read_iter+0x18b/0x3c0 [ 250.831142] generic_file_splice_read+0x5a5/0x9a0 [ 250.835973] ? add_to_pipe+0x360/0x360 [ 250.839860] ? rw_verify_area+0x118/0x360 [ 250.843995] ? add_to_pipe+0x360/0x360 [ 250.847871] do_splice_to+0x12e/0x190 [ 250.851669] splice_direct_to_actor+0x270/0x8f0 [ 250.856343] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 250.861881] ? pipe_to_sendpage+0x400/0x400 [ 250.866201] ? do_splice_to+0x190/0x190 [ 250.870162] ? security_file_permission+0x1c2/0x230 [ 250.875704] ? rw_verify_area+0x118/0x360 [ 250.879848] do_splice_direct+0x2d4/0x420 [ 250.883987] ? splice_direct_to_actor+0x8f0/0x8f0 [ 250.888827] ? rw_verify_area+0x118/0x360 [ 250.892967] do_sendfile+0x62a/0xe20 [ 250.896674] ? do_compat_pwritev64+0x1c0/0x1c0 [ 250.901259] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 250.906879] ? _copy_from_user+0xdf/0x150 [ 250.911020] __x64_sys_sendfile64+0x15d/0x250 [ 250.915523] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 250.920096] do_syscall_64+0x1b9/0x820 [ 250.923970] ? finish_task_switch+0x1d3/0x870 [ 250.928455] ? syscall_return_slowpath+0x5e0/0x5e0 [ 250.933373] ? syscall_return_slowpath+0x31d/0x5e0 [ 250.938299] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 250.943305] ? prepare_exit_to_usermode+0x291/0x3b0 [ 250.948318] ? perf_trace_sys_enter+0xb10/0xb10 [ 250.952972] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 250.957806] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 250.962980] RIP: 0033:0x455e29 [ 250.966153] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 250.985357] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 250.993052] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 251.000311] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 21:26:11 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0x0, 0x4801000000000000}, 0x0) 21:26:11 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}) [ 251.007566] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 251.014839] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 251.022107] R13: 00000000004c1113 R14: 00000000004d1540 R15: 000000000000005f 21:26:11 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x0, 0x0, 0xffffffffffffffff, [0x1000000000000]}) 21:26:11 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x0, 0x6}}) 21:26:11 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x74}}) 21:26:11 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0x0, 0xf0ffffffffffff}, 0x0) 21:26:11 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) r1 = getpid() ioctl$VT_RELDISP(r0, 0x5605) read(r0, &(0x7f0000000040)=""/11, 0xb) pipe2(&(0x7f0000000100)={0xffffffffffffffff}, 0x800) ioctl$KVM_SMI(r2, 0xaeb7) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r3, 0x2, r0) r4 = syz_open_pts(r0, 0x1098c0) write$binfmt_script(r3, &(0x7f0000000440)=ANY=[@ANYBLOB="2321202e2f66696c653020292021766d6e65743023206e6f6e6500206e6f6e6500202f6465762f70746d7800206e6f6e6500202f6465762f70746d780020706f7369785f61636c5f61636365737382200a33475c06ed5616ad7f410d004990fda8a9f2e71ef0bc332c7815878e42f57bbf79a3ac3e7f92e50c1ff83e1306f74e4f1b2040edf6a0bdc33b05c15a84fe2623c624cea4a3675839cc78c56db262f9fea7b7c8144c768c51bff5c7e179cb7251b6d240082dc2cbe86755d698438763f20863cbcfdd5e2a9acfcc13caf6fc6791b78b18950c036515ea702cc8c3d4c13860bbf97ae1dff814c012a876cb894eefebf47ab1207877117274687cba17ddc4a0f6928b8a64dc52f4d2c9540bee5cd1a0e1ab20c2de6499f7479e3f92e5391090a528893d47833d9ff26e8e7fc4f1a6e8174bab4225108928435afcf09ad51d69cfce466d39897efa92752638f7fb18030f5b6c3e8fd27e5050f00e8efc20010b0660b7ae4bde5c8d7f4944fecdc367088e6234e2b3e02411988701e019682b5f40883f1fdf777aa28ce38d4d44b7dd4256d2513a2f5e6fb92eeaf479adfc7f2f732a72fafd425ecd98c10c65facfce4c4b2457d9b882e9011b72d832eb2b8bf36dcfd385e84400948251abb3165c5713b4b73ab02b5f9e0c5351da37d32061da"], 0x121) ioctl$TCXONC(r4, 0x540a, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x80000) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r1, 0x10, &(0x7f00000000c0)={0x1785}) setsockopt$IP_VS_SO_SET_DEL(r5, 0x0, 0x484, &(0x7f0000000080)={0x6, @empty, 0x4e24, 0x4, 'none\x00', 0x2, 0x80000001, 0x32}, 0x2c) 21:26:11 executing program 2 (fault-call:9 fault-nth:96): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:26:11 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}) 21:26:11 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x0, 0x68}}) 21:26:11 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x700000000000000}}) 21:26:11 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x0, 0x0, 0xffffffffffffffff, [0x100000000000000]}) 21:26:11 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0x0, 0xc00e0000}, 0x0) 21:26:11 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000023c0)=0x0) capget(&(0x7f0000002400)={0x19980330, r4}, &(0x7f0000002440)={0x2, 0x4, 0x100000000, 0x81, 0xcb76}) r5 = gettid() stat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0}) getgroups(0x1, &(0x7f0000000200)=[0xffffffffffffffff]) r8 = gettid() r9 = geteuid() getresgid(&(0x7f0000001340), &(0x7f0000001380), &(0x7f00000013c0)=0x0) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000001400)=0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000001440)={0x0, 0x0}, &(0x7f0000001480)=0xc) getgroups(0x9, &(0x7f00000014c0)=[0xffffffffffffffff, 0xee00, 0x0, 0xffffffffffffffff, 0xee00, 0xee01, 0xffffffffffffffff, 0xffffffffffffffff, 0xee00]) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000001ec0)={0x0}, &(0x7f0000001f00)=0xc) ioctl$sock_SIOCSIFBR(r2, 0x8941, &(0x7f0000002480)=@generic={0x0, 0x9, 0xfffffffffffffffe}) getresuid(&(0x7f0000001f40), &(0x7f0000001f80), &(0x7f0000001fc0)=0x0) r16 = getgid() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000002000)=0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000002040)={{{@in, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in6}}, &(0x7f0000002140)=0xe8) stat(&(0x7f0000002180)='./file0\x00', &(0x7f00000021c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sendmmsg$unix(r3, &(0x7f00000022c0)=[{&(0x7f0000000040)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{&(0x7f00000000c0)="46b22040f6d52d8b0b63f161f2fa6a76397f4482b3aa407d0929c55deac12b3c2f3cf0abb95f60", 0x27}], 0x1, &(0x7f0000000240)=[@cred={0x20, 0x1, 0x2, r5, r6, r7}], 0x20, 0x8000}, {&(0x7f0000000280)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f0000001300)=[{&(0x7f0000000300)="241ca577ccb6154cf790f27fe4bfef9cccd5bc2e631222086839f3613712a34858f7abaf601769c1ed95a0d88ec9b5d8ad81613dd042e657a0bf211386f37665f62e35ea4d66cee5c556d07c2ec4b02e4091fb6d0f9aa5d915fd9212fc520314c5ddde213f98eecbf595617a03ee0dff6e9b04ab1ab0c98a38a3c98f6939307315c03618581bd9e2052f5b82ab5b2dd271f8af1057498d2c824e10d5ce5239c5792fee0f7a1b862557e7b204fd8a87888683930754cb75298ebc8cd2c6c130c1f306d4219d0ca692cbe1043af1cb7c375929dcfca4fcb33865de611f52f2ae89048220732364dbc10ee6ce79ca3cd7ecbb274f499c7a1f6c406dad1d4da5f00d36f4fcc97fa5cb9f05952e602170a1102c4adb547e635548c835c127849872031c21fd71b3ad14eb6540ade879a3362adfbf0045a23107a57d9391d1f1bc6127b325dc54210f966f4d474fac49925df5632835c5121eef23e94570d72b767e8097dabf454c5459e68edbee6a4dc1db2ca9795351c864b5bd6c574e1a131fec05563a7663ab465ae5b83ef2d877450ecc8141094cd2cc73cd1fec65060ff69dd17cd2901a2c5949b67ae39c897784a73c94c68713db6af32f5603ca3d8da1b8c97f39a4624e8b19e53be3d237da7b7bcd21f99ab7f1c4bf0cd2f78644ce47a4cff9e0cae4a861c1f9b933a37c031489e0e9f241e7cd0af86a117359fa69729efefaa2ca5505f9ce2c48f46fd464ffc631040c2288d4e3972d91ff00a59aa1b523c4d78b595da829b2338a61fd56c1891ebc7c8298448cdb75e1869f5e55d252cc21ff06c4f8aecbd753b7772313dd5b502a63ab5dcb10620f797d2f5153497f811209a0017c276ae6b3dbc554961a134b55530923576e5dc120823c257df00a33245429b4693225a3520d2fdce3c8f89a86b77746a6929dfba5da5278ccedab04fab62b57b3a1b23924ef6994cabf24de627740a0b4d2335fb30cf699db7b986d1a73e7c6abc935e9c4b87dce2c9aa1266584e5be131716518805733b710aee908d5712f3d3cba6c43b2e7932a0fc1915c7a9f0212d368d4348ca0971cf3cda0210d701bb0353304f52c4785685f1fb24828ea91f207b225de9d5c6359695c1b937d82dbf947a76630e953af17016d80e4da0d32f5511e18e9194aab3f0054b8ea1dcf0a6fc204de95cafff6a9b2cbf0df37048a33f171a0b4400d5c4c904ea9144272c2b0396af68a5a8de51c2f459acccee5d1f64d170331b740349ec091d306d52c4bcd16c59c302cd6bb6c9b41beaf2249acce670d8a336e4de219944f0abbf630c99563d01ea43f5879c0b29e30e2d307c3e75a2c59b7e94c7940a4940bcb922bd8cf50db9c23aa277435ab6a742e76ec5b02a6187a24013d291ee19a0f861dbe890046efdcf907addea807fd770d197a3e5bf4798c5b1a13489283ecd95e858c31d7b77ed0827e45381f677796ec897ebdc26f68287521d0205f83dbb7b5e26f0f7ab3a605e41bb0da1b11162e2b3d2901f835487485a95da083815e5d2ee17847c90170b9bc23411adc779e53480e2c4beb0f58b5f5db5a968dc392bbaafbec64d9d0d446300b4d539c48f35ef9e66b0000e9ac44167a54d78f277181e845747bbc88d84a4bd7d725a0b7627daadf0eb0949ace13a49a12cc0891c803ce9f9e9927ab1482b5bad07f2fef4941b0e6ac1d7a9b94d7b687246dae58aabf618cd31f865e088797743e85daf1e959510c24515fa52cfd94477c8f43365e9cb9610222ee35004dab070f0b55ae6b326b0d8218e22a169a3aae3f3aad82b84d227fdee56877180bcb51b35ff494c1c300d29f878efaed6a0141d7d2efc8ee593e2b05d96a65ce0473fd0eb2fa09a6420ff43e5030fc18ce963b4f77eaca0a1f039c6c663ea2a18c376d4c77b04512bad7cdf39b2b31d5a5365cba6e1e9a17cf60c829ec711e145dd24d50c2e5ad85dae4859dee7c8bf6a2d38c7e96bcf85496dc7cb26447b84fdd3d7a296be8ecb8665be58869dcda91c15396730625f5604c8b69e96e82a96963dea480bc7ec482974ad329d28aa94bd8d2c3072d1f6e986d9423b95c46e5921f22346c408cf3f3777e475ed96cad613a4ee7b8dd567cd4f02e8d47e17825315d1a6af2e92a84f50dcf031dc089ebbf43bbe8f9289fa4a92738abc7277cc248cac98317ffed4bb3ab103a33b64f94c0dff517caf40498908d553cab5ed86a97011438b60d8e5a4d1cc01a76188f72dff215a1261da484092c5fbe7d4e9710c911d64419f78fe84107388ddab85ab83efca64ab5defb9d2e714053ffdb429a0258238b94c9c596210448df75ec5be946898fb27db046c1553bcd438508921291eace945689b7c3268fd3f58eba99902cc5768b2abcfd3749d747d42d416b4d845de4a4a15f8dc458b85ab7b5c47deb5f6f4f394b1e8001802d93373803a36eff7bd41016a36602cd82440f33ca45e329b899871beb780e85dbbcf2b31b6244e7ad12160d6994c8fa7fcf2d4dec7c3638e5e73d270b7ae298b39d6dac456bae7e74fe9c681917d8f65a1de4b931c31199ff41fdf0c65897fb1527f349ca14482c585423ada5f5ede1e189899e0af405582b5880c80943ece6f67dc24d545d8fc08af924ac8bbc0fc67429e1d76f78bdbb03b0057eb77a482573771763432f72c40a4e599aaa63bd602f53dfeb8ed63ff413a9fb5e8482b3ef6f3f5eb8e05219edba868e6567c9ed13552ffba3c5f4bad128160e0c4143b1e22a1c305bcd6d3b1c5432c2f2daf21fe211954b6f487340e2caaa9f02cfe9a583c98074a426d2823931bc9ffc30bc15ec64b32115a48faa11c30842a6d39bcaa99a0f06637b7285b05722b2f304d82064e1b1355c8fe604064b43952c336ef50585e9a89bd085e5aa179a77f995d00d79d386c73036eeb7774147f5b98787b0468a8dd730f0275520bc33ae3e7dca4c0f796c86dcb66775826b301d010412dade107ed17b0620355272865b69e28e38eab6099b92d7400cc37c73e24d4c206536ff2ff1195421b1787496c8056bf33df345adbacdb2d7f052b912095d9f32f44ac55c0f2eb3e96d31184c6008ecdecfc0af89a5774853320bf35bacac09ebd3197313ad4a3ae6cdcca76c30059c3994b91aa7e6f8b6759c37c29ee8a1ee78209122759526b1e275a906563f68d8561aa9dca90660f000291bc8e42a5033021141a9b84829a7b71184d0676edc5ea6b25a7d9f8dc10d1baf5b36e24d6fe03c1207acb5ee86c7cd7a51eaefe4e4aa07b7bd603d9f6d09bbe554e940d58689a7502b0d1acecae3a5de235b515e992f8a55329a99b19176e3411dba435f99b67c4017cc7c1f923efb4f2294814d7695cd0d4aad4dcccde74c692b49bfad56e4c516fc7813b5d10e75be81c218ec0b552516bf54d3e932dc65bba0ba62878e5df3fe532b38e774e20af458a6ecbfbf438d24e5d44eea0a12b9418889a904694cc9c5c64e71d6f9c4c823bcf51808385819a2474364eb0cb2e891d17cbceaf77fd46f0830221b2a28393996861c399305abd84fe4f25123fce1e6895301b4c3fb8c3589d93b51e6b319fdd3a24759821a20157671a55c0e2e529849aaee63a0101088ec66adfb5b2e4827f38df9d52861f02e33acf825370a08b0350c89f2b4de4f8b814dd4e1c64f9bf52701893d16429f83b4de3e20634a9db7a13b9df83234fa23ef41a0fd3d140c93a8307d365461d6d121d901c89f7842f19a6639ad80d59ad2833455d99d53dce670b5b1a94326e24efa833f53eccfb5fcffc9b7d26393056ba14d2c14e95a318677e458a0f5489a0377bfa205adec678d6f88b3edc3c21e6b3564b5b9e03a581bc41ed502f6f785a47bdfea14ae49d19ba020e7554458bd50a177347e3f2e6451166834b246fabdc7a4a5eaffde02188bf2a88f69d8d609f6adabe411151d6a22fed5c30a9192cb5ce5138ea29a49f515e13f5ef3637ded49988a1eff96f4ec1f4fb5eae3ffe9b4c9a3845da6a1c0ba7ffa92769bb390828140b9421ed7198fb1b68b4bf2db0af8f9682a4435d1d668a7be1b3be9701853d13d6d1657d82a6c1298089a6a56d8e744a18edf61fa48b357ca8a8ded168083de8de7c798905ce294ec7a5b2e57889d4832c0d3b2d3593931dfc19b4822ea771d5c1541fa4782ade94841285101fde847f63b0ebd9bccab4f40bb33f2577198b1cfe3cf4444993b9a21f0d63a8380df6918732173a12c93735573cc3bf7bc1e722c9f85bb1313f8635db91ce2ba697f7ca58550675a94ea151b88efc3003ae900e2ed9d6fd1d9066132df684ebd65faffcafc95fe33de5ee2ac97ea3c575b58819b66ea8877626da21b0947874b8d20348cfd651ba27f96bd9c0c90d263d458bd09d5af87cedb0a40f606dc19a16f68d276431a661bc8f01904c8300fee674082d2937c2af8ebc44c4a0574be03a03dca42e2c924763ac2b5cd767c4a8a6751c3bb5f7a2a803270b6e5c46fa64f16aec78b860d0e92990d2791767d0ffca7041e9607a29a026f4e6033690ea19ab27e3bfb8a45b544d54a5f14e6495a85fc11d79997383bc19850538fbdf188543e52ba9ad1bc5ecc879ac6006bae57001e63629d6e5cced78e130429171d0f52da0b19056bf3628ac910f82d158b7075bfd520b9d19a49c18c1b61f97439e51b9a3e60b094e33b5c395675f9e6cd3c00dbd1305480b676288bfa130181aad123dd0fd461757b88c2490e0dd2f26e9bd008edc1bbc17b943a06d0ad25d0bed7cd119bfd52e4c57d89e7670cf98570a4ffab56167e6a643f7375ebfeeec7d2d192a9b4259661361664ee01b57b98f8d82bf0f9c65461d25029625a126ba86a7c243f31055808f62bfb4ab26b496c501336d1a7ff70cda4e418225ac3b2ed69481af5a06c38da4d84607b170c7b7f427eb9fe93aba911d21defb0f7d267af50a0336d40c3566909228484f02ade0dab0818e81ce092526a4cbbaf1c77405b89f5df9d6696337121201800bff2d5c45f4ff9d9e7572e47663af538a2594955668d6e5e07db5bc88f36066cdb6c2d2d669156b45c0e448fd927c487c38866d01150bce044e9a3860457a2cbff4f86cdbd929d425f2c73e7308eaccaac6bb6efe519055f8583471c38c639241bfc3605a3cf12b6228edaf054a746904899ec61c43e1aeaab21031458980dc2689886d9042a3cfb3b5f9c70e9bd88c2901cbeb31044654c3576c3b97d74dfb02fe61f0c7ade407cfc3adaf790b507059ba8722575f182afb41e328b23b0ad183b6f9bf2ed57bf5b78830fb4f5467024b76101e02d562ee7c8e68e62365848a276b558d3e9db179520fc12d0939965053bd5ef4da3ea2ec7af9876af50fce5c8d6bdfdcd6b86ace3bbfcadd60b239f6670f35bd465ea026815d2d1640cbb103f97b74f82bfec898025916283f450ce56b05b2a1ea5cadfb96ee6d000ee95af6f4dd3e41527216f1052d247f044dbe5c5d02866a3cd107c985b54987759cb57bdc2d97142505ad8da704f54e155fa52548605606feacf595116d313ce2ba0e0ad064280a9add509ec1affa1b99a8123f7e56a1a31aa28073cdf9cd50809bbf686c0631f1d5ef05d431de1483f5db78bb06d45b6ddd447ffec7a4f2fa0752a9c6e02952df2da65acd8b63278a6baa72699072a376ed4700163810ee435db6a2471da330a0ac8594718be1d4860b25fca92c4d26db3501e1a489a890508fc9ee4177085424f60eacbc6c720661b83791f309c999b6715867c4d5fe4d6fb6a7baeb662ec62ae532fd89603bef4b38", 0x1000}], 0x1, &(0x7f0000001500)=[@rights={0x30, 0x1, 0x1, [r0, r1, r1, r0, r0, r1, r1, r0]}, @cred={0x20, 0x1, 0x2, r8, r9, r10}, @cred={0x20, 0x1, 0x2, r11, r12, r13}, @rights={0x18, 0x1, 0x1, [r0, r1]}, @rights={0x28, 0x1, 0x1, [r1, r1, r0, r1, r1, r1]}], 0xb0, 0x1}, {&(0x7f00000015c0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001a40)=[{&(0x7f0000001640)="4477a566943840596a686a2f28752f436545fd2d664fd80f586dba7ac935b6a9cf6fe126b554f7457cbbae4f7ff06f220e5504809c946d13ec8799f219df33b89017b4cb31d8fddf3543cc49e98f62a4f3da57c9f71c6c5e5821ffa88d3dee881909b06837580a5cdf3a47fcfe2aab830e38a7fd4f9bb89cc30815a9", 0x7c}, {&(0x7f00000016c0)="c88bec4d1e4d05fa9dc31daa0561774dc9ff48217918c92112b1bda8ee2cd6ad3507b4a788ac6565c9e052b8e019460dc0cbf4586528510b09a3723631b89c45b9ae4b7fa7ad2546c5eaccfc35d99148a52aff61f0036c0fda8a9c28e9bb1569eeed4594eee7218600c44e5b31778dab1e891d10ae29c3f6c3182a55f7688198239c3697b08211dc", 0x88}, {&(0x7f0000001780)="207032d4bae2ff4e830dfc5baf1caddd0ee64497c73c9b35f1f2ec0123b46537b47db61bd0d033629f64804e58f136b153878c1278898a4c73ac17b47bb72d15262c05ef93bcfad53803e4ae998258989e9eb0d27bdb6451a9c70c36de7b1148d61327d404fb1b320718d0555b315f5c06a61b704ede5752dedcc40a24da07620f2c99874c78750f8c02862f3b4957536665c8a99117fa4e94b9ac5aed4f2d38ae67d53b52b2e236", 0xa8}, {&(0x7f0000001840)="31303db5f493cf932fe86e6a03ce77b0c5d72eb2c44035663ffb5253b611151054a6fa94fc6da4b862649fbc2dd72888c22bf2b847f8515ca908b27f6c1c23e23826a8c8416851aa434b5d1afd8a734bda4f3c579a9dbc7613", 0x59}, {&(0x7f00000018c0)="7879d40924f319e7486ff277e9ccbc3386413bbd294cf5f56e07d2cd4e87b45ab5b9972080fc49c2a1f5dafe2759c04efd404779daba760487c096b4dfcae3e3a2a930f8c799749cd61941", 0x4b}, {&(0x7f0000001940)="607db210393e4dde6a79e6d9dbc20009cdd848aa1fc996a7f57285b68b6ab5908df109baa4eaa1e93f85a95277dc17b4f69a61bd0065a8e35c609f91eef3e9a91eb3678031062740ceb80739288d9632aeb138f4bced29eb83a47759ad855aad0f6279403afc4099c168884712d4cd168f2e1319ee12061fae1572e64f87494b0f42841adea25f345d5aa097581917aa19d9b268bc75f8a1a18b4c056905a13f8880b5e78620c4ab8e9d8c71a9942132c48a591de5f2e3d9742b5a45fb0dd4ee2fb0a60526c454b0d1195fad323beeacc25d04d8b0409dad2db905d0f9a3fbb70a9d1e49a2fe2b0e671ecfc2654336309ee76b6c865d5727", 