[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 15.661957] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 15.842691] random: sshd: uninitialized urandom read (32 bytes read) [ 16.117524] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 16.907902] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.45' (ECDSA) to the list of known hosts. [ 22.425467] random: sshd: uninitialized urandom read (32 bytes read) 2018/07/10 10:53:26 fuzzer started [ 23.503034] random: cc1: uninitialized urandom read (8 bytes read) 2018/07/10 10:53:28 dialing manager at 10.128.0.26:42023 2018/07/10 10:53:31 syscalls: 1785 2018/07/10 10:53:31 code coverage: enabled 2018/07/10 10:53:31 comparison tracing: enabled 2018/07/10 10:53:31 setuid sandbox: enabled 2018/07/10 10:53:31 namespace sandbox: enabled 2018/07/10 10:53:31 fault injection: enabled 2018/07/10 10:53:31 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/07/10 10:53:31 net packed injection: enabled [ 29.119159] random: crng init done 10:54:31 executing program 0: 10:54:31 executing program 1: 10:54:31 executing program 7: 10:54:31 executing program 2: 10:54:31 executing program 3: 10:54:31 executing program 4: 10:54:31 executing program 5: 10:54:31 executing program 6: [ 88.001320] IPVS: ftp: loaded support on port[0] = 21 [ 88.001326] IPVS: ftp: loaded support on port[0] = 21 [ 88.032052] IPVS: ftp: loaded support on port[0] = 21 [ 88.045320] IPVS: ftp: loaded support on port[0] = 21 [ 88.069275] IPVS: ftp: loaded support on port[0] = 21 [ 88.086643] IPVS: ftp: loaded support on port[0] = 21 [ 88.102144] IPVS: ftp: loaded support on port[0] = 21 [ 88.111347] IPVS: ftp: loaded support on port[0] = 21 [ 89.572627] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.579047] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.612531] device bridge_slave_0 entered promiscuous mode [ 89.667705] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.674110] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.706321] device bridge_slave_0 entered promiscuous mode [ 89.740826] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.747238] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.764881] device bridge_slave_0 entered promiscuous mode [ 89.778629] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.785095] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.792494] device bridge_slave_0 entered promiscuous mode [ 89.800333] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.806707] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.824783] device bridge_slave_0 entered promiscuous mode [ 89.839196] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.845589] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.853848] device bridge_slave_1 entered promiscuous mode [ 89.861943] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.868417] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.883312] device bridge_slave_0 entered promiscuous mode [ 89.893790] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 89.902393] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.908767] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.920065] device bridge_slave_1 entered promiscuous mode [ 89.926714] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.933617] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.941366] device bridge_slave_1 entered promiscuous mode [ 89.950188] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.956550] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.963871] device bridge_slave_1 entered promiscuous mode [ 89.972087] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.978443] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.986728] device bridge_slave_0 entered promiscuous mode [ 89.993643] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.999995] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.012593] device bridge_slave_0 entered promiscuous mode [ 90.020887] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.027265] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.041390] device bridge_slave_1 entered promiscuous mode [ 90.047665] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.054044] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.062290] device bridge_slave_1 entered promiscuous mode [ 90.069879] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 90.079025] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 90.086204] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.092555] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.113511] device bridge_slave_1 entered promiscuous mode [ 90.126267] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 90.134350] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.140706] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.150714] device bridge_slave_1 entered promiscuous mode [ 90.157910] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 90.165149] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 90.173328] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 90.187870] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 90.201139] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 90.246545] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 90.272338] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 90.280630] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 90.289186] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 90.296612] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 90.304139] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 90.366100] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 90.426501] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 90.543971] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 90.553915] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 90.564234] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 90.573152] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 90.592146] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 90.603070] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 90.619257] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 90.661983] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 90.680897] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 90.691573] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 90.713056] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 90.727285] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 90.735936] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 90.757817] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 90.842994] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 91.058832] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 91.066424] team0: Port device team_slave_0 added [ 91.128220] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 91.149942] team0: Port device team_slave_0 added [ 91.160832] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 91.173136] team0: Port device team_slave_0 added [ 91.186074] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 91.197906] team0: Port device team_slave_0 added [ 91.208916] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 91.222503] team0: Port device team_slave_1 added [ 91.240394] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 91.254604] team0: Port device team_slave_0 added [ 91.269881] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 91.282041] team0: Port device team_slave_1 added [ 91.288933] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 91.299552] team0: Port device team_slave_1 added [ 91.312958] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 91.320382] team0: Port device team_slave_1 added [ 91.328145] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 91.347316] team0: Port device team_slave_0 added [ 91.355093] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 91.362077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 91.374390] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 91.388836] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 91.396892] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 91.404582] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 91.413250] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 91.424510] team0: Port device team_slave_1 added [ 91.432930] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 91.439826] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 91.453346] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 91.464418] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 91.471684] team0: Port device team_slave_0 added [ 91.477887] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 91.484919] team0: Port device team_slave_1 added [ 91.490726] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 91.503763] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 91.511496] team0: Port device team_slave_0 added [ 91.518976] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 91.527035] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 91.533965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 91.547509] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 91.575267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 91.585653] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 91.592996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 91.600588] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 91.608116] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 91.615452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 91.623253] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 91.633632] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 91.640818] team0: Port device team_slave_1 added [ 91.647973] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 91.655427] team0: Port device team_slave_1 added [ 91.662007] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 91.670263] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 91.677631] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 91.686426] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 91.701358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 91.713111] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 91.723372] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 91.730432] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 91.738482] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 91.747677] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 91.757118] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 91.765390] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 91.774010] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 91.782452] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 91.789512] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 91.803731] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 91.813135] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 91.836751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 91.855790] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 91.870797] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 91.878915] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 91.886688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 91.894411] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 91.902229] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 91.909812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 91.917404] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 91.924706] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 91.932683] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 91.939987] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 91.947669] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 91.955456] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 91.962584] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 91.970683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 91.981648] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 91.990076] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 91.999674] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 92.007927] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 92.015564] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 92.023414] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 92.054604] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 92.077339] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 92.090046] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 92.097903] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 92.105322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 92.112791] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 92.120209] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 92.127799] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 92.135454] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 92.143076] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 92.151755] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 92.158778] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 92.166534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 92.176084] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 92.184623] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 92.191623] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 92.200986] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 92.216303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 92.227314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 92.236558] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 92.243668] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 92.251526] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 92.260670] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 92.268153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 92.280046] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 92.295880] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 92.304441] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 92.315289] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 92.351470] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 92.362679] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 92.370468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 92.380176] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 92.390536] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 92.398801] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 93.258760] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.265190] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.271814] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.278168] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.291533] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 93.298039] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.304377] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.310999] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.317365] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.325176] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 93.339706] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 93.347529] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 93.355749] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.362107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.368713] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.375061] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.382573] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 93.390495] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.396855] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.403430] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.409765] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.416878] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 93.434350] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.440707] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.447320] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.453668] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.476687] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 93.487938] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.494286] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.500897] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.507237] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.520994] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 93.607343] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.613725] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.620324] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.626680] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.637360] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 93.644762] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.651119] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.657728] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.664068] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.671624] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 94.368158] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 94.377749] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 94.388742] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 94.399945] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 94.407790] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 94.415423] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 97.199241] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.257219] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.294009] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.339620] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.370640] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.409795] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.444290] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.552926] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 97.565123] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.643222] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 97.674138] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 97.697262] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 97.763896] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 97.782250] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 97.817815] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 97.922365] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 97.928539] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 97.939387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 97.965427] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 97.975190] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 97.993646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 98.016686] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 98.063821] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 98.069989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 98.080647] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 98.103866] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 98.110152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 98.117584] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 98.135245] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 98.146641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 98.171507] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 98.218359] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 98.224748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 98.235542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 98.249857] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 98.256151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 98.266162] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 98.378328] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.460935] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.480698] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.495429] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.521629] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 98.527877] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 98.535996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 98.559343] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.570947] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.668162] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.893222] 8021q: adding VLAN 0 to HW filter on device team0 10:54:44 executing program 6: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) r2 = creat(&(0x7f0000000200)='./bus\x00', 0x0) eventfd2(0x0, 0x0) ioctl$FS_IOC_RESVSP(r2, 0x402c5828, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x6}) ftruncate(r2, 0x8000001) fcntl$setstatus(r1, 0x4, 0x6100) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) write$evdev(r2, &(0x7f00000002c0)=[{{0x77359400}}], 0x10) sendfile(r1, r3, &(0x7f0000d83ff8), 0x8000fffffffe) truncate(&(0x7f00000000c0)='./bus\x00', 0x0) 10:54:44 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f00000000c0)={'lo\x00@\x00', 0x101}) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000040)={@multicast2=0xe0000002, @loopback=0x7f000001, @loopback=0x7f000001}, 0xc) accept4$packet(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000200)=0x14, 0x800) getsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000300)={@rand_addr, @dev}, &(0x7f0000000340)=0xc) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000400)={'team0\x00'}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000001900)={'gre0\x00'}) getsockopt$inet_mreqn(r1, 0x0, 0x400000000000023, &(0x7f0000001940)={@loopback, @rand_addr}, &(0x7f0000000240)=0xffffff4a) getsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000001b80)={@mcast1, 0x0}, &(0x7f0000001bc0)=0x14) setsockopt$inet_mreqn(r1, 0x0, 0x20, &(0x7f00000003c0)={@broadcast=0xffffffff, @loopback=0x7f000001, r2}, 0xc) [ 100.636250] device lo entered promiscuous mode 10:54:44 executing program 6: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x1001000000010, 0x802, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={&(0x7f0000000100)={0x10}, 0xc, &(0x7f0000000340)={&(0x7f0000000140)=@newlink={0x38, 0x10, 0xda76b36b65dcf5df, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, [@IFLA_INFO_KIND={0x14, 0x1, "697039677265000000000000000600"}]}]}, 0x38}, 0x1}, 0x0) 10:54:44 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x615, 0x0, 0x0, 0x0, 0x0, 0x0, 0x120}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) 10:54:44 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'echainiv(aegis256)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ffffffff82f4dd6f515b9aad52af35285c860709ce151e788f9eae9b03790126", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000001fc0)=[{{&(0x7f0000000400)=@nfc={0x27}, 0x80, &(0x7f0000001880)=[{&(0x7f0000002080)="f40d77b1ff0dc25691aedd58764146fa6db1cf0de2cd70cfe1f96efdb97b4c86a0a3205d5f8a9bca7ee97a01437a28ae", 0x30}], 0x1, &(0x7f0000004800)=ANY=[]}}], 0x1, 0x0) recvmmsg(r1, &(0x7f0000002040)=[{{&(0x7f0000000200)=@pppol2tpv3in6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @remote}}}, 0x80, &(0x7f0000001700)=[{&(0x7f0000000100)=""/25, 0x18}, {&(0x7f00000015c0)=""/236, 0xec}], 0x2, &(0x7f0000000300)=""/49, 0x31}}], 0x1, 0x0, 0x0) 10:54:44 executing program 5: syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:54:44 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1, 0x7f}}, 0x10) 10:54:44 executing program 6: clock_adjtime(0x0, &(0x7f00000000c0)) 10:54:44 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x615, 0x0, 0x0, 0x0, 0x0, 0x0, 0x120}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) [ 100.867755] EXT4-fs (sda1): journaled quota format not specified 10:54:44 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = signalfd(0xffffffffffffffff, &(0x7f0000000240), 0x8) signalfd4(r0, &(0x7f0000000040), 0x8, 0x0) 10:54:44 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) r2 = creat(&(0x7f0000000200)='./bus\x00', 0x0) ioctl$FS_IOC_RESVSP(r2, 0x402c5828, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x6}) ftruncate(r2, 0x8000001) fcntl$setstatus(r1, 0x4, 0x6100) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) write$evdev(r2, &(0x7f00000002c0)=[{{0x77359400}}], 0x10) sendfile(r1, r3, &(0x7f0000d83ff8), 0x8000fffffffe) truncate(&(0x7f00000000c0)='./bus\x00', 0x0) 10:54:44 executing program 7: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000300)=[@reply_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x8, &(0x7f00000001c0)=[@ptr={0x70742a85, 0x1, &(0x7f0000000100), 0x1}, @fda={0x66646185}], &(0x7f0000000240)=[0x0]}}}], 0x52, 0x0, &(0x7f00000003c0)="289c754ce905a9d10a192795832c8a947788a69f7977ddb30d8b5a767dbdafee86f6cd09ecedf341d1e5be55b09af4df79b87c1c12c37139fcad4753253f4e6588d049efa78e23874aaa95a720cb988671cb"}) 10:54:44 executing program 3: r0 = socket(0x800000000010, 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ip_vs\x00') sendfile(r0, r1, &(0x7f00000000c0), 0x80000002) 10:54:44 executing program 6: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x19, &(0x7f00000000c0)=0x1, 0x4) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000000080)=0x40000000fff, 0x4) sendto$inet6(r0, &(0x7f0000000240), 0x0, 0x0, &(0x7f0000000140)={0xa, 0x10000000004e21}, 0x1c) recvmsg(r0, &(0x7f0000000400)={&(0x7f0000000000)=@nl=@proc, 0xc, &(0x7f0000000040), 0x0, &(0x7f00000003c0)=""/36, 0x24}, 0x2000) 10:54:44 executing program 4: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000380)=""/246) ioctl$EVIOCGREP(r0, 0x4004743c, &(0x7f00000007c0)=""/174) 10:54:44 executing program 5: syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:54:44 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1, 0x7f}}, 0x10) 10:54:44 executing program 0: dup2(0xffffffffffffff9c, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f00000001c0)=""/246) ioctl$PPPIOCSFLAGS(r1, 0x40047459, &(0x7f0000e9f000)=0x60020d) pread64(r1, &(0x7f0000000540)=""/103, 0x49, 0x0) 10:54:44 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000000), 0x1000000000000040) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 101.061055] binder: 6589:6590 got reply transaction with no transaction stack [ 101.068441] binder: 6589:6590 transaction failed 29201/-71, size 72-8 line 2759 [ 101.084963] binder: 6589:6596 got reply transaction with no transaction stack [ 101.092328] binder: 6589:6596 transaction failed 29201/-71, size 72-8 line 2759 10:54:44 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1, 0x7f}}, 0x10) 10:54:44 executing program 7: r0 = socket$inet6(0xa, 0x1000000000003, 0x100000003) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fstatfs(0xffffffffffffffff, &(0x7f00000002c0)=""/231) [ 101.141871] syz-executor4 (6600) used obsolete PPPIOCDETACH ioctl [ 101.167179] EXT4-fs (sda1): journaled quota format not specified 10:54:44 executing program 6: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000023000)={&(0x7f0000024000)={0x10}, 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x14, 0x0, 0x8aff}, 0x14}, 0x1}, 0x0) syz_genetlink_get_family_id$team(&(0x7f0000000040)='team\x00') r0 = syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00') perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r0, &(0x7f0000b58000)=0x200000, 0xffff) 10:54:44 executing program 3: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) getsockname$packet(r0, &(0x7f00000035c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000003600)=0x14) openat$sequencer(0xffffffffffffff9c, &(0x7f0000001fc0)='/dev/sequencer\x00', 0x0, 0x0) recvfrom(r0, &(0x7f0000000040)=""/170, 0xaa, 0x40, &(0x7f0000000100)=@nfc_llcp={0x27, 0x1, 0x0, 0x7, 0x4, 0x800, "6a12f96ad926c3cbfd8b0054a3ab95c7031e066f2c9b169c30d43874980cdbaee199ae856061bff2e3f6c63a49c96057a9218256c08d0423be1c45cc9e1a6b", 0x33}, 0x80) 10:54:44 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x2, [@dev={0xac, 0x14, 0x14}, @loopback=0x7f000001]}, 