0xf8}], 0x6, 0x0, 0x0, 0x1}, {&(0x7f0000001ac0)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000001e40)=[{&(0x7f0000001b40)="887f39b11dcd1b5fb25fbc4c4939199594b7eaa845a19414e3e010bb83a91826eaed40e76bab5ec13c1c434f22379777e004cb63a3c76e24eb097312bf97d718cca71420ef99b27061566a0a0bee673a", 0x50}, {&(0x7f0000001bc0)="c72b46052a8d9c4566b53521611f89a184998181145e9573421410ef1c9ae8a3187ae887de0c6a6ccdeeca2ad3ef79495fb4e3d25cbbfa2a6aa5e66499a3f8eabe7edf53abf1acb7502fa5fc8edb7a3e176c767bdb32981e6f7af6dccc5381057827511a32f55dec5da2a8b0a2de1e86317313e981035c173cd5a957cbae5b1ad7f35011621a32b0d8c960d820714dc94a00a5c0bc1c8a66c6e164340fe6112bb7ed797bfb0169f7faa932763fd507665b61ff0c93c4f5dc4804bbc132f3bf7af6237dd900a1a0ee1ce6993f2f889c6785", 0xd1}, {&(0x7f0000001cc0)="fafc4ace7a0091b8cd6bba1cc5ec67412cf95b0184951d09993c1e3876b8aa2e87aa11cd1b013bac3433ae310d920c81", 0x30}, {&(0x7f0000001d00)="c3a9a0a3487484d5411622d2d0f91f4dd5ac66dc0daaa7a717aaf3571427728ace0280152b5396996f11c4bbcc7082e89c0dd014b04a2bc964dd6d3309d2963adced0051ab749e6cd2cc8581", 0x4c}, {&(0x7f0000001d80)="918c9fad9ae03cb24974e789ff98c57bd9f51b6d945e093b5e64136555d28fb77f2e4ce36ff37d51bd23892ea5", 0x2d}, {&(0x7f0000001dc0)="82566d9ce2fe76713203f862067431810d2ac3cad6a8a87a6aec2525db526a8a892575a3a3ab2a717002c18190a54ce9b204d519e75bdbd31d5ed085d1143a4991afb298ebba30f9d5d420df26fb69a3e6dbded952e18cca135244ff8140623c42ce1845edcda60ef8d69c2e1f60fb1c05289866e25fdcbd20880605", 0x7c}], 0x6, &(0x7f0000002240)=[@rights={0x20, 0x1, 0x1, [r0, r0, r0, r0]}, @cred={0x20, 0x1, 0x2, r14, r15, r16}, @cred={0x20, 0x1, 0x2, r17, r18, r19}, @rights={0x20, 0x1, 0x1, [r0, r0, r1, r0]}], 0x80, 0x14}], 0x4, 0x20004010) [ 251.507295] FAULT_INJECTION: forcing a failure. [ 251.507295] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 251.519456] CPU: 0 PID: 16270 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 251.527867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 251.537225] Call Trace: [ 251.539899] dump_stack+0x1c9/0x2b4 [ 251.543561] ? dump_stack_print_info.cold.2+0x52/0x52 [ 251.548754] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 251.553589] should_fail.cold.4+0xa/0x11 [ 251.557649] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 251.562741] ? kasan_check_write+0x14/0x20 [ 251.566967] ? __schedule+0x884/0x1ed0 [ 251.570844] ? __sched_text_start+0x8/0x8 [ 251.574983] ? lock_downgrade+0x8f0/0x8f0 [ 251.579124] ? lock_acquire+0x1e4/0x540 [ 251.583276] ? fs_reclaim_acquire+0x20/0x20 [ 251.587596] ? lock_downgrade+0x8f0/0x8f0 [ 251.591754] ? check_same_owner+0x340/0x340 [ 251.596065] ? rcu_note_context_switch+0x730/0x730 [ 251.600998] __alloc_pages_nodemask+0x36e/0xdb0 [ 251.605672] ? percpu_ref_put_many+0x119/0x240 [ 251.610253] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 251.615255] ? trace_hardirqs_on+0x10/0x10 [ 251.619483] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 251.624327] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 251.630737] ? xas_start+0x23d/0x740 [ 251.634443] ? lock_acquire+0x1e4/0x540 [ 251.639012] ? xa_load+0x288/0x450 [ 251.642628] ? lock_downgrade+0x8f0/0x8f0 [ 251.646767] ? lock_release+0xa30/0xa30 [ 251.650739] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 251.656282] alloc_pages_current+0x10c/0x210 [ 251.660695] __page_cache_alloc+0x398/0x5e0 [ 251.665006] ? xa_load+0x2b1/0x450 [ 251.668670] ? xa_clear_tag+0x40/0x40 [ 251.672461] ? filemap_range_has_page+0x4c0/0x4c0 [ 251.677299] ? unwind_get_return_address+0x61/0xa0 [ 251.682220] __do_page_cache_readahead+0x24e/0x690 [ 251.687144] ? read_pages+0x680/0x680 [ 251.690939] ? lock_acquire+0x1e4/0x540 [ 251.694911] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 251.700025] ? lock_downgrade+0x8f0/0x8f0 [ 251.704166] ? lock_release+0xa30/0xa30 [ 251.708138] ondemand_readahead+0x550/0xc40 [ 251.712459] page_cache_sync_readahead+0x3a0/0x6d0 [ 251.717394] ? force_page_cache_readahead+0x360/0x360 [ 251.722593] ? lock_acquire+0x1e4/0x540 [ 251.726560] ? rcu_note_context_switch+0x730/0x730 [ 251.731482] ? check_same_owner+0x340/0x340 [ 251.735797] ? lock_release+0xa30/0xa30 [ 251.739771] generic_file_read_iter+0x1a87/0x2f10 [ 251.744621] ? filemap_write_and_wait_range+0xd0/0xd0 [ 251.749819] ? rcu_read_lock+0x70/0x70 [ 251.753701] ? __unlock_page_memcg+0x72/0x100 [ 251.758193] ? unlock_page_memcg+0x2c/0x40 [ 251.762420] ? page_add_file_rmap+0x781/0xe40 [ 251.766901] ? page_add_new_anon_rmap+0x870/0x870 [ 251.771741] ? perf_trace_lock+0x920/0x920 [ 251.775967] ? lock_acquire+0x1e4/0x540 [ 251.779939] ? alloc_set_pte+0x1133/0x1790 [ 251.784179] ? lock_release+0xa30/0xa30 [ 251.788157] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 251.793182] ? check_pgprot+0xdf/0x180 [ 251.797056] ? put_page+0x280/0x280 [ 251.800677] ? kasan_check_write+0x14/0x20 [ 251.804899] ? do_raw_spin_lock+0xc1/0x200 [ 251.809125] ? alloc_set_pte+0xaf6/0x1790 [ 251.813262] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 251.818266] ? filemap_map_pages+0xca2/0x1990 [ 251.822750] ? trace_hardirqs_on+0x10/0x10 [ 251.826973] ? xa_set_tag+0x40/0x40 [ 251.830588] ? perf_trace_lock+0x920/0x920 [ 251.834818] ? environ_open+0x90/0x90 [ 251.838609] ? trace_hardirqs_on+0x10/0x10 [ 251.842831] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 251.848547] ? trace_hardirqs_on+0x10/0x10 [ 251.852770] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 251.858301] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 251.863135] ? perf_trace_lock+0x920/0x920 [ 251.867362] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 251.872207] ? perf_trace_lock+0x920/0x920 [ 251.876429] ? perf_trace_lock+0x920/0x920 [ 251.880661] ? shrink_dcache_sb+0x350/0x350 [ 251.884986] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 251.889838] ? __fdget_pos+0x1bb/0x200 [ 251.893729] ? lock_acquire+0x1e4/0x540 [ 251.897870] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 251.903408] ? fsnotify+0xbac/0x14e0 [ 251.907115] ext4_file_read_iter+0x18b/0x3c0 [ 251.911530] generic_file_splice_read+0x5a5/0x9a0 [ 251.916368] ? add_to_pipe+0x360/0x360 [ 251.920254] ? rw_verify_area+0x118/0x360 [ 251.924405] ? add_to_pipe+0x360/0x360 [ 251.928280] do_splice_to+0x12e/0x190 [ 251.932071] splice_direct_to_actor+0x270/0x8f0 [ 251.936736] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 251.942265] ? pipe_to_sendpage+0x400/0x400 [ 251.946584] ? do_splice_to+0x190/0x190 [ 251.950556] ? security_file_permission+0x1c2/0x230 [ 251.955566] ? rw_verify_area+0x118/0x360 [ 251.959705] do_splice_direct+0x2d4/0x420 [ 251.963843] ? splice_direct_to_actor+0x8f0/0x8f0 [ 251.968675] ? rw_verify_area+0x118/0x360 [ 251.972812] do_sendfile+0x62a/0xe20 [ 251.976528] ? do_compat_pwritev64+0x1c0/0x1c0 [ 251.981109] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 251.986645] ? _copy_from_user+0xdf/0x150 [ 251.990788] __x64_sys_sendfile64+0x15d/0x250 [ 251.995285] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 251.999872] do_syscall_64+0x1b9/0x820 [ 252.003750] ? finish_task_switch+0x1d3/0x870 [ 252.008245] ? syscall_return_slowpath+0x5e0/0x5e0 [ 252.013165] ? syscall_return_slowpath+0x31d/0x5e0 [ 252.018087] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 252.023095] ? prepare_exit_to_usermode+0x291/0x3b0 [ 252.028101] ? perf_trace_sys_enter+0xb10/0xb10 [ 252.032757] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 252.037603] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 252.042787] RIP: 0033:0x455e29 21:26:12 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x0, 0x100000000000000}}) 21:26:12 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]}) 21:26:12 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0x0, 0xffffff7f}, 0x0) [ 252.045957] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 252.065167] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 252.072862] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 252.080122] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 252.087378] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 252.094640] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 252.101901] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000060 21:26:12 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0xfffffffffffffffe) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x3f, 0x248a02) r3 = syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00') sendmsg$FOU_CMD_GET(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000004}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r3, 0x200, 0x70bd28, 0x25dfdbff, {0x3}, [@FOU_ATTR_REMCSUM_NOPARTIAL={0x4, 0x5}, @FOU_ATTR_TYPE={0x8, 0x4, 0x2}, @FOU_ATTR_PORT={0x8, 0x1, 0x4e23}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x495b760a4f3b9140}, 0x0) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:26:12 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x0, 0x0, 0xffffffffffffffff, [0xfdfdffff00000000]}) 21:26:12 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x600}}) 21:26:12 executing program 2 (fault-call:9 fault-nth:97): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:26:12 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}) [ 252.257199] FAULT_INJECTION: forcing a failure. [ 252.257199] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 252.269095] CPU: 1 PID: 16311 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 252.277513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 252.286865] Call Trace: [ 252.289461] dump_stack+0x1c9/0x2b4 [ 252.293080] ? dump_stack_print_info.cold.2+0x52/0x52 [ 252.298270] should_fail.cold.4+0xa/0x11 [ 252.302335] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 252.307431] ? kasan_check_read+0x11/0x20 [ 252.311579] ? rcu_is_watching+0x8c/0x150 [ 252.315719] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 252.321261] ? xas_start+0x23d/0x740 [ 252.324993] ? trace_hardirqs_on+0x10/0x10 [ 252.329228] ? find_get_entry+0xa6d/0x1120 [ 252.333466] ? lock_downgrade+0x8f0/0x8f0 [ 252.337621] ? lock_acquire+0x1e4/0x540 [ 252.341588] ? fs_reclaim_acquire+0x20/0x20 [ 252.345904] ? lock_downgrade+0x8f0/0x8f0 [ 252.350047] ? check_same_owner+0x340/0x340 [ 252.354363] ? find_get_entry+0xa96/0x1120 [ 252.358588] ? rcu_note_context_switch+0x730/0x730 [ 252.363540] __alloc_pages_nodemask+0x36e/0xdb0 [ 252.368299] ? percpu_ref_put_many+0x119/0x240 [ 252.372883] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 252.377895] ? trace_hardirqs_on+0x10/0x10 [ 252.382135] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 252.387681] ? xas_start+0x23d/0x740 [ 252.391402] ? lock_acquire+0x1e4/0x540 [ 252.395365] ? xa_load+0x288/0x450 [ 252.398895] ? lock_downgrade+0x8f0/0x8f0 [ 252.403036] ? lock_release+0xa30/0xa30 [ 252.407015] ? retint_kernel+0x10/0x10 [ 252.410900] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 252.416431] alloc_pages_current+0x10c/0x210 [ 252.420838] __page_cache_alloc+0x398/0x5e0 [ 252.425158] ? xa_load+0x2b1/0x450 [ 252.428698] ? xa_clear_tag+0x40/0x40 [ 252.432490] ? filemap_range_has_page+0x4c0/0x4c0 [ 252.437342] ? unwind_get_return_address+0x61/0xa0 [ 252.442309] __do_page_cache_readahead+0x24e/0x690 [ 252.447246] ? read_pages+0x680/0x680 [ 252.451040] ? lock_acquire+0x1e4/0x540 [ 252.455003] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 252.460106] ? lock_downgrade+0x8f0/0x8f0 [ 252.464255] ? lock_release+0xa30/0xa30 [ 252.468230] ondemand_readahead+0x550/0xc40 [ 252.472548] page_cache_sync_readahead+0x3a0/0x6d0 [ 252.477653] ? force_page_cache_readahead+0x360/0x360 [ 252.482831] ? lock_acquire+0x1e4/0x540 [ 252.486813] ? rcu_note_context_switch+0x730/0x730 [ 252.491732] ? check_same_owner+0x340/0x340 [ 252.496047] ? lock_release+0xa30/0xa30 [ 252.500037] generic_file_read_iter+0x1a87/0x2f10 [ 252.504980] ? filemap_write_and_wait_range+0xd0/0xd0 [ 252.510160] ? rcu_read_lock+0x70/0x70 [ 252.514056] ? __unlock_page_memcg+0x72/0x100 [ 252.518538] ? unlock_page_memcg+0x2c/0x40 [ 252.522770] ? page_add_file_rmap+0x781/0xe40 [ 252.527266] ? page_add_new_anon_rmap+0x870/0x870 [ 252.532110] ? lockdep_init_map+0x9/0x10 [ 252.536161] ? kasan_check_write+0x14/0x20 [ 252.540382] ? __init_rwsem+0x1cc/0x2a0 [ 252.544353] ? lock_acquire+0x1e4/0x540 [ 252.548319] ? alloc_set_pte+0x1133/0x1790 [ 252.552547] ? lock_release+0xa30/0xa30 [ 252.556510] ? xas_descend+0x20c/0x5f0 [ 252.560388] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 252.565398] ? check_pgprot+0xdf/0x180 [ 252.569273] ? put_page+0x280/0x280 [ 252.572898] ? kasan_check_write+0x14/0x20 [ 252.577121] ? do_raw_spin_lock+0xc1/0x200 [ 252.581355] ? alloc_set_pte+0xaf6/0x1790 [ 252.585497] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 252.590510] ? filemap_map_pages+0xca2/0x1990 [ 252.595003] ? trace_hardirqs_on+0x10/0x10 [ 252.599231] ? xa_set_tag+0x40/0x40 [ 252.602851] ? environ_open+0x90/0x90 [ 252.606643] ? trace_hardirqs_on+0x10/0x10 [ 252.610866] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 252.616393] ? trace_hardirqs_on+0x10/0x10 [ 252.620626] ? trace_hardirqs_on+0x10/0x10 [ 252.624853] ? find_get_entries_tag+0x1410/0x1410 [ 252.629702] ? trace_hardirqs_on+0x10/0x10 [ 252.633930] ? mntput_no_expire+0x18e/0xbc0 [ 252.638244] ? do_raw_spin_lock+0xc1/0x200 [ 252.642482] ? mnt_get_count+0x150/0x150 [ 252.646537] ? dput.part.26+0x276/0x7a0 [ 252.650509] ? shrink_dcache_sb+0x350/0x350 [ 252.654828] ? lock_acquire+0x1e4/0x540 [ 252.658794] ? __fdget_pos+0x1bb/0x200 [ 252.662679] ? lock_acquire+0x1e4/0x540 [ 252.666657] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 252.672193] ? fsnotify+0xbac/0x14e0 [ 252.675901] ext4_file_read_iter+0x18b/0x3c0 [ 252.680304] generic_file_splice_read+0x5a5/0x9a0 [ 252.685140] ? add_to_pipe+0x360/0x360 [ 252.689032] ? rw_verify_area+0x118/0x360 [ 252.693174] ? add_to_pipe+0x360/0x360 [ 252.697054] do_splice_to+0x12e/0x190 [ 252.700850] splice_direct_to_actor+0x270/0x8f0 [ 252.705508] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 252.711046] ? pipe_to_sendpage+0x400/0x400 [ 252.715363] ? do_splice_to+0x190/0x190 [ 252.719343] ? security_file_permission+0x1c2/0x230 [ 252.724350] ? rw_verify_area+0x118/0x360 [ 252.728492] do_splice_direct+0x2d4/0x420 [ 252.732647] ? splice_direct_to_actor+0x8f0/0x8f0 [ 252.737504] ? rw_verify_area+0x118/0x360 [ 252.741646] do_sendfile+0x62a/0xe20 [ 252.745355] ? do_compat_pwritev64+0x1c0/0x1c0 [ 252.749938] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 252.755469] ? _copy_from_user+0xdf/0x150 [ 252.759612] __x64_sys_sendfile64+0x15d/0x250 [ 252.764190] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 252.768795] do_syscall_64+0x1b9/0x820 [ 252.772673] ? finish_task_switch+0x1d3/0x870 [ 252.777160] ? syscall_return_slowpath+0x5e0/0x5e0 [ 252.782082] ? syscall_return_slowpath+0x31d/0x5e0 [ 252.787090] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 252.792108] ? prepare_exit_to_usermode+0x291/0x3b0 [ 252.797116] ? perf_trace_sys_enter+0xb10/0xb10 [ 252.801781] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 252.806620] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 252.811798] RIP: 0033:0x455e29 [ 252.814970] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 252.834784] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 252.842496] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 252.849756] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 252.857025] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 252.864281] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 252.871545] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000061 21:26:13 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) syz_open_pts(r0, 0x4500) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x0, 0x0) ioctl$RTC_IRQP_SET(r1, 0x4008700c, 0x185f) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r2, 0x2, r0) r3 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 21:26:13 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x0, 0x700}}) 21:26:13 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0x0, 0x4801}, 0x0) 21:26:13 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000687000)=0x5, 0x4) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:26:13 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x6c}}) 21:26:13 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x0, 0x0, 0xffffffffffffffff, [0x80ffff00000000]}) 21:26:13 executing program 2 (fault-call:9 fault-nth:98): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:26:13 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]}) [ 