0x18) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:44 executing program 5: syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:54:44 executing program 7: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000040)={&(0x7f0000000540)=@newsa={0x138, 0x1a, 0x713, 0x0, 0x0, {{@in=@multicast2=0xe0000002, @in=@rand_addr}, {@in6=@ipv4={[0xfffffff0], [0xff, 0xff], @broadcast=0xffffffff}, 0x0, 0x32}, @in6=@ipv4={[], [0xff, 0xff]}, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}, 0x1}, 0x0) 10:54:44 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1, 0x7f}}, 0x10) 10:54:44 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000000), 0x1000000000000040) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 10:54:45 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) [ 101.335319] EXT4-fs (sda1): journaled quota format not specified 10:54:45 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x2, [@dev={0xac, 0x14, 0x14}, @loopback=0x7f000001]}, 0x18) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:45 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1, 0x7f}}, 0x10) 10:54:45 executing program 5: syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:54:45 executing program 6: add_key(&(0x7f00000001c0)='keyring\x00', &(0x7f0000000200)={0x73, 0x79, 0x7a, 0x0}, 0x0, 0x0, 0xfffffffffffffffb) [ 101.489829] EXT4-fs (sda1): journaled quota format not specified 10:54:45 executing program 0: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000100), 0xfffffc61) bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x10}, 0x2c) 10:54:45 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000000), 0x1000000000000040) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 10:54:45 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000380)="025cc83d6d345f8f762070") semctl$GETVAL(0x0, 0x1, 0xc, &(0x7f0000000440)=""/107) 10:54:45 executing program 7: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000040)={&(0x7f0000000540)=@newsa={0x138, 0x1a, 0x713, 0x0, 0x0, {{@in=@multicast2=0xe0000002, @in=@rand_addr}, {@in6=@ipv4={[0xfffffff0], [0xff, 0xff], @broadcast=0xffffffff}, 0x0, 0x32}, @in6=@ipv4={[], [0xff, 0xff]}, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}, 0x1}, 0x0) 10:54:45 executing program 6: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000040)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f0000000000)="025cc83d6d345f8f762070") ptrace(0x4207, r1) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x2000002, 0x31, 0xffffffffffffffff, 0x0) waitid(0x0, 0x0, 0x0, 0x1000008, &(0x7f0000000180)) 10:54:45 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x2, [@dev={0xac, 0x14, 0x14}, @loopback=0x7f000001]}, 0x18) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:45 executing program 5: syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:54:45 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1, 0x7f}}, 0x10) 10:54:45 executing program 5: syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:54:45 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1, 0x7f}}, 0x10) 10:54:45 executing program 3: nanosleep(&(0x7f0000000240)={0x77359400}, &(0x7f0000000200)) nanosleep(&(0x7f0000000380)={0x0, 0x1c9c380}, &(0x7f00000000c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000004, 0x8031, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x501e, 0x3, &(0x7f00007f5000/0x5000)=nil) 10:54:45 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x2, [@dev={0xac, 0x14, 0x14}, @loopback=0x7f000001]}, 0x18) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:45 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6100) ftruncate(r1, 0x81fe) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x3, 0x11, r2, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x0, &(0x7f0000002000)}) write$cgroup_type(r1, &(0x7f0000000200)='threaded\x00', 0xfffffeb3) add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000080)={0x73, 0x79, 0x7a}, 0x0, 0x0, 0xfffffffffffffffc) 10:54:45 executing program 6: r0 = socket(0x2, 0x3, 0x2) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000100)={"6272696467653000000100", 0x6501}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000080)={'bridge0\x00'}) 10:54:45 executing program 7: r0 = socket$inet6(0xa, 0x1000000000003, 0x100000003) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") capset(&(0x7f00005cf000)={0x19980330}, &(0x7f0000f03fe8)) shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffc000/0x3000)=nil) 10:54:45 executing program 5: syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:54:45 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, 0xffffffffffffffff, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {0xffffffffffffffff, 0x7f}}, 0x10) 10:54:45 executing program 1: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/wireless\x00') sendfile(r0, r1, &(0x7f00000000c0), 0x80000002) [ 102.231589] capability: warning: `syz-executor7' uses 32-bit capabilities (legacy support in use) [ 102.247806] device bridge0 entered promiscuous mode 10:54:45 executing program 0: r0 = gettid() prctl$seccomp(0x16, 0x1, &(0x7f0000000b40)={0x0, &(0x7f00000000c0)}) pkey_free(0xffffffffffffffff) move_pages(r0, 0x0, &(0x7f0000000000), &(0x7f0000000080), &(0x7f0000000180), 0x0) 10:54:45 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x2, [@dev={0xac, 0x14, 0x14}, @loopback=0x7f000001]}, 0x18) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) 10:54:45 executing program 5: syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:54:45 executing program 2: write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r0, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r0, 0x7f}}, 0x10) [ 102.282041] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.288697] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.316142] device bridge0 left promiscuous mode 10:54:46 executing program 2: write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r0, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r0, 0x7f}}, 0x10) [ 102.354904] audit: type=1326 audit(102.353:3): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=6758 comm="syz-executor0" exe="/root/syz-executor0" sig=9 arch=c000003e syscall=202 compat=0 ip=0x455e29 code=0x0 10:54:46 executing program 5: syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:54:46 executing program 2: write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r0, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r0, 0x7f}}, 0x10) 10:54:46 executing program 5: syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) [ 102.610979] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.617404] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.624061] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.630422] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.637084] device bridge0 entered promiscuous mode [ 102.642764] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 102.651599] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.658072] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.666424] device bridge0 left promiscuous mode 10:54:46 executing program 3: perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sysfs$1(0x1, &(0x7f0000000100)='lo\x00') 10:54:46 executing program 5: syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x0, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:54:46 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1, 0x7f}}, 0x10) 10:54:46 executing program 7: r0 = socket$kcm(0xa, 0x3, 0x3a) recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f0000000300)=""/31, 0x1f}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x26e1, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[], 0x20000040) write$cgroup_subtree(r1, &(0x7f0000001d40)=ANY=[], 0x0) write$cgroup_subtree(r1, &(0x7f0000002780)={[{0x2d, 'rdma', 0x20}, {0x2b, 'io', 0x20}, {0x2d, 'pids', 0x20}, {0x2d, 'pids', 0x20}, {0x2d, 'rdma', 0x20}, {0x2d, 'cpu', 0x20}]}, 0x21) 10:54:46 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) sendmmsg(r0, &(0x7f0000000180)=[{{&(0x7f0000000000)=@in6={0xa, 0x1, 0x0, @loopback={0x0, 0x1}}, 0x80, &(0x7f0000000040), 0x0, &(0x7f0000000080)}}, {{&(0x7f0000000a80)=@in={0x2, 0x0, @rand_addr}, 0x80, &(0x7f0000000080), 0x0, &(0x7f0000000040)}}], 0x2, 0x0) 10:54:46 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x2, [@dev={0xac, 0x14, 0x14}, @loopback=0x7f000001]}, 0x18) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) 10:54:46 executing program 6: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000040), 0x0, &(0x7f0000000240)=ANY=[]) open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) 10:54:46 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x2, [@dev={0xac, 0x14, 0x14}, @loopback=0x7f000001]}, 0x18) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) 10:54:46 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="025cc83d6d345f8f762070") ptrace(0xffffffffffffffff, 0x0) 10:54:46 executing program 1: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x2, 0x0) sendto$inet6(r0, &(0x7f0000000280), 0xf401, 0x0, &(0x7f0000000200)={0xa, 0x4e24, 0x0, @loopback={0x0, 0x8}}, 0x1c) 10:54:46 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1, 0x7f}}, 0x10) [ 103.253299] audit: type=1326 audit(103.251:4): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=6758 comm="syz-executor0" exe="/root/syz-executor0" sig=9 arch=c000003e syscall=202 compat=0 ip=0x455e29 code=0x0 [ 103.269238] EXT4-fs (loop5): VFS: Can't find ext4 filesystem [ 103.277879] FAT-fs (loop6): bogus number of reserved sectors [ 103.283740] FAT-fs (loop6): Can't find a valid FAT filesystem 10:54:46 executing program 5: syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x0, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:54:47 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000100)=""/34, 0x22, 0x0) bind$alg(r0, &(0x7f0000000500)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4543(gcm(aes))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000001c0), 0x0) dup2(0xffffffffffffffff, r0) recvmsg(r0, &(0x7f0000000380)={&(0x7f0000000280)=@sco, 0x80, &(0x7f0000000000), 0x1000000000000110, &(0x7f0000001400)=""/6, 0x10c, 0x20000000}, 0x0) syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4, 0x0, &(0x7f0000000000)=[@register_looper={0x630b}], 0x1, 0x0, &(0x7f0000000040)="f0"}) [ 103.351501] FAT-fs (loop6): bogus number of reserved sectors [ 103.357371] FAT-fs (loop6): Can't find a valid FAT filesystem 10:54:47 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1, 0x7f}}, 0x10) 10:54:47 executing program 6: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000d65000)={&(0x7f0000de2ff4)={0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x3, 0x1, 0xfffffffffffffffb}, 0x14}, 0x1}, 0x0) 10:54:47 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="025cc83d6d345f8f762070") r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x20000000000111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x500}, {0xa, 0x0, 0x0, @ipv4={[], [0xff, 0xff], @loopback=0x7f000001}}, r2}}, 0x48) 10:54:47 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x2, [@dev={0xac, 0x14, 0x14}, @loopback=0x7f000001]}, 0x18) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(0xffffffffffffffff) [ 103.445549] EXT4-fs (loop5): VFS: Can't find ext4 filesystem 10:54:47 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1, 0x7f}}, 0x10) 10:54:47 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x200000, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000200), &(0x7f0000000240)=0xc) r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000380)="025cc83d6d345f8f762070") r1 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(r1, 0x8905, &(0x7f0000000100)) [ 103.674885] binder: 6842:6843 ERROR: BC_REGISTER_LOOPER called without request [ 104.244356] binder: BINDER_SET_CONTEXT_MGR already set [ 104.249704] binder: 6842:6893 ioctl 40046207 0 returned -16 [ 104.258825] binder: 6842:6892 ERROR: BC_REGISTER_LOOPER called without request 10:54:47 executing program 7: perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f0000000140)={0xa}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100)={0x303, 0x33}, 0x28) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000040)='threaded\x00', 0xfd87) 10:54:47 executing program 5: syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x0, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:54:47 executing program 1: r0 = gettid() nanosleep(&(0x7f0000000380)={0x77359400}, &(0x7f00000003c0)) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) openat$null(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/null\x00', 0x0, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r1, &(0x7f00000001c0)={0xc, 0x8, 0xfa00, {&(0x7f0000000040)}}, 0x10) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) tkill(r0, 0x1000000000016) 10:54:47 executing program 0: r0 = syz_open_dev$evdev(&(0x7f00000009c0)='/dev/input/event#\x00', 0x0, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$EVIOCGSW(r0, 0x8040451b, &(0x7f0000003a00)=""/4096) 10:54:47 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x2, [@dev={0xac, 0x14, 0x14}, @loopback=0x7f000001]}, 0x18) socket$inet6(0xa, 0x1000000000002, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r1) 10:54:47 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1, 0x7f}}, 0x10) 10:54:47 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'sha1_mb\x00'}, 0x58) r1 = accept4(r0, 0x0, &(0x7f0000000180)=0x3d6, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00') sendfile(r1, r2, &(0x7f00000002c0), 0x10000000000443) 10:54:47 executing program 3: request_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a}, &(0x7f0000000080)='selinuxem1\x00', 0x0) 10:54:47 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x2, [@dev={0xac, 0x14, 0x14}, @loopback=0x7f000001]}, 0x18) socket$inet6(0xa, 0x1000000000002, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r1) 10:54:48 executing program 3: request_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a}, &(0x7f0000000080)='selinuxem1\x00', 0x0) 10:54:48 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0), r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1, 0x7f}}, 0x10) [ 104.334414] EXT4-fs (loop5): VFS: Can't find ext4 filesystem 10:54:48 executing program 0: mkdir(&(0x7f0000000980)='./control\x00', 0x0) creat(&(0x7f0000000000)='./control/file0\x00', 0x0) unlink(&(0x7f00000000c0)='./control/file0\x00') close(0xffffffffffffffff) 10:54:48 executing program 5: syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)) 10:54:48 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000380)="025cc83d6d345f8f762070") request_key(&(0x7f00000003c0)="3a3ec143d74ff897046dfcd222a42226f79694a21b621936dd1a864ef56e618eaf0e12d9ea2d82f573cd331616b03bf52f331d6e829438e5c99e317f850666f3df13175544b79d77685fb2c713183891fd4afd87c327f9b0d124ffc85f37f3cae3816ebaa99b7c88ee07384ba686e550bc6eae7538f600f30f101774bd776bda41a7613c016f81816b625390388509895191d6eda4eea8c6df7567f91aac3f212426fc563c0906d542f1a653a1df818b12874eb78114e52bec2a24c9066ad52b1907ed3f935c49bb19068a7235c3e42154377362c9e0a99aa5424ddf97811931", &(0x7f0000000040)={0x73, 0x79, 0x7a, 0x1}, &(0x7f0000000300)="4d69657970707031b6", 0xfffffffffffffffa) 10:54:48 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0), r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1, 0x7f}}, 0x10) 10:54:48 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-aes-aesni\x00'}, 0x58) r1 = accept4(r0, 0x0, &(0x7f0000000000), 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000001c0)="ad56b6c50400aeb9952989929b8903a4", 0x10) sendto(r1, &(0x7f0000000040)="bcaa197d32eac32b92fd21786ad75a2b", 0x10, 0x0, &(0x7f0000000380)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}}, 0x80) recvfrom(r1, &(0x7f0000000e40)=""/126, 0x7e, 0x0, &(0x7f0000000300)=@nl=@proc={0x10}, 0x709000) [ 104.516256] EXT4-fs (sda1): re-mounted. Opts: ,errors=continue 10:54:48 executing program 7: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net\x00', 0x200002, 0x0) fchdir(0xffffffffffffffff) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000007e00), 0x3ffffeb, 0x0) sendmmsg(r0, &(0x7f000000ac80), 0x400021b, 0xb605) write$cgroup_type(0xffffffffffffffff, &(0x7f00000009c0)='threaded\x00', 0xfffffc47) 10:54:48 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x2, [@dev={0xac, 0x14, 0x14}, @loopback=0x7f000001]}, 0x18) socket$inet6(0xa, 0x1000000000002, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r1) 10:54:48 executing program 1: r0 = gettid() nanosleep(&(0x7f0000000380)={0x77359400}, &(0x7f00000003c0)) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) openat$null(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/null\x00', 0x0, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r1, &(0x7f00000001c0)={0xc, 0x8, 0xfa00, {&(0x7f0000000040)}}, 0x10) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x32, 0xffffffffffffffff, 0x0) tkill(r0, 0x1000000000016) 10:54:48 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000007e00), 0x3ffffeb, 0x0) sendmmsg(r0, &(0x7f000000ac80), 0x400021b, 0xb605) write$cgroup_type(0xffffffffffffffff, &(0x7f00000009c0)='threaded\x00', 0xfffffc47) 10:54:48 executing program 6: mkdir(&(0x7f0000000980)='./control\x00', 0x0) r0 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) unlink(&(0x7f00000000c0)='./control/file0\x00') close(r0) 10:54:48 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0), r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1, 0x7f}}, 0x10) 10:54:48 executing program 5: syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)) 10:54:48 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000002900)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)}, 0x20) openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x10000, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000400), &(0x7f00000000c0)}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000240)={0xffffffffffffffff, &(0x7f0000000280)="e37649b5f4199bef13192c175d0adc7ea4442888301efde3732afb92e140dbd0476a6bad01b338fa8b681a8d3ed677289959c58dbba53279f23785780bf8dd"}, 0x10) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000015c0)) ioctl$KVM_IRQFD(r1, 0xc00caee0, &(0x7f0000000000)) 10:54:48 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x2, [@dev={0xac, 0x14, 0x14}, @loopback=0x7f000001]}, 0x18) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r1) 10:54:48 executing program 7: perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f0000000140)={0xa}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100)={0x303, 0x33}, 0x28) 10:54:48 executing program 6: perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f760070") 10:54:48 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x2, [@dev={0xac, 0x14, 0x14}, @loopback=0x7f000001]}, 0x18) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r1) 10:54:48 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, 0xffffffffffffffff, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1, 0x7f}}, 0x10) [ 105.229702] EXT4-fs (sda1): re-mounted. Opts: ,errors=continue 10:54:48 executing program 7: request_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={0x73, 0x79, 0x7a}, &(0x7f0000000340)='\x00', 0xfffffffffffffffe) 10:54:48 executing program 5: syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)) 10:54:48 executing program 3: 10:54:48 executing program 6: 10:54:48 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x2, [@dev={0xac, 0x14, 0x14}, @loopback=0x7f000001]}, 0x18) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r1) [ 105.352764] EXT4-fs (sda1): re-mounted. Opts: ,errors=continue 10:54:49 executing program 1: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer\x00', 0x0, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000100)={0x0}, &(0x7f0000000140)=0xc) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000280)=0x9, 0x4) perf_event_open(&(0x7f0000000300)={0x3, 0x70, 0x0, 0x0, 0xee5, 0x7a36, 0x0, 0x97, 0x120, 0x4, 0x8, 0x8, 0x6, 0x5, 0x9, 0x1, 0x3, 0x1, 0x1, 0x2, 0x8, 0x7fff, 0x5, 0x692c, 0x4c, 0x5, 0x20, 0x637e, 0x1, 0x0, 0x4, 0x1, 0x100000001, 0x100, 0x8001, 0x87b, 0x2, 0x1724, 0x0, 0x9, 0x0, @perf_bp={&(0x7f00000002c0), 0x2}, 0x40, 0x7fff, 0x4, 0x6, 0x0, 0x0, 0xfffffffffffeffff}, r1, 0xc, 0xffffffffffffff9c, 0xa) socket$vsock_dgram(0x28, 0x2, 0x0) ioctl$TIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000001500)) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000380)={0x1000, ""/4096}) 10:54:49 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, 0xffffffffffffffff, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1, 0x7f}}, 0x10) 10:54:49 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000640)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000600)={"00ac730000000000ec973f820f7c4000", 0xc201}) 10:54:49 executing program 3: bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000140)={0xffffffffffffffff, &(0x7f0000000080), &(0x7f00000000c0)=""/1}, 0x18) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f9, &(0x7f0000000140)='sit0\x00') 10:54:49 executing program 6: pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xffffff55) ioctl$BLKSECDISCARD(r0, 0x127d, &(0x7f0000000080)) ioctl$VT_RESIZE(r0, 0x5609, &(0x7f0000000100)={0x4, 0xfffffffffffffff8}) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) fcntl$setpipe(r1, 0x407, 0x0) vmsplice(r1, &(0x7f0000000480)=[{&(0x7f0000000040)="2d115e005ff853fc9a031e88927172820936828eb7cee6b689908f4f8afcf9df644df36cfa93e9ab", 0x28}, {&(0x7f0000000400)="d49557c30b511b49fc2d8d50d8723a297b0aed757199f2f0b6aed9608ac6dcf86a7eb2cca221d33d1c93b7e45c9b791f3d6eaa965a106384d59d76dbca15f6f91ee96016d07b398b2377de873d84a00b9528ef4d964add73d0d146", 0x5b}], 0x2, 0x2) 10:54:49 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:49 executing program 5: request_key(&(0x7f0000000200)='user\x00', &(0x7f0000000000)={0x73, 0x79, 0x7a}, &(0x7f0000000280)="6c6f676f6e4088c59764852ddb52cf946a4d285f18cd378cc57e58f6ec429b1fc6e0f0910eccb67cc692ad21aee513a7d4d9e12ffa32ca3482794dc8ce800b49b663dc51036c0b2016460744c481887e00b58006b7b9c5741b224ca93c987325c967d9ad70884f6f47c33f85f760929f1d7ab341f35c7a308a302ffde80e6dc66b06837cd66657d6f806edc01b07df2ce0a3a0fe19ed476cca95459f8672387fd3992a93efcdeff2124ab4764c014672f34273a48d38e3a767504c8dded5b9d86cbd9b310055d8194083be41afb4f401e74a30fbed160fc7ab864368f3c23810bf1d8050c84d71bc2dbb295e409d2fff259f32c5", 0x0) 10:54:49 executing program 0: socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) close(r0) ioctl$sock_SIOCGSKNS(r1, 0x894c, &(0x7f00000000c0)) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000000)={0x0, 0x0, 0x61}) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) 10:54:49 executing program 1: 10:54:49 executing program 5: 10:54:49 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, 0xffffffffffffffff, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1, 0x7f}}, 0x10) 10:54:49 executing program 3: 10:54:49 executing program 0: 10:54:49 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:49 executing program 1: 10:54:49 executing program 7: 10:54:49 executing program 5: 10:54:49 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1, 0x7f}}, 0x10) 10:54:49 executing program 3: 10:54:49 executing program 1: 10:54:50 executing program 6: 10:54:50 executing program 0: 10:54:50 executing program 7: 10:54:50 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:50 executing program 5: 10:54:50 executing program 3: 10:54:50 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {0xffffffffffffffff, 0x7f}}, 0x10) 10:54:50 executing program 1: 10:54:50 executing program 5: 10:54:50 executing program 7: bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000140)={0xffffffffffffffff, &(0x7f0000000080), &(0x7f00000000c0)=""/1}, 0x18) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f2, &(0x7f0000000140)='sit0\x00') 10:54:50 executing program 3: bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000140)={0xffffffffffffffff, &(0x7f0000000080), &(0x7f00000000c0)=""/1}, 0x18) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f1, &(0x7f0000000140)='sit0\x00') 10:54:50 executing program 1: 10:54:50 executing program 0: 10:54:50 executing program 6: 10:54:50 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) 10:54:50 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x2, [@dev={0xac, 0x14, 0x14}, @loopback=0x7f000001]}, 0x18) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:50 executing program 6: 10:54:50 executing program 1: 10:54:50 executing program 5: 10:54:50 executing program 0: 10:54:50 executing program 7: 10:54:50 executing program 3: 10:54:50 executing program 1: 10:54:50 executing program 2: 10:54:50 executing program 6: 10:54:50 executing program 0: 10:54:50 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x2, [@dev={0xac, 0x14, 0x14}, @loopback=0x7f000001]}, 0x18) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:50 executing program 5: 10:54:50 executing program 7: 10:54:50 executing program 3: 10:54:51 executing program 2: 10:54:51 executing program 6: 10:54:51 executing program 5: 10:54:51 executing program 1: 10:54:51 executing program 7: 10:54:51 executing program 0: 10:54:51 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x2, [@dev={0xac, 0x14, 0x14}, @loopback=0x7f000001]}, 0x18) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:51 executing program 3: 10:54:51 executing program 5: 10:54:51 executing program 6: 10:54:51 executing program 1: 10:54:51 executing program 2: 10:54:51 executing program 7: 10:54:51 executing program 0: 10:54:51 executing program 4: setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x2, [@dev={0xac, 0x14, 0x14}, @loopback=0x7f000001]}, 0x18) r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r1) 10:54:51 executing program 5: 10:54:51 executing program 1: 10:54:51 executing program 3: 10:54:51 executing program 6: 10:54:51 executing program 2: 10:54:51 executing program 7: 10:54:51 executing program 0: 10:54:51 executing program 1: 10:54:51 executing program 5: 10:54:51 executing program 6: 10:54:51 executing program 3: 10:54:51 executing program 4: setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x2, [@dev={0xac, 0x14, 0x14}, @loopback=0x7f000001]}, 0x18) r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r1) 10:54:51 executing program 7: 10:54:51 executing program 0: 10:54:51 executing program 2: 10:54:51 executing program 1: 10:54:51 executing program 5: 10:54:51 executing program 3: 10:54:51 executing program 6: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, "e91f7189591e9233614b00"}, 0xc) listen(r1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) shutdown(r2, 0x0) connect$unix(r0, &(0x7f0000fce000)=@file={0x1, "e91f7189591e9233614b00"}, 0xc) 10:54:51 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000005c0)="82780000260f017731f3d87e0b0f20e06635000020000f22e066b9800000c00f326635002000000f30640f02d766b8008000000f23d80f21f86635400000f00f23f8db13b85f078ee82e0f01cf", 0x4d}], 0x1, 0x0, &(0x7f0000000140), 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [0x4b564d02, 0x1, 0x4b564d02, 0x1]}) 10:54:51 executing program 2: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$iso9660(&(0x7f0000000080)='iso9660\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000400), 0x0, &(0x7f0000000480)) 10:54:51 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x3) getsockopt$inet6_buf(r0, 0x29, 0xca, &(0x7f0000000040)=""/252, &(0x7f0000000140)=0xfc) 10:54:51 executing program 5: 10:54:51 executing program 7: 10:54:51 executing program 4: setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x2, [@dev={0xac, 0x14, 0x14}, @loopback=0x7f000001]}, 0x18) r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r1) 10:54:51 executing program 3: 10:54:51 executing program 5: 10:54:51 executing program 7: 10:54:51 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0xfb9d) 10:54:51 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x2, [@dev={0xac, 0x14, 0x14}, @loopback=0x7f000001]}, 0x18) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) [ 107.957998] ISOFS: Unable to identify CD-ROM format. 