253.184507] FAULT_INJECTION: forcing a failure. [ 253.184507] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 253.196402] CPU: 1 PID: 16337 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 253.204815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 253.214270] Call Trace: [ 253.216884] dump_stack+0x1c9/0x2b4 [ 253.220526] ? dump_stack_print_info.cold.2+0x52/0x52 [ 253.225739] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 253.230603] should_fail.cold.4+0xa/0x11 [ 253.234682] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 253.239793] ? kasan_check_read+0x11/0x20 [ 253.243931] ? rcu_is_watching+0x8c/0x150 [ 253.248165] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 253.253700] ? xas_start+0x23d/0x740 [ 253.257539] ? find_get_entry+0xa6d/0x1120 [ 253.262121] ? lock_downgrade+0x8f0/0x8f0 [ 253.266262] ? lock_acquire+0x1e4/0x540 [ 253.270236] ? fs_reclaim_acquire+0x20/0x20 [ 253.274548] ? lock_downgrade+0x8f0/0x8f0 [ 253.278695] ? check_same_owner+0x340/0x340 [ 253.283157] ? find_get_entry+0xa96/0x1120 [ 253.287381] ? rcu_note_context_switch+0x730/0x730 [ 253.292302] __alloc_pages_nodemask+0x36e/0xdb0 [ 253.296960] ? percpu_ref_put_many+0x119/0x240 [ 253.301535] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 253.306554] ? trace_hardirqs_on+0x10/0x10 [ 253.310787] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 253.315635] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 253.321160] ? xas_start+0x23d/0x740 [ 253.324864] ? lock_acquire+0x1e4/0x540 [ 253.328841] ? xa_load+0x288/0x450 [ 253.332384] ? lock_downgrade+0x8f0/0x8f0 [ 253.336529] ? lock_release+0xa30/0xa30 [ 253.340505] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 253.346039] alloc_pages_current+0x10c/0x210 [ 253.350444] __page_cache_alloc+0x398/0x5e0 [ 253.354754] ? xa_load+0x2b1/0x450 [ 253.358283] ? xa_clear_tag+0x40/0x40 [ 253.362077] ? filemap_range_has_page+0x4c0/0x4c0 [ 253.367517] ? unwind_get_return_address+0x61/0xa0 [ 253.372439] __do_page_cache_readahead+0x24e/0x690 [ 253.377363] ? read_pages+0x680/0x680 [ 253.381158] ? lock_acquire+0x1e4/0x540 [ 253.385143] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 253.390240] ? lock_downgrade+0x8f0/0x8f0 [ 253.394376] ? lock_release+0xa30/0xa30 [ 253.398347] ondemand_readahead+0x550/0xc40 [ 253.402671] page_cache_sync_readahead+0x3a0/0x6d0 [ 253.407589] ? force_page_cache_readahead+0x360/0x360 [ 253.412766] ? lock_acquire+0x1e4/0x540 [ 253.416749] ? rcu_note_context_switch+0x730/0x730 [ 253.421669] ? check_same_owner+0x340/0x340 [ 253.425981] ? lock_release+0xa30/0xa30 [ 253.429949] generic_file_read_iter+0x1a87/0x2f10 [ 253.434796] ? filemap_write_and_wait_range+0xd0/0xd0 [ 253.440004] ? rcu_read_lock+0x70/0x70 [ 253.443891] ? __unlock_page_memcg+0x72/0x100 [ 253.448382] ? unlock_page_memcg+0x2c/0x40 [ 253.452607] ? page_add_file_rmap+0x781/0xe40 [ 253.457111] ? page_add_new_anon_rmap+0x870/0x870 [ 253.463183] ? perf_trace_lock+0x920/0x920 [ 253.467412] ? lock_acquire+0x1e4/0x540 [ 253.471372] ? alloc_set_pte+0x1133/0x1790 [ 253.475605] ? lock_release+0xa30/0xa30 [ 253.480348] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 253.485349] ? check_pgprot+0xdf/0x180 [ 253.489223] ? put_page+0x280/0x280 [ 253.492839] ? kasan_check_write+0x14/0x20 [ 253.497061] ? do_raw_spin_lock+0xc1/0x200 [ 253.501293] ? alloc_set_pte+0xaf6/0x1790 [ 253.505438] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 253.510453] ? filemap_map_pages+0xca2/0x1990 [ 253.514941] ? trace_hardirqs_on+0x10/0x10 [ 253.519173] ? xa_set_tag+0x40/0x40 [ 253.522788] ? perf_trace_lock+0x920/0x920 [ 253.527012] ? environ_open+0x90/0x90 [ 253.530807] ? trace_hardirqs_on+0x10/0x10 [ 253.535034] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 253.540564] ? trace_hardirqs_on+0x10/0x10 [ 253.544791] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 253.549626] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 253.554458] ? perf_trace_lock+0x920/0x920 [ 253.558699] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 253.563533] ? perf_trace_lock+0x920/0x920 [ 253.567774] ? perf_trace_lock+0x920/0x920 [ 253.572018] ? shrink_dcache_sb+0x350/0x350 [ 253.576343] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 253.581173] ? __fdget_pos+0x1bb/0x200 [ 253.585052] ? lock_acquire+0x1e4/0x540 [ 253.589035] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 253.594560] ? fsnotify+0xbac/0x14e0 [ 253.598265] ext4_file_read_iter+0x18b/0x3c0 [ 253.602663] generic_file_splice_read+0x5a5/0x9a0 [ 253.607504] ? add_to_pipe+0x360/0x360 [ 253.611391] ? rw_verify_area+0x118/0x360 [ 253.615526] ? add_to_pipe+0x360/0x360 [ 253.619402] do_splice_to+0x12e/0x190 [ 253.623201] splice_direct_to_actor+0x270/0x8f0 [ 253.627944] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 253.633499] ? pipe_to_sendpage+0x400/0x400 [ 253.637815] ? do_splice_to+0x190/0x190 [ 253.641783] ? security_file_permission+0x1c2/0x230 [ 253.646790] ? rw_verify_area+0x118/0x360 [ 253.650937] do_splice_direct+0x2d4/0x420 [ 253.655078] ? splice_direct_to_actor+0x8f0/0x8f0 [ 253.660010] ? rw_verify_area+0x118/0x360 [ 253.664148] do_sendfile+0x62a/0xe20 [ 253.667861] ? do_compat_pwritev64+0x1c0/0x1c0 [ 253.672438] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 253.677973] ? _copy_from_user+0xdf/0x150 [ 253.682118] __x64_sys_sendfile64+0x15d/0x250 [ 253.686613] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 253.691193] do_syscall_64+0x1b9/0x820 [ 253.695071] ? finish_task_switch+0x1d3/0x870 [ 253.699573] ? syscall_return_slowpath+0x5e0/0x5e0 [ 253.704497] ? syscall_return_slowpath+0x31d/0x5e0 [ 253.709431] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 253.714450] ? prepare_exit_to_usermode+0x291/0x3b0 [ 253.719466] ? perf_trace_sys_enter+0xb10/0xb10 [ 253.724134] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 253.728977] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 253.734154] RIP: 0033:0x455e29 [ 253.737337] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 253.756643] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 253.764357] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 253.771617] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 253.778876] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 21:26:13 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x0, 0x4c00}}) 21:26:13 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x200000000000, @local={0xfe, 0x80, [], 0xaa}}, 0xffffffffffffff14) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) [ 253.786140] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 253.793397] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000062 21:26:13 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}) 21:26:13 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x0, 0x0, 0xffffffffffffffff, [0x80ffff]}) 21:26:13 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x100000000000000}}) 21:26:13 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0x0, 0xec0}, 0x0) 21:26:13 executing program 2 (fault-call:9 fault-nth:99): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:26:13 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0x0, 0xfffffff0}, 0x0) [ 253.992713] FAULT_INJECTION: forcing a failure. [ 253.992713] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 254.004646] CPU: 0 PID: 16381 Comm: syz-executor2 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 254.014869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 254.024226] Call Trace: [ 254.026823] dump_stack+0x1c9/0x2b4 [ 254.030464] ? dump_stack_print_info.cold.2+0x52/0x52 [ 254.035783] ? _raw_spin_unlock_irq+0x27/0x70 [ 254.040288] ? finish_task_switch+0x1d3/0x870 [ 254.044919] should_fail.cold.4+0xa/0x11 [ 254.049009] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 254.054106] ? kasan_check_write+0x14/0x20 [ 254.058341] ? __schedule+0x884/0x1ed0 [ 254.062232] ? __sched_text_start+0x8/0x8 [ 254.066369] ? lock_downgrade+0x8f0/0x8f0 [ 254.070518] ? lock_acquire+0x1e4/0x540 [ 254.074494] ? fs_reclaim_acquire+0x20/0x20 [ 254.078803] ? lock_downgrade+0x8f0/0x8f0 [ 254.082944] ? check_same_owner+0x340/0x340 [ 254.087278] __alloc_pages_nodemask+0x36e/0xdb0 [ 254.092059] ? percpu_ref_put_many+0x119/0x240 [ 254.096647] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 