10:54:51 executing program 3: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) socket$inet_tcp(0x2, 0x1, 0x0) socket$kcm(0xa, 0x0, 0x0) ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(0xffffffffffffffff, 0x3) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x12, 0x6, 0x400000004, 0xf728}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) ioctl$KDSKBLED(r0, 0x4b65, 0xfffffffffffffb1f) 10:54:51 executing program 1: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000214fd4)={0xe, 0x4, 0x4, 0x8000000000008, 0x0, 0xffffffffffffffff, 0x0, [0x305f, 0xa]}, 0x2c) 10:54:51 executing program 5: perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r0) sendmmsg$unix(r0, &(0x7f0000005240)=[{&(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000540), 0x0, &(0x7f0000000680)=[@rights={0x18, 0x1, 0x1, [r2]}], 0x18}], 0x4924924924926c2, 0x0) recvmmsg(r1, &(0x7f0000004e40)=[{{&(0x7f0000000280)=@llc, 0x80, &(0x7f00000006c0), 0x271, &(0x7f0000000080)=""/9, 0x9}}], 0x37a, 0x0, &(0x7f0000000240)={0x77359400}) getpeername$netlink(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000580)=0xc) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000006c0)={{{@in, @in6}}, {{@in=@loopback}, 0x0, @in6=@remote}}, &(0x7f00000005c0)=0xe8) 10:54:51 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) sync() setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'syz_tun\x00'}, 0x18) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000040)={0x1, 'irlan0\x00'}, 0x18) 10:54:51 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0xfb9d) 10:54:51 executing program 0: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000040)={{{@in6=@ipv4={[], [], @dev}, @in6}}, {{@in6=@mcast1}, 0x0, @in6=@ipv4={[], [], @remote}}}, &(0x7f0000000200)=0xe8) getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x5, &(0x7f0000000280)={'mangle\x00'}, &(0x7f0000000140)=0x54) 10:54:51 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x2, [@dev={0xac, 0x14, 0x14}, @loopback=0x7f000001]}, 0x18) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:51 executing program 2: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$iso9660(&(0x7f0000000080)='iso9660\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000400), 0x0, &(0x7f0000000480)) 10:54:51 executing program 1: setitimer(0x3, &(0x7f0000000180)={{0x77359400}, {0x77359400}}, &(0x7f00000001c0)) 10:54:51 executing program 6: r0 = socket(0x10, 0x802, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f00000002c0)={'team0\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={"7465616d300000ffffffc000", 0xc201}) [ 108.169751] IPVS: stopping master sync thread 7299 ... [ 108.177683] IPVS: sync thread started: state = MASTER, mcast_ifn = syz_tun, syncid = 0, id = 0 10:54:51 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x2, [@dev={0xac, 0x14, 0x14}, @loopback=0x7f000001]}, 0x18) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:51 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) [ 108.219398] IPVS: sync thread started: state = MASTER, mcast_ifn = syz_tun, syncid = 0, id = 0 [ 108.232239] ISOFS: Unable to identify CD-ROM format. 10:54:51 executing program 1: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000100)="2d42d54e49c56aba707070f00884a26d003a2900bb8dacac76617d6b6e6823cb290fc8c03a9c631064eea98b4363ad899c6bdec5e936dd55a93dcd4a78aa8f7eb93061a9b2044b98933f8851f7d61da1ce8b19eaefe3abb6a52434d6fe370fe7d924ce20ab4eaec9bdd36740e127730e90f2cd72b828", 0x0) write(r0, &(0x7f0000000180), 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x10, 0xffffffffffffffff, 0x0) syz_fuseblk_mount(&(0x7f0000000000)='./0ile/\x00', &(0x7f0000000040)='./0ile/\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 10:54:51 executing program 7: r0 = semget$private(0x0, 0x1, 0x0) semctl$GETVAL(r0, 0x0, 0x14, &(0x7f0000000100)=""/222) 10:54:51 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000140)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "6cb782e4ad88b89d1fd309169f44a72107130ee55d660510420aaa96759ecbc36eb9bb12b6124793608dd0e7316d1d4f4dbac39877e4ac714b7ecefa8a934a"}, 0x60) sendmmsg$nfc_llcp(r0, &(0x7f00000026c0)=[{&(0x7f00000000c0)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "c95d9d47e4635c995b18ba766a818648cd01f2e3825bee3eb373769cb2c85d7f0bb3aff58d31b0352895601ee239883abfad45a0e8c0f59bf3b52edf3500bb"}, 0x60, &(0x7f0000002600), 0x5f}], 0x4924924924926b2, 0x0) 10:54:52 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffd000/0x1000)=nil) mremap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f0000000000/0x3000)=nil) 10:54:52 executing program 1: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000100)="2d42d54e49c56aba707070f00884a26d003a2900bb8dacac76617d6b6e6823cb290fc8c03a9c631064eea98b4363ad899c6bdec5e936dd55a93dcd4a78aa8f7eb93061a9b2044b98933f8851f7d61da1ce8b19eaefe3abb6a52434d6fe370fe7d924ce20ab4eaec9bdd36740e127730e90f2cd72b828", 0x0) write(r0, &(0x7f0000000180), 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x10, 0xffffffffffffffff, 0x0) syz_fuseblk_mount(&(0x7f0000000000)='./0ile/\x00', &(0x7f0000000040)='./0ile/\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 10:54:52 executing program 2: r0 = socket(0x11, 0x100000803, 0x0) getsockopt$packet_int(r0, 0x107, 0xb, &(0x7f0000000100), &(0x7f0000000080)=0x100000160) [ 108.554893] 8021q: adding VLAN 0 to HW filter on device team0 10:54:52 executing program 1: syz_mount_image$msdos(&(0x7f0000002d00)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000002180), 0x0, &(0x7f0000002200)={[{@fat=@quiet='quiet', 0x2c}]}) 10:54:52 executing program 3: ioctl$RNDCLEARPOOL(0xffffffffffffffff, 0x5206, &(0x7f0000000440)) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, &(0x7f0000527ff8), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x100000000000e000, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f0000000080)='./file0/file0\x00', 0x3fffa, 0x0) mkdir(&(0x7f0000000240)='./file0/file1\x00', 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000500)={{{@in=@broadcast, @in6=@mcast1}}, {{@in=@multicast1}}}, &(0x7f0000000200)=0xe8) ioctl$TUNGETIFF(r0, 0x800454d2, &(0x7f0000000380)) write$cgroup_subtree(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="2dbfd21b946a20f86a5586cb719247e288c15ab29d47537a068fbc7e915b10c49f0de5e2d35730f6543088e9ffd2a6c6de38ca535eb77942d934421c7531eb11e5c11d6967727dc286db8cc2c90ff3caa91fe6d062bb0678153119e121ba2b6e8679d54f5959d400c9d1f1f63108b4c016f8dd075fec4b9f1ebd1cff41c27a3deb2af68737bee5c7caf135ed9c727a15917043a4cc67bd327e3a4a1d"], 0x9c) open(&(0x7f0000000080)="2e2f66696c65302f662e6c6530f0", 0x40003ffd, 0x0) write$cgroup_type(r0, &(0x7f0000000180)='threaded\x00', 0xffffff43) syz_genetlink_get_family_id$team(&(0x7f0000000400)='team\x00') ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) userfaultfd(0x0) 10:54:52 executing program 5: r0 = socket$inet6(0xa, 0x40000080806, 0x0) getsockopt$inet6_int(r0, 0x29, 0x4d, &(0x7f0000000000), &(0x7f0000000040)=0x4) 10:54:52 executing program 7: read(0xffffffffffffffff, &(0x7f0000000280)=""/1, 0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000fd0ffc)) r0 = signalfd4(0xffffffffffffffff, &(0x7f00000001c0), 0x8, 0x0) ppoll(&(0x7f0000000000)=[{r0}], 0x1, &(0x7f0000000040)={0x77359400}, &(0x7f0000000080), 0x8) r1 = gettid() timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, &(0x7f0000040000)) tkill(r1, 0x1000000000016) 10:54:52 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:54:52 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/raw\x00') socket$inet_icmp_raw(0x2, 0x3, 0x1) read(r0, &(0x7f0000000180)=""/219, 0xdb) 10:54:52 executing program 6: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0x8, &(0x7f0000000140)=0x0) socket(0x0, 0x0, 0x0) r2 = eventfd(0x0) io_submit(r1, 0x2, &(0x7f00000003c0)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000040)}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x0, 0x0, 0x1, r2}]) 10:54:52 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x0, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x2, [@dev={0xac, 0x14, 0x14}, @loopback=0x7f000001]}, 0x18) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:52 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:54:52 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000600)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}) [ 108.951266] FAT-fs (loop1): bogus number of reserved sectors [ 108.957155] FAT-fs (loop1): Can't find a valid FAT filesystem 10:54:52 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x0, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x2, [@dev={0xac, 0x14, 0x14}, @loopback=0x7f000001]}, 0x18) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:52 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00') ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000100)={"69666230000000000200ac0c59ab3200"}) perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r0, &(0x7f0000b58000)=0x200000, 0xffff) [ 109.026504] FAT-fs (loop3): error, clusters badly computed (3 != 1) [ 109.033026] FAT-fs (loop3): Filesystem has been set read-only [ 109.041488] FAT-fs (loop3): error, clusters badly computed (4 != 2) 10:54:52 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_int(r0, 0x6, 0x10, &(0x7f0000000140), &(0x7f0000000180)=0x4) [ 109.067423] FAT-fs (loop1): bogus number of reserved sectors [ 109.073304] FAT-fs (loop1): Can't find a valid FAT filesystem [ 109.080412] FAT-fs (loop3): error, clusters badly computed (5 != 3) 10:54:52 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) [ 109.108529] FAT-fs (loop3): error, clusters badly computed (6 != 4) 10:54:52 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x0, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x2, [@dev={0xac, 0x14, 0x14}, @loopback=0x7f000001]}, 0x18) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:52 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(r0, 0x40045402, &(0x7f0000000000)=0x1) 10:54:52 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="0a0775b005e381e5b3b60cadd93aa191ae41e06f9d218d90c4d9d4ed5c54dbb7", 0x20) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="2321202e2f66696c653020736b6369706865720020656362286165a51d24732d67656e65524963290020736b6369706865720020736b636970686572000a3d8bab2bdaa6a913b00d5fd3e0ee9e089b4d471133"], 0x53) recvmsg(r1, &(0x7f0000001440)={&(0x7f0000000280)=@sco, 0x80, &(0x7f00000013c0)=[{&(0x7f0000000300)=""/4096, 0x1000}], 0x1, &(0x7f0000001400)=""/6, 0x6}, 0x0) [ 109.152466] FAT-fs (loop3): error, clusters badly computed (7 != 5) [ 109.181287] FAT-fs (loop3): error, clusters badly computed (8 != 6) [ 109.201185] FAT-fs (loop3): error, clusters badly computed (9 != 7) [ 109.232910] FAT-fs (loop3): error, clusters badly computed (10 != 8) [ 109.243334] FAT-fs (loop3): error, clusters badly computed (11 != 9) [ 109.256501] FAT-fs (loop3): error, clusters badly computed (12 != 10) [ 109.269208] FAT-fs (loop3): error, clusters badly computed (13 != 11) [ 109.278303] FAT-fs (loop3): error, clusters badly computed (14 != 12) [ 109.294454] FAT-fs (loop3): error, clusters badly computed (15 != 13) [ 109.305277] FAT-fs (loop3): error, clusters badly computed (16 != 14) [ 109.312052] FAT-fs (loop3): error, clusters badly computed (17 != 15) [ 109.318955] FAT-fs (loop3): error, clusters badly computed (18 != 16) [ 109.325610] FAT-fs (loop3): error, clusters badly computed (19 != 17) [ 109.332291] FAT-fs (loop3): error, clusters badly computed (20 != 18) [ 109.338936] FAT-fs (loop3): error, clusters badly computed (21 != 19) [ 109.345626] FAT-fs (loop3): error, clusters badly computed (22 != 20) [ 109.352271] FAT-fs (loop3): error, clusters badly computed (23 != 21) [ 109.358960] FAT-fs (loop3): error, clusters badly computed (24 != 22) [ 109.365635] FAT-fs (loop3): error, clusters badly computed (25 != 23) [ 109.372315] FAT-fs (loop3): error, clusters badly computed (26 != 24) [ 109.378957] FAT-fs (loop3): error, clusters badly computed (27 != 25) [ 109.385638] FAT-fs (loop3): error, clusters badly computed (28 != 26) [ 109.392289] FAT-fs (loop3): error, clusters badly computed (29 != 27) [ 109.398983] FAT-fs (loop3): error, clusters badly computed (30 != 28) [ 109.405638] FAT-fs (loop3): error, clusters badly computed (31 != 29) [ 109.412319] FAT-fs (loop3): error, clusters badly computed (32 != 30) [ 109.418966] FAT-fs (loop3): error, clusters badly computed (33 != 31) [ 109.425672] FAT-fs (loop3): error, clusters badly computed (34 != 32) [ 109.432326] FAT-fs (loop3): error, clusters badly computed (35 != 33) [ 109.438998] FAT-fs (loop3): error, clusters badly computed (36 != 34) [ 109.445665] FAT-fs (loop3): error, clusters badly computed (37 != 35) [ 109.452349] FAT-fs (loop3): error, clusters badly computed (38 != 36) [ 109.458991] FAT-fs (loop3): error, clusters badly computed (39 != 37) [ 109.465679] FAT-fs (loop3): error, clusters badly computed (40 != 38) [ 109.472340] FAT-fs (loop3): error, clusters badly computed (41 != 39) [ 109.479073] FAT-fs (loop3): error, clusters badly computed (42 != 40) [ 109.485713] FAT-fs (loop3): error, clusters badly computed (43 != 41) [ 109.492448] FAT-fs (loop3): error, clusters badly computed (44 != 42) [ 109.499087] FAT-fs (loop3): error, clusters badly computed (45 != 43) [ 109.505835] FAT-fs (loop3): error, clusters badly computed (46 != 44) [ 109.512509] FAT-fs (loop3): error, clusters badly computed (47 != 45) [ 109.519262] FAT-fs (loop3): error, clusters badly computed (48 != 46) [ 109.525912] FAT-fs (loop3): error, clusters badly computed (49 != 47) [ 109.532659] FAT-fs (loop3): error, clusters badly computed (50 != 48) [ 109.539751] FAT-fs (loop3): error, clusters badly computed (51 != 49) [ 109.546535] FAT-fs (loop3): error, clusters badly computed (52 != 50) [ 109.553194] FAT-fs (loop3): error, clusters badly computed (53 != 51) [ 109.559952] FAT-fs (loop3): error, clusters badly computed (54 != 52) [ 109.566598] FAT-fs (loop3): error, clusters badly computed (55 != 53) [ 109.573358] FAT-fs (loop3): error, clusters badly computed (56 != 54) [ 109.580061] FAT-fs (loop3): error, clusters badly computed (57 != 55) [ 109.586780] FAT-fs (loop3): error, clusters badly computed (58 != 56) [ 109.593448] FAT-fs (loop3): error, clusters badly computed (59 != 57) [ 109.600171] FAT-fs (loop3): error, clusters badly computed (60 != 58) [ 109.606848] FAT-fs (loop3): error, clusters badly computed (61 != 59) [ 109.613565] FAT-fs (loop3): error, clusters badly computed (62 != 60) [ 109.620234] FAT-fs (loop3): error, clusters badly computed (63 != 61) [ 109.626951] FAT-fs (loop3): error, clusters badly computed (64 != 62) [ 109.633635] FAT-fs (loop3): error, clusters badly computed (65 != 63) [ 109.640324] FAT-fs (loop3): error, clusters badly computed (66 != 64) [ 109.646992] FAT-fs (loop3): error, clusters badly computed (67 != 65) [ 109.653691] FAT-fs (loop3): error, clusters badly computed (68 != 66) [ 109.660443] FAT-fs (loop3): error, clusters badly computed (69 != 67) [ 109.667186] FAT-fs (loop3): error, clusters badly computed (70 != 68) [ 109.673876] FAT-fs (loop3): error, clusters badly computed (71 != 69) [ 109.680579] FAT-fs (loop3): error, clusters badly computed (72 != 70) [ 109.687255] FAT-fs (loop3): error, clusters badly computed (73 != 71) [ 109.693955] FAT-fs (loop3): error, clusters badly computed (74 != 72) [ 109.700644] FAT-fs (loop3): error, clusters badly computed (75 != 73) [ 109.707386] FAT-fs (loop3): error, clusters badly computed (76 != 74) [ 109.714104] FAT-fs (loop3): error, clusters badly computed (77 != 75) [ 109.720803] FAT-fs (loop3): error, clusters badly computed (78 != 76) [ 109.727492] FAT-fs (loop3): error, clusters badly computed (79 != 77) [ 109.734537] FAT-fs (loop3): error, clusters badly computed (80 != 78) [ 109.741256] FAT-fs (loop3): error, clusters badly computed (81 != 79) [ 109.747974] FAT-fs (loop3): error, clusters badly computed (82 != 80) [ 109.754728] FAT-fs (loop3): error, clusters badly computed (83 != 81) [ 109.761536] FAT-fs (loop3): error, clusters badly computed (84 != 82) [ 109.768243] FAT-fs (loop3): error, clusters badly computed (85 != 83) [ 109.774975] FAT-fs (loop3): error, clusters badly computed (86 != 84) [ 109.781664] FAT-fs (loop3): error, clusters badly computed (87 != 85) [ 109.788397] FAT-fs (loop3): error, clusters badly computed (88 != 86) [ 109.795111] FAT-fs (loop3): error, clusters badly computed (89 != 87) [ 109.801814] FAT-fs (loop3): error, clusters badly computed (90 != 88) [ 109.808514] FAT-fs (loop3): error, clusters badly computed (91 != 89) [ 109.815221] FAT-fs (loop3): error, clusters badly computed (92 != 90) [ 109.821908] FAT-fs (loop3): error, clusters badly computed (93 != 91) [ 109.828665] FAT-fs (loop3): error, clusters badly computed (94 != 92) [ 109.835372] FAT-fs (loop3): error, clusters badly computed (95 != 93) [ 109.842190] FAT-fs (loop3): error, clusters badly computed (96 != 94) [ 109.848852] FAT-fs (loop3): error, clusters badly computed (97 != 95) [ 109.855643] FAT-fs (loop3): error, clusters badly computed (98 != 96) [ 109.864269] FAT-fs (loop3): error, clusters badly computed (99 != 97) [ 109.871539] FAT-fs (loop3): error, clusters badly computed (100 != 98) [ 109.878548] FAT-fs (loop3): error, clusters badly computed (101 != 99) [ 109.886870] FAT-fs (loop3): error, clusters badly computed (102 != 100) [ 109.894131] FAT-fs (loop3): error, clusters badly computed (103 != 101) [ 109.901065] FAT-fs (loop3): error, clusters badly computed (104 != 102) [ 109.907892] FAT-fs (loop3): error, clusters badly computed (105 != 103) [ 109.914856] FAT-fs (loop3): error, clusters badly computed (106 != 104) [ 109.921714] FAT-fs (loop3): error, clusters badly computed (107 != 105) [ 109.929240] FAT-fs (loop3): error, clusters badly computed (108 != 106) [ 109.936137] FAT-fs (loop3): error, clusters badly computed (109 != 107) [ 109.943078] FAT-fs (loop3): error, clusters badly computed (110 != 108) [ 109.949936] FAT-fs (loop3): error, clusters badly computed (111 != 109) [ 109.956910] FAT-fs (loop3): error, clusters badly computed (112 != 110) [ 109.963738] FAT-fs (loop3): error, clusters badly computed (113 != 111) [ 109.970711] FAT-fs (loop3): error, clusters badly computed (114 != 112) [ 109.977556] FAT-fs (loop3): error, clusters badly computed (115 != 113) 10:54:53 executing program 5: perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x1c, 0x0, &(0x7f0000000500)=[@release={0x40046306, 0x1}, @exit_looper={0x630d}, @acquire={0x40046305}, @acquire={0x40046305}], 0x0, 0x0, &(0x7f0000000040)}) 10:54:53 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000540)={0x14, 0x18, 0xfffffffffffffffd, 0x0, 0x0, {0x7592da1c}}, 0x14}, 0x1}, 0x0) 10:54:53 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:54:53 executing program 6: clock_adjtime(0x0, &(0x7f0000000000)={0xd7fb, 0x0, 0xb00000000000000}) 10:54:53 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x2, [@dev={0xac, 0x14, 0x14}, @loopback=0x7f000001]}, 0x18) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:53 executing program 1: perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r0, 0x8200) lseek(r0, 0x0, 0x4) 10:54:53 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'pcrypt(morus1280-sse2)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="71e67a11cdf8311cfc093a52a7d86bd1", 0x10) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$alg(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="e6e3338c953f26291df8e0e33179a5e6", 0x10}], 0x1, &(0x7f00000000c0)}, 0x0) recvmmsg(r1, &(0x7f0000009b80)=[{{0x0, 0x0, &(0x7f0000000040), 0x0, &(0x7f0000000180)=""/149, 0x95}}, {{&(0x7f0000009680)=@alg, 0x80, &(0x7f0000009ac0)=[{&(0x7f0000009a00)=""/184, 0xb8}], 0x1, &(0x7f0000009b00)=""/122, 0x7a}}], 0x2, 0x0, 0x0) 10:54:53 executing program 7: r0 = socket(0x10, 0x802, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000032c0)={&(0x7f0000000240)={0x10}, 0xc, &(0x7f0000003280)={&(0x7f0000001b00)=@newtaction={0x13, 0x32, 0x219, 0x0, 0x0, {}, [{0x20, 0x1, @m_skbedit={0x1c, 0x0, {{0xc, 0x1, 'skbedit\x00'}, {0x4, 0x2}, {0x4, 0x6}}}}]}, 0x34}, 0x1}, 0x0) [ 109.984515] FAT-fs (loop3): error, clusters badly computed (116 != 114) [ 109.991352] FAT-fs (loop3): error, clusters badly computed (117 != 115) 10:54:53 executing program 2: mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000600)="7379736673002a864f4bc00bce1bdb20637213b1e894d120715f9dc1125b042c7226eb0136d9624ea1d23374a660fe5ac173722fd367ad22e8553025a2e8be0bc5514379af7213d32b8d5d06dc8fbf2c849ed9cdefc74b03dfa9cb5a90b28b4b24d7862c3d66fca53167d5424235435a3dbb76bc7d3c42fc2e9c696114a6f888f0da85277683cfc1c4d2bf71c255a3134d64cc3fed8e97798deb8631cbf7682c9fa2ed031465aa191df922f764297cba22a8499d177f49fba940f55bbc8b723fd374f1fed78c8aeec6811d9b5879487387d56594a14c2588274de84fa27610302b3fb54172a8c910a07e7c76ea465aa68402", 0x0, &(0x7f0000000080)) r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f0000000280)=""/92, 0x5c) 10:54:53 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x2, [@dev={0xac, 0x14, 0x14}, @loopback=0x7f000001]}, 0x18) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) [ 110.031975] binder: 7436:7446 Release 1 refcount change on invalid ref 1 ret -22 [ 110.059088] binder: 7436:7446 Acquire 1 refcount change on invalid ref 0 ret -22 10:54:53 executing program 1: 10:54:53 executing program 7: r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_mr_vif\x00') perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000300)=""/242, 0xf2}], 0x1) getpeername$netlink(r0, &(0x7f0000000040), &(0x7f00000000c0)=0xc) 10:54:53 executing program 6: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'echainiv(aegis256)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ffffffff82f4dd6f515b9aad52af35285c860709ce151e788f9eae9b03790126", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000001fc0)=[{{&(0x7f0000000400)=@nfc={0x27}, 0x80, &(0x7f0000001880)=[{&(0x7f0000000040)="1216270a263f99e4a9f798435a4e09f53b6b0c96597115da1fa3100a97c748b11a10dd6a3472b3fc8ff77cd29d28", 0x2e}, {&(0x7f00000014c0)="9d36f9cf4a48fa76284b57bd37db7974cd2d9c862e5ecb05b85ca17e2f8763187313ae4478bc3f2b74db72185e6c5d5fdd866f6c6cfb85d3ba00ec5c8c837ee6ddb7351b113231d7092666", 0x4b}, {&(0x7f0000002080)="f40d77b1ff0dc25691aedd58764146fa6db1cf0de2cd70cfe1f96efdb97b4c86a0a3205d5f8a9bca7ee97a01437a28ae67e3cceb009a298e55269c793d0d99b39bd6b88131fb235b4243125e5eda1b87291a5b560fc91d55f7cf63e22adc5f5f2fbff8c35af99d9adcb63a120ff8a85403f1b2fd505dc0a0fdd3d0613a7c8f7359ad6414bd833f498ab7b550950db258473726aef4bcc12627daefc745e3743600c9e276df294a55504e9b88968d6b3872713bac5b7dd64d68e75903830ae55bd24bebf416631948dc1d94eca78db1649c3f440bff502c472e89cd1315cbd3c6d04d86ee49a96f81c930b21607bbcab220f3b3527b4cfab27698732ea171a52611dbeecaa72115bc6a62558b887bb731cd1c1c269aa88e58737819642475e39978b16f865a15fe3b4640a2c64c2e507a0f31eb57b0bf87e96d54b209f1059c46f93d6b37edb295b3085698ef093f50e2f3c14cad6f2832dbc7eb6198717af473fa6b890a649d35c5370f2fed7d28f2cb35d1a3a44a00b32f892374ec22321bb902bc7e518a4bdc2600300436f04dfb563c7d105d696a42b136ea32de15b0d4756bcdc89326527c3a5c27900e68e0f42bc22798128e3e63391ab481f4c9898e837291b17a39bb1156584432f6397cda2fa4ccc1143f6d205123569162194414dfc26844fd67a1cf5bce91a14027c4104b820f78facabcc2cded26908f9c772737aea5c76d5368a88736f47e50e5d78cb65843b3f7f00d065a37fd12b93d36ac359421cbb68add281b6529625134b0c2d730ab89cf5571089d447d68f2093074673c66f1df961e382bcd54ee47a37929e84586f4b257a0e2c75728e19533485745f06b724bba327ec48aa444d7dab8756224ca786bd7d56c17bea60de969c9af926f562f032ee6cb32190325b7674ae0829dcea77fecb3d9324d9caa41438a00962cf4ff41598cc585f5484891b83038fd8fc724d75d43a8730abf0abaebc84024eabbeaf20c2cd93ff055c690ed71dd9274258f02d7f95b0e2a29a56d73c9f034dd08e07e987eb7aa08d9a72770cb9c5c17e91639b929c7f636bd59e7239bfa1014658558241512121b89af261c07b099a9ea5222ea29b5116f90f8025bcb325f014337c95a0a56e277cce9b947ef9a4975d82cca06b72457a4323d771d08779325b79ad278c5f2d1cef69470add4e3945befb86d2c90d0aec3418390b848a03bc433509bd36d5c4d2aadb36910ea7925610d910df4498bf13ca309684dbd52ed139450d381d510b358606c5917ba43bec45aade0c3b5cf3886cb0c16bc0391dac0090595318167e289e58cb381946df45778a26f698b688d7056e1ba0bada3326819d189759209df8339ad88e2dd9376f68e5f35f3c05b63636442e8c3082bdf4ef276194db4205c3f2e5f96bb6e1f2cb2ed654ae9da30ed943ab7bcd84441082adf7c3d8c3563231ec6ccc2c718c6bd38ac781497874e2cc69d7d78afab8b222b5b648bdefc7f0e55a286327f35fad72bc35876377a5b7939092f03fd5bce5db1b9d6946bd513f3e84673643c2d53faa29db1648f3b92e0f85e8530e8d50b913a225d0bd5d51807a34291696745fff87e772b41a9dac8944a3c66f1a0bd200e462dc31ceb1d64f01b9ef53d19109583999c64a64489735431c153768a8b217f24b53a43fefbe09d8d7412b090e6ebd760b4bb5d351349be0b6a7bbffbd8d95e60cac45ca2e84ff331b52dbb728010c8fde184a95ee2aac78690221651916f02cc25928d1bbef27467881ca933a48bc8aef67163cd27e76df9e970a321bb044c20b22fbed7af5f2536ddcb6fed1042d0d04eb7d98134a96de32881b78a083cb178239f844070c73f828d2e6be98d3dff47ba5d3c85390ba938fb0ff9fc6f6ad8df0c42f0f5ee256352e0309fcf9ab7e647c8f38fbd33cb49b1412e9700363e685f28f6d679a14dae69a785a238986eb47b8c4548358be687979c44ec349aa4013cb541864cffbc3f6034f5ade03a0695e773f8cad3107409235916124690a3ba3a346fdc6c365b414bc531014a6d207d6fdd2267d4cfaaa3de1105caf93021af0ab1508fcb9160736bbed48caa75fe3b6cf1d8b8a52dda8c963a1e7b79c46e235d4db5067f6f950328f3ea3ad09550335d79065543ebf7783f739fd9adc47e4bd1b48ca3e435097053859df1378eb05bc4c221984a403cd07b1797d71d9043abe9a2d72c6c8a142da790b163951e7e3340d75892449bd32ba4c476f173146c8cf2bed4abf0a6964ad89791ca671c9c1cc545572bca26dcb99e099c08e410a3e1c6c3057fc52157ea107d03f6afc7f47615d83d8d5ec8ce144ce71f344dc3ba990fe0182344b4993b291ecfc4222f71d0c4942c7801a778f6499038f309af98b74fbd07649fe7035d5097be533f998a4658ec98ff17fe1754a0d0f519d656ff5a9fcde9f73cecd74ee6707a6c0ff9299f2736f2f9699326abafd2b07449ca8345682f0ec3d50a1ef52b8c78378b0f4708c0c1f4f990f3c4c7c47b6974c5f21575e898bc0451238885ed522430c0999bdf008c11c1b62df414dbce4499ca11ed1026881fc38199336e85a9d30a572d59418d6e4b360f17519abdc9a703f504204a58d265735136103ab3c16da995ffdd1a826321a2d2d8148f34483bb2866c68bdcef4032fda2a4b13976979891926e073307d9d87b46f8f3a1391358efeec786c99b45c7dfe260750a17a5209c28ac202546d1c9d5d505ed1373918cb348d0751dd07842267260bcbd67a2f078ec095df80434dc5976b30b49f7e2ebe8a7e02ea6f4ec212a065ad81fb25732db1440a7be6e4151e8222746fea2b5daf07b4fa655568bc3ef826d387e0a48091af4f606bb860fae2d34913424f429ebfc82ec9823c309e6030eb340f8cf67cb4e2e66f85520bff90d4fcc76796f21d1e61e149a690501bdd5317a060d3af5aef0fc84c5902fe41c5f15b25caa9a3244dcfc651b68e4274cba5a51a7a8da803779846377ec35f28a85f49af4fae539a1b6e144bafce0f0606d7dc496714d23a734136c82d80f08d4e6f16fac72a2f41961a5dd1ca1508aa0a11c99c36cbc4f5caac7c1fb844f247a118d251ab14176cc61e2e17b4c128180d44f39b3669c8037fe7d0a9cd9634324f4843e0a9d57382141731a25ba386c213e6ef564032a274de857ef417c2acdb21da6e79f9681b5ac0f16cdd1a5bff075ad31c5e9e8dbaef80de7984bff981e1bde6711c1c17189889404707b028c0c49ac9d7a663d90d95de595375216ed42fb65f4740d4e08210530ae1400f523c033c7dab4aadd7105e2d188a8170dc824a857079c34f328424a4ba930db58911c216d00f51505621dbaf5c17ce1277833b04be696cdef5f71dc969aebb2017806379cce7ce9ca2d3845ab40af34c3ce0d0bd33cbf12436596b04842f47eeb5a0b40ee7a2858071fe3998c4749e5f38613eb92263635a0072c7ebcecdc7788baa6699d8290d056c82c102c6fb499a18e2cbebe55883cf7fa57b89ec508e78c29a630d7a945777134efd9c3af8a5d2d9410d7782762969d2673173cbfeeb8ecc1f29d947e1be1b73bb251c4bb46f3288779c64aa31ee96d7a585240de6ca61c77ea348e3f13df2964720264ad62787f376855c05fa8c45e208cb1f5c5b3de47030e6d01b0dc93bf953b0c297155c27f3685a865ff11a35d835c066e113f0d6d999c142ab4300a3f4b315d4f41bfec61683f39660e351a092f4e0a3de25990b4216e46cf0f378f9d472abffb0d9330e2c16103775944f658ebff2e53cfdb1849c58bd24d5d42bc5d491497acdd18849edf765a56a0d6c2e24964b095f152a2da1ad2de35e3cddf10203e96031064b8ad7b353c5e28779bb58079d301611ab18a91fe9a2c72ec097a2b918bdc0b47d0e6850e8d324755b81a654e517fa0cc2bbda834b1f401eacf52dc732ddefebb6308014c042ac998dd333e081434b6268305ba085e1584568585eda256df5b6b46196facdec8cc49b1266195b3758ec32ca0eb6896c4b5c3bbee856e6519d517300904b52c13e950631575413a12e7530b826fbc22da2be8fa7efc8b59fdf65d2e958bb56a7b4c76018bc8d3c561bfbcb2786db1dbc6d07472aae28d33af6544707e072cc44b330c8587be5c5b6e1f0e8864a2f528de3c0422775edec0a70bd6e8e07e6dd2e9e98245e49f936030ddb86115aaf0e35b4bc5ec34fff46a7202e27a2b1ddb2ec4ccb1bd3e81fcd530eec27620a3b2d20adb1241b8fdc62523a0a5de7f97add1d6eb853f7f10dbe9cec07a333ae1d5fd075a9f5cd80e0eda98c996bfb1c183d6d82a378ac67f5b201abb76342dae6ad996bb99efa56f4e2473f95fc8113268b6b3adb15e8fdda6311bd832f77fbfa074780e33caf6163b69530febe0b0b1b2d0ce275c50d261ac9b14f88e03f1fba2599a2fdb17aec7c705f569da7b830c3606d5f9154664d75ecc286a9c79a67fc033a99f2baf75fdcb4862c4283bf9d0c3823b6f94d2a327a472f953438b738c742e7517d6cc1ac2ca75dcb3e17dceea5b5b27efdf61b5c3654ce1d60944827c82988729f3c19115ecd2a1e0ca19d954e456e19065df1b730a325cdb9396ab89649a2dfc5c4f046941f7d2d41fb53791b73a3b5fc16b3db82c29f50ec8efa3fb79eb2f1997d27893b888c6d7551912a14c2c9dde2d71963cbe94dbfb6c60ca84afc9caa60957bb05155e408f7423bf52dac9020e475f701f324f959eaada5a0fcc85299fa73b7a2159824c63a9298c7e4cd2cbcdc65e204477bb0a2f3b9998f573a6d2a8f6af2d558f8b99c06b96053e0fdd23330d0e45a6ebfbcc1bece0258b5a4b8b3c8e9b24072e2e2793a0b5d9435e890fe34042010bb140c735f0d91752779837ff2b8368019cbe5810835c9038a88817d57aec416c0ced5d2fbf63ed7b1d358700ea5e5e412d53334f04aec037e70de50d2b7f8a64eb4e925ea332878b30bb37661310b198a6a9a7914c119dc84dafdd3a71e40d50b4a006e15c84682cca85663f7238ca0c88c325cbf7a95e11ce53c4a15f8c720bf3e9667f487ac40384977863ca52718aa730a7be65978e95a364867c5337d9a7ea563d12f5a4c77234e5942450004d364465f03b7d1a71f7e19360becf265c460b1842b6a6d40b527b443d5b2a9e5c3f2f007490deed5b2cdc4bd11a33cd2e88859a371004893470179688bd12a27d93cb5ff51be40e128e420de94c8b0e68da484a065a9b206579c7d68743ae46684c750440a326b18ada3335cf945ffde504acb1b6e6148558429242b7e2ed19b40861f24737ab32601381f33e9c474f25bd1d55bddfb8ab1e807b809d00ac917d55ad5e12ca9a9d134b0d6c2acc38b648560ba00ceb1ccf9e01f6c2b7a4069ca6d7c69153e85f1b6eb387e2754591380c2f596a993f007a25e0ba557dc872e0925eee95da209911cfa86a6637ee32d5d58bccf40c3b451120e32fd150e2cb57a12b9fcd2a5cc83d368ebc6035558f8db869603964b92b1115ebe300bd089147ba04ded1ffa7dfb985478f09226adcc0db1ad3fafbe101a971fae696f1da71eec233d6c629ab33c3ec1f3919a4d00c82c1afe350ee9fe63e1ddf137bad9077f52fb25c84bdbf74179ea24c83a45d91de8adff78f338c3cbfa6fe7115eeb6338d4374904682227c29b3581fb575b4f122c090042e1e3417d0cdba5f1d2fbd277b5653eb34f96e8591ee7d098b63ed52bdad2e9674840393b1ff9ad3456b465fa0c7d51453c08037bd08468a0ea8329047f8b3b523b1134c4c9", 