254.101673] ? trace_hardirqs_on+0x10/0x10 [ 254.105922] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 254.111467] ? xas_start+0x23d/0x740 [ 254.115221] ? lock_acquire+0x1e4/0x540 [ 254.119480] ? xa_load+0x288/0x450 [ 254.123017] ? lock_downgrade+0x8f0/0x8f0 [ 254.127344] ? lock_release+0xa30/0xa30 [ 254.131394] ? retint_kernel+0x10/0x10 [ 254.135278] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 254.140813] alloc_pages_current+0x10c/0x210 [ 254.145221] __page_cache_alloc+0x398/0x5e0 [ 254.149530] ? xa_load+0x2b1/0x450 [ 254.153058] ? xa_clear_tag+0x40/0x40 [ 254.156847] ? filemap_range_has_page+0x4c0/0x4c0 [ 254.161692] ? rb_next+0x140/0x140 [ 254.165222] __do_page_cache_readahead+0x24e/0x690 [ 254.170163] ? read_pages+0x680/0x680 [ 254.173954] ? lock_acquire+0x1e4/0x540 [ 254.178013] ? page_cache_sync_readahead+0x2c8/0x6d0 [ 254.183115] ? lock_downgrade+0x8f0/0x8f0 [ 254.187257] ? lock_release+0xa30/0xa30 [ 254.191219] ondemand_readahead+0x550/0xc40 [ 254.195540] page_cache_sync_readahead+0x3a0/0x6d0 [ 254.200543] ? force_page_cache_readahead+0x360/0x360 [ 254.205727] ? lock_acquire+0x1e4/0x540 [ 254.209689] ? rcu_note_context_switch+0x730/0x730 [ 254.214604] ? check_same_owner+0x340/0x340 [ 254.218915] ? lock_release+0xa30/0xa30 [ 254.222879] generic_file_read_iter+0x1a87/0x2f10 [ 254.227724] ? filemap_write_and_wait_range+0xd0/0xd0 [ 254.232898] ? __update_load_avg_blocked_se.isra.34+0x460/0x460 [ 254.238946] ? update_load_avg+0x2de/0x2590 [ 254.243264] ? page_add_new_anon_rmap+0x870/0x870 [ 254.248091] ? attach_entity_load_avg+0x860/0x860 [ 254.252923] ? kasan_check_write+0x14/0x20 [ 254.257162] ? update_load_avg+0x2de/0x2590 [ 254.261471] ? attach_entity_load_avg+0x860/0x860 [ 254.266300] ? alloc_set_pte+0x1133/0x1790 [ 254.270524] ? lock_release+0xa30/0xa30 [ 254.274485] ? xas_descend+0x20c/0x5f0 [ 254.278367] ? rb_erase+0x3550/0x3550 [ 254.282154] ? put_page+0x280/0x280 [ 254.285767] ? kasan_check_write+0x14/0x20 [ 254.289999] ? do_raw_spin_lock+0xc1/0x200 [ 254.294227] ? lock_acquire+0x1e4/0x540 [ 254.298200] ? cpuacct_charge+0x2eb/0x5d0 [ 254.302356] ? lock_downgrade+0x8f0/0x8f0 [ 254.306495] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 254.311503] ? trace_hardirqs_on+0x10/0x10 [ 254.315738] ? lock_acquire+0x1e4/0x540 [ 254.319707] ? update_curr+0x4c8/0xc00 [ 254.323581] ? trace_hardirqs_on+0x10/0x10 [ 254.327802] ? lock_release+0xa30/0xa30 [ 254.331764] ? cpuacct_charge+0x30a/0x5d0 [ 254.335908] ? trace_hardirqs_on+0x10/0x10 [ 254.340141] ? trace_hardirqs_on+0x10/0x10 [ 254.344365] ? trace_hardirqs_on+0x10/0x10 [ 254.348588] ? update_curr+0x4e7/0xc00 [ 254.352466] ? find_get_entries_tag+0x1410/0x1410 [ 254.357296] ? __account_cfs_rq_runtime+0x770/0x770 [ 254.362389] ? trace_hardirqs_on+0x10/0x10 [ 254.366710] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 254.372237] ? __perf_event_task_sched_out+0x2f0/0x1a60 [ 254.377597] ? active_load_balance_cpu_stop+0x1030/0x1030 [ 254.383132] ? lock_acquire+0x1e4/0x540 [ 254.387092] ? __fdget_pos+0x1bb/0x200 [ 254.390979] ? __perf_event_task_sched_in+0x24f/0xbb0 [ 254.396163] ? lock_acquire+0x1e4/0x540 [ 254.400127] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 254.405648] ? fsnotify+0xbac/0x14e0 [ 254.409350] ext4_file_read_iter+0x18b/0x3c0 [ 254.413752] generic_file_splice_read+0x5a5/0x9a0 [ 254.418691] ? add_to_pipe+0x360/0x360 [ 254.422665] ? rw_verify_area+0x118/0x360 [ 254.426895] ? add_to_pipe+0x360/0x360 [ 254.430769] do_splice_to+0x12e/0x190 [ 254.434564] splice_direct_to_actor+0x270/0x8f0 [ 254.439238] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 254.444765] ? pipe_to_sendpage+0x400/0x400 [ 254.449088] ? do_splice_to+0x190/0x190 [ 254.453150] ? security_file_permission+0x1c2/0x230 [ 254.458162] ? rw_verify_area+0x118/0x360 [ 254.462306] do_splice_direct+0x2d4/0x420 [ 254.466444] ? splice_direct_to_actor+0x8f0/0x8f0 [ 254.471284] ? rw_verify_area+0x118/0x360 [ 254.475424] do_sendfile+0x62a/0xe20 [ 254.479142] ? do_compat_pwritev64+0x1c0/0x1c0 [ 254.483803] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 254.489332] ? _copy_from_user+0xdf/0x150 [ 254.493475] __x64_sys_sendfile64+0x15d/0x250 [ 254.497969] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 254.502541] do_syscall_64+0x1b9/0x820 [ 254.506426] ? syscall_slow_exit_work+0x500/0x500 [ 254.511264] ? syscall_return_slowpath+0x5e0/0x5e0 [ 254.516189] ? syscall_return_slowpath+0x31d/0x5e0 [ 254.521111] ? prepare_exit_to_usermode+0x291/0x3b0 [ 254.526118] ? perf_trace_sys_enter+0xb10/0xb10 [ 254.530777] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 254.535612] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 254.540797] RIP: 0033:0x455e29 [ 254.543966] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 254.563244] RSP: 002b:00007f462b2f3c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 254.570936] RAX: ffffffffffffffda RBX: 00007f462b2f46d4 RCX: 0000000000455e29 [ 254.578191] RDX: 0000000020d83ff8 RSI: 0000000000000016 RDI: 0000000000000015 [ 254.585453] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 21:26:14 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0x7, &(0x7f0000000380)={0x5, 0x7, 0xdff, 0x1}, 0x10) r3 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) 21:26:14 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}) 21:26:14 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x400000000000000}}) 21:26:14 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x0, 0x7a00}}) 21:26:14 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2, 0xfffffffffffffffc) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x8000, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x8}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, &(0x7f0000000140)={r3, 0x9}, &(0x7f0000000180)=0x8) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r4 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x80, 0x0) ftruncate(r1, 0x6) ioctl$KDGKBENT(r2, 0x4b46, &(0x7f00000001c0)={0x2, 0x4, 0x1}) setsockopt$IP_VS_SO_SET_TIMEOUT(r4, 0x0, 0x48a, &(0x7f0000000040)={0xe95, 0x0, 0x5}, 0xc) keyctl$session_to_parent(0x12) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:26:14 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x0, 0x0, 0xffffffffffffffff, [0xfdfdffff]}) 21:26:14 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0x0, 0xf0ffff}, 0x0) 21:26:14 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0x0, 0xf0ffffff00000000}, 0x0) [ 254.592813] R10: 02008000fffffffe R11: 0000000000000246 R12: 0000000000000017 [ 254.600244] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000063 21:26:14 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x0, 0x48}}) 21:26:14 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]}) 21:26:14 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x7a000000}}) 21:26:14 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) accept$inet6(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, @mcast2}, &(0x7f0000000040)=0x1c) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x1c1040, 0x0) r3 = syz_open_dev$admmidi(&(0x7f0000000240)='/dev/admmidi#\x00', 0x1, 0x141280) r4 = syz_open_dev$vcsn(&(0x7f0000000300)='/dev/vcs#\x00', 0x7, 0x141000) r5 = openat(0xffffffffffffffff, &(0x7f0000000340)='./file0\x00', 0x80, 0x1) getsockname(r1, &(0x7f0000000500)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000580)=0x80) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0x11, &(0x7f0000000380)=@framed={{0x18, 0x0, 0x0, 0x0, 0xd72}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x501}, @generic={0x3, 0x8, 0x200, 0x5}, @map={0x18, 0x6, 0x1, 0x0, r2}, @map={0x18, 0x2, 0x1, 0x0, r3}, @map={0x18, 0xa, 0x1, 0x0, r4}, @map={0x18, 0x6, 0x1, 0x0, r5}, @generic={0x2d7, 0x8, 0x800, 0x3}], {0x95}}, &(0x7f0000000440)='syzkaller\x00', 0x9, 0x5b, &(0x7f0000000480)=""/91, 0x41000, 0x1, [], r6, 0x7}, 0x48) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_xen(&(0x7f0000000080)='\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x800, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=xen,loose,dfltuid=', @ANYRESHEX=r7, @ANYBLOB="7240a0c7751768b4904e79095fd85d8899f633bb7bca2ab3c5d050c447b08720c496283e8561d7a5c8695390"]) 21:26:14 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x2008000fffffffe) 21:26:14 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x0, 0x0, 