0x1000}], 0x3, &(0x7f0000004800)=ANY=[]}}], 0x1, 0x0) recvmmsg(r1, &(0x7f0000002040)=[{{&(0x7f0000000200)=@pppol2tpv3in6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @remote}}}, 0x80, &(0x7f0000001700)=[{&(0x7f0000000100)=""/25, 0x19}, {&(0x7f00000015c0)=""/236, 0xec}], 0x2, &(0x7f0000001780)=""/49, 0x31}}], 0x1, 0x0, 0x0) 10:54:53 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) [ 110.077116] binder: 7436:7446 Acquire 1 refcount change on invalid ref 0 ret -22 10:54:53 executing program 2: pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xffffff55) ioctl$BLKSECDISCARD(r0, 0x127d, &(0x7f0000000080)=0x44ee) ioctl$VT_RESIZE(r0, 0x5609, &(0x7f0000000100)={0x4, 0xfffffffffffffff8}) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f00000000c0)) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) fcntl$setpipe(r1, 0x407, 0x0) vmsplice(r1, &(0x7f0000000480)=[{&(0x7f0000000040)="2d115e005ff853fc9a031e88927172820936828eb7cee6b689908f4f8afcf9df644df36cfa93e9ab", 0x28}, {&(0x7f0000000400)="d49557c30b511b49fc2d8d50d8723a297b0aed757199f2f0b6aed9608ac6dcf86a7eb2cca221d33d1c93b7e45c9b791f3d6eaa965a106384d59d76dbca15f6f91ee96016d07b398b2377de873d84a00b9528ef4d964add73d0d146", 0x5b}], 0x2, 0x2) ftruncate(r0, 0x7fffffff) ioctl$KDDISABIO(r1, 0x4b37) 10:54:53 executing program 1: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x0, 0x0) close(r0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[]}, 0x1}, 0x0) [ 110.130225] binder: 7436:7461 Release 1 refcount change on invalid ref 1 ret -22 10:54:53 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) getsockopt$IP6T_SO_GET_REVISION_TARGET(r0, 0x29, 0x45, &(0x7f0000000000)={'TPROXY\x00'}, &(0x7f00000001c0)=0x1e) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000040)=[@in={0x2, 0x4e20, @rand_addr=0x3}], 0x10) getpid() 10:54:53 executing program 7: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000040)={&(0x7f0000000540)=@newsa={0x138, 0x1a, 0x713, 0x0, 0x0, {{@in=@multicast2=0xe0000002, @in=@rand_addr}, {@in6=@ipv4={[0xfffffff0], [0xff, 0xff], @broadcast=0xffffffff}, 0x0, 0x32}, @in6=@ipv4={[], [0xff, 0xff]}, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}, 0x1}, 0x0) 10:54:53 executing program 6 (fault-call:3 fault-nth:0): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) 10:54:53 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x2, [@dev={0xac, 0x14, 0x14}, @loopback=0x7f000001]}, 0x18) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:53 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:54:53 executing program 1 (fault-call:1 fault-nth:0): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) [ 110.216740] binder: 7436:7461 Acquire 1 refcount change on invalid ref 0 ret -22 [ 110.239944] binder: 7436:7461 Acquire 1 refcount change on invalid ref 0 ret -22 10:54:53 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'pcrypt(morus1280-sse2)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="71e67a11cdf8311cfc093a52a7d86bd1", 0x10) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$alg(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="e6e3338c953f26291df8e0e33179a5e6", 0x10}], 0x1, &(0x7f00000000c0)}, 0x0) recvmmsg(r1, &(0x7f0000009b80)=[{{0x0, 0x0, &(0x7f0000000040), 0x0, &(0x7f0000000180)=""/149, 0x95}}, {{&(0x7f0000009680)=@alg, 0x80, &(0x7f0000009ac0)=[{&(0x7f0000009a00)=""/184, 0xb8}], 0x1, &(0x7f0000009b00)=""/122, 0x7a}}], 0x2, 0x0, 0x0) 10:54:53 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) [ 110.290425] FAULT_INJECTION: forcing a failure. [ 110.290425] name failslab, interval 1, probability 0, space 0, times 1 [ 110.301732] CPU: 1 PID: 7501 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 110.310048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 110.319399] Call Trace: [ 110.321994] dump_stack+0x1c9/0x2b4 [ 110.325626] ? dump_stack_print_info.cold.2+0x52/0x52 [ 110.330823] ? get_pid_task+0xd8/0x1a0 [ 110.334716] ? perf_trace_lock+0xde/0x920 10:54:53 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) [ 110.338878] should_fail.cold.4+0xa/0x11 [ 110.342949] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 110.348068] ? lock_downgrade+0x8f0/0x8f0 [ 110.352227] ? proc_fail_nth_write+0x9e/0x210 [ 110.356738] ? kasan_check_read+0x11/0x20 [ 110.360903] ? lock_acquire+0x1e4/0x540 [ 110.364900] ? fs_reclaim_acquire+0x20/0x20 [ 110.369235] ? lock_downgrade+0x8f0/0x8f0 [ 110.373394] ? check_same_owner+0x340/0x340 [ 110.377720] ? rcu_note_context_switch+0x730/0x730 [ 110.382654] __should_failslab+0x124/0x180 [ 110.386893] should_failslab+0x9/0x14 10:54:54 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x100, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x1) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="c00000001b0001000000000000000000e0000002000000000000000000000000ac1414bb00000000000000000000000000000000000000000000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000f0000000000000000000000000000000"], 0xc0}, 0x1}, 0x0) 10:54:54 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0x10) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:54 executing program 0: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) [ 110.390714] __kmalloc+0x2c8/0x760 [ 110.394258] ? strncpy_from_user+0x510/0x510 [ 110.398724] ? fput+0x130/0x1a0 [ 110.402006] ? __x64_sys_memfd_create+0x142/0x4f0 [ 110.406856] __x64_sys_memfd_create+0x142/0x4f0 [ 110.411532] ? memfd_fcntl+0x1e80/0x1e80 [ 110.415597] ? ksys_mount+0xa8/0x140 [ 110.419319] do_syscall_64+0x1b9/0x820 [ 110.423213] ? finish_task_switch+0x1d3/0x870 [ 110.427717] ? syscall_return_slowpath+0x5e0/0x5e0 [ 110.432653] ? syscall_return_slowpath+0x31d/0x5e0 10:54:54 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:54 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0x10) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) [ 110.437596] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 110.442615] ? prepare_exit_to_usermode+0x291/0x3b0 [ 110.447634] ? perf_trace_sys_enter+0xb10/0xb10 [ 110.452306] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 110.457155] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 110.462341] RIP: 0033:0x455e29 [ 110.465519] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 110.484788] RSP: 002b:00007f47d500fa88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 110.492505] RAX: ffffffffffffffda RBX: 0000000020000480 RCX: 0000000000455e29 [ 110.499776] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000004baa70 [ 110.507049] RBP: 000000000072bea0 R08: 0000000000000020 R09: 00000000fbad8001 [ 110.514324] R10: 0000000020000480 R11: 0000000000000246 R12: 0000000000000014 [ 110.521599] R13: 00000000004c25c8 R14: 00000000004d3e80 R15: 0000000000000000 [ 110.540785] FAULT_INJECTION: forcing a failure. [ 110.540785] name failslab, interval 1, probability 0, space 0, times 0 [ 110.552117] CPU: 1 PID: 7520 Comm: syz-executor6 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 110.560432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 110.569786] Call Trace: [ 110.572377] dump_stack+0x1c9/0x2b4 [ 110.576013] ? dump_stack_print_info.cold.2+0x52/0x52 [ 110.581211] ? perf_trace_lock+0xde/0x920 [ 110.585364] should_fail.cold.4+0xa/0x11 [ 110.589415] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 110.594505] ? zap_class+0x740/0x740 [ 110.598206] ? mutex_trylock+0x2b0/0x2b0 [ 110.602257] ? lock_acquire+0x1e4/0x540 [ 110.606217] ? ucma_get_ctx+0x1f/0x160 [ 110.610092] ? lock_release+0xa30/0xa30 [ 110.614053] ? check_same_owner+0x340/0x340 [ 110.618362] ? zap_class+0x740/0x740 [ 110.622066] ? lock_acquire+0x1e4/0x540 [ 110.626030] ? fs_reclaim_acquire+0x20/0x20 [ 110.630336] ? lock_downgrade+0x8f0/0x8f0 [ 110.634473] ? lock_release+0xa30/0xa30 [ 110.638433] ? check_same_owner+0x340/0x340 [ 110.642738] ? lock_release+0xa30/0xa30 [ 110.646695] ? lock_downgrade+0x8f0/0x8f0 [ 110.650827] ? perf_trace_lock+0xde/0x920 [ 110.654960] ? rcu_note_context_switch+0x730/0x730 [ 110.659881] __should_failslab+0x124/0x180 [ 110.664103] should_failslab+0x9/0x14 [ 110.667893] kmem_cache_alloc_trace+0x2cb/0x780 [ 110.672546] ? cma_pernet_idr+0x243/0x3c0 [ 110.676679] ? cma_check_port+0x980/0x980 [ 110.680812] cma_alloc_port+0x50/0x180 [ 110.684704] rdma_bind_addr+0x17b6/0x23b0 [ 110.688855] ? cma_ndev_work_handler+0x1b0/0x1b0 [ 110.693599] ? lock_downgrade+0x8f0/0x8f0 [ 110.697733] ? lock_release+0xa30/0xa30 [ 110.701696] ? lock_acquire+0x1e4/0x540 [ 110.705657] rdma_listen+0xe8/0x990 [ 110.709273] ? rdma_resolve_addr+0x2890/0x2890 [ 110.713847] ucma_listen+0x1a4/0x260 [ 110.717544] ? ucma_notify+0x210/0x210 [ 110.721418] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 110.726946] ? _copy_from_user+0xdf/0x150 [ 110.731077] ? ucma_notify+0x210/0x210 [ 110.734949] ucma_write+0x336/0x420 [ 110.738563] ? ucma_close_id+0x60/0x60 [ 110.742438] ? lock_acquire+0x1e4/0x540 [ 110.746400] __vfs_write+0x117/0x9d0 [ 110.750107] ? __fget_light+0x2f7/0x440 [ 110.754066] ? ucma_close_id+0x60/0x60 [ 110.757939] ? kernel_read+0x120/0x120 [ 110.761815] ? vfs_write+0x2f3/0x560 [ 110.765525] ? wait_for_completion+0x8d0/0x8d0 [ 110.770091] ? lock_release+0xa30/0xa30 [ 110.774052] ? fsnotify_first_mark+0x350/0x350 [ 110.778628] ? fsnotify+0x14e0/0x14e0 [ 110.782415] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.787942] ? security_file_permission+0x1c2/0x230 [ 110.792942] ? rw_verify_area+0x118/0x360 [ 110.797075] vfs_write+0x1fc/0x560 [ 110.800602] ksys_write+0x101/0x260 [ 110.804215] ? __ia32_sys_read+0xb0/0xb0 [ 110.808265] __x64_sys_write+0x73/0xb0 [ 110.812137] do_syscall_64+0x1b9/0x820 [ 110.816015] ? syscall_return_slowpath+0x5e0/0x5e0 [ 110.820936] ? syscall_return_slowpath+0x31d/0x5e0 [ 110.825851] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 110.830850] ? prepare_exit_to_usermode+0x291/0x3b0 [ 110.835849] ? perf_trace_sys_enter+0xb10/0xb10 [ 110.840512] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 110.845347] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 110.850519] RIP: 0033:0x455e29 [ 110.853687] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 110.872961] RSP: 002b:00007ff53205fc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 110.880656] RAX: ffffffffffffffda RBX: 00007ff5320606d4 RCX: 0000000000455e29 [ 110.887912] RDX: 0000000000000010 RSI: 00000000200000c0 RDI: 0000000000000013 [ 110.895163] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 110.902415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 110.909668] R13: 00000000004c2da2 R14: 00000000004d4af8 R15: 0000000000000000 10:54:54 executing program 0: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:54:54 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:54 executing program 2: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x80000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0x40085112, &(0x7f0000b18000)={{0xffffff92}, {0xffffffb0}}) 10:54:54 executing program 7: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000040)={&(0x7f0000000540)=@newsa={0x138, 0x1a, 0x713, 0x0, 0x0, {{@in=@multicast2=0xe0000002, @in=@rand_addr}, {@in6=@ipv4={[0xfffffff0], [0xff, 0xff], @broadcast=0xffffffff}, 0x0, 0x32}, @in6=@ipv4={[], [0xff, 0xff]}, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}, 0x1}, 0x0) 10:54:54 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0x10) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:54 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'pcrypt(morus1280-sse2)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="71e67a11cdf8311cfc093a52a7d86bd1", 0x10) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$alg(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="e6e3338c953f26291df8e0e33179a5e6", 0x10}], 0x1, &(0x7f00000000c0)}, 0x0) recvmmsg(r1, &(0x7f0000009b80)=[{{0x0, 0x0, &(0x7f0000000040), 0x0, &(0x7f0000000180)=""/149, 0x95}}, {{&(0x7f0000009680)=@alg, 0x80, &(0x7f0000009ac0)=[{&(0x7f0000009a00)=""/184, 0xb8}], 0x1, &(0x7f0000009b00)=""/122, 0x7a}}], 0x2, 0x0, 0x0) 10:54:54 executing program 1 (fault-call:1 fault-nth:1): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:54:54 executing program 6 (fault-call:3 fault-nth:1): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) [ 111.061777] FAULT_INJECTION: forcing a failure. [ 111.061777] name failslab, interval 1, probability 0, space 0, times 0 [ 111.073048] CPU: 0 PID: 7543 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 111.081360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 111.090714] Call Trace: [ 111.093309] dump_stack+0x1c9/0x2b4 [ 111.096930] ? dump_stack_print_info.cold.2+0x52/0x52 [ 111.102114] ? mnt_get_count+0x150/0x150 [ 111.106174] should_fail.cold.4+0xa/0x11 [ 111.110230] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 111.115320] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 111.120322] ? bpf_prog_kallsyms_find+0xde/0x4c0 [ 111.125067] ? lock_acquire+0x1e4/0x540 [ 111.129028] ? is_bpf_text_address+0xae/0x170 [ 111.133509] ? lock_downgrade+0x8f0/0x8f0 [ 111.137648] ? lock_release+0xa30/0xa30 [ 111.141612] ? kasan_check_read+0x11/0x20 [ 111.145748] ? lock_acquire+0x1e4/0x540 [ 111.149705] ? fs_reclaim_acquire+0x20/0x20 [ 111.154024] ? lock_downgrade+0x8f0/0x8f0 [ 111.158161] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 111.163164] ? check_same_owner+0x340/0x340 [ 111.167471] ? rcu_note_context_switch+0x730/0x730 [ 111.172401] ? iterate_fd+0x4b0/0x4b0 [ 111.176193] __should_failslab+0x124/0x180 [ 111.180418] should_failslab+0x9/0x14 [ 111.184203] kmem_cache_alloc+0x2af/0x760 [ 111.188335] ? lock_downgrade+0x8f0/0x8f0 [ 111.192474] ? shmem_destroy_callback+0xc0/0xc0 [ 111.197128] shmem_alloc_inode+0x1b/0x40 [ 111.201176] alloc_inode+0x63/0x190 [ 111.204790] new_inode_pseudo+0x71/0x1a0 [ 111.208841] ? prune_icache_sb+0x1b0/0x1b0 [ 111.213063] ? _raw_spin_unlock+0x22/0x30 [ 111.217198] new_inode+0x1c/0x40 [ 111.220549] shmem_get_inode+0xf1/0x910 [ 111.224510] ? shmem_encode_fh+0x340/0x340 [ 111.228750] ? lock_downgrade+0x8f0/0x8f0 [ 111.232886] ? lock_release+0xa30/0xa30 [ 111.236847] ? check_same_owner+0x340/0x340 [ 111.241155] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 111.246157] ? __check_object_size+0x9d/0x5f2 [ 111.250645] __shmem_file_setup.part.48+0x83/0x2a0 [ 111.255561] shmem_file_setup+0x65/0x90 [ 111.259523] __x64_sys_memfd_create+0x2af/0x4f0 [ 111.264194] ? memfd_fcntl+0x1e80/0x1e80 [ 111.268240] ? ksys_mount+0xa8/0x140 [ 111.271953] do_syscall_64+0x1b9/0x820 [ 111.275826] ? finish_task_switch+0x1d3/0x870 [ 111.280308] ? syscall_return_slowpath+0x5e0/0x5e0 [ 111.285224] ? syscall_return_slowpath+0x31d/0x5e0 [ 111.290141] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 111.295147] ? prepare_exit_to_usermode+0x291/0x3b0 [ 111.300149] ? perf_trace_sys_enter+0xb10/0xb10 [ 111.304804] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 111.309635] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 111.314806] RIP: 0033:0x455e29 [ 111.317974] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 111.337337] RSP: 002b:00007f47d500fa88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 111.345033] RAX: ffffffffffffffda RBX: 0000000020000480 RCX: 0000000000455e29 [ 111.352285] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000004baa70 10:54:55 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="020200000b00000000000000000000000100080000000000030006000000000002000000e0000001000000000000000002000100000000000000000000000000030005000000000002000000e000000100000000000000004a15fd552901ab2d37d3dd98f0880592380c8ed4a7f22d9b516acf589327a6bda2195bd199b8a2d0bdc3a5dae0a84080a604debd45bd"], 0x58}, 0x1}, 0x0) lstat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}) getresuid(&(0x7f0000000180)=0x0, &(0x7f00000001c0), &(0x7f0000000200)) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000240)={{{@in, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in6=@loopback}}, &(0x7f0000000340)=0xe8) setresuid(r1, r2, r3) 10:54:55 executing program 7: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000040)={&(0x7f0000000540)=@newsa={0x138, 0x1a, 0x713, 0x0, 0x0, {{@in=@multicast2=0xe0000002, @in=@rand_addr}, {@in6=@ipv4={[0xfffffff0], [0xff, 0xff], @broadcast=0xffffffff}, 0x0, 0x32}, @in6=@ipv4={[], [0xff, 0xff]}, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}, 0x1}, 0x0) [ 111.359537] RBP: 000000000072bea0 R08: 0000000000000020 R09: 00000000fbad8001 [ 111.366789] R10: 0000000020000480 R11: 0000000000000246 R12: 0000000000000014 [ 111.374041] R13: 00000000004c25c8 R14: 00000000004d3e80 R15: 0000000000000001 [ 111.406620] FAULT_INJECTION: forcing a failure. [ 111.406620] name failslab, interval 1, probability 0, space 0, times 0 [ 111.417901] CPU: 0 PID: 7546 Comm: syz-executor6 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 111.426217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 111.435585] Call Trace: [ 111.438182] dump_stack+0x1c9/0x2b4 [ 111.441817] ? dump_stack_print_info.cold.2+0x52/0x52 [ 111.447030] ? perf_trace_lock+0xde/0x920 [ 111.451190] should_fail.cold.4+0xa/0x11 [ 111.455262] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 111.460379] ? trace_hardirqs_on+0x10/0x10 [ 111.464616] ? lock_acquire+0x1e4/0x540 [ 111.468595] ? __unlock_page_memcg+0x53/0x100 [ 111.473099] ? perf_trace_lock+0xde/0x920 [ 111.477250] ? kasan_check_read+0x11/0x20 [ 111.481402] ? lock_acquire+0x1e4/0x540 [ 111.485362] ? fs_reclaim_acquire+0x20/0x20 [ 111.489678] ? lock_downgrade+0x8f0/0x8f0 [ 111.493837] ? check_same_owner+0x340/0x340 [ 111.498163] ? rcu_note_context_switch+0x730/0x730 [ 111.503101] __should_failslab+0x124/0x180 [ 111.507340] should_failslab+0x9/0x14 [ 111.511149] kmem_cache_alloc+0x2af/0x760 [ 111.515303] ? radix_tree_node_alloc.constprop.19+0x310/0x310 [ 111.521200] ? lock_downgrade+0x8f0/0x8f0 [ 111.525362] radix_tree_node_alloc.constprop.19+0x81/0x310 [ 111.530992] idr_get_free+0x887/0x10d0 [ 111.531314] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 111.534890] ? radix_tree_iter_tag_clear+0xd0/0xd0 10:54:55 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x4000000000000002, &(0x7f00000002c0)=0x3ff, 0x4) bind$inet6(r0, &(0x7f0000f65000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f00004aaffc)=0x2, 0x4) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000040)={0x1, [0x0]}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={r1, 0x72}, &(0x7f0000000140)=0x8) sendto$inet6(r0, &(0x7f00007a8fff), 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) socketpair$inet6(0xa, 0x0, 0x2, &(0x7f0000000000)) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") getsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f00000000c0), &(0x7f0000000080)=0xfffffffffffffe67) 10:54:55 executing program 0: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:54:55 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x0, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:55 executing program 7: r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$binfmt_elf32(r0, &(0x7f0000000100)=ANY=[@ANYBLOB=')'], 0x1) fcntl$setstatus(r0, 0x4, 0x4000) io_setup(0x6, &(0x7f0000000140)=0x0) io_submit(r1, 0x1, &(0x7f00000000c0)=[&(0x7f0000000080)={0x0, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000040)='a', 0x1}]) 10:54:55 executing program 1 (fault-call:1 fault-nth:2): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:54:55 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) [ 111.534909] ? __kernel_text_address+0xd/0x40 [ 111.534929] ? perf_trace_lock+0xde/0x920 [ 111.565963] ? __save_stack_trace+0x8d/0xf0 [ 111.570287] ? zap_class+0x740/0x740 [ 111.574006] ? save_stack+0xa9/0xd0 [ 111.577633] ? save_stack+0x43/0xd0 [ 111.581261] ? kasan_kmalloc+0xc4/0xe0 [ 111.585154] ? kmem_cache_alloc_trace+0x152/0x780 [ 111.589996] ? cma_alloc_port+0x50/0x180 [ 111.594054] ? rdma_bind_addr+0x17b6/0x23b0 [ 111.598379] ? rdma_listen+0xe8/0x990 [ 111.602177] ? ucma_listen+0x1a4/0x260 10:54:55 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) [ 111.606060] ? ucma_write+0x336/0x420 [ 111.609860] ? __vfs_write+0x117/0x9d0 [ 111.613757] ? vfs_write+0x1fc/0x560 [ 111.617471] ? __x64_sys_write+0x73/0xb0 [ 111.621538] ? do_syscall_64+0x1b9/0x820 [ 111.625605] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 111.630975] ? zap_class+0x740/0x740 [ 111.634702] idr_alloc_u32+0x1d4/0x3a0 [ 111.638596] ? __fprop_inc_percpu_max+0x2d0/0x2d0 [ 111.643445] ? lock_release+0xa30/0xa30 [ 111.647425] ? lock_downgrade+0x8f0/0x8f0 [ 111.651572] ? perf_trace_lock+0xde/0x920 10:54:55 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) [ 111.655722] idr_alloc+0x111/0x1b0 [ 111.659263] ? idr_alloc_u32+0x3a0/0x3a0 [ 111.663330] ? cma_check_port+0x980/0x980 [ 111.667489] cma_alloc_port+0xab/0x180 [ 111.671376] rdma_bind_addr+0x17b6/0x23b0 [ 111.675531] ? cma_ndev_work_handler+0x1b0/0x1b0 [ 111.680290] ? lock_downgrade+0x8f0/0x8f0 [ 111.684443] ? lock_release+0xa30/0xa30 [ 111.688418] ? lock_acquire+0x1e4/0x540 [ 111.692395] rdma_listen+0xe8/0x990 [ 111.696022] ? rdma_resolve_addr+0x2890/0x2890 [ 111.700610] ucma_listen+0x1a4/0x260 [ 111.704324] ? ucma_notify+0x210/0x210 10:54:55 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x0, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:55 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) [ 111.708219] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 111.713761] ? _copy_from_user+0xdf/0x150 [ 111.717912] ? ucma_notify+0x210/0x210 [ 111.721800] ucma_write+0x336/0x420 [ 111.725432] ? ucma_close_id+0x60/0x60 [ 111.729323] ? lock_acquire+0x1e4/0x540 [ 111.733307] __vfs_write+0x117/0x9d0 [ 111.737028] ? __fget_light+0x2f7/0x440 [ 111.741004] ? ucma_close_id+0x60/0x60 [ 111.744902] ? kernel_read+0x120/0x120 [ 111.748784] ? vfs_write+0x2f3/0x560 [ 111.752512] ? wait_for_completion+0x8d0/0x8d0 10:54:55 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) [ 111.757095] ? lock_release+0xa30/0xa30 [ 111.761069] ? fsnotify_first_mark+0x350/0x350 [ 111.765668] ? fsnotify+0x14e0/0x14e0 [ 111.769470] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 111.775008] ? security_file_permission+0x1c2/0x230 [ 111.780024] ? rw_verify_area+0x118/0x360 [ 111.784177] vfs_write+0x1fc/0x560 [ 111.787719] ksys_write+0x101/0x260 [ 111.791353] ? __ia32_sys_read+0xb0/0xb0 [ 111.795420] __x64_sys_write+0x73/0xb0 [ 111.799309] do_syscall_64+0x1b9/0x820 [ 111.803197] ? finish_task_switch+0x1d3/0x870 [ 111.807693] ? syscall_return_slowpath+0x5e0/0x5e0 [ 111.812618] ? syscall_return_slowpath+0x31d/0x5e0 [ 111.817546] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 111.822567] ? prepare_exit_to_usermode+0x291/0x3b0 [ 111.827587] ? perf_trace_sys_enter+0xb10/0xb10 [ 111.832258] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 111.837114] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 111.842302] RIP: 0033:0x455e29 [ 111.845491] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 111.864787] RSP: 002b:00007ff53205fc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 111.872489] RAX: ffffffffffffffda RBX: 00007ff5320606d4 RCX: 0000000000455e29 [ 111.879758] RDX: 0000000000000010 RSI: 00000000200000c0 RDI: 0000000000000013 [ 111.887013] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 111.894268] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 111.901521] R13: 00000000004c2da2 R14: 00000000004d4af8 R15: 0000000000000001 10:54:55 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x0, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:55 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x0, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:55 executing program 6 (fault-call:3 fault-nth:2): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) 10:54:55 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:54:55 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = gettid() timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000)) r2 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r2, 0x4018920a, 0x20000000) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) tkill(r1, 0x15) [ 111.961735] FAULT_INJECTION: forcing a failure. [ 111.961735] name failslab, interval 1, probability 0, space 0, times 0 [ 111.973405] CPU: 1 PID: 7606 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 111.981726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 111.991068] Call Trace: [ 111.993646] dump_stack+0x1c9/0x2b4 [ 111.997264] ? dump_stack_print_info.cold.2+0x52/0x52 [ 112.002451] should_fail.cold.4+0xa/0x11 [ 112.006521] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 112.011616] ? trace_hardirqs_on+0x10/0x10 [ 112.015838] ? unwind_get_return_address+0x61/0xa0 [ 112.020756] ? __save_stack_trace+0x8d/0xf0 [ 112.025074] ? perf_trace_lock+0x920/0x920 [ 112.029297] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 112.034152] ? kasan_slab_alloc+0x12/0x20 [ 112.038293] ? lock_acquire+0x1e4/0x540 [ 112.042255] ? fs_reclaim_acquire+0x20/0x20 [ 112.046562] ? lock_downgrade+0x8f0/0x8f0 [ 112.050710] ? check_same_owner+0x340/0x340 [ 112.055028] ? rcu_note_context_switch+0x730/0x730 [ 112.059951] __should_failslab+0x124/0x180 [ 112.064176] should_failslab+0x9/0x14 [ 112.068139] kmem_cache_alloc+0x2af/0x760 [ 112.072295] ? lockdep_init_map+0x9/0x10 [ 112.076345] ? __rwlock_init+0x2d/0x140 [ 112.080311] __d_alloc+0xc8/0xd50 [ 112.083753] ? mpol_set_shared_policy+0x9d0/0x9d0 [ 112.088583] ? shrink_dcache_for_umount+0x2b0/0x2b0 [ 112.093675] ? ktime_get_coarse_real_ts64+0x243/0x3a0 [ 112.098867] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 112.104743] ? timespec64_trunc+0xea/0x180 [ 112.108967] ? inode_init_owner+0x340/0x340 [ 112.113277] ? _raw_spin_unlock+0x22/0x30 [ 112.117415] ? current_time+0x131/0x1b0 [ 112.121380] ? timespec64_trunc+0x180/0x180 [ 112.125706] ? __lockdep_init_map+0x105/0x590 [ 112.130200] d_alloc_pseudo+0x1d/0x30 [ 112.133989] alloc_file_pseudo+0x158/0x3f0 [ 112.138215] ? alloc_file+0x3e0/0x3e0 [ 112.142005] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 112.147024] ? __check_object_size+0x9d/0x5f2 [ 112.151510] ? kasan_check_write+0x14/0x20 [ 112.155735] __shmem_file_setup.part.48+0x110/0x2a0 [ 112.160739] shmem_file_setup+0x65/0x90 [ 112.164705] __x64_sys_memfd_create+0x2af/0x4f0 [ 112.169450] ? memfd_fcntl+0x1e80/0x1e80 [ 112.173495] ? ksys_mount+0xa8/0x140 [ 112.177202] do_syscall_64+0x1b9/0x820 [ 112.181077] ? finish_task_switch+0x1d3/0x870 [ 112.185570] ? syscall_return_slowpath+0x5e0/0x5e0 [ 112.190495] ? syscall_return_slowpath+0x31d/0x5e0 [ 112.195414] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 112.200418] ? prepare_exit_to_usermode+0x291/0x3b0 [ 112.205422] ? perf_trace_sys_enter+0xb10/0xb10 [ 112.210079] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 112.214915] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 112.220091] RIP: 0033:0x455e29 [ 112.223261] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 112.242575] RSP: 002b:00007f47d500fa88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 112.250273] RAX: ffffffffffffffda RBX: 0000000020000480 RCX: 0000000000455e29 [ 112.257527] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000004baa70 [ 112.264781] RBP: 000000000072bea0 R08: 0000000000000020 R09: 00000000fbad8001 [ 112.272044] R10: 0000000020000480 R11: 0000000000000246 R12: 0000000000000014 [ 112.279312] R13: 00000000004c25c8 R14: 00000000004d3e80 R15: 0000000000000002 10:54:55 executing program 2: setrlimit(0x2, &(0x7f0000e63ff0)={0x0, 0x20080000000}) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000000)='cgroup.threads\x00', 0x2, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) mmap(&(0x7f00005cb000/0x1000)=nil, 0x1000, 0x3, 0x32, r0, 0x0) [ 112.317905] FAULT_INJECTION: forcing a failure. [ 112.317905] name failslab, interval 1, probability 0, space 0, times 0 [ 112.329251] CPU: 0 PID: 7616 Comm: syz-executor6 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 112.337582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 112.346938] Call Trace: [ 112.349532] dump_stack+0x1c9/0x2b4 [ 112.353151] ? dump_stack_print_info.cold.2+0x52/0x52 [ 112.358333] ? __kernel_text_address+0xd/0x40 [ 112.362817] ? perf_trace_lock+0xde/0x920 [ 112.366959] should_fail.cold.4+0xa/0x11 [ 112.371020] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 112.376110] ? save_stack+0xa9/0xd0 [ 112.379723] ? kasan_kmalloc+0xc4/0xe0 [ 112.383593] ? kasan_slab_alloc+0x12/0x20 [ 112.387727] ? kmem_cache_alloc+0x12e/0x760 [ 112.392035] ? radix_tree_node_alloc.constprop.19+0x81/0x310 [ 112.397832] ? idr_get_free+0x887/0x10d0 [ 112.401881] ? idr_alloc_u32+0x1d4/0x3a0 [ 112.405931] ? idr_alloc+0x111/0x1b0 [ 112.409803] ? rdma_bind_addr+0x17b6/0x23b0 [ 112.414107] ? rdma_listen+0xe8/0x990 [ 112.417890] ? ucma_write+0x336/0x420 [ 112.421676] ? __vfs_write+0x117/0x9d0 [ 112.425547] ? vfs_write+0x1fc/0x560 [ 112.429258] ? ksys_write+0x101/0x260 [ 112.433055] ? __x64_sys_write+0x73/0xb0 [ 112.437102] ? do_syscall_64+0x1b9/0x820 [ 112.441150] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 112.446508] ? kasan_check_read+0x11/0x20 [ 112.450649] ? lock_acquire+0x1e4/0x540 [ 112.454611] ? fs_reclaim_acquire+0x20/0x20 [ 112.458917] ? lock_downgrade+0x8f0/0x8f0 [ 112.463053] ? check_same_owner+0x340/0x340 [ 112.467361] ? rcu_note_context_switch+0x730/0x730 [ 112.472280] ? kasan_unpoison_shadow+0x35/0x50 [ 112.476853] __should_failslab+0x124/0x180 [ 112.481080] should_failslab+0x9/0x14 [ 112.484869] kmem_cache_alloc+0x2af/0x760 [ 112.489009] ? radix_tree_node_alloc.constprop.19+0x310/0x310 [ 112.494883] ? lock_downgrade+0x8f0/0x8f0 [ 112.499020] ? radix_tree_node_alloc.constprop.19+0x81/0x310 [ 112.504802] radix_tree_node_alloc.constprop.19+0x81/0x310 [ 112.510415] idr_get_free+0x887/0x10d0 [ 112.514302] ? radix_tree_iter_tag_clear+0xd0/0xd0 [ 112.519218] ? __kernel_text_address+0xd/0x40 [ 112.523702] ? perf_trace_lock+0xde/0x920 [ 112.527851] ? __save_stack_trace+0x8d/0xf0 [ 112.532160] ? zap_class+0x740/0x740 [ 112.535862] ? save_stack+0xa9/0xd0 [ 112.539485] ? save_stack+0x43/0xd0 [ 112.543099] ? kasan_kmalloc+0xc4/0xe0 [ 112.546972] ? kmem_cache_alloc_trace+0x152/0x780 [ 112.551798] ? cma_alloc_port+0x50/0x180 [ 112.555842] ? rdma_bind_addr+0x17b6/0x23b0 [ 112.560145] ? rdma_listen+0xe8/0x990 [ 112.563932] ? ucma_listen+0x1a4/0x260 [ 112.567802] ? ucma_write+0x336/0x420 [ 112.571586] ? __vfs_write+0x117/0x9d0 [ 112.575454] ? vfs_write+0x1fc/0x560 [ 112.579151] ? __x64_sys_write+0x73/0xb0 [ 112.583203] ? do_syscall_64+0x1b9/0x820 [ 112.587251] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 112.592606] ? zap_class+0x740/0x740 [ 112.596313] idr_alloc_u32+0x1d4/0x3a0 [ 112.600190] ? __fprop_inc_percpu_max+0x2d0/0x2d0 [ 112.605022] ? lock_release+0xa30/0xa30 [ 112.608982] ? lock_downgrade+0x8f0/0x8f0 [ 112.613115] ? perf_trace_lock+0xde/0x920 [ 112.617252] idr_alloc+0x111/0x1b0 [ 112.620783] ? idr_alloc_u32+0x3a0/0x3a0 [ 112.624833] ? cma_check_port+0x980/0x980 [ 112.628969] cma_alloc_port+0xab/0x180 [ 112.632841] rdma_bind_addr+0x17b6/0x23b0 [ 112.636980] ? cma_ndev_work_handler+0x1b0/0x1b0 [ 112.641719] ? lock_downgrade+0x8f0/0x8f0 [ 112.645855] ? lock_release+0xa30/0xa30 [ 112.649816] ? lock_acquire+0x1e4/0x540 [ 112.653779] rdma_listen+0xe8/0x990 [ 112.657392] ? rdma_resolve_addr+0x2890/0x2890 [ 112.661964] ucma_listen+0x1a4/0x260 [ 112.665663] ? ucma_notify+0x210/0x210 [ 112.669537] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 112.675061] ? _copy_from_user+0xdf/0x150 [ 112.679192] ? ucma_notify+0x210/0x210 [ 112.683065] ucma_write+0x336/0x420 [ 112.686677] ? ucma_close_id+0x60/0x60 [ 112.690554] ? lock_acquire+0x1e4/0x540 [ 112.694518] __vfs_write+0x117/0x9d0 [ 112.698217] ? __fget_light+0x2f7/0x440 [ 112.702177] ? ucma_close_id+0x60/0x60 [ 112.706051] ? kernel_read+0x120/0x120 [ 112.709921] ? vfs_write+0x2f3/0x560 [ 112.713623] ? wait_for_completion+0x8d0/0x8d0 [ 112.718190] ? lock_release+0xa30/0xa30 [ 112.722151] ? fsnotify_first_mark+0x350/0x350 [ 112.726721] ? fsnotify+0x14e0/0x14e0 [ 112.730506] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 112.736042] ? security_file_permission+0x1c2/0x230 [ 112.741044] ? rw_verify_area+0x118/0x360 [ 112.745176] vfs_write+0x1fc/0x560 [ 112.748706] ksys_write+0x101/0x260 [ 112.752321] ? __ia32_sys_read+0xb0/0xb0 [ 112.756372] __x64_sys_write+0x73/0xb0 [ 112.760249] do_syscall_64+0x1b9/0x820 [ 112.764121] ? finish_task_switch+0x1d3/0x870 [ 112.768602] ? syscall_return_slowpath+0x5e0/0x5e0 [ 112.773517] ? syscall_return_slowpath+0x31d/0x5e0 [ 112.778431] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 112.783430] ? prepare_exit_to_usermode+0x291/0x3b0 [ 112.788443] ? perf_trace_sys_enter+0xb10/0xb10 [ 112.793097] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 112.797939] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 112.803111] RIP: 0033:0x455e29 10:54:56 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0xfffffffffffffffa, &(0x7f0000000000)="025cc83d6d345f8f762070") r1 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000d4b000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}, 0x0, 0x5, [{{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x310) socket$inet6(0xa, 0x2, 0x639f) socket(0x0, 0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000dbd000)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}}, 0x90) [ 112.806279] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 112.825727] RSP: 002b:00007ff53205fc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 112.833420] RAX: ffffffffffffffda RBX: 00007ff5320606d4 RCX: 0000000000455e29 [ 112.840671] RDX: 0000000000000010 RSI: 00000000200000c0 RDI: 0000000000000013 [ 112.847933] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 112.855185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 112.862438] R13: 00000000004c2da2 R14: 00000000004d4af8 R15: 0000000000000002 10:54:56 executing program 1 (fault-call:1 fault-nth:3): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:54:56 executing program 6 (fault-call:3 fault-nth:3): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) [ 112.947272] FAULT_INJECTION: forcing a failure. [ 112.947272] name failslab, interval 1, probability 0, space 0, times 0 [ 112.958570] CPU: 0 PID: 7637 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 112.966887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 112.976244] Call Trace: [ 112.978837] dump_stack+0x1c9/0x2b4 [ 112.982470] ? dump_stack_print_info.cold.2+0x52/0x52 [ 112.987674] should_fail.cold.4+0xa/0x11 [ 112.991742] ? save_stack+0x43/0xd0 [ 112.995370] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 113.000482] ? __shmem_file_setup.part.48+0x110/0x2a0 [ 113.005679] ? shmem_file_setup+0x65/0x90 [ 113.009825] ? do_syscall_64+0x1b9/0x820 [ 113.013881] ? trace_hardirqs_on+0x10/0x10 [ 113.018105] ? lock_acquire+0x1e4/0x540 [ 113.022067] ? percpu_ref_put_many+0x119/0x240 [ 113.026660] ? lock_downgrade+0x8f0/0x8f0 [ 113.030798] ? lock_release+0xa30/0xa30 [ 113.034759] ? memcg_kmem_get_cache+0x3a9/0x9d0 [ 113.039418] ? mem_cgroup_handle_over_high+0x130/0x130 [ 113.044677] ? fs_reclaim_acquire+0x20/0x20 [ 113.048984] ? lock_downgrade+0x8f0/0x8f0 [ 113.053118] ? do_raw_write_unlock.cold.8+0x49/0x49 [ 113.058126] ? lock_acquire+0x1e4/0x540 [ 113.062083] ? fs_reclaim_acquire+0x20/0x20 [ 113.066390] ? lock_downgrade+0x8f0/0x8f0 [ 113.070528] ? check_same_owner+0x340/0x340 [ 113.074837] ? rcu_note_context_switch+0x730/0x730 [ 113.079750] ? kasan_check_read+0x11/0x20 [ 113.083895] __should_failslab+0x124/0x180 [ 113.088120] should_failslab+0x9/0x14 [ 113.091925] kmem_cache_alloc+0x2af/0x760 [ 113.096060] ? _raw_spin_unlock+0x22/0x30 [ 113.100193] ? __d_instantiate+0x522/0x750 [ 113.104421] __get_empty_filp+0x11b/0x620 [ 113.108555] ? d_instantiate+0x79/0xa0 [ 113.112430] ? proc_nr_files+0x60/0x60 [ 113.116307] ? kasan_check_read+0x11/0x20 [ 113.120441] ? do_raw_spin_unlock+0xa7/0x2f0 [ 113.124836] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 113.129403] ? kasan_check_write+0x14/0x20 [ 113.133620] ? do_raw_spin_lock+0xc1/0x200 [ 113.137839] alloc_file+0x29/0x3e0 [ 113.141365] alloc_file_pseudo+0x267/0x3f0 [ 113.145587] ? alloc_file+0x3e0/0x3e0 [ 113.149377] ? check_same_owner+0x340/0x340 [ 113.153684] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 113.158686] ? __check_object_size+0x9d/0x5f2 [ 113.163185] ? kasan_check_write+0x14/0x20 [ 113.167413] __shmem_file_setup.part.48+0x110/0x2a0 [ 113.172415] shmem_file_setup+0x65/0x90 [ 113.176375] __x64_sys_memfd_create+0x2af/0x4f0 [ 113.181038] ? memfd_fcntl+0x1e80/0x1e80 [ 113.185096] do_syscall_64+0x1b9/0x820 [ 113.188968] ? finish_task_switch+0x1d3/0x870 [ 113.193451] ? syscall_return_slowpath+0x5e0/0x5e0 [ 113.198376] ? syscall_return_slowpath+0x31d/0x5e0 [ 113.203290] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 113.208291] ? prepare_exit_to_usermode+0x291/0x3b0 [ 113.213291] ? perf_trace_sys_enter+0xb10/0xb10 [ 113.217954] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 113.222789] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 113.227960] RIP: 0033:0x455e29 10:54:56 executing program 3: r0 = socket$inet(0x15, 0x5, 0x0) r1 = memfd_create(&(0x7f0000000000)='.-\x00', 0x2) ioctl$VHOST_GET_VRING_BASE(r1, 0xc008af12, &(0x7f0000000040)) pselect6(0x40, &(0x7f0000000100)={0x9, 0x2, 0x5a3, 0x0, 0x2, 0x8, 0xfe, 0x5}, &(0x7f0000000140)={0x4, 0x1f, 0x40, 0x8dc, 0xff, 0x8, 0x1cc, 0x9}, &(0x7f0000000180)={0x6, 0xa2d0, 0x14e3, 0x7, 0x5, 0x6, 0xffffffffffff0001}, &(0x7f00000001c0)={0x0, 0x989680}, &(0x7f0000000240)={&(0x7f0000000200)={0x7ef7}, 0x8}) renameat(r1, &(0x7f0000000080)='./file0\x00', r1, &(0x7f00000000c0)='./file0\x00') setsockopt$inet_IP_IPSEC_POLICY(r0, 0x114, 0x8, &(0x7f0000000740)={{{@in6, @in6=@dev={0xfe, 0x80}}}, {{@in6=@loopback={0x0, 0x1}}, 0x0, @in=@multicast2=0xe0000002}}, 0xe8) 10:54:56 executing program 2: r0 = socket$inet6(0xa, 0x81000001000003, 0x8) ioctl(r0, 0x8912, &(0x7f0000000000)="025cc83d6d345f8f762070") r1 = syz_open_dev$sndctrl(&(0x7f0000000080)='/dev/snd/controlC#\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0xc0045520, &(0x7f00000000c0)=""/4) 10:54:56 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:54:56 executing program 7: socket$alg(0x26, 0x5, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'veth0_to_bridge\x00', &(0x7f0000000380)=ANY=[@ANYBLOB="080000000000000000000000000000007b000000000000050000f405a80d69000000000000000000000000000000000000000000000000000000060000000000000000e50300580af600749d28bf15e85c9d15370000000000000000000000000000000000000000000071e97fb102d62111abefc1f0"]}) setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000140)={@multicast1=0xe0000001, @multicast2=0xe0000002}, 0x8) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x2, 0x803, 0x1) bind$inet(r1, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xd}}, 0x10) connect$inet(r1, &(0x7f0000390000)={0x2, 0x0, @multicast2=0xe0000002}, 0x10) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8007ffc) sendfile(r1, r2, 0x0, 0x72439a6b) ioctl$BLKRESETZONE(r2, 0x40101283, &(0x7f0000000080)={0x41, 0xfffffffd}) [ 113.231131] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 113.250409] RSP: 002b:00007f47d500fa88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 113.258105] RAX: ffffffffffffffda RBX: 0000000020000480 RCX: 0000000000455e29 [ 113.265360] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000004baa70 [ 113.272614] RBP: 000000000072bea0 R08: 0000000000000020 R09: 00000000fbad8001 [ 113.279864] R10: 0000000020000480 R11: 0000000000000246 R12: 0000000000000014 [ 113.287118] R13: 00000000004c25c8 R14: 00000000004d3e80 R15: 0000000000000003 10:54:56 executing program 5: mkdir(&(0x7f000000dff6)='./control\x00', 0x0) r0 = open(&(0x7f00000000c0)='./control\x00', 0x0, 0x0) mkdirat(r0, &(0x7f000002cff6)='./control\x00', 0x0) mkdirat(r0, &(0x7f0000016ff8)='./file0\x00', 0x0) r1 = openat(r0, &(0x7f0000025000)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000023ff8)='./control\x00', r1, &(0x7f0000012ff6)='./control\x00') renameat2(r0, &(0x7f0000000000)='./control\x00', r1, &(0x7f0000000040)='./control\x00', 0x2) 10:54:56 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:57 executing program 3: r0 = gettid() r1 = socket$inet(0x2, 0x6, 0x0) setsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f000064effb)="8907040000", 0x5) connect$inet(r1, &(0x7f0000000300)={0x2, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000583ffc)) readv(r1, &(0x7f0000000240)=[{&(0x7f0000001340)=""/219, 0xdb}], 0x1) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000e60000)) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x2, 0x32, 0xffffffffffffffff, 0x0) tkill(r0, 0x15) 10:54:57 executing program 2: r0 = socket(0x10, 0x3, 0x0) r1 = dup(r0) write(r1, &(0x7f00000000c0)="2400000058001f00ff03f4f9002304000a04f51103000100020100020800028001c9a800", 0x24) 10:54:57 executing program 7: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) 10:54:57 executing program 1 (fault-call:1 fault-nth:4): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:54:57 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:57 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) 10:54:57 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b707000001000000507000000000e0ff50000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r0, 0x0, 0xe, 0x100, &(0x7f00000001c0)="0400000000000000000000000000", &(0x7f0000030000)=""/256}, 0x28) [ 113.478503] FAULT_INJECTION: forcing a failure. [ 113.478503] name failslab, interval 1, probability 0, space 0, times 0 [ 113.484916] netlink: 16 bytes leftover after parsing attributes in process `syz-executor2'. [ 113.489800] CPU: 0 PID: 7680 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 113.506565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 113.515920] Call Trace: [ 113.518517] dump_stack+0x1c9/0x2b4 [ 113.522154] ? dump_stack_print_info.cold.2+0x52/0x52 [ 113.527380] ? perf_trace_lock+0xde/0x920 [ 113.531545] should_fail.cold.4+0xa/0x11 [ 113.535604] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 113.540701] ? zap_class+0x740/0x740 [ 113.544404] ? trace_hardirqs_on+0x10/0x10 [ 113.548625] ? lock_acquire+0x1e4/0x540 [ 113.552584] ? percpu_ref_put_many+0x119/0x240 [ 113.557157] ? lock_downgrade+0x8f0/0x8f0 [ 113.561296] ? lock_release+0xa30/0xa30 [ 113.565252] ? memcg_kmem_get_cache+0x3a9/0x9d0 [ 113.569904] ? mem_cgroup_handle_over_high+0x130/0x130 [ 113.575161] ? fs_reclaim_acquire+0x20/0x20 [ 113.579470] ? lock_downgrade+0x8f0/0x8f0 [ 113.583602] ? lock_acquire+0x1e4/0x540 [ 113.587559] ? fs_reclaim_acquire+0x20/0x20 [ 113.591864] ? lock_downgrade+0x8f0/0x8f0 [ 113.596001] ? check_same_owner+0x340/0x340 [ 113.600312] ? rcu_note_context_switch+0x730/0x730 [ 113.605224] ? kasan_check_read+0x11/0x20 [ 113.609379] __should_failslab+0x124/0x180 [ 113.613602] should_failslab+0x9/0x14 [ 113.617388] kmem_cache_alloc+0x2af/0x760 [ 113.621524] __get_empty_filp+0x11b/0x620 [ 113.625663] ? d_instantiate+0x79/0xa0 [ 113.629545] ? proc_nr_files+0x60/0x60 [ 113.633423] ? kasan_check_read+0x11/0x20 [ 113.637564] ? do_raw_spin_unlock+0xa7/0x2f0 [ 113.641967] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 113.646534] ? kasan_check_write+0x14/0x20 [ 113.650753] ? do_raw_spin_lock+0xc1/0x200 [ 113.654974] alloc_file+0x29/0x3e0 [ 113.658500] alloc_file_pseudo+0x267/0x3f0 [ 113.662719] ? alloc_file+0x3e0/0x3e0 [ 113.666504] ? check_same_owner+0x340/0x340 [ 113.670826] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 113.675835] ? __check_object_size+0x9d/0x5f2 [ 113.680315] ? kasan_check_write+0x14/0x20 [ 113.684537] __shmem_file_setup.part.48+0x110/0x2a0 [ 113.689548] shmem_file_setup+0x65/0x90 [ 113.693509] __x64_sys_memfd_create+0x2af/0x4f0 [ 113.698164] ? memfd_fcntl+0x1e80/0x1e80 [ 113.702213] ? ksys_mount+0xa8/0x140 [ 113.705916] do_syscall_64+0x1b9/0x820 [ 113.709785] ? finish_task_switch+0x1d3/0x870 [ 113.714265] ? syscall_return_slowpath+0x5e0/0x5e0 [ 113.719209] ? syscall_return_slowpath+0x31d/0x5e0 [ 113.724218] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 113.729216] ? prepare_exit_to_usermode+0x291/0x3b0 [ 113.734220] ? perf_trace_sys_enter+0xb10/0xb10 [ 113.738870] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 113.743702] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 113.748872] RIP: 0033:0x455e29 [ 113.752040] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 113.771244] RSP: 002b:00007f47d500fa88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f 10:54:57 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0x0, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:54:57 executing program 7: r0 = socket$unix(0x1, 0x805, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$unix(r0, &(0x7f0000000140)=@file={0x1, './file0\x00'}, 0x2a) mount(&(0x7f0000000000)='./file0\x00', &(0x7f000000f000)='./file0\x00', &(0x7f0000004ff8)='fusectl\x00', 0x0, &(0x7f0000008f8e)) [ 113.778936] RAX: ffffffffffffffda RBX: 0000000020000480 RCX: 0000000000455e29 [ 113.786198] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000004baa70 [ 113.793452] RBP: 000000000072bea0 R08: 0000000000000020 R09: 00000000fbad8001 [ 113.800713] R10: 0000000020000480 R11: 0000000000000246 R12: 0000000000000014 [ 113.807963] R13: 00000000004c25c8 R14: 00000000004d3e80 R15: 0000000000000004 10:54:57 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x16, 0x8, 0xfa00, {r1}}, 0x10) 10:54:57 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:57 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0x0, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) [ 113.862945] netlink: 16 bytes leftover after parsing attributes in process `syz-executor2'. 10:54:57 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x200000c8, 0xfa00, {r1}}, 0x10) 10:54:57 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000001e00)='/dev/zero\x00', 0x0, 0x0) r0 = socket(0x1f, 0x2000000000000005, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x1) bind$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x3, {0x0, 0x0, 0x0, 0xfffffffffffffffc}}, 0xe) 10:54:57 executing program 1 (fault-call:1 fault-nth:5): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:54:57 executing program 2: perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005e381e5b3b60ced5c54dbb7", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000003e80), 0x0, 0x0) recvmmsg(r1, &(0x7f00000071c0)=[{{0x0, 0x0, &(0x7f0000006140)=[{&(0x7f0000006000)=""/103, 0x67}, {&(0x7f0000006080)=""/160, 0xa0}], 0x2, &(0x7f00000061c0)=""/4096, 0x1000}}], 0x1500, 0x0, &(0x7f0000007380)={0x0, 0x1c9c380}) [ 114.027715] FAULT_INJECTION: forcing a failure. [ 114.027715] name failslab, interval 1, probability 0, space 0, times 0 [ 114.039016] CPU: 1 PID: 7727 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 114.047357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 114.056711] Call Trace: [ 114.059307] dump_stack+0x1c9/0x2b4 [ 114.062947] ? dump_stack_print_info.cold.2+0x52/0x52 [ 114.068151] ? lock_release+0xa30/0xa30 [ 114.072136] should_fail.cold.4+0xa/0x11 [ 114.076206] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 114.081317] ? lock_acquire+0x1e4/0x540 [ 114.085291] ? shmem_setattr+0x50e/0xda0 [ 114.089356] ? lock_downgrade+0x8f0/0x8f0 [ 114.093514] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 114.099055] ? timespec64_trunc+0xea/0x180 [ 114.103286] ? inode_init_owner+0x340/0x340 [ 114.107612] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 114.113157] ? fsnotify+0xbac/0x14e0 [ 114.116878] ? lock_acquire+0x1e4/0x540 [ 114.120853] ? fs_reclaim_acquire+0x20/0x20 [ 114.125177] ? lock_downgrade+0x8f0/0x8f0 [ 114.129333] ? check_same_owner+0x340/0x340 [ 114.133664] ? rcu_note_context_switch+0x730/0x730 [ 114.138596] ? notify_change+0xda7/0x10f0 [ 114.142744] __should_failslab+0x124/0x180 [ 114.146982] should_failslab+0x9/0x14 [ 114.150784] kmem_cache_alloc+0x2af/0x760 [ 114.154938] ? do_sys_ftruncate+0x42d/0x560 [ 114.159253] ? lock_downgrade+0x8f0/0x8f0 [ 114.163386] getname_flags+0xd0/0x5a0 [ 114.167168] getname+0x19/0x20 [ 114.170341] do_sys_open+0x3a2/0x720 [ 114.174044] ? filp_open+0x80/0x80 [ 114.177568] ? do_sys_ftruncate+0x44e/0x560 [ 114.181871] __x64_sys_open+0x7e/0xc0 [ 114.185654] do_syscall_64+0x1b9/0x820 [ 114.189522] ? finish_task_switch+0x1d3/0x870 [ 114.194001] ? syscall_return_slowpath+0x5e0/0x5e0 [ 114.198920] ? syscall_return_slowpath+0x31d/0x5e0 [ 114.203832] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 114.208836] ? prepare_exit_to_usermode+0x291/0x3b0 [ 114.213834] ? perf_trace_sys_enter+0xb10/0xb10 [ 114.218484] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 114.223309] entry_SYSCALL_64_after_hwframe+0x49/0xbe 10:54:57 executing program 3: clock_nanosleep(0x2, 0x0, &(0x7f0000000140)={0x0, 0x1c9c380}, &(0x7f0000000180)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x8031, 0xffffffffffffffff, 0x0) mlock2(&(0x7f00009b5000/0x3000)=nil, 0xd5ff438933b6e90a, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) 10:54:57 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x0, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:57 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0x0, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:54:57 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x200000d0, 0xfa00, {r1}}, 0x10) 10:54:57 executing program 7: r0 = epoll_create1(0x0) r1 = socket$inet6_dccp(0xa, 0x6, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000007000)={0x400000084000000}) epoll_wait(r0, &(0x7f0000000000)=[{}], 0x1, 0x0) 10:54:57 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x9, 0x8, &(0x7f0000000340)=ANY=[@ANYBLOB="7a0af8ff7d440000bfa100000000000007010000f8ffffffb702000003000000bf130000000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00'}, 0x48) 10:54:57 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x340, 0x4) sendto$inet6(r0, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x8, @dev={0xfe, 0x80}}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000080)=0x5, 0x4) recvmsg(r0, &(0x7f0000000300)={&(0x7f0000000140)=@hci, 0x80, &(0x7f0000000240), 0x0, 0x0, 0x2c3}, 0x2000) [ 114.228477] RIP: 0033:0x410081 [ 114.231643] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 b4 17 00 00 c3 48 83 ec 08 e8 8a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 d3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 114.250770] RSP: 002b:00007f47d500fa80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 114.258469] RAX: ffffffffffffffda RBX: 0000000020000490 RCX: 0000000000410081 [ 114.265736] RDX: 00007f47d500fafa RSI: 0000000000000002 RDI: 00007f47d500faf0 [ 114.273011] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 114.280282] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000015 [ 114.287571] R13: 0000000000000000 R14: 00000000004d3e80 R15: 0000000000000005 [ 114.295500] [ 114.297207] ********************************************************** [ 114.303916] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 114.310603] ** ** [ 114.317351] ** trace_printk() being used. Allocating extra memory. ** 10:54:57 executing program 1 (fault-call:1 fault-nth:6): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) [ 114.324044] ** ** [ 114.330718] ** This means that this is a DEBUG kernel and it is ** [ 114.337400] ** unsafe for production use. ** [ 114.344081] ** ** [ 114.350759] ** If you see this message and you are not debugging ** [ 114.357433] ** the kernel, report this immediately to your vendor! ** [ 114.358091] protocol 0000 is buggy, dev sit0 [ 114.364118] ** ** 10:54:58 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x0, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:58 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) lseek(r0, 0x200000, 0x1) [ 114.364124] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 114.364129] ********************************************************** [ 114.424702] FAULT_INJECTION: forcing a failure. [ 114.424702] name failslab, interval 1, probability 0, space 0, times 0 [ 114.435994] CPU: 1 PID: 7757 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 114.444307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 114.453645] Call Trace: [ 114.456220] dump_stack+0x1c9/0x2b4 [ 114.459828] ? dump_stack_print_info.cold.2+0x52/0x52 [ 114.465009] ? kasan_check_write+0x14/0x20 [ 114.469238] should_fail.cold.4+0xa/0x11 [ 114.473283] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 114.478637] ? trace_hardirqs_on+0x10/0x10 [ 114.482858] ? kasan_check_read+0x11/0x20 [ 114.486997] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 114.492000] ? trace_hardirqs_on+0x10/0x10 [ 114.496225] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 114.501222] ? bpf_prog_kallsyms_find+0xde/0x4c0 [ 114.505965] ? lock_acquire+0x1e4/0x540 [ 114.510266] ? fs_reclaim_acquire+0x20/0x20 [ 114.514580] ? lock_downgrade+0x8f0/0x8f0 [ 114.518720] ? check_same_owner+0x340/0x340 [ 114.523024] ? rcu_is_watching+0x8c/0x150 [ 114.527155] ? rcu_note_context_switch+0x730/0x730 [ 114.532070] __should_failslab+0x124/0x180 [ 114.536289] should_failslab+0x9/0x14 [ 114.540071] kmem_cache_alloc+0x2af/0x760 [ 114.544205] __get_empty_filp+0x11b/0x620 [ 114.548333] ? proc_nr_files+0x60/0x60 [ 114.552206] ? lock_acquire+0x1e4/0x540 [ 114.556160] ? is_bpf_text_address+0xae/0x170 [ 114.560640] ? lock_downgrade+0x8f0/0x8f0 [ 114.564791] ? lock_release+0xa30/0xa30 [ 114.568751] path_openat+0x110/0x5430 [ 114.572538] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 114.577191] ? is_bpf_text_address+0xd7/0x170 [ 114.581668] ? kernel_text_address+0x79/0xf0 [ 114.586061] ? path_lookupat.isra.45+0xbf0/0xbf0 [ 114.590799] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 114.595806] ? expand_files.part.8+0x571/0x9c0 [ 114.600370] ? iterate_fd+0x4b0/0x4b0 [ 114.604156] ? lock_acquire+0x1e4/0x540 [ 114.608109] ? __alloc_fd+0x34e/0x710 [ 114.611893] ? lock_downgrade+0x8f0/0x8f0 [ 114.616027] ? do_sys_open+0x3a2/0x720 [ 114.619900] ? kasan_check_read+0x11/0x20 [ 114.624030] ? do_raw_spin_unlock+0xa7/0x2f0 [ 114.628419] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 114.633071] ? kasan_check_write+0x14/0x20 [ 114.637289] ? do_raw_spin_lock+0xc1/0x200 [ 114.641508] ? _raw_spin_unlock+0x22/0x30 [ 114.645637] ? __alloc_fd+0x34e/0x710 [ 114.649418] ? usercopy_warn+0x120/0x120 [ 114.653467] do_filp_open+0x255/0x380 [ 114.657251] ? may_open_dev+0x100/0x100 [ 114.661209] ? get_unused_fd_flags+0x122/0x1a0 [ 114.665770] ? __alloc_fd+0x710/0x710 [ 114.669556] do_sys_open+0x584/0x720 [ 114.673250] ? filp_open+0x80/0x80 [ 114.676773] ? do_sys_ftruncate+0x44e/0x560 [ 114.681074] __x64_sys_open+0x7e/0xc0 [ 114.684857] do_syscall_64+0x1b9/0x820 [ 114.688733] ? finish_task_switch+0x1d3/0x870 [ 114.693210] ? syscall_return_slowpath+0x5e0/0x5e0 [ 114.698131] ? syscall_return_slowpath+0x31d/0x5e0 [ 114.703042] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 114.708040] ? prepare_exit_to_usermode+0x291/0x3b0 [ 114.713037] ? perf_trace_sys_enter+0xb10/0xb10 [ 114.717688] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 114.722514] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 114.727682] RIP: 0033:0x410081 [ 114.730847] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 b4 17 00 00 c3 48 83 ec 08 e8 8a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 d3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 114.750033] RSP: 002b:00007f47d500fa80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 114.757723] RAX: ffffffffffffffda RBX: 0000000020000490 RCX: 0000000000410081 [ 114.764974] RDX: 00007f47d500fafa RSI: 0000000000000002 RDI: 00007f47d500faf0 10:54:58 executing program 5: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000140)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "a845c9e93fa0ac86bd6977d41f86b07115091a48a76916e72695fd08b2bf39c6a5753d997ab2ad8297c8dc397ebf1482c43d9baf5fe7fe28e9a5ee87657814"}, 0x60) r1 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$unix(r0, &(0x7f0000000800)={&(0x7f0000000200)=@abs, 0x6e, &(0x7f0000000340), 0x0, &(0x7f0000000740)}, 0x0) dup3(r1, r0, 0x0) 10:54:58 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa02, {r1}}, 0x10) 10:54:58 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f000000f000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0xaaaaaaaaaaaab7d, 0x0, &(0x7f0000000000), 0x0) 10:54:58 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'chacha20-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) recvmsg(r1, &(0x7f0000001480)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f00000002c0)=""/4096, 0x34000}], 0x1, &(0x7f0000001400)=""/123, 0x7b}, 0x0) [ 114.772221] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 114.779469] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000015 [ 114.786715] R13: 0000000000000000 R14: 00000000004d3e80 R15: 0000000000000006 10:54:58 executing program 1 (fault-call:1 fault-nth:7): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) [ 114.879232] FAULT_INJECTION: forcing a failure. [ 114.879232] name failslab, interval 1, probability 0, space 0, times 0 [ 114.890698] CPU: 0 PID: 7780 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 114.899003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 114.908344] Call Trace: [ 114.910919] dump_stack+0x1c9/0x2b4 [ 114.914528] ? dump_stack_print_info.cold.2+0x52/0x52 [ 114.919702] should_fail.cold.4+0xa/0x11 [ 114.923747] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 114.928837] ? lock_acquire+0x1e4/0x540 [ 114.932794] ? lo_ioctl+0x8e/0x1d70 [ 114.936406] ? lock_release+0xa30/0xa30 [ 114.940363] ? check_same_owner+0x340/0x340 [ 114.944670] ? rcu_note_context_switch+0x730/0x730 [ 114.949590] ? lock_acquire+0x1e4/0x540 [ 114.953555] ? fs_reclaim_acquire+0x20/0x20 [ 114.957859] ? lock_downgrade+0x8f0/0x8f0 [ 114.961993] ? check_same_owner+0x340/0x340 [ 114.966300] ? mutex_trylock+0x2b0/0x2b0 [ 114.970345] ? rcu_note_context_switch+0x730/0x730 [ 114.975259] __should_failslab+0x124/0x180 [ 114.979479] should_failslab+0x9/0x14 [ 114.983263] kmem_cache_alloc_trace+0x2cb/0x780 [ 114.987914] ? init_wait_entry+0x1c0/0x1c0 [ 114.992140] ? lock_release+0xa30/0xa30 [ 114.997403] ? trace_hardirqs_on+0x10/0x10 [ 115.001619] ? loop_get_status64+0x140/0x140 [ 115.006010] __kthread_create_on_node+0x127/0x4c0 [ 115.010850] ? __kthread_parkme+0x1b0/0x1b0 [ 115.015152] ? __fget+0x4d5/0x740 [ 115.018590] ? __lockdep_init_map+0x105/0x590 [ 115.023072] ? loop_get_status64+0x140/0x140 [ 115.027463] kthread_create_on_node+0xb1/0xe0 [ 115.031937] ? __kthread_create_on_node+0x4c0/0x4c0 [ 115.036941] lo_ioctl+0x7f6/0x1d70 [ 115.040469] ? lo_rw_aio_complete+0x450/0x450 [ 115.044949] blkdev_ioctl+0x9cd/0x2030 [ 115.048820] ? lock_acquire+0x1e4/0x540 [ 115.052774] ? blkpg_ioctl+0xc40/0xc40 [ 115.056646] ? lock_release+0xa30/0xa30 [ 115.060606] ? save_stack+0xa9/0xd0 [ 115.064213] ? save_stack+0x43/0xd0 [ 115.067820] ? __fget+0x4d5/0x740 [ 115.071260] ? ksys_dup3+0x690/0x690 [ 115.074953] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 115.079517] ? kasan_check_write+0x14/0x20 [ 115.083729] ? do_raw_spin_lock+0xc1/0x200 [ 115.087949] block_ioctl+0xee/0x130 [ 115.091556] ? blkdev_fallocate+0x400/0x400 [ 115.095857] do_vfs_ioctl+0x1de/0x1720 [ 115.099748] ? ioctl_preallocate+0x300/0x300 [ 115.104135] ? __fget_light+0x2f7/0x440 [ 115.108093] ? fget_raw+0x20/0x20 [ 115.111526] ? trace_hardirqs_on+0xd/0x10 [ 115.115657] ? kmem_cache_free+0x22e/0x2d0 [ 115.119875] ? putname+0xf7/0x130 [ 115.123308] ? do_sys_open+0x3cb/0x720 [ 115.127176] ? security_file_ioctl+0x94/0xc0 [ 115.131568] ksys_ioctl+0xa9/0xd0 [ 115.135020] __x64_sys_ioctl+0x73/0xb0 [ 115.138895] do_syscall_64+0x1b9/0x820 [ 115.142760] ? finish_task_switch+0x1d3/0x870 [ 115.147236] ? syscall_return_slowpath+0x5e0/0x5e0 [ 115.152146] ? syscall_return_slowpath+0x31d/0x5e0 [ 115.157061] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 115.162062] ? prepare_exit_to_usermode+0x291/0x3b0 [ 115.167063] ? perf_trace_sys_enter+0xb10/0xb10 [ 115.171801] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 115.176636] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 115.181804] RIP: 0033:0x455c97 [ 115.184970] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d bb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 115.204147] RSP: 002b:00007f47d500fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 115.211838] RAX: ffffffffffffffda RBX: 0000000020000490 RCX: 0000000000455c97 [ 115.219087] RDX: 0000000000000015 RSI: 0000000000004c00 RDI: 0000000000000016 10:54:58 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) lseek(r0, 0x200000, 0x1) [ 115.226338] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 115.233597] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000015 [ 115.240846] R13: 0000000000000000 R14: 00000000004d3e80 R15: 0000000000000007 10:54:59 executing program 3: r0 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) close(r0) r1 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) r2 = memfd_create(&(0x7f0000000140)="000000008c00000000000000000000", 0x0) pwritev(r2, &(0x7f0000000080)=[{&(0x7f00000000c0)="a8", 0x1}], 0x1, 0x81003) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r0, 0x0) madvise(&(0x7f0000004000/0x2000)=nil, 0x2000, 0x9) 10:54:59 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x0, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:59 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000001031900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) 10:54:59 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1, 0xec95}}, 0x10) 10:54:59 executing program 1 (fault-call:1 fault-nth:8): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:54:59 executing program 2: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}}, 0x8c) 10:54:59 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) lseek(r0, 0x200000, 0x1) 10:54:59 executing program 7: r0 = socket$inet(0x2, 0xa, 0x5) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r1, &(0x7f00000000c0)={0x2}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) mq_open(&(0x7f0000001980)='ovf\x00', 0x0, 0x0, &(0x7f00000019c0)) bpf$OBJ_GET_PROG(0x7, &(0x7f0000001a40)={&(0x7f0000001a00)='./file0\x00'}, 0x10) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000100)) stat(&(0x7f00000016c0)='./file0\x00', &(0x7f0000001700)) setsockopt$inet_tcp_int(r1, 0x6, 0x4000000000014, &(0x7f0000000040)=0x80000000001, 0x4) sendto$inet(r1, &(0x7f0000000500)='9', 0x1, 0x0, &(0x7f0000000340)={0x2}, 0x10) recvfrom$inet(r1, &(0x7f0000000380)=""/240, 0xf0, 0x2, &(0x7f00000001c0)={0x2, 0x0, @multicast2=0xe0000002}, 0x930000) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x84, @dev={0xac, 0x14, 0x14}, 0x0, 0x0, 'ovf\x00'}, 0x2c) fcntl$F_SET_FILE_RW_HINT(r2, 0x40e, &(0x7f0000001900)) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000002e40)={'vcan0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000002f00)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000002ec0)={&(0x7f0000002e80)=@gettfilter={0x24, 0x2e, 0x201, 0x70bd25, 0x25dfdbff, {0x0, r3, {0x7, 0xfff3}, {0x5, 0x6}, {0x0, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x4) socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0) [ 115.468627] syz-executor7 uses obsolete (PF_INET,SOCK_PACKET) [ 115.486812] FAULT_INJECTION: forcing a failure. [ 115.486812] name failslab, interval 1, probability 0, space 0, times 0 [ 115.498097] CPU: 0 PID: 7802 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 115.506404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 115.515750] Call Trace: 10:54:59 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) lseek(r0, 0x200000, 0x1) 10:54:59 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1, 0x95ec000000000000}}, 0x10) 10:54:59 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:59 executing program 2: r0 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r0, &(0x7f0000000ff0)={0x28, 0x0, 0x0, @hyper}, 0x10) listen(r0, 0x0) ppoll(&(0x7f0000000ff0)=[{r0}], 0x1, &(0x7f0000002ff0), &(0x7f0000001000), 0x8) [ 115.518344] dump_stack+0x1c9/0x2b4 [ 115.521976] ? dump_stack_print_info.cold.2+0x52/0x52 [ 115.527177] should_fail.cold.4+0xa/0x11 [ 115.531248] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 115.536355] ? run_rebalance_domains+0x4c0/0x4c0 [ 115.541115] ? __enqueue_entity+0x10d/0x1f0 [ 115.545444] ? trace_hardirqs_on+0x10/0x10 [ 115.549692] ? enqueue_entity+0x34b/0x2130 [ 115.553941] ? rcu_sched_qs+0xe/0x150 [ 115.557741] ? rcu_note_context_switch+0x571/0x730 [ 115.562662] ? rcu_sched_qs+0x150/0x150 [ 115.566622] ? lock_acquire+0x1e4/0x540 [ 115.570581] ? fs_reclaim_acquire+0x20/0x20 [ 115.574890] ? lock_downgrade+0x8f0/0x8f0 [ 115.579036] ? check_same_owner+0x340/0x340 [ 115.583334] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 115.587896] ? rcu_note_context_switch+0x730/0x730 [ 115.592806] ? kasan_check_write+0x14/0x20 [ 115.597056] __should_failslab+0x124/0x180 [ 115.601278] should_failslab+0x9/0x14 [ 115.605076] kmem_cache_alloc+0x2af/0x760 [ 115.609220] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 115.614218] __kernfs_new_node+0xef/0x5a0 [ 115.618346] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 115.623093] ? bd_set_size+0x2c1/0x370 [ 115.626961] ? lock_downgrade+0x8f0/0x8f0 [ 115.631089] ? enqueue_entity+0x2130/0x2130 [ 115.635405] ? lock_release+0xa30/0xa30 [ 115.639374] ? check_same_owner+0x340/0x340 [ 115.643686] ? lock_acquire+0x1e4/0x540 [ 115.647642] ? blk_queue_write_cache+0x1b8/0x43a [ 115.652378] ? lock_downgrade+0x8f0/0x8f0 [ 115.656508] kernfs_new_node+0x80/0xf0 [ 115.660374] kernfs_create_dir_ns+0x3d/0x140 [ 115.664765] internal_create_group+0x3c9/0x9e0 [ 115.669337] ? do_raw_spin_lock+0xc1/0x200 [ 115.673557] sysfs_create_group+0x1f/0x30 [ 115.677686] lo_ioctl+0x1307/0x1d70 [ 115.681293] ? lo_rw_aio_complete+0x450/0x450 [ 115.685769] blkdev_ioctl+0x9cd/0x2030 [ 115.689635] ? lock_acquire+0x1e4/0x540 [ 115.693588] ? blkpg_ioctl+0xc40/0xc40 [ 115.697453] ? lock_release+0xa30/0xa30 [ 115.701418] ? save_stack+0xa9/0xd0 [ 115.705034] ? save_stack+0x43/0xd0 [ 115.708643] ? __fget+0x4d5/0x740 [ 115.712084] ? ksys_dup3+0x690/0x690 [ 115.715777] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 115.720339] ? kasan_check_write+0x14/0x20 [ 115.724551] ? do_raw_spin_lock+0xc1/0x200 [ 115.728764] block_ioctl+0xee/0x130 [ 115.732367] ? blkdev_fallocate+0x400/0x400 [ 115.736666] do_vfs_ioctl+0x1de/0x1720 [ 115.740531] ? ioctl_preallocate+0x300/0x300 [ 115.744917] ? __fget_light+0x2f7/0x440 [ 115.748868] ? fget_raw+0x20/0x20 [ 115.752301] ? trace_hardirqs_on+0xd/0x10 [ 115.756427] ? kmem_cache_free+0x22e/0x2d0 [ 115.760640] ? putname+0xf7/0x130 [ 115.764078] ? do_sys_open+0x3cb/0x720 [ 115.767956] ? security_file_ioctl+0x94/0xc0 [ 115.772359] ksys_ioctl+0xa9/0xd0 [ 115.775801] __x64_sys_ioctl+0x73/0xb0 [ 115.779669] do_syscall_64+0x1b9/0x820 [ 115.783535] ? finish_task_switch+0x1d3/0x870 [ 115.788027] ? syscall_return_slowpath+0x5e0/0x5e0 [ 115.792935] ? syscall_return_slowpath+0x31d/0x5e0 [ 115.797842] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 115.802842] ? prepare_exit_to_usermode+0x291/0x3b0 [ 115.807846] ? perf_trace_sys_enter+0xb10/0xb10 [ 115.812494] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 115.817328] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 115.822501] RIP: 0033:0x455c97 [ 115.825675] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d bb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 115.844858] RSP: 002b:00007f47d500fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 115.852549] RAX: ffffffffffffffda RBX: 0000000020000490 RCX: 0000000000455c97 [ 115.859814] RDX: 0000000000000015 RSI: 0000000000004c00 RDI: 0000000000000016 10:54:59 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000001031900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) [ 115.867060] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 115.874305] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000015 [ 115.881550] R13: 0000000000000000 R14: 00000000004d3e80 R15: 0000000000000008 [ 115.892580] EXT4-fs (sda1): journaled quota format not specified 10:54:59 executing program 3: getgroups(0x2, &(0x7f00000001c0)=[0xffffffffffffffff, 0xee01]) setresgid(0x0, 0x0, r0) setregid(0x0, r0) 10:54:59 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x0, 0x800}, 0x18) 10:54:59 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xe, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000000000080bfa30000000000000703000020feffff7a0af0fff8ffffff69a4f0ff00000000b7060000000000017d4003000000000025000400018400002704000080ffffffb7050000000000006a0a00fe00000000850000002e000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00'}, 0x48) 10:54:59 executing program 1 (fault-call:1 fault-nth:9): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:54:59 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1, 0x2000000}}, 0x10) 10:54:59 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lseek(0xffffffffffffffff, 0x200000, 0x1) 10:54:59 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:54:59 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000001031900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) [ 116.070988] FAULT_INJECTION: forcing a failure. [ 116.070988] name failslab, interval 1, probability 0, space 0, times 0 [ 116.082356] CPU: 1 PID: 7866 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 116.090671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 116.100024] Call Trace: [ 116.102617] dump_stack+0x1c9/0x2b4 [ 116.106251] ? dump_stack_print_info.cold.2+0x52/0x52 [ 116.111439] ? zap_class+0x740/0x740 [ 116.115179] should_fail.cold.4+0xa/0x11 [ 116.119246] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 116.124343] ? zap_class+0x740/0x740 [ 116.128051] ? update_load_avg+0x2de/0x2590 [ 116.132360] ? update_load_avg+0x2de/0x2590 [ 116.136668] ? pvclock_read_flags+0x160/0x160 [ 116.141155] ? perf_trace_lock+0xde/0x920 [ 116.145314] ? lock_acquire+0x1e4/0x540 [ 116.149277] ? zap_class+0x740/0x740 [ 116.152986] ? lock_acquire+0x1e4/0x540 [ 116.156946] ? update_curr+0x4c8/0xc00 [ 116.160820] ? lock_downgrade+0x8f0/0x8f0 [ 116.164973] ? lock_release+0xa30/0xa30 [ 116.168940] __should_failslab+0x124/0x180 [ 116.173165] should_failslab+0x9/0x14 [ 116.176951] kmem_cache_alloc+0x47/0x760 [ 116.180999] ? lock_acquire+0x1e4/0x540 [ 116.184976] ? is_bpf_text_address+0xae/0x170 [ 116.189461] ? lock_downgrade+0x8f0/0x8f0 [ 116.193602] radix_tree_node_alloc.constprop.19+0x1e6/0x310 [ 116.199305] idr_get_free+0x887/0x10d0 [ 116.203192] ? radix_tree_iter_tag_clear+0xd0/0xd0 [ 116.208111] ? __kernel_text_address+0xd/0x40 [ 116.212593] ? unwind_get_return_address+0x61/0xa0 [ 116.217511] ? __save_stack_trace+0x8d/0xf0 [ 116.221831] ? save_stack+0xa9/0xd0 [ 116.225445] ? save_stack+0x43/0xd0 [ 116.229061] ? kasan_kmalloc+0xc4/0xe0 [ 116.232932] ? kasan_slab_alloc+0x12/0x20 [ 116.237072] ? kmem_cache_alloc+0x12e/0x760 [ 116.241382] ? __kernfs_new_node+0xef/0x5a0 [ 116.245691] ? kernfs_new_node+0x80/0xf0 [ 116.249737] ? kernfs_create_dir_ns+0x3d/0x140 [ 116.254306] ? internal_create_group+0x3c9/0x9e0 [ 116.259047] ? sysfs_create_group+0x1f/0x30 [ 116.263353] ? lo_ioctl+0x1307/0x1d70 [ 116.267142] ? block_ioctl+0xee/0x130 [ 116.270929] ? do_vfs_ioctl+0x1de/0x1720 [ 116.274976] ? ksys_ioctl+0xa9/0xd0 [ 116.278586] ? __x64_sys_ioctl+0x73/0xb0 [ 116.282633] ? do_syscall_64+0x1b9/0x820 [ 116.286679] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 116.292035] ? rcu_note_context_switch+0x571/0x730 [ 116.296972] idr_alloc_u32+0x1d4/0x3a0 [ 116.300860] ? __fprop_inc_percpu_max+0x2d0/0x2d0 [ 116.305692] ? lock_acquire+0x1e4/0x540 [ 116.309652] ? __kernfs_new_node+0x116/0x5a0 [ 116.314061] idr_alloc_cyclic+0x173/0x360 [ 116.318200] ? idr_alloc+0x1b0/0x1b0 [ 116.321903] ? kasan_check_write+0x14/0x20 [ 116.326145] ? do_raw_spin_lock+0xc1/0x200 [ 116.330400] __kernfs_new_node+0x1ab/0x5a0 [ 116.334632] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 116.339375] ? bd_set_size+0x2c1/0x370 [ 116.343253] ? lock_downgrade+0x8f0/0x8f0 [ 116.347398] ? lock_release+0xa30/0xa30 [ 116.351360] ? lock_acquire+0x1e4/0x540 [ 116.355319] ? blk_queue_write_cache+0x1b8/0x43a [ 116.360064] ? lock_downgrade+0x8f0/0x8f0 [ 116.364209] kernfs_new_node+0x80/0xf0 [ 116.368095] kernfs_create_dir_ns+0x3d/0x140 [ 116.372491] internal_create_group+0x3c9/0x9e0 [ 116.377058] ? do_raw_spin_lock+0xc1/0x200 [ 116.381286] sysfs_create_group+0x1f/0x30 [ 116.385428] lo_ioctl+0x1307/0x1d70 [ 116.389052] ? lo_rw_aio_complete+0x450/0x450 [ 116.393533] blkdev_ioctl+0x9cd/0x2030 [ 116.397406] ? lock_acquire+0x1e4/0x540 [ 116.401370] ? blkpg_ioctl+0xc40/0xc40 [ 116.405247] ? lock_release+0xa30/0xa30 [ 116.409215] ? save_stack+0xa9/0xd0 [ 116.412831] ? save_stack+0x43/0xd0 [ 116.416453] ? __fget+0x4d5/0x740 [ 116.419897] ? ksys_dup3+0x690/0x690 [ 116.423599] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 116.428172] ? kasan_check_write+0x14/0x20 [ 116.432396] ? do_raw_spin_lock+0xc1/0x200 [ 116.436627] block_ioctl+0xee/0x130 [ 116.440244] ? blkdev_fallocate+0x400/0x400 [ 116.444554] do_vfs_ioctl+0x1de/0x1720 [ 116.448440] ? ioctl_preallocate+0x300/0x300 [ 116.452836] ? __fget_light+0x2f7/0x440 [ 116.456796] ? fget_raw+0x20/0x20 [ 116.460237] ? trace_hardirqs_on+0xd/0x10 [ 116.464372] ? kmem_cache_free+0x22e/0x2d0 [ 116.468592] ? putname+0xf7/0x130 [ 116.472034] ? do_sys_open+0x3cb/0x720 [ 116.475913] ? security_file_ioctl+0x94/0xc0 [ 116.480309] ksys_ioctl+0xa9/0xd0 [ 116.483760] __x64_sys_ioctl+0x73/0xb0 [ 116.487637] do_syscall_64+0x1b9/0x820 [ 116.491509] ? finish_task_switch+0x1d3/0x870 [ 116.495993] ? syscall_return_slowpath+0x5e0/0x5e0 [ 116.500917] ? syscall_return_slowpath+0x31d/0x5e0 [ 116.505845] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 116.510847] ? prepare_exit_to_usermode+0x291/0x3b0 [ 116.515853] ? perf_trace_sys_enter+0xb10/0xb10 [ 116.520510] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 116.525347] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 116.530535] RIP: 0033:0x455c97 [ 116.533709] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d bb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 116.553028] RSP: 002b:00007f47d500fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 116.560735] RAX: ffffffffffffffda RBX: 0000000020000490 RCX: 0000000000455c97 10:55:00 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000300)=""/208, 0xd0}], 0x1) ioctl$TCSETSW(r1, 0x5403, &(0x7f0000002000)={0x0, 0x0, 0x0, 0xfffffffc}) write(r0, &(0x7f0000c34fff), 0xffffff0b) 10:55:00 executing program 7: seccomp(0x200000001, 0x2, &(0x7f0000016000)={0x1, &(0x7f00001e0fe8)=[{0x6, 0x0, 0x0, 0x7ffff7ff00000}]}) socket$can_raw(0x1d, 0x3, 0x1) socketpair$packet(0x11, 0x0, 0x300, &(0x7f0000000040)) poll(&(0x7f0000000100)=[{}, {}], 0x2, 0x0) 10:55:00 executing program 0: r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) lseek(r0, 0x200000, 0x1) [ 116.567998] RDX: 0000000000000015 RSI: 0000000000004c00 RDI: 0000000000000016 [ 116.575258] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 116.582512] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000015 [ 116.589766] R13: 0000000000000000 R14: 00000000004d3e80 R15: 0000000000000009 10:55:00 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1, 0x95ec0000}}, 0x10) 10:55:00 executing program 2: r0 = memfd_create(&(0x7f00000000c0)='#em1#+\x00', 0x0) write(r0, &(0x7f0000000040)="06", 0x1) sendfile(r0, r0, &(0x7f0000001000), 0xffff) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r0, 0x0) syz_fuseblk_mount(&(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 116.640620] EXT4-fs (sda1): journaled quota format not specified [ 116.665824] audit: type=1326 audit(116.664:5): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=7883 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x455e29 code=0x7ff00000 10:55:00 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:55:00 executing program 1 (fault-call:1 fault-nth:10): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) [ 116.742750] audit: type=1326 audit(116.689:6): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=7883 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=41 compat=0 ip=0x455e29 code=0x7ff00000 [ 116.761946] audit: type=1326 audit(116.689:7): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=7883 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x455e29 code=0x7ff00000 [ 116.781244] audit: type=1326 audit(116.689:8): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=7883 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x455e29 code=0x7ff00000 [ 116.800445] audit: type=1326 audit(116.689:9): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=7883 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x455e29 code=0x7ff00000 [ 116.819652] audit: type=1326 audit(116.689:10): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=7883 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x455e29 code=0x7ff00000 10:55:00 executing program 0: r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) lseek(r0, 0x200000, 0x1) 10:55:00 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1, 0x95ec}}, 0x10) 10:55:00 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000001031900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) 10:55:00 executing program 0: r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) lseek(r0, 0x200000, 0x1) 10:55:00 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d34") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) [ 116.839023] audit: type=1326 audit(116.689:11): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=7883 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x455e29 code=0x7ff00000 [ 116.858359] audit: type=1326 audit(116.690:12): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=7883 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x455e29 code=0x7ff00000 [ 116.877653] audit: type=1326 audit(116.690:13): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=7883 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x455e29 code=0x7ff00000 [ 116.896946] audit: type=1326 audit(116.690:14): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=7883 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x455e29 code=0x7ff00000 [ 116.963056] FAULT_INJECTION: forcing a failure. [ 116.963056] name failslab, interval 1, probability 0, space 0, times 0 [ 116.974335] CPU: 0 PID: 7917 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 116.982653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 116.992002] Call Trace: [ 116.994594] dump_stack+0x1c9/0x2b4 [ 116.998227] ? dump_stack_print_info.cold.2+0x52/0x52 [ 117.003427] should_fail.cold.4+0xa/0x11 [ 117.007495] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 117.012598] ? __update_load_avg_blocked_se.isra.34+0x460/0x460 [ 117.018659] ? update_load_avg+0x2de/0x2590 [ 117.022983] ? update_load_avg+0x2de/0x2590 [ 117.027309] ? pvclock_read_flags+0x160/0x160 [ 117.031814] ? lock_acquire+0x1e4/0x540 [ 117.035792] ? cpuacct_charge+0x2eb/0x5d0 [ 117.039947] ? lock_downgrade+0x8f0/0x8f0 [ 117.044102] ? lock_release+0xa30/0xa30 [ 117.048077] ? rb_erase+0x3550/0x3550 [ 117.051878] ? lock_acquire+0x1e4/0x540 [ 117.055856] ? update_curr+0x4c8/0xc00 [ 117.059751] ? lock_downgrade+0x8f0/0x8f0 [ 117.063905] ? lock_release+0xa30/0xa30 [ 117.067934] __should_failslab+0x124/0x180 [ 117.072173] should_failslab+0x9/0x14 [ 117.075977] kmem_cache_alloc+0x47/0x760 [ 117.080042] ? lock_acquire+0x1e4/0x540 [ 117.084017] ? is_bpf_text_address+0xae/0x170 [ 117.088517] ? lock_downgrade+0x8f0/0x8f0 [ 117.092671] radix_tree_node_alloc.constprop.19+0x1e6/0x310 [ 117.098394] idr_get_free+0x887/0x10d0 [ 117.102298] ? radix_tree_iter_tag_clear+0xd0/0xd0 [ 117.107228] ? __kernel_text_address+0xd/0x40 [ 117.111725] ? unwind_get_return_address+0x61/0xa0 [ 117.116666] ? __save_stack_trace+0x8d/0xf0 [ 117.121013] ? save_stack+0xa9/0xd0 [ 117.124639] ? save_stack+0x43/0xd0 [ 117.128269] ? kasan_kmalloc+0xc4/0xe0 [ 117.132159] ? kasan_slab_alloc+0x12/0x20 [ 117.136333] ? kmem_cache_alloc+0x12e/0x760 [ 117.140679] ? __kernfs_new_node+0xef/0x5a0 [ 117.145002] ? kernfs_new_node+0x80/0xf0 [ 117.149063] ? kernfs_create_dir_ns+0x3d/0x140 [ 117.153647] ? internal_create_group+0x3c9/0x9e0 [ 117.158400] ? sysfs_create_group+0x1f/0x30 [ 117.162727] ? lo_ioctl+0x1307/0x1d70 [ 117.166528] ? block_ioctl+0xee/0x130 [ 117.170327] ? do_vfs_ioctl+0x1de/0x1720 [ 117.174414] ? ksys_ioctl+0xa9/0xd0 [ 117.178042] ? __x64_sys_ioctl+0x73/0xb0 [ 117.182102] ? do_syscall_64+0x1b9/0x820 [ 117.186160] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 117.191521] ? rcu_note_context_switch+0x571/0x730 [ 117.196450] ? rcu_sched_qs+0x150/0x150 [ 117.200427] idr_alloc_u32+0x1d4/0x3a0 [ 117.204311] ? __fprop_inc_percpu_max+0x2d0/0x2d0 [ 117.209150] ? lock_acquire+0x1e4/0x540 [ 117.213121] ? __kernfs_new_node+0x116/0x5a0 [ 117.217528] idr_alloc_cyclic+0x173/0x360 [ 117.221670] ? idr_alloc+0x1b0/0x1b0 [ 117.225383] ? kasan_check_write+0x14/0x20 [ 117.229610] ? do_raw_spin_lock+0xc1/0x200 [ 117.233843] __kernfs_new_node+0x1ab/0x5a0 [ 117.238076] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 117.242829] ? bd_set_size+0x2c1/0x370 [ 117.246716] ? lock_downgrade+0x8f0/0x8f0 [ 117.250861] ? enqueue_entity+0x2130/0x2130 [ 117.255196] ? lock_release+0xa30/0xa30 [ 117.259167] ? check_same_owner+0x340/0x340 [ 117.263482] ? lock_acquire+0x1e4/0x540 [ 117.267451] ? blk_queue_write_cache+0x1b8/0x43a [ 117.272205] ? lock_downgrade+0x8f0/0x8f0 [ 117.276353] kernfs_new_node+0x80/0xf0 [ 117.280239] kernfs_create_dir_ns+0x3d/0x140 [ 117.284643] internal_create_group+0x3c9/0x9e0 [ 117.289220] ? do_raw_spin_lock+0xc1/0x200 [ 117.293457] sysfs_create_group+0x1f/0x30 [ 117.297600] lo_ioctl+0x1307/0x1d70 [ 117.301223] ? lo_rw_aio_complete+0x450/0x450 [ 117.305716] blkdev_ioctl+0x9cd/0x2030 [ 117.309602] ? lock_acquire+0x1e4/0x540 [ 117.313573] ? blkpg_ioctl+0xc40/0xc40 [ 117.317461] ? lock_release+0xa30/0xa30 [ 117.321435] ? save_stack+0xa9/0xd0 [ 117.325059] ? save_stack+0x43/0xd0 [ 117.328683] ? __fget+0x4d5/0x740 [ 117.332137] ? ksys_dup3+0x690/0x690 [ 117.335844] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 117.340429] ? kasan_check_write+0x14/0x20 [ 117.344658] ? do_raw_spin_lock+0xc1/0x200 [ 117.348890] block_ioctl+0xee/0x130 [ 117.352515] ? blkdev_fallocate+0x400/0x400 [ 117.356829] do_vfs_ioctl+0x1de/0x1720 [ 117.360727] ? ioctl_preallocate+0x300/0x300 [ 117.365129] ? __fget_light+0x2f7/0x440 [ 117.369101] ? fget_raw+0x20/0x20 [ 117.372556] ? trace_hardirqs_on+0xd/0x10 [ 117.376699] ? kmem_cache_free+0x22e/0x2d0 [ 117.380931] ? putname+0xf7/0x130 [ 117.384380] ? do_sys_open+0x3cb/0x720 [ 117.388266] ? security_file_ioctl+0x94/0xc0 [ 117.392676] ksys_ioctl+0xa9/0xd0 [ 117.396140] __x64_sys_ioctl+0x73/0xb0 [ 117.400026] do_syscall_64+0x1b9/0x820 [ 117.403909] ? finish_task_switch+0x1d3/0x870 [ 117.408401] ? syscall_return_slowpath+0x5e0/0x5e0 [ 117.413328] ? syscall_return_slowpath+0x31d/0x5e0 [ 117.418256] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 117.423274] ? prepare_exit_to_usermode+0x291/0x3b0 [ 117.428287] ? perf_trace_sys_enter+0xb10/0xb10 [ 117.432957] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 117.437799] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 117.442980] RIP: 0033:0x455c97 10:55:00 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1, 0x3f00}}, 0x10) 10:55:00 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000001031900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) 10:55:00 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d34") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:55:00 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000001031900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) [ 117.446154] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d bb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 117.465424] RSP: 002b:00007f47d500fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 117.473130] RAX: ffffffffffffffda RBX: 0000000020000490 RCX: 0000000000455c97 [ 117.480395] RDX: 0000000000000015 RSI: 0000000000004c00 RDI: 0000000000000016 [ 117.487663] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 117.494924] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000015 [ 117.502185] R13: 0000000000000000 R14: 00000000004d3e80 R15: 000000000000000a [ 117.520601] EXT4-fs (sda1): journaled quota format not specified 10:55:01 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x12, 0x5, 0x4, 0xf728}, 0x2c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000240)={r0, &(0x7f0000000200)}, 0x10) 10:55:01 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000001031900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) 10:55:01 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d34") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:55:01 executing program 0: perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) lseek(r0, 0x200000, 0x1) 10:55:01 executing program 2: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000280)='encrypted\x00', &(0x7f0000000400)={0x73, 0x79, 0x7a}, &(0x7f0000000440)="b1", 0x1, 0xfffffffffffffffe) 10:55:01 executing program 7: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20}, 0x1c) listen(r0, 0x1000008000) r1 = socket$inet_dccp(0x2, 0x6, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000280)='/dev/cuse\x00', 0x40000, 0x0) ioctl$SNDRV_TIMER_IOCTL_STOP(r2, 0x54a1) connect$inet(r1, &(0x7f0000000140)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x12}}, 0x10) r3 = accept4(r0, &(0x7f00000001c0)=@in={0x0, 0x0, @local}, &(0x7f0000000180)=0x80, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'team_slave_1\x00'}) setsockopt$inet6_mreq(r3, 0x29, 0x15, &(0x7f0000000240), 0x14) sendmmsg$unix(r3, &(0x7f0000006180), 0x1b3, 0x0) 10:55:01 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1, 0x2}}, 0x10) 10:55:01 executing program 1 (fault-call:1 fault-nth:11): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:01 executing program 0: perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) lseek(r0, 0x200000, 0x1) 10:55:01 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) writev(0xffffffffffffffff, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000001031900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) 10:55:01 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f76") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:55:01 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x0, &(0x7f0000000040), 0x0, r2}) dup3(r2, r1, 0x0) [ 117.808433] FAULT_INJECTION: forcing a failure. [ 117.808433] name failslab, interval 1, probability 0, space 0, times 0 [ 117.819725] CPU: 1 PID: 7972 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 117.828046] encrypted_key: insufficient parameters specified [ 117.828209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 117.843488] Call Trace: [ 117.846079] dump_stack+0x1c9/0x2b4 [ 117.849693] ? dump_stack_print_info.cold.2+0x52/0x52 [ 117.855019] ? perf_trace_lock+0xde/0x920 [ 117.859157] should_fail.cold.4+0xa/0x11 [ 117.863203] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 117.868900] ? kasan_check_write+0x14/0x20 [ 117.873115] ? __mutex_lock+0x6c4/0x1680 [ 117.877159] ? kernfs_activate+0x8e/0x2c0 [ 117.881292] ? mutex_trylock+0x2b0/0x2b0 [ 117.885349] ? kasan_check_write+0x14/0x20 [ 117.889565] ? __mutex_lock+0x6c4/0x1680 [ 117.893616] ? lock_acquire+0x1e4/0x540 [ 117.897582] ? fs_reclaim_acquire+0x20/0x20 [ 117.901885] ? lock_downgrade+0x8f0/0x8f0 [ 117.906024] ? check_same_owner+0x340/0x340 [ 117.910328] ? kernfs_add_one+0x2d4/0x4d0 [ 117.914457] ? rcu_note_context_switch+0x730/0x730 [ 117.919373] __should_failslab+0x124/0x180 [ 117.923593] should_failslab+0x9/0x14 [ 117.927905] kmem_cache_alloc+0x2af/0x760 [ 117.932042] ? wait_for_completion+0x8d0/0x8d0 [ 117.936609] ? kasan_check_read+0x11/0x20 [ 117.940739] ? do_raw_spin_unlock+0xa7/0x2f0 [ 117.945141] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 117.950143] __kernfs_new_node+0xef/0x5a0 [ 117.954275] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 117.959019] ? kasan_check_write+0x14/0x20 [ 117.963238] ? __kernfs_new_node+0x426/0x5a0 [ 117.967634] ? mutex_unlock+0xd/0x10 [ 117.971330] ? kernfs_activate+0x21a/0x2c0 [ 117.975549] kernfs_new_node+0x80/0xf0 [ 117.979422] __kernfs_create_file+0x4d/0x330 [ 117.983817] sysfs_add_file_mode_ns+0x21a/0x560 [ 117.988472] internal_create_group+0x26d/0x9e0 [ 117.993040] sysfs_create_group+0x1f/0x30 [ 117.997169] lo_ioctl+0x1307/0x1d70 [ 118.000781] ? lo_rw_aio_complete+0x450/0x450 [ 118.005261] blkdev_ioctl+0x9cd/0x2030 [ 118.009131] ? lock_acquire+0x1e4/0x540 [ 118.013086] ? blkpg_ioctl+0xc40/0xc40 [ 118.016958] ? lock_release+0xa30/0xa30 [ 118.020919] ? save_stack+0xa9/0xd0 [ 118.024529] ? save_stack+0x43/0xd0 [ 118.028139] ? __fget+0x4d5/0x740 [ 118.031575] ? ksys_dup3+0x690/0x690 [ 118.035272] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 118.039841] ? kasan_check_write+0x14/0x20 [ 118.044056] ? do_raw_spin_lock+0xc1/0x200 [ 118.048278] block_ioctl+0xee/0x130 [ 118.051903] ? blkdev_fallocate+0x400/0x400 [ 118.056207] do_vfs_ioctl+0x1de/0x1720 [ 118.060078] ? ioctl_preallocate+0x300/0x300 [ 118.064467] ? __fget_light+0x2f7/0x440 [ 118.068424] ? fget_raw+0x20/0x20 [ 118.071861] ? trace_hardirqs_on+0xd/0x10 [ 118.075993] ? kmem_cache_free+0x22e/0x2d0 [ 118.080212] ? putname+0xf7/0x130 [ 118.083651] ? do_sys_open+0x3cb/0x720 [ 118.087525] ? security_file_ioctl+0x94/0xc0 [ 118.091925] ksys_ioctl+0xa9/0xd0 [ 118.095369] __x64_sys_ioctl+0x73/0xb0 [ 118.099242] do_syscall_64+0x1b9/0x820 [ 118.103112] ? finish_task_switch+0x1d3/0x870 [ 118.107593] ? syscall_return_slowpath+0x5e0/0x5e0 [ 118.112504] ? syscall_return_slowpath+0x31d/0x5e0 [ 118.117415] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 118.122412] ? prepare_exit_to_usermode+0x291/0x3b0 [ 118.127410] ? perf_trace_sys_enter+0xb10/0xb10 [ 118.132064] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 118.136891] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 118.142060] RIP: 0033:0x455c97 10:55:01 executing program 0: perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) lseek(r0, 0x200000, 0x1) [ 118.145227] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d bb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 118.164429] RSP: 002b:00007f47d500fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 118.172120] RAX: ffffffffffffffda RBX: 0000000020000490 RCX: 0000000000455c97 [ 118.179369] RDX: 0000000000000015 RSI: 0000000000004c00 RDI: 0000000000000016 [ 118.186622] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 118.193872] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000015 [ 118.201131] R13: 0000000000000000 R14: 00000000004d3e80 R15: 000000000000000b 10:55:01 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1, 0x3f00000000000000}}, 0x10) 10:55:01 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f76") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:55:01 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000001031900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) [ 118.215779] EXT4-fs (sda1): journaled quota format not specified [ 118.249396] encrypted_key: insufficient parameters specified 10:55:01 executing program 1 (fault-call:1 fault-nth:12): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:01 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) lseek(r0, 0x200000, 0x1) 10:55:01 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f76") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:55:01 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1, 0x200000000000000}}, 0x10) 10:55:01 executing program 2: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000214fd4)={0xf, 0x4, 0x4, 0x8000000000009, 0x0, 0xffffffffffffffff, 0x0, [0x305f, 0xa]}, 0x2c) [ 118.387153] FAULT_INJECTION: forcing a failure. [ 118.387153] name failslab, interval 1, probability 0, space 0, times 0 [ 118.398423] CPU: 1 PID: 8008 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 118.407087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 118.416457] Call Trace: [ 118.419047] dump_stack+0x1c9/0x2b4 [ 118.422677] ? dump_stack_print_info.cold.2+0x52/0x52 [ 118.427854] ? rcu_note_context_switch+0x730/0x730 [ 118.432775] should_fail.cold.4+0xa/0x11 [ 118.436836] ? kasan_check_write+0x14/0x20 [ 118.441057] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 118.446141] ? kernfs_activate+0x8e/0x2c0 [ 118.450284] ? ___ratelimit.cold.2+0x6b/0x6b [ 118.454675] ? mutex_trylock+0x2b0/0x2b0 [ 118.458985] ? kasan_check_write+0x14/0x20 [ 118.463203] ? __radix_tree_replace+0x188/0x2f0 [ 118.467851] ? kernfs_add_one+0x4f/0x4d0 [ 118.471896] ? kernfs_activate+0x21a/0x2c0 [ 118.476114] ? lock_downgrade+0x8f0/0x8f0 [ 118.480245] ? lock_acquire+0x1e4/0x540 [ 118.484208] ? fs_reclaim_acquire+0x20/0x20 [ 118.488513] ? lock_downgrade+0x8f0/0x8f0 [ 118.492664] ? check_same_owner+0x340/0x340 [ 118.496983] ? kasan_check_write+0x14/0x20 [ 118.501384] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 118.506296] ? rcu_note_context_switch+0x730/0x730 [ 118.511223] __should_failslab+0x124/0x180 [ 118.515445] should_failslab+0x9/0x14 [ 118.519231] kmem_cache_alloc+0x2af/0x760 [ 118.523365] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 118.528280] ? kasan_check_write+0x14/0x20 [ 118.532499] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 118.537649] __kernfs_new_node+0xef/0x5a0 [ 118.541785] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 118.546526] ? mutex_unlock+0xd/0x10 [ 118.550225] ? kernfs_activate+0x21a/0x2c0 [ 118.554456] ? kernfs_walk_and_get_ns+0x340/0x340 [ 118.559285] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 118.564803] ? kernfs_link_sibling+0x1d2/0x3b0 [ 118.569367] kernfs_new_node+0x80/0xf0 [ 118.573238] __kernfs_create_file+0x4d/0x330 [ 118.577642] sysfs_add_file_mode_ns+0x21a/0x560 [ 118.582296] internal_create_group+0x26d/0x9e0 [ 118.586872] sysfs_create_group+0x1f/0x30 [ 118.591007] lo_ioctl+0x1307/0x1d70 [ 118.594629] ? lo_rw_aio_complete+0x450/0x450 [ 118.599108] blkdev_ioctl+0x9cd/0x2030 [ 118.602989] ? lock_acquire+0x1e4/0x540 [ 118.606946] ? blkpg_ioctl+0xc40/0xc40 [ 118.610823] ? lock_release+0xa30/0xa30 [ 118.614781] ? save_stack+0xa9/0xd0 [ 118.618388] ? save_stack+0x43/0xd0 [ 118.622007] ? __fget+0x4d5/0x740 [ 118.625444] ? ksys_dup3+0x690/0x690 [ 118.629138] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 118.633706] ? kasan_check_write+0x14/0x20 [ 118.637920] ? do_raw_spin_lock+0xc1/0x200 [ 118.642137] block_ioctl+0xee/0x130 [ 118.645748] ? blkdev_fallocate+0x400/0x400 [ 118.650049] do_vfs_ioctl+0x1de/0x1720 [ 118.653920] ? ioctl_preallocate+0x300/0x300 [ 118.658307] ? __fget_light+0x2f7/0x440 [ 118.662266] ? fget_raw+0x20/0x20 [ 118.665704] ? trace_hardirqs_on+0xd/0x10 [ 118.669832] ? kmem_cache_free+0x22e/0x2d0 [ 118.674048] ? putname+0xf7/0x130 [ 118.677484] ? do_sys_open+0x3cb/0x720 [ 118.681356] ? security_file_ioctl+0x94/0xc0 [ 118.685758] ksys_ioctl+0xa9/0xd0 [ 118.689204] __x64_sys_ioctl+0x73/0xb0 [ 118.693075] do_syscall_64+0x1b9/0x820 [ 118.696942] ? finish_task_switch+0x1d3/0x870 [ 118.701417] ? syscall_return_slowpath+0x5e0/0x5e0 [ 118.706325] ? syscall_return_slowpath+0x31d/0x5e0 [ 118.711242] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 118.716244] ? prepare_exit_to_usermode+0x291/0x3b0 [ 118.721244] ? perf_trace_sys_enter+0xb10/0xb10 [ 118.725896] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 118.730724] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 118.735910] RIP: 0033:0x455c97 [ 118.739074] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d bb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 118.758249] RSP: 002b:00007f47d500fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 118.765956] RAX: ffffffffffffffda RBX: 0000000020000490 RCX: 0000000000455c97 [ 118.773208] RDX: 0000000000000015 RSI: 0000000000004c00 RDI: 0000000000000016 [ 118.780457] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a 10:55:02 executing program 7: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20}, 0x1c) listen(r0, 0x1000008000) r1 = socket$inet_dccp(0x2, 0x6, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000280)='/dev/cuse\x00', 0x40000, 0x0) ioctl$SNDRV_TIMER_IOCTL_STOP(r2, 0x54a1) connect$inet(r1, &(0x7f0000000140)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x12}}, 0x10) r3 = accept4(r0, &(0x7f00000001c0)=@in={0x0, 0x0, @local}, &(0x7f0000000180)=0x80, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'team_slave_1\x00'}) setsockopt$inet6_mreq(r3, 0x29, 0x15, &(0x7f0000000240), 0x14) sendmmsg$unix(r3, &(0x7f0000006180), 0x1b3, 0x0) 10:55:02 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000001031900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) [ 118.787705] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000015 [ 118.794956] R13: 0000000000000000 R14: 00000000004d3e80 R15: 000000000000000c 10:55:02 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) lseek(r0, 0x200000, 0x1) 10:55:02 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1, 0x3f000000}}, 0x10) 10:55:02 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000001031900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) 10:55:02 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x3a) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000080)={@mcast2={0xff, 0x2, [], 0x1}, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}, 0x9c7a}) [ 118.832618] EXT4-fs (sda1): journaled quota format not specified 10:55:02 executing program 3: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x100000000000e000, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f0000000080)='./file0/file0\x00', 0x3fffa, 0x0) write$binfmt_script(r0, &(0x7f0000001800)=ANY=[@ANYBLOB='#'], 0x1) io_setup(0xbaa8, &(0x7f0000000000)=0x0) io_submit(r1, 0x1, &(0x7f00000017c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000180)="af", 0x1}]) 10:55:02 executing program 1 (fault-call:1 fault-nth:13): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:02 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f7620") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:55:02 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0_to_bridge\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000080)={r1, 0x1, 0x6, @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}}, 0x10) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000040)={r1, 0x1, 0x6, @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}}, 0x10) 10:55:02 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) lseek(r0, 0x200000, 0x1) 10:55:02 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x200000d0) 10:55:02 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000001031900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) 10:55:02 executing program 7: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000080)="130000004e001f0fff03f4f9002305002004f5", 0x13) [ 119.023537] device veth0_to_bridge entered promiscuous mode [ 119.046474] device veth0_to_bridge left promiscuous mode [ 119.062179] device veth0_to_bridge entered promiscuous mode [ 119.063833] FAULT_INJECTION: forcing a failure. [ 119.063833] name failslab, interval 1, probability 0, space 0, times 0 [ 119.070055] device veth0_to_bridge left promiscuous mode [ 119.079191] CPU: 1 PID: 8066 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 119.092933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 119.102284] Call Trace: [ 119.104882] dump_stack+0x1c9/0x2b4 [ 119.108517] ? dump_stack_print_info.cold.2+0x52/0x52 [ 119.113710] ? rcu_note_context_switch+0x730/0x730 [ 119.118653] should_fail.cold.4+0xa/0x11 10:55:02 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) lseek(r0, 0x200000, 0x1) 10:55:02 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f7620") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:55:02 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000001031900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) [ 119.122721] ? kasan_check_write+0x14/0x20 [ 119.124005] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 1041) [ 119.126958] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 119.126971] ? kernfs_activate+0x8e/0x2c0 [ 119.126992] ? ___ratelimit.cold.2+0x6b/0x6b [ 119.134433] FAT-fs (loop3): Filesystem has been set read-only [ 119.139502] ? mutex_trylock+0x2b0/0x2b0 [ 119.139517] ? kasan_check_write+0x14/0x20 [ 119.139529] ? __radix_tree_replace+0x188/0x2f0 [ 119.139539] ? kernfs_add_one+0x4f/0x4d0 [ 119.139551] ? kernfs_activate+0x21a/0x2c0 [ 119.139565] ? lock_downgrade+0x8f0/0x8f0 [ 119.139580] ? lock_acquire+0x1e4/0x540 [ 119.139593] ? fs_reclaim_acquire+0x20/0x20 [ 119.139610] ? lock_downgrade+0x8f0/0x8f0 [ 119.191679] ? check_same_owner+0x340/0x340 [ 119.196002] ? kasan_check_write+0x14/0x20 [ 119.200238] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 119.205173] ? rcu_note_context_switch+0x730/0x730 [ 119.210112] __should_failslab+0x124/0x180 [ 119.214348] should_failslab+0x9/0x14 [ 119.218139] kmem_cache_alloc+0x2af/0x760 [ 119.222275] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 119.227192] ? kasan_check_write+0x14/0x20 [ 119.231420] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 119.236421] __kernfs_new_node+0xef/0x5a0 [ 119.240559] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 119.245329] ? mutex_unlock+0xd/0x10 [ 119.249031] ? kernfs_activate+0x21a/0x2c0 [ 119.253250] ? kernfs_walk_and_get_ns+0x340/0x340 [ 119.258078] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 119.263600] ? kernfs_link_sibling+0x1d2/0x3b0 [ 119.268171] kernfs_new_node+0x80/0xf0 [ 119.272047] __kernfs_create_file+0x4d/0x330 [ 119.276441] sysfs_add_file_mode_ns+0x21a/0x560 [ 119.281099] internal_create_group+0x26d/0x9e0 [ 119.285670] sysfs_create_group+0x1f/0x30 [ 119.289806] lo_ioctl+0x1307/0x1d70 [ 119.293424] ? lo_rw_aio_complete+0x450/0x450 [ 119.297915] blkdev_ioctl+0x9cd/0x2030 [ 119.301787] ? lock_acquire+0x1e4/0x540 [ 119.305745] ? blkpg_ioctl+0xc40/0xc40 [ 119.309619] ? lock_release+0xa30/0xa30 [ 119.313584] ? save_stack+0xa9/0xd0 [ 119.317201] ? save_stack+0x43/0xd0 [ 119.320815] ? __fget+0x4d5/0x740 [ 119.324255] ? ksys_dup3+0x690/0x690 [ 119.327950] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 119.332517] ? kasan_check_write+0x14/0x20 [ 119.336735] ? do_raw_spin_lock+0xc1/0x200 [ 119.340963] block_ioctl+0xee/0x130 [ 119.344574] ? blkdev_fallocate+0x400/0x400 [ 119.348879] do_vfs_ioctl+0x1de/0x1720 [ 119.352769] ? ioctl_preallocate+0x300/0x300 [ 119.357162] ? __fget_light+0x2f7/0x440 [ 119.361122] ? fget_raw+0x20/0x20 [ 119.364562] ? trace_hardirqs_on+0xd/0x10 [ 119.368696] ? kmem_cache_free+0x22e/0x2d0 [ 119.372931] ? putname+0xf7/0x130 [ 119.376368] ? do_sys_open+0x3cb/0x720 [ 119.380242] ? security_file_ioctl+0x94/0xc0 [ 119.384640] ksys_ioctl+0xa9/0xd0 [ 119.388089] __x64_sys_ioctl+0x73/0xb0 [ 119.391963] do_syscall_64+0x1b9/0x820 [ 119.395836] ? finish_task_switch+0x1d3/0x870 [ 119.400327] ? syscall_return_slowpath+0x5e0/0x5e0 [ 119.405244] ? syscall_return_slowpath+0x31d/0x5e0 [ 119.410157] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 119.415161] ? prepare_exit_to_usermode+0x291/0x3b0 [ 119.420165] ? perf_trace_sys_enter+0xb10/0xb10 [ 119.424825] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 119.429659] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 119.434833] RIP: 0033:0x455c97 [ 119.438001] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d bb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 119.457288] RSP: 002b:00007f47d500fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 119.465001] RAX: ffffffffffffffda RBX: 0000000020000490 RCX: 0000000000455c97 10:55:03 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x7) 10:55:03 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f7620") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:55:03 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000001031900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) [ 119.472256] RDX: 0000000000000015 RSI: 0000000000004c00 RDI: 0000000000000016 [ 119.479507] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 119.486759] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000015 [ 119.494011] R13: 0000000000000000 R14: 00000000004d3e80 R15: 000000000000000d [ 119.510930] EXT4-fs (sda1): journaled quota format not specified 10:55:03 executing program 7: r0 = socket$kcm(0xa, 0x3, 0x11) recvmsg$kcm(r0, &(0x7f00000004c0)={&(0x7f0000000340)=@in6={0x0, 0x0, 0x0, @ipv4={[], [], @local}}, 0x80, &(0x7f0000000100)}, 0x40000001) 10:55:03 executing program 2: pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c}) write$P9_RREADDIR(r1, &(0x7f0000000480)={0xb, 0x29}, 0xb) [ 119.571189] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 1041) 10:55:03 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(r2, r2, 0x0) prlimit64(r1, 0x0, 0x0, 0x0) 10:55:03 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) lseek(r0, 0x200000, 0x1) 10:55:03 executing program 1 (fault-call:1 fault-nth:14): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:03 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:55:03 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000001031900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) 10:55:03 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x2af, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) r2 = syz_open_dev$sndpcmc(&(0x7f0000000100)='/dev/snd/pcmC#D#c\x00', 0x7, 0x100) ioctl$BLKBSZSET(r2, 0x40081271, &(0x7f0000000140)=0x9) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) [ 119.681089] FAULT_INJECTION: forcing a failure. [ 119.681089] name failslab, interval 1, probability 0, space 0, times 0 [ 119.692469] CPU: 0 PID: 8113 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 119.700783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 119.710133] Call Trace: [ 119.712721] dump_stack+0x1c9/0x2b4 [ 119.716340] ? dump_stack_print_info.cold.2+0x52/0x52 [ 119.721514] ? radix_tree_iter_tag_clear+0x97/0xd0 [ 119.726425] ? radix_tree_iter_replace+0x49/0x60 [ 119.731175] should_fail.cold.4+0xa/0x11 [ 119.735223] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 119.740833] ? kasan_check_write+0x14/0x20 [ 119.745057] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 119.749979] ? lock_downgrade+0x8f0/0x8f0 [ 119.754120] ? wait_for_completion+0x8d0/0x8d0 [ 119.758688] ? kasan_check_read+0x11/0x20 [ 119.762821] ? do_raw_spin_unlock+0xa7/0x2f0 [ 119.767218] ? kasan_check_write+0x14/0x20 [ 119.771439] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 119.776352] ? kasan_check_write+0x14/0x20 [ 119.780576] ? wait_for_completion+0x8d0/0x8d0 [ 119.785143] ? kasan_check_write+0x14/0x20 [ 119.789362] ? __kernfs_new_node+0x426/0x5a0 [ 119.793768] ? lock_acquire+0x1e4/0x540 [ 119.797726] ? fs_reclaim_acquire+0x20/0x20 [ 119.802034] ? lock_downgrade+0x8f0/0x8f0 [ 119.806170] ? kernfs_walk_and_get_ns+0x340/0x340 [ 119.811003] ? check_same_owner+0x340/0x340 [ 119.815313] ? rcu_note_context_switch+0x730/0x730 [ 119.820229] __should_failslab+0x124/0x180 [ 119.824466] should_failslab+0x9/0x14 [ 119.828253] kmem_cache_alloc_trace+0x2cb/0x780 [ 119.832908] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 119.838431] ? sysfs_add_file_mode_ns+0x22c/0x560 [ 119.843257] ? sysfs_add_file_mode_ns+0x23c/0x560 [ 119.848087] ? device_create_file+0x1e0/0x1e0 [ 119.852565] kobject_uevent_env+0x20f/0x1110 [ 119.856956] ? internal_create_group+0x39a/0x9e0 [ 119.861701] kobject_uevent+0x1f/0x30 [ 119.865485] lo_ioctl+0x1385/0x1d70 [ 119.869104] ? lo_rw_aio_complete+0x450/0x450 [ 119.873582] blkdev_ioctl+0x9cd/0x2030 [ 119.877456] ? lock_acquire+0x1e4/0x540 [ 119.881432] ? blkpg_ioctl+0xc40/0xc40 [ 119.885311] ? lock_release+0xa30/0xa30 [ 119.889274] ? save_stack+0xa9/0xd0 [ 119.892884] ? save_stack+0x43/0xd0 [ 119.896524] ? __fget+0x4d5/0x740 [ 119.899975] ? ksys_dup3+0x690/0x690 [ 119.903674] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 119.908242] ? kasan_check_write+0x14/0x20 [ 119.912475] ? do_raw_spin_lock+0xc1/0x200 [ 119.916697] block_ioctl+0xee/0x130 [ 119.920310] ? blkdev_fallocate+0x400/0x400 [ 119.924618] do_vfs_ioctl+0x1de/0x1720 [ 119.928506] ? ioctl_preallocate+0x300/0x300 [ 119.932899] ? __fget_light+0x2f7/0x440 [ 119.936860] ? fget_raw+0x20/0x20 [ 119.940301] ? trace_hardirqs_on+0xd/0x10 [ 119.944432] ? kmem_cache_free+0x22e/0x2d0 [ 119.948660] ? putname+0xf7/0x130 [ 119.952104] ? do_sys_open+0x3cb/0x720 [ 119.955983] ? security_file_ioctl+0x94/0xc0 [ 119.960377] ksys_ioctl+0xa9/0xd0 [ 119.963818] __x64_sys_ioctl+0x73/0xb0 [ 119.967694] do_syscall_64+0x1b9/0x820 [ 119.971565] ? finish_task_switch+0x1d3/0x870 [ 119.976055] ? syscall_return_slowpath+0x5e0/0x5e0 [ 119.980973] ? syscall_return_slowpath+0x31d/0x5e0 [ 119.985889] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 119.990892] ? prepare_exit_to_usermode+0x291/0x3b0 [ 119.995892] ? perf_trace_sys_enter+0xb10/0xb10 [ 120.000556] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 120.005405] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 120.010587] RIP: 0033:0x455c97 10:55:03 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000005c0)="82780000260f017731f3d87e0b0f20e06635000020000f22e066b9800000c00f326635002000000f30640f02d766b8008000000f23d80f21f86635400000f00f23f8db13b85f078ee82e0f01cf", 