0xffffffffffffffff, [0x0, 0x100000000000000]}) 21:26:14 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x0, 0x700000000000000}}) 21:26:14 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xd, &(0x7f0000687000)=0x9, 0x4) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:26:15 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x0, 0x400000000000000}}) 21:26:15 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0x0, 0x48010000}, 0x0) 21:26:15 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x6c00}}) 21:26:15 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}) 21:26:15 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x0, 0x0, 0xffffffffffffffff, [0x0, 0xfdfdffff00000000]}) 21:26:15 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r1 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r1, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r1, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x2, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000000)) 21:26:15 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = dup3(r0, r0, 0x80000) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r1, 0x5386, &(0x7f0000000000)) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r2, 0x2, r0) r3 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) ioctl$sock_bt_bnep_BNEPCONNADD(r1, 0x400442c8, &(0x7f0000000080)={r1, 0x8001, 0x4, "3b6e4ae58cb5db6c44636ae0afd1391c3bb2c6288ce84f2f73902e0ae66b235ba62050577eb590e02d7ca7628d589db40b19ef8449adb299dfae465b3eddde70b2fa9aeaa5c406"}) 21:26:15 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xffffffff000, 0x2008000fffffffe) 21:26:15 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x4c00}}) 21:26:15 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}) 21:26:15 executing program 4: r0 = socket$inet6(0xa, 0x2000000000005, 0x3) r1 = syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x284840) ioctl$IOC_PR_REGISTER(r1, 0x401870c8, &(0x7f0000000180)={0x400, 0xfffffffffffffff8}) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) ioctl$TIOCGPTPEER(r1, 0x5441, 0x1) r2 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) getsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffff9c, 0x84, 0xd, &(0x7f0000000000)=@assoc_id=0x0, &(0x7f0000000040)=0x4) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000080)={r3, @in6={{0xa, 0x4e22, 0x6, @mcast1={0xff, 0x1, [], 0x1}, 0x10000}}, 0x180000, 0xd4, 0x868, 0x4, 0x90}, 0x98) bind$inet6(r2, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r2, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) ioctl$VHOST_GET_VRING_ENDIAN(r1, 0x4008af14, &(0x7f00000001c0)={0x0, 0x100000001}) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:26:15 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0x0, 0x9effffff00000000}, 0x0) 21:26:15 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x0, 0x5000000}}) 21:26:15 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x200800000000024) 21:26:15 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x0, 0x0, 0xffffffffffffffff, [0x0, 0xfdfdffff]}) 21:26:15 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x7}}) 21:26:15 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000]}) 21:26:15 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x0, 0x48000000}}) 21:26:15 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0x0, 0x400300}, 0x0) 21:26:15 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff]}) 21:26:15 executing program 4: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000000)={0x0, @in6={{0xa, 0x4e23, 0x9, @loopback={0x0, 0x1}, 0xffff}}, 0x401, 0x6, 0x5, 0xfffffffffffffff8}, &(0x7f00000000c0)=0x98) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000100)={r1, 0x6, 0x2, [0x80000000, 0xd73]}, &(0x7f0000000140)=0xc) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) r2 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000687000)=0x9, 0x135) bind$inet6(r2, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r2, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0x20000000, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) 21:26:15 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x75fa) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x0, 0x0, 0xffffffffffffffff, [0x0, 0xfffffdfd]}) [ 255.907290] ================================================================== [ 255.914723] BUG: KASAN: use-after-free in irq_bypass_register_consumer+0x51e/0x550 [ 255.922441] Write of size 8 at addr ffff8801c85b2de8 by task syz-executor5/16539 [ 255.929972] [ 255.931624] CPU: 0 PID: 16539 Comm: syz-executor5 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 255.940731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 255.950082] Call Trace: [ 255.952679] dump_stack+0x1c9/0x2b4 [ 255.956596] ? dump_stack_print_info.cold.2+0x52/0x52 [ 255.961788] ? printk+0xa7/0xcf [ 255.965056] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 255.969961] ? irq_bypass_register_consumer+0x51e/0x550 [ 255.975549] print_address_description+0x6c/0x20b [ 255.980392] ? irq_bypass_register_consumer+0x51e/0x550 [ 255.985748] kasan_report.cold.7+0x242/0x30d [ 255.990153] __asan_report_store8_noabort+0x17/0x20 [ 255.995159] irq_bypass_register_consumer+0x51e/0x550 [ 256.000427] ? __disconnect+0x1b0/0x1b0 [ 256.004393] kvm_irqfd+0x198e/0x1ef0 [ 256.008097] ? check_same_owner+0x340/0x340 [ 256.012414] ? do_raw_spin_unlock+0xa7/0x2f0 [ 256.016898] ? kvm_eventfd_init+0x2c0/0x2c0 [ 256.021226] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 256.026753] ? futex_wait_queue_me+0x553/0x830 [ 256.031423] ? refill_pi_state_cache.part.8+0x320/0x320 [ 256.036816] ? kasan_check_write+0x14/0x20 [ 256.041055] ? do_raw_spin_lock+0xc1/0x200 [ 256.045287] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 256.050817] ? lock_acquire+0x1e4/0x540 [ 256.054891] ? __might_fault+0x12b/0x1e0 [ 256.058957] ? lock_downgrade+0x8f0/0x8f0 [ 256.063107] ? lock_release+0xa30/0xa30 [ 256.067084] ? check_same_owner+0x340/0x340 [ 256.071406] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 256.076589] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 256.082130] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 256.087662] ? _copy_from_user+0xdf/0x150 [ 256.091808] kvm_vm_ioctl+0xf80/0x1d80 [ 256.095680] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 256.100771] ? futex_wake+0x304/0x760 [ 256.104566] ? __perf_event_task_sched_in+0x24f/0xbb0 [ 256.109748] ? kvm_set_memory_region+0x50/0x50 [ 256.114357] ? finish_task_switch+0x1d3/0x870 [ 256.118842] ? lock_downgrade+0x8f0/0x8f0 [ 256.122990] ? finish_task_switch+0x18a/0x870 [ 256.127473] ? do_futex+0x249/0x27d0 [ 256.131172] ? kasan_check_read+0x11/0x20 [ 256.135318] ? do_raw_spin_unlock+0xa7/0x2f0 [ 256.139733] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 256.144311] ? compat_start_thread+0x80/0x80 [ 256.148731] ? exit_robust_list+0x290/0x290 [ 256.153054] ? finish_task_switch+0x1d3/0x870 [ 256.158417] ? lock_acquire+0x1e4/0x540 [ 256.162402] ? __fget+0x4ac/0x740 [ 256.165841] ? lock_downgrade+0x8f0/0x8f0 [ 256.170002] ? lock_release+0xa30/0xa30 [ 256.173982] ? __schedule+0x884/0x1ed0 [ 256.177868] ? __fget+0x4d5/0x740 [ 256.181322] ? ksys_dup3+0x690/0x690 [ 256.185055] ? kasan_check_write+0x14/0x20 [ 256.189371] ? do_raw_spin_lock+0xc1/0x200 [ 256.193618] ? trace_hardirqs_off_caller+0x250/0x2c0 [ 256.198726] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 256.203840] ? kvm_set_memory_region+0x50/0x50 [ 256.208437] do_vfs_ioctl+0x1de/0x1720 [ 256.212350] ? ioctl_preallocate+0x300/0x300 [ 256.216756] ? __fget_light+0x2f7/0x440 [ 256.220740] ? __schedule+0x1ed0/0x1ed0 [ 256.224716] ? fget_raw+0x20/0x20 [ 256.228178] ? trace_hardirqs_on+0xd/0x10 [ 256.232324] ? kmem_cache_free+0x22e/0x2d0 [ 256.236558] ? __x64_sys_futex+0x47f/0x6a0 [ 256.240791] ? do_futex+0x27d0/0x27d0 [ 256.244612] ? security_file_ioctl+0x94/0xc0 [ 256.249236] ksys_ioctl+0xa9/0xd0 [ 256.252686] __x64_sys_ioctl+0x73/0xb0 [ 256.256566] do_syscall_64+0x1b9/0x820 [ 256.260544] ? finish_task_switch+0x1d3/0x870 [ 256.265045] ? syscall_return_slowpath+0x5e0/0x5e0 [ 256.270125] ? syscall_return_slowpath+0x31d/0x5e0 [ 256.275061] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 256.280075] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 256.284918] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 256.290126] RIP: 0033:0x455e29 [ 256.293301] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 256.312441] RSP: 002b:00007fed6581ec68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 256.320156] RAX: ffffffffffffffda RBX: 00007fed6581f6d4 RCX: 0000000000455e29 [ 256.327428] RDX: 0000000020000040 RSI: 000000004020ae76 RDI: 0000000000000017 [ 256.334694] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 256.341996] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 256.349357] R13: 00000000004bdf94 R14: 00000000004cc800 R15: 0000000000000000 [ 256.356650] [ 256.358347] Allocated by task 16539: [ 256.362063] save_stack+0x43/0xd0 [ 256.365505] kasan_kmalloc+0xc4/0xe0 [ 256.369329] kmem_cache_alloc_trace+0x152/0x780 [ 256.373982] kvm_irqfd+0x18f/0x1ef0 [ 256.377604] kvm_vm_ioctl+0xf80/0x1d80 [ 256.381485] do_vfs_ioctl+0x1de/0x1720 [ 256.385357] ksys_ioctl+0xa9/0xd0 [ 256.388797] __x64_sys_ioctl+0x73/0xb0 [ 256.392670] do_syscall_64+0x1b9/0x820 [ 256.396542] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 256.401710] [ 256.403419] Freed by task 5: [ 256.406427] save_stack+0x43/0xd0 [ 256.409864] __kasan_slab_free+0x11a/0x170 [ 256.414087] kasan_slab_free+0xe/0x10 [ 256.417868] kfree+0xd9/0x260 [ 256.420964] irqfd_shutdown+0x144/0x1c0 [ 256.424935] process_one_work+0xc73/0x1ba0 [ 256.429182] worker_thread+0x189/0x13c0 [ 256.433140] kthread+0x345/0x410 [ 256.436497] ret_from_fork+0x3a/0x50 [ 256.440185] [ 256.441794] The buggy address belongs to the object at ffff8801c85b2c80 [ 256.441794] which belongs to the cache kmalloc-512 of size 512 [ 256.454448] The buggy address is located 360 bytes inside of [ 256.454448] 512-byte region [ffff8801c85b2c80, ffff8801c85b2e80) [ 256.466317] The buggy address belongs to the page: [ 256.471246] page:ffffea0007216c80 count:1 mapcount:0 mapping:ffff8801da800940 index:0x0 [ 256.479375] flags: 0x2fffc0000000100(slab) [ 256.484451] raw: 02fffc0000000100 ffffea0007050708 ffffea00071eb188 ffff8801da800940 [ 256.492320] raw: 0000000000000000 ffff8801c85b2000 0000000100000006 0000000000000000 [ 256.500190] page dumped because: kasan: bad access detected [ 256.505891] [ 256.507514] Memory state around the buggy address: [ 256.512431] ffff8801c85b2c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 256.520402] ffff8801c85b2d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 256.527768] >ffff8801c85b2d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 256.535117] ^ [ 256.541861] ffff8801c85b2e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 256.549227] ffff8801c85b2e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 256.556577] ================================================================== [ 256.564134] Kernel panic - not syncing: panic_on_warn set ... [ 256.564134] [ 256.571512] CPU: 0 PID: 16539 Comm: syz-executor5 Tainted: G B 4.18.0-rc4-next-20180710+ #3 [ 256.581303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 256.590653] Call Trace: [ 256.593238] dump_stack+0x1c9/0x2b4 [ 256.596966] ? dump_stack_print_info.cold.2+0x52/0x52 [ 256.602173] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 256.606947] panic+0x238/0x4e7 21:26:16 executing program 6: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000180)=0x10000000000062) getpid() read(r0, &(0x7f0000000040)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 21:26:16 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xf301, 0x48}}) 21:26:16 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f00000007c0), 0xfd06, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) r3 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r3, 0x80080) sendfile(r1, r3, &(0x7f0000000000), 0x6) sendfile(r2, r3, &(0x7f0000d83ff8)=0xf39b, 0x200800000000016) 21:26:16 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x0, 0x68000000}}) 21:26:16 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0x14, r1, 0xb0b, 0x0, 0x0, {0x4}}, 0x14}, 0x1, 0x0, 0xffffff9e}, 0x0) 21:26:16 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x54a2, &(0x7f0000000000)={{}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd]}) [ 256.610153] ? add_taint.cold.5+0x16/0x16 [ 256.614343] ? do_raw_spin_unlock+0xa7/0x2f0 [ 256.618761] ? do_raw_spin_unlock+0xa7/0x2f0 [ 256.623183] ? irq_bypass_register_consumer+0x51e/0x550 [ 256.628553] kasan_end_report+0x47/0x4f [ 256.632526] kasan_report.cold.7+0x76/0x30d [ 256.636841] __asan_report_store8_noabort+0x17/0x20 [ 256.641857] irq_bypass_register_consumer+0x51e/0x550 [ 256.647239] ? __disconnect+0x1b0/0x1b0 [ 256.651205] kvm_irqfd+0x198e/0x1ef0 [ 256.654910] ? check_same_owner+0x340/0x340 [ 256.659219] ? do_raw_spin_unlock+0xa7/0x2f0 [ 256.663617] ? kvm_eventfd_init+0x2c0/0x2c0 [ 256.667930] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 256.673461] ? futex_wait_queue_me+0x553/0x830 [ 256.678042] ? refill_pi_state_cache.part.8+0x320/0x320 [ 256.683415] ? kasan_check_write+0x14/0x20 [ 256.687656] ? do_raw_spin_lock+0xc1/0x200 [ 256.691880] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 256.697412] ? lock_acquire+0x1e4/0x540 [ 256.701374] ? __might_fault+0x12b/0x1e0 [ 256.705433] ? lock_downgrade+0x8f0/0x8f0 [ 256.709567] ? lock_release+0xa30/0xa30 [ 256.713530] ? check_same_owner+0x340/0x340 [ 256.717841] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 256.723034] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 256.728569] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 256.734110] ? _copy_from_user+0xdf/0x150 [ 256.738256] kvm_vm_ioctl+0xf80/0x1d80 [ 256.742132] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 256.747227] ? futex_wake+0x304/0x760 [ 256.751022] ? __perf_event_task_sched_in+0x24f/0xbb0 [ 256.756222] ? kvm_set_memory_region+0x50/0x50 [ 256.760802] ? finish_task_switch+0x1d3/0x870 [ 256.765302] ? lock_downgrade+0x8f0/0x8f0 [ 256.769446] ? finish_task_switch+0x18a/0x870 [ 256.773960] ? do_futex+0x249/0x27d0 [ 256.777663] ? kasan_check_read+0x11/0x20 [ 256.781796] ? do_raw_spin_unlock+0xa7/0x2f0 [ 256.786189] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 256.790757] ? compat_start_thread+0x80/0x80 [ 256.795168] ? exit_robust_list+0x290/0x290 [ 256.799472] ? finish_task_switch+0x1d3/0x870 [ 256.803963] ? lock_acquire+0x1e4/0x540 [ 256.807930] ? __fget+0x4ac/0x740 [ 256.811369] ? lock_downgrade+0x8f0/0x8f0 [ 256.815510] ? lock_release+0xa30/0xa30 [ 256.819556] ? __schedule+0x884/0x1ed0 [ 256.823426] ? __fget+0x4d5/0x740 [ 256.826863] ? ksys_dup3+0x690/0x690 [ 256.830568] ? kasan_check_write+0x14/0x20 [ 256.834792] ? do_raw_spin_lock+0xc1/0x200 [ 256.839020] ? trace_hardirqs_off_caller+0x250/0x2c0 [ 256.844130] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 256.849247] ? kvm_set_memory_region+0x50/0x50 [ 256.853826] do_vfs_ioctl+0x1de/0x1720 [ 256.857707] ? ioctl_preallocate+0x300/0x300 [ 256.862116] ? __fget_light+0x2f7/0x440 [ 256.866077] ? __schedule+0x1ed0/0x1ed0 [ 256.870121] ? fget_raw+0x20/0x20 [ 256.873567] ? trace_hardirqs_on+0xd/0x10 [ 256.877712] ? kmem_cache_free+0x22e/0x2d0 [ 256.881937] ? __x64_sys_futex+0x47f/0x6a0 [ 256.886163] ? do_futex+0x27d0/0x27d0 [ 256.889947] ? security_file_ioctl+0x94/0xc0 [ 256.894344] ksys_ioctl+0xa9/0xd0 [ 256.897798] __x64_sys_ioctl+0x73/0xb0 [ 256.901695] do_syscall_64+0x1b9/0x820 [ 256.905574] ? finish_task_switch+0x1d3/0x870 [ 256.910060] ? syscall_return_slowpath+0x5e0/0x5e0 [ 256.914988] ? syscall_return_slowpath+0x31d/0x5e0 [ 256.920008] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 256.925047] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 256.929933] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 256.935120] RIP: 0033:0x455e29 [ 256.938298] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 256.957551] RSP: 002b:00007fed6581ec68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 256.965281] RAX: ffffffffffffffda RBX: 00007fed6581f6d4 RCX: 0000000000455e29 [ 256.972553] RDX: 0000000020000040 RSI: 000000004020ae76 RDI: 0000000000000017 [ 256.979820] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 256.987083] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 256.994361] R13: 00000000004bdf94 R14: 00000000004cc800 R15: 0000000000000000 [ 257.002330] Dumping ftrace buffer: [ 257.006124] (ftrace buffer empty) [ 257.009817] Kernel Offset: disabled [ 257.013431] Rebooting in 86400 seconds..