0x4d}], 0x1, 0x0, &(0x7f0000000140), 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [0x4b564d02, 0x1]}) [ 120.013757] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d bb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 120.033039] RSP: 002b:00007f47d500fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 120.040735] RAX: ffffffffffffffda RBX: 0000000020000490 RCX: 0000000000455c97 [ 120.047990] RDX: 0000000000000015 RSI: 0000000000004c00 RDI: 0000000000000016 [ 120.055245] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 120.062500] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000015 [ 120.069755] R13: 0000000000000000 R14: 00000000004d3e80 R15: 000000000000000e [ 120.079841] EXT4-fs (sda1): journaled quota format not specified 10:55:03 executing program 1 (fault-call:1 fault-nth:15): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:03 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) lseek(r0, 0x200000, 0x1) 10:55:03 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000001031900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) 10:55:03 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) r2 = syz_open_dev$vcsa(&(0x7f0000000100)='/dev/vcsa#\x00', 0x8567, 0x10000) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r2, 0xc0505405, &(0x7f0000000140)={{0xffffffffffffffff, 0x2, 0x6, 0x1, 0x2}, 0xffffffff, 0x6, 0xfffffffffffffff8}) 10:55:03 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:55:03 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000040)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000005c0)=[{{&(0x7f0000000480)=@pppoe={0x0, 0x0, {0x0, @random}}, 0x80, &(0x7f0000000240)=[{&(0x7f0000002680)=""/4096, 0x1000}, {&(0x7f0000000900)=""/236, 0xec}], 0x2, &(0x7f0000000300)=""/109, 0x6d}}, {{0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000200)=""/40, 0x28}}], 0x2, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000540)=[{{&(0x7f0000000180)=@hci, 0x80, &(0x7f0000000b00)=[{&(0x7f0000005800)=""/4096, 0x1000}, {&(0x7f0000000dc0)=""/208, 0x2ae}, {&(0x7f0000000ec0)=""/219, 0xdb}], 0x3, &(0x7f0000000000)=""/41, 0x29}}, {{&(0x7f0000002600)=@in={0x0, 0x0, @remote}, 0x80, &(0x7f0000005d40), 0x0, &(0x7f0000000380)=""/205, 0xcd}}], 0x2, 0x0, &(0x7f0000000080)={0x77359400}) 10:55:03 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000001031900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) [ 120.245467] FAULT_INJECTION: forcing a failure. [ 120.245467] name failslab, interval 1, probability 0, space 0, times 0 [ 120.256907] CPU: 1 PID: 8145 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 120.265217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 120.274570] Call Trace: [ 120.277159] dump_stack+0x1c9/0x2b4 [ 120.280797] ? dump_stack_print_info.cold.2+0x52/0x52 [ 120.285992] ? zap_class+0x740/0x740 [ 120.289713] ? perf_trace_lock+0xde/0x920 10:55:03 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) [ 120.293866] should_fail.cold.4+0xa/0x11 [ 120.297934] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 120.303562] ? kernfs_activate+0x8e/0x2c0 [ 120.307761] ? ___ratelimit.cold.2+0x6b/0x6b [ 120.312220] ? kasan_check_write+0x14/0x20 [ 120.316462] ? kernfs_activate+0x21a/0x2c0 [ 120.320703] ? lock_downgrade+0x8f0/0x8f0 [ 120.324855] ? lock_acquire+0x1e4/0x540 [ 120.328832] ? fs_reclaim_acquire+0x20/0x20 [ 120.333159] ? lock_downgrade+0x8f0/0x8f0 [ 120.337316] ? check_same_owner+0x340/0x340 [ 120.341641] ? kasan_check_write+0x14/0x20 [ 120.345881] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 120.350813] ? rcu_note_context_switch+0x730/0x730 [ 120.355750] __should_failslab+0x124/0x180 [ 120.359992] should_failslab+0x9/0x14 [ 120.363798] kmem_cache_alloc+0x2af/0x760 [ 120.367953] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 120.372889] ? kasan_check_write+0x14/0x20 [ 120.377138] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 120.382154] __kernfs_new_node+0xef/0x5a0 [ 120.386308] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 120.391072] ? mutex_unlock+0xd/0x10 [ 120.394791] ? kernfs_activate+0x21a/0x2c0 [ 120.399031] ? kernfs_walk_and_get_ns+0x340/0x340 [ 120.403879] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 120.409425] ? kernfs_link_sibling+0x1d2/0x3b0 [ 120.414014] kernfs_new_node+0x80/0xf0 [ 120.417906] __kernfs_create_file+0x4d/0x330 [ 120.422325] sysfs_add_file_mode_ns+0x21a/0x560 [ 120.426995] internal_create_group+0x26d/0x9e0 [ 120.431574] sysfs_create_group+0x1f/0x30 [ 120.435721] lo_ioctl+0x1307/0x1d70 [ 120.439330] ? lo_rw_aio_complete+0x450/0x450 10:55:04 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000280)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote={0xfe, 0x80, [], 0xbb}}, 0x14) 10:55:04 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup(r0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0505510, &(0x7f0000000280)={0x0, 0x1, 0x0, 0x0, &(0x7f0000000900)=[{}]}) 10:55:04 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) r2 = accept4(0xffffffffffffff9c, &(0x7f0000000100)=@nfc_llcp, &(0x7f0000000180)=0x80, 0x80000) r3 = accept$unix(0xffffffffffffff9c, 0x0, &(0x7f0000000240)) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000000280)={r3}) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) 10:55:04 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x0, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) [ 120.443804] blkdev_ioctl+0x9cd/0x2030 [ 120.447674] ? lock_acquire+0x1e4/0x540 [ 120.451662] ? blkpg_ioctl+0xc40/0xc40 [ 120.455553] ? lock_release+0xa30/0xa30 [ 120.459520] ? save_stack+0xa9/0xd0 [ 120.463140] ? save_stack+0x43/0xd0 [ 120.466766] ? __fget+0x4d5/0x740 [ 120.470219] ? ksys_dup3+0x690/0x690 [ 120.473934] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 120.478518] ? kasan_check_write+0x14/0x20 [ 120.482755] ? do_raw_spin_lock+0xc1/0x200 [ 120.486994] block_ioctl+0xee/0x130 [ 120.490623] ? blkdev_fallocate+0x400/0x400 10:55:04 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x0, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) [ 120.494945] do_vfs_ioctl+0x1de/0x1720 [ 120.498840] ? ioctl_preallocate+0x300/0x300 [ 120.503255] ? __fget_light+0x2f7/0x440 [ 120.507229] ? fget_raw+0x20/0x20 [ 120.510682] ? trace_hardirqs_on+0xd/0x10 [ 120.514833] ? kmem_cache_free+0x22e/0x2d0 [ 120.519067] ? putname+0xf7/0x130 [ 120.522520] ? do_sys_open+0x3cb/0x720 [ 120.526408] ? security_file_ioctl+0x94/0xc0 [ 120.530817] ksys_ioctl+0xa9/0xd0 [ 120.534272] __x64_sys_ioctl+0x73/0xb0 [ 120.538164] do_syscall_64+0x1b9/0x820 [ 120.542053] ? syscall_slow_exit_work+0x500/0x500 10:55:04 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x0, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(r2) 10:55:04 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x40, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000001480)={0x0, 0x5d, "788e8905b07b09eee95c96be7230eb0955f867bd017b5d89db0941df4a6ab7838af3acbaeb13dc75b0e99348f12a15f24033fa6404048b0e61e72a155c6553d77d2459d2700a36428749074b8cda3d0a4e3c8c7422a0588a739a303178"}, &(0x7f0000001500)=0x65) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffff9c, 0x84, 0x13, &(0x7f0000001680)={0x0, 0x9}, &(0x7f00000016c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffff9c, 0x84, 0x1a, &(0x7f0000001700)={0x0, 0x9b, "a524cf0304aed3905e300c1dd975b5f9f3396799882dcb90c3d3f571fafb619d40afb4fc62db587d636151488d0efcfe94f21c77993dd981884c25847cf09e9154c2d53ea6c76c7854974c6fea8f605df9ac1ae0413ea29aa75af142ebb4c5fd13085ad29383d04c92addf4cc147c4503eafb08393564a6e4cf6771c010062b905ad6032fccb67cd80c5855e3cdca8b5507cb26e327968cda45c23"}, &(0x7f00000017c0)=0xa3) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000001a00)={0x0, @in={{0x2, 0x4e22, @broadcast=0xffffffff}}, 0x4, 0x5f, 0x1, 0x80000001, 0x86}, &(0x7f0000001ac0)=0x98) getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000001b00)={0x0, 0xfffffffffffffeff, 0x3, 0x2, 0xdeac, 0x7, 0x3, 0x6, {0x0, @in6={{0xa, 0x4e24, 0x80000000, @dev={0xfe, 0x80, [], 0x15}, 0x5}}, 0x5, 0xbe86, 0xfffffffffffff800, 0x6, 0xffff000000000000}}, &(0x7f0000001bc0)=0xb0) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000001c00)={0x0, @in6={{0xa, 0x4e21, 0x17, @mcast2={0xff, 0x2, [], 0x1}, 0x7ff}}, 0x908, 0xffffffff}, &(0x7f0000001cc0)=0x90) sendmmsg$inet_sctp(r2, &(0x7f0000004080)=[{&(0x7f0000000180)=@in6={0xa, 0x4e22, 0x7676a5cc, @mcast2={0xff, 0x2, [], 0x1}, 0x1}, 0x1c, &(0x7f0000001440)=[{&(0x7f0000000240)="36758d9ddc7b66876c82c940d3853c958a5bfba22ff2c480e3eef4ea538b10784d8ed9d703080757d4ad832669edcb1443f273b86ba7c2a4a7c35beb9a551d096c4c1cd96edca2ca3d87d36b2b36", 0x4e}, {&(0x7f00000002c0)="8831247e8033453fd7c7c0aa1b731e5ed0d0e29d677d593f376647688e25d2ed74df9dd7ace61bbc0df09ab2aea5ac6286deeee0cb5f5bb70d96faff596a919299a110c9e575051a8f9b2489fee6d75182bd6a4c7334bc8e9d2587bebd3043793c7b6121ca75d63d5c3c373da7bf60e6f8e96948338783b39765e29fbc4bd34478276203dfee20e5e482e0d6c7ef120902713a00fca08295d3b0e920838729fa1cce009fad1b66fd60ce04ebee992cea6c430dbc8394a55ffc76ee0791cf057522910e602b3aa25e026c9a3f8ae23182d1c074d8f615c63050feba2926", 0xdd}, {&(0x7f00000003c0)="e28a810963efee47ba324638084a4fd299f2f5647868f57482d1b13631d3b279c68c4f16c4e33376ec9ded64e467b8acd2f3cbb86f1da1eb4dc343ab33fb33c2db4d89531eeb2755a5c06a483c0f7dfe78bf93b7c3c3a31279445d49b950446467235018712ce51628974f5b42e28ec427147bb03c325b66fc8ec7718b4bc4f75ee64b9ae37288a766dd807404138d6fe7033cba621a12a3ecb2cb4fde90bc16958903958387603f7dca4cb8f9d7d204feb20876fdf0a1c80be8a27a967b89b13ffbd8429c2d50768f77f82e4f0e0f7978200b5cc602f4c49d758fbea504be3ac48ff3b68e967dfd1bb6b46fd94bca96840e80b0c1c2e5127fb075592dddd630fa00e558f0a42e2650d2d661de24ae8ac65f7078e2d22dbc2b7275b33bcb304e8680a108e8afb65cc8f28cb292f29701af3c19edf23f49bae36f662e376aa34e362def6ee862e222ce3bb72dffbe0bab106926615626f27e2a524390b22adb91416a324c236b8647ba3ca049e30e6d4ed1b33f29874dceaf54b06bbb8778736c4c5839f93170779b3dc34e718dff6923c82ec8e90161ccc7dfcc25e8032ae57be3c6a014674936cfb1dc4c7dfe843d1e9d7377e461e3e3184d13c54b116469659da0c3d25b73f6bc57a60c2c787c53da34fd6524b6d1e9df13b4feb7eb805288b5f4812c263cd93220d9accc666465a532aef93bea151a30958098532c241e0f0fab71848fb0e3caf601904b211df0df336c3be6559026c3fa00bcf6e5664ea9a6955f0f26fd392b1cf97661a2d4f71bbbc98d5e8b7d5416593ee0934362f70c24404a7a192ce1a8bc4f09a6b81a9b251ff7a2c764fd281272cdf6e1542ceeee3692728a51456eadb1708b4cdb01fd748337cfabb418e008196c72d11c968833da21ca030cbac4bb4d411450223f25465f1811a817d35bc55f816f826cc0c244705282e7d428b67188491561f880285e3a777e64d70a5caf130f2606ce42e9a541ed8ce91047f90cb09d6f072da028907919510005b7d9f24a1e1798773d74b1c07f9749963f7950bc942903ca78ef398cf2aee44739e0c5e4ec298b5d227bfb2e36437cc24a5597fae138922bff291cc218216f753078eeb3997b27c7abce30da0baed813a507b53bf22e0b04f4dfc7c9b2f126121bc1d6a0abb81c66600fbbabae7f1bf5097b70cc0dadbadf0ef97c1ba4f00c3dfe3f605831a937848f4a96260450926b922479e4482ed50602b6b44ea60b555c7e01991f2724c6170b5083f4253fb85b6a75a8faa51f05c4b398376ff40ebc425574a72ab3704cbac68d5b734f86fa0af9f52a0116af6e40786cd3ae97b3d90dc6a7e0c3ccdac88cd3126ac86dc3a2cf5d5217ebb3580a153b90ba5981161437def64dbc1b59f680a10c75e9b21382707d5217b59990a497e1613de0896998aa6307581de27c2c2daff4d2002d06152e7d0892a1316927109a40196fa51aa55fa663a3abbf2c4af69464c6bd85ea7de36bedd094bfc5f4a31a86032d403065aafd841b6a39a9198b567d95bb4bde1863eb4de2b04d781e81cc054169a4e96a300f3910f16561d9dffd1e09278d2980bc20c83662e97cca55746e7d0262eaa52392561e79a03f133b54ab5d49aeb5315295aa1e939689c79b0e270c4c8283cb35af80cee6db396268bcbfbc78ba6f27e924fd31f7335a286656ecac531616ebf8330c68f7f7f8039b2f67a2652122041e7c7359514f18b5c9894896a1981878baaf656c835e8575a09d6f6adc238523cefc99448fd06c7c36a5e86c8dfb5b2a56cc42b199251bfd645a26d19062703dc161d48fa2334474ad560d2e4a7e91de208a2d1ca1c837386af93f8206fb8f2aec59b213411ac75aea1e25dedf0e86f035bd5d37eeac573d3118cb4783c589c7a4244e41af943d74927a9009886a30265143b032ced9d9d640fcc73478ad20acb586a734f129f78cd8081ae02149fd9eb0340f7cd0dd10437624a54989b13bfe4a2a489110a8ab43081a1c750f3ad4c74d146c4bca4bb2ef27aac9d2bacc9d79d4b0204ddc949519716138db6069c6ac2528845663a06bdeb8b0ec13b1a3a8827e1cacf0b126ccfe0651e3b54971767e832015938075152fc11a0c3dbbe15073e330576011a2644a2838d4df5febdfc77843a4c3f7ff1c2742c4015bbb14f565244cf643c849945c75d02dd569443b7e046941985b7cfbd048bfc0d69b0e21603b72a219d0fad24c73fab498031d10c709e3a76f2f9a1148fcf7940e91f291f66d88d413d17f50ef1f9255acd0ec5e342aab7d6b232bc06b23864d90368f7f5fa35ad552633801e970811636d992538052182952f41e74ed213dcfd8660cc7e0099e04a33b96d1b45efc27d289b917e5fbcf46b2cbbac1369a85b0d7c1ee5238b39bf71c99426a33bc2dec3376a436ce880ec011b23d6d75168f6a60688ae982cdee5fe63fe06bc053262eef759b48cc14d43a2690f0390852b2af2d63fea3c9142e3fa829093db13de82658bf3fad852364fe3e3b4b05cd07e8f44d99ce12c9ec76759bf75128837d2f715471d2ffee9930b4ee3bc04d2f8bdc7392f68b495afa78c293e77332c5599055626eb486dc0fa1de2577566f73e9e36590bb8840dec3a32737409c1748ede4632109ec1de7c3b03a6e39ed7cb5494564e60e412a2095fe3b1f9e67a06ec131b5970fc76d9fead076771a9a706be3b0031d3269bd3fda052c6a6dbc795f0b461baee6ecfcfd9d67d5f34f93d303cc2a43aa971380bc0a4a10f546082e54b12a8e3841f214a47b63cdc6f67218ab30836164e09751eb552f42b23ba9ca467d31708caa65289ab7dc6a2fc44f24e1e4f870b7a0b09a93f75c664bce3c3341236e27be6738c6f0de807909f4dcf9655b06bbe1245db8823643b1dad2d165772f3fc355b65f7b38f270ccd83c6230e0346a4222f71a547d0a4521651408be53816f92bc046d0acc7a0f0c4309fda2f4df65ce1144bf286a0c6701f0c8dca098abbec2c47b9b50b92267661f365dc3590cef401f35ff524233baf303b7cd49f285761ace2a49bf2e89d797969c9938e92d820850a53027a9128ce94671ede7e4669749073a4230c72381755c057f047656a055aca178e36a85727ba772a082f29622d61496f648aa6887b53420077452dbfebac4c8c151b8fe51b530fff85b892c46ba3bf73318a3037f8237d1af96ec834c09d69872453238bb80a6c6950382dd0bcbf970b89696623d0f31059073cec7d346e9acba707a8bd59d124b5e0fb592483931865b2c4190f755631840467c079aa02ce0a0e2482751570bb9a72383076259b8be40e76952456cb2554e101105309cf5bba7361ffbb9b8354d46aedfdd06bd8e50f1444cce0aa53c3cceaaa780a00b5c938e643d2f97035e715fe041897d44b2f235edeb73e8a82fc305fcd5cff909115973a4baa74c6b7e09cf5e917a83e577052c0c374af1b2619ce160d0c7cb2805907b21f46a4bb9b5f81cc7f25abac15f98bf5fa61abfe0b494ef55cc38fa08e455c016dea9a3a7549cc17635839095ca8b35613b8974c9d0cb6f633e393063eca5b473f2a930eaeff34a0ea2329efbf0c2956fe39a0eafd0399999d0ac21b6620df174a0e07332563a33e424f8550c88dbc05eecdd589c938564094039f4ac1ac9d7468270d3a9900de286c4ad77264a91093a992592811c5bdd89077b771afa6858d3dfc6b8903aee899033802def042e829715a074c3ac1247ab0ae698e8e2ec08747b8f80e5780ea145d9e744f6c2bc0ec756aefb6f3fc1a13f14abcba03bcd46b2f831944dbc3782587e4461b50d7e64401fc9b390747cabc33ef6489429362d96199f4be17a3e3d790c8f8a90a4a0e134435cd16aef12bc76d4e19bdaf75eeb0193600ec29881dee1db4253c8322e15ef9fb5403944eed4aaa3b88ce03bfbb3de74c773bb3bbdb254cad682389e2fd67b96741e8cef6ef7c06542884b9d68a600f45515b52270bc8c2ff383354c58559bdc2796a7535eae85bf22b319d44a2c785d3e93899b8be0ee3686f330a34de17b4a01f30a7a3fa4cf0911b74dbfbcd73b7255a53947b25f60661346718bb3feee361cd6e996ca61575706c7169bbe9efc23ea3d870f0b21fd3e5220ca6e3d18490472e4e4fdb8551d4c738770d7629e57eea8050729e7e524477705835f7bb5b0043d9d46a30b47945eafe15770b4b5833bd982e8ddba2a8ba045b4d6e41b7b79652345881e49e8e5faad9ae62332051e64da5f2fdb4ff3fdff52254dcc2c4bd7757c093d869d7eb3b0d44c6422a6d2cf96ec20be43134d6524279d03e66807eb296579d4581c1d831c95fe88c91a50cae6e12dd4850c36e91b1f04e7e45cc84c1ab436c94a11c588c52afb678a0d6f33447fcfea4315d4e4094fb87da50aab6701d10763540bef1f2767eae0d658c1d4247bebe2fec54e4601a80da710552bbad681047572e14b2f0c87c9a97e7c279fcfa94f2c23c9ae8550ac134ff15c1d8bd97c87d00c7315623632fe3a9446849abad81c75f1e03e19cbc49ad201e09c377c812922620670eca0be9100ecb74f9476bcced8352c9b7b158b9ee585f24cca23af9c2efb24653472392d97c2ed8ff609e508bd97bf8fc2cc3ea35da231fa5ccc604a9ff17d8f07a9cbf2611b12df44090acac67509f6fcf8118a5ae386e6f199497c953aefd78c5c6dbbc73a13ff208b7446f41395952912a726a228ab4f9426b74c1de642820acbb6fafb45cf5e5cad2977ce4b28f2a1cb18f32e969ffd0ee985b913d917bf789c9630f47858e91f2e758d4221075fb9f6aaa08910acd457484308db51f585b38989f3aa10b655200feb3627e62f6d7b228fbd1602d41803c76551a38bd24f6ea703c6e8991dd57ac96d05225ced614be92a63a28875c1cf9cade397b495af482a83115a8fd91c0f8d22ba70d4c266d700e62f1cb3eba685b04ca664a29684f382dca139a324ef6fb56137ab3a1d21a38692049cd5db379468eec90675ecdddc3654af7abf4189e904d2677386d6a1d67fae4e51ddd0c3e481a7506dd1bd9d54abd968fa0f980a21ca1b32594f657a78d11043a0e2b58d6544d0fd643dfc7a90d6ad8e4ad52ecab36f85e7276cda3f825cf104c62891a6d4d8b666fd6cc9dba275187c15d4696f93fb0a44fc27267de49f3a9a165c80441284a849e55e3e8a7c4ff43269a46176ba3976178de787dfa1d38d71d707d80370d446b58138acb832a51ef7482471085d83965094b860b659be60816cf24585d74cd0d0592d4c0d89b3d40a39fa4a4ae64a8790e15c03dcb1f0382a22afbb93f29091982d511ff1735fc990ae99da8a752f0079ca2e511bd4a0952b9396c0afc9eb3c32431e4f7f57d685cd98e25976f26c8463bbe6b405a8a0d026b15a5c78056a2ef4ca7af7c3429410af3a092c643aa14f7f869a6d38b2df4abeeeed5b632ed0664a2d7eb499edb1ffa8068e72ab974a4d8e9424ccbe47ce7a0a307cd08a9613b925d8a4fbe2e84d4e5320d908d5b0dea27cdc0662c6d4b4ff72609cba5a08dd779f7febfeb3d9515b01d42a5ca1cf86cb9c5d7bf4689c2376975b15f3f59d718693fecf6a91ab57cd89b6a66634b1994b1400a92a4d844b994d8de82180f1e23ca929ac78d853efee54fac4db64b44cd913f2618d050334535d1ae6cfa1922a5262e2d7e2b6653be3e33bd905dba3dec7b87e5cbf9a14021ce09283b1de51da80a3059c7ebfc3d8667dc5b16b3b7936f15f8e30809b68813a27560ea42912a04f1b185196fc302cb22ab58a", 0x1000}, {&(0x7f00000013c0)="0527259ec98ce0cec329c42d6225afb2158647b3211c1e60ba8f81846213dccb198f0812844a9f582080b59b7de2c50614851453048001a8f59c7df5c97205b98f697b2dabaf46d261979ca030f09cec57572e0f4e99a4b671ad1dfa81f9a7db25230fd1eee4667684ea95", 0x6b}], 0x4, &(0x7f0000001540)=ANY=[@ANYBLOB="300000f21114babc6eec7c0001000000b80000000000000001feffff01000080f60000000000000000000000", @ANYRES32=r3, @ANYBLOB="18000000000000008400000005000000000000000900000020000000000000008400000008000000fe8000000000000000000000000000aa180000000000000084000000050000002000000000800000180000000000000084000000000000000200030000000300180000000000000084000000060000000900000000000000"], 0xb0}, {&(0x7f0000001600)=@in6={0xa, 0x4e22, 0xff, @empty, 0x6}, 0x1c, &(0x7f0000001640), 0x0, &(0x7f0000001800)=[@sndinfo={0x20, 0x84, 0x2, {0x3, 0x0, 0x3ff, 0x3, r4}}, @dstaddrv4={0x18, 0x84, 0x7}, @dstaddrv4={0x18, 0x84, 0x7, @multicast2=0xe0000002}, @dstaddrv4={0x18, 0x84, 0x7, @loopback=0x7f000001}, @sndrcv={0x30, 0x84, 0x1, {0x4, 0xfffffffffffffffd, 0x200, 0xcb00000000000000, 0x4, 0x7fff, 0x431, 0x1, r5}}, @init={0x18, 0x84, 0x0, {0x400, 0xafff, 0xfffffffffffffffc, 0x9}}], 0xb0, 0x2400c000}, {&(0x7f00000018c0)=@in6={0xa, 0x4e21, 0x3f, @loopback={0x0, 0x1}, 0xa47}, 0x1c, &(0x7f00000019c0)=[{&(0x7f0000001900)="d3de20107e505e4ad52087329a56500ed9d1af1d5441f7a4e0374bf4e099ce1c8fd6dd206d09a6755547bf3275f59a01079fbd9121f3b87783a2c58a8a8b4688ee43cf75e8e9ce0379f9e5d34e2febd8d1df8bfe4db29dd51e540f9d19bfa0eaff37ec2facaf8c55f50e467f5d77e93b360688a37fa4db007817d762a4ec32b635517229cfa13a5947251fcf2a97243539a6609c23b87b1ef4f6a5477dbfdd", 0x9f}], 0x1, &(0x7f0000001d00)=[@dstaddrv6={0x20, 0x84, 0x8, @dev={0xfe, 0x80, [], 0x19}}, @sndrcv={0x30, 0x84, 0x1, {0x0, 0x7f, 0x8, 0x1ff, 0x0, 0x80000001, 0x8, 0x9, r6}}, @init={0x18, 0x84, 0x0, {0x6, 0x800, 0x7, 0x3}}, @sndinfo={0x20, 0x84, 0x2, {0x10001, 0x9, 0x1ff, 0xfffffffffffffffc, r7}}, @sndinfo={0x20, 0x84, 0x2, {0x2, 0x8208, 0x2, 0x6, r8}}, @authinfo={0x18, 0x84, 0x6, {0x2}}, @prinfo={0x18, 0x84, 0x5, {0x30, 0xea4e}}, @dstaddrv4={0x18, 0x84, 0x7, @dev={0xac, 0x14, 0x14, 0x1c}}, @init={0x18, 0x84, 0x0, {0x3f, 0x653, 0x8, 0x3f}}], 0x108, 0x40}, {&(0x7f0000001e40)=@in6={0xa, 0x4e22, 0x5, @dev={0xfe, 0x80, [], 0x21}, 0x3f}, 0x1c, &(0x7f0000004040)=[{&(0x7f0000001e80)="7f64be66507b0889d4612d7faae08e2d3d087624ce3208d23348fe42cb6a17f42e1aa3e4670429a7b24d2c915eaa2b680efabedaac90cb7547114243160a3307098f3f5b66fc68f146b104102264903f02edc50c5f8bfcefd80cbcd64fc738498710b99e4687782fdf245a3a988b04eff3a9f4146788229cf1308dc7b6e62e6ad1cb8f2f51149c6321f0a2333f9c15440d714028cd77471b93e627eb599f73d6778ef4dd23251d60dd518ec14873c5542e7d65b206367f4135a1c0a4d1ef5ca59359de4b1abc654b69ccfea26508ff334353601b9a0ea058ac8497a40918628197aacb4fcf94d54e26abbde7aeeea835a429fbc2a1373ef2f26770010b3d705c4aea8ac6dc61ad42f705648fff90f963b971000c76a157a64d40009266585f80ae9ceeb390d8ee24add5745834add577c0541b73abb9eb53ecd47acb7936b3fd4bcceb80c5cd916449e411438756574f6a470c33f2b91f9d7f1c5f8a8fe544c45b2eea2ff9a5d82dad4cb76245cd909e4e79efcecc4f66e73c6004b407b6c4de269bbb2e8ecef6612f17f25604190f875e3851f2c925cb778a11a5fd1d0949bb4ae75bd68bba48b41ad915fb6b2ba3e1ca8c4bf00fcb16feeba20131f735ed74636e96bee8ca56d142ff0af33665a3d3252590344794de1d016d60eb2b5420622decc260797a6c81f6f45e933dde16d99d1229043a793cd46bbe248f72aad5007b87069b1ead333a52fb14a8e292dcd2954e86874ecb4349b563c5e33a352871b692a34a090a868a8f7ff8966f6906ded4e70082502ede76a856f8673884cb1b7f41cb98f5e03d4ce6fd9a038d62791492e58cfe1466a568f80df9ca0b5c86d6b329ad5daefa42f3ffac9c0a6b1d1382cdd253b86202770b75ab8f83cd5cc1beb9f25e57d2f6f7183568f2635f321ed3d9e57568be5a443d72715a0960372118179e93b7ee311612298e22c861ae494ca80ff3ba6288aa21c0d6af65c3a4752bf1832b927888fbf52345dd99bdfb25e11e5782fd470b664702d0c6c1d965d0749eb554e148e4f7000ea3a19f8841992ed46d148fd8c19600681ddfb833b1b48e6792ef4d2a57d91925fa806d0237fe037de03a0dd19eef68db12a0e6983e38702c749aa143b416ac16b3062aeb39696bc517ae3d59a963320f272301afd1ea9e889f37d017257d0421653ea756e1b970457b036dd034d230b357ffa540fdbec4fe1cab695fc1a89c6e5d9df95b04bf4048b33524ff06a18f34ff3e0362ca9dc11ebc85e391512725e1ea04c330a2d38113d5660911be49e3ecb0336c99122f6aa0c4653b364fbe8d2284b5e25fb7868c5f23d186700dcf962f8819b1aea672a57a933eed603ab5586e7838f4325442c4a4e151f7e1de70375628fae54f82d94c7cda8511cc3d6c955ff526cbdbe9ec2fadefa71d07135c8212b3a1bfa9d1fce3153044a04a2075b0d97d194ae3d7927f1ab283ff194056c5bc262b78a2f0ac6272139f22d728703267e605d64b3b115e95bda8e23522d1171a769e327f0c9c9658877727b8c62b59276dbb61e0c5ab88b0b2a3724954fae9c346f5b0512be135f74b16221b036e242bc8ffe1371cd0541285a3fa34a30b5dff3340d72e837675d3ebfe3f2e8691300e2d96ae6c69a871a91f3fd5126fc7d07bd9523c48fcbe53c2de6d5ce94f0a30e186b3c0ce1326c14f2cc37aa1dbb8b79b1c4fc03ee68d3ab50d818080b301cf42cb9284cfc2284077cd4ba1f0d7462b04fdfb0551f413fcb6023924eed8f7a6a0498b5a176d55b231f242446b107bdf07b9fe8702fd0103ce40a7964f1e268611357c026df31da5f309eba628f542358789e2ddee590284024645fb871536790a9ac0e973c8d1cab9f411e62d3d7073022ea7df3b1cafb013ea9ff1c72d23e0bbbc162673183a71046c174fe84ec693770625ee129554121aa0ffcdc9236e20e344b4f8e8502f5f153158e8c10a6c4a36cbae971f708dfcc8ad26e7ae4a502211065e2c1197ef3b8c812857e891b8a058322e457f57073111e1ef56fb9074e935ba80a81d016c03cec64c3e90bc7fbe87e02cf4be8dd725defb96223c4a7726143815aac5fd26d6edeb318086214235cf81cef54f6c8447fcfdb1dcf218fc271608c12ba8247626d11c0c4ae237bbe456d3b5246d47d8f577972d7994299e9d64bc9c5e3e898961279fc717a31fb4550e2be62aa8e098983832f64be1de4db0adc07e1531311da665543e26daf84c8ca1057f0f6b4d144ea43f06de239ad3cf6829f983c8284c5ca0bb08a70524af35945c7bc0f870fc50a1480c61705effa010915009c6a5146fc59d9f190e20e82b460fbc57e995b2a172b4543010313cd4303ca2fad231ce22b9718f5b0a80626a99af38dd39ad2e47c304a8e01d13ebe00d13930f0b2adfb8e3b45338abf579382f2b6ad2d4ff36644fe4e96742ffe0aa8786c163118ee1eaaa82f5cac548a8775a550f442e3c73f9c1ec2a600617525163652f3b5ef7de2e673cd3c34cb9e8780068440928667739053f78f59aed689d6b0a948438940927223a11cf544ce039b9b37dda44ccc33f6ea81f47caa5eef720a1afb5ecd120106584d3e723270951ada8c5cf0a442dd3a99f782cffd19eedd52c60977dc0004540e78371ee9e7ada8967b0fc80ca2c1a9d475158c52baac16a105fe9b31615ef598cef3556b2938629f36e3f62c82917b50b99272e4499f3c507f8301fba606c96849a826d80a43e02d81cde1782e2e10d596257892d601e26b0d6acf6741f32b4da54912fe4a763e63302a6a4603dfa59e3821d5b19155c7ce3235322035e4c96a8ccaa71ae491776351ee1d39e8aaa97d06aa315156ab97eb88220db1d77007aea4313f1bfb8ab8491abaf926528ef0f5693ce54c0a21e328110620b946a4500527d09b119acef7d97fe52120fb9e723b85d4e1acc73f571cf5d43d76aa2b12aa029a6690ddbbd78ef96fe2271191d0d1661c5ff204e205a6ed46ef4806bfef0b5ea5b64bbb6f4c08b51cdde55b578dd6e60179b8c3cdf9725c5ee85092b54b9645ff4777a80b9ec513b07c94caf4e2250d8d013a4624146a709a0707f6f8f6bf432731f7bd13af84516637e340805ab9c62be1d404f0d67fc5be50663de839c1500677b3962f57ba270cf1cf2c4c07ac13bc5ef2e84b8f4363cc94bb8d00398f8fc913d44445c6c383a0ce8d4a5d101ebd8dddbad827a531830f012a2c1441b272c742478800369b695bbce0a653a0423ca6127dd9fc6bf17a1b7da721e0ca4638f3ec4cdf8d2499d53e46141f9b92ae9b9bf0892c433763efb0fe0f4f9636a18822396c344cd4b81138b7f4a63649e55002fbebc5e3e23a82af4f6019f8059e1daad7fe8984f889f78fcd46cba703d69ab8448cc5821fe55108961e87dd7b3ee3db5647cc6f69214ff09bb494899fdd9ac2a9a6671a05a9c0728d9ea5c14d3f538fbf71df610ea0c7713e49d53192ee4203145bd68a66758dd94247e7949ec2f0e515d981bd87417f8dbaf337d7ccbee6dc59225facd05da8b24e632e21e4d69f6927883b5aeab63769e9274d0850e31202ad5d6370a6364695ac748403c559c6d465d80ec855270f64772f583ce9d7e7eb5a18496a7b340628b2fee3c191459b4fa46ce4085f9c2be4517186c77ef2780eb57d92a75b66cf076e8c08e8f62f6932b6e52a93a69941fcfae6b9e9133d4bc9839007cc285cda2efa9f74ade4ee268f2ef7768e3d0cf57bc5a1ff0aed6ecb02e6e2106cbd1990183913eb2bac3bb725d9df4bbd5b9fda722991acfa090103c5881d87138c5f058d6735efb7339268016387524ea90f19a2a99f2076a2b34bb381b453d507fbe7a6c94509c44cf194084edfbb22932b926bceadaf656b74d47a9de9977b2fd39067ee5da8737e12ae3e53f12dee61f41e254709581046f253a0a37dbc4fb56b503e61e01043b7940a53fa5a71130507ac8e78ed04decd8b85a8b87ad8d5381ae55fdaa517820e49de5faee047a124a240f7f7ef4afb7da501ea429ca8634bc358b09fee71b0570ebb8be2f9c3696aef079d84a8d918f7b3ad36fd8f1ccfd53998432716fb0bab86048e010ba04e6781b8971f90e314f01194390cf8e3d27fa7186322e792b9511652b74fc67f44f68247e63c58af8dca37c7a7bf062283214b40d8816927d3ab91234d31bc5a6bcb9d97bd721d7c299c83a563fd396b34892bae6912b3872614c06e23a20b495c6eff7bb4fd84fc1daad7a9d8850461db17e424387a467b1aa45f503ab25a48f09c6fc43c1c82e7384118d557d4cb1b339822669bb3fcdaa54faa82031272eebae08cdc8e884721b33209a72eafd0d4e79892d0eed6608193a1be709b723a285016b7a8a043128cd430e5163781fe8d27fecd548f6b26112fc21d1e39727de79329732d41d7ece6d2a3790168e9566a69afb174b40218bcae72ce98131efc5761f6e4ae0f727f53e4d393715ea65a661b826dba7b85f362846a9b6138a5e0f1436eab9b79e4a9bf01bbc9251834e26dcaabc599b6623531a5ad337a7e9ce9a9c91c63483bbf3b524b10e76ab6dd498872b8a5cc824ce6cb5107b312c45b63b798417ea7641b01ce7494efc35505c267f6660f17a4c8d8a09849520d83b7d0c1cd6ae2565dca2740842bb824d848397dc55fa1ed3b61fc3a1adaa91a48df2709b432b1d5102ae4638d588b5e03c77657e6a6c82395d3821b6ea4c601e5fe6af368032afe9f8c75d5fd1876291e7519b54833b72f86fdeb85faf6ef237a38afecff1c1cf2ab98b336582225bdb1a72ebdacfe89b19f31f830ae76bdcd0bb35a797f714c4fed9116e78a39f867408de7d18f8cec3478b48a01522eb1e3204efdfb8abdc365b25ac0eed0297c85a3c55e544d06c75c2b58665a160067551801f84bd8a9b3631e6f4b4e39594a7a680da9b98f02a4b66f42ba370dd125756bb27d87e004713cdc23300bbb72abfc1fbd3f36374f59e1ca5badcb1f8af7a7031b75076e88bde543fd78567ad00109cc89da53f308abcae7b6f20aec255ef55684a2954952e75f6f58de25d6ae800d17724a6b82dfe11af7c3b21a884dc6af000f00c2c6e6228d212acf9fb6365eae96fa50361b4c275368d607907a4c68a0eb68be1a51b807e34c19e523c713dc36f83543e3852182a8b69863587602a438d03485e9ae29cb0839e653ab62b82ddc7cec98320202422b165e22ba8948aa83e98aa647f847258c778b416e324744f9652edc15fa581252c0d86bf0b0ed47a5f821bce18dc0340934184f490d8f11c03e6e7c61eb8a1e6765272be9b0f7e15d8964550bb063a0b428ee96af1a9152841bc628991a5dbeecc2df85b47656d3d49200ae7294d2dac3c6641aaf76e8b00fdbe5794fa324126447893f2df3ae4a8f96a623a3705640e77a23193d1bc38005d2900d155def2f79ac56143f2d99b144687b39e2bd01775526099226af78011bb4d2770728c5fdc755f9db67d91843d25677cc1da10da2751d80169bbc227140f924e67369f3a543554853f00e702e15062f4ef826370692d39b0be0a10160b7f0469c7c90765d60ebbbf1c25038ba03dad7e000352cf0d1b78c241fc30f71b909033ffe8baf66bc8a63114c55116acf22150bdb32175abdeb740ec422d6ab095d16df59d00771d34b2c48edcfbb4c2d8398d7ebd337ca0c088c1ea613b96f31eb6135e4889c981978b2eff8dddc8472c319c1b356ddb3614793ce55ede2dc87a9e054fb896c3f062c3cbe20bfee3dc811d43141e9668720c392d768874", 0x1000}, {&(0x7f0000002e80)="28d306fa2a6151cb02a346a271e4148fbb85027fd29df2c0b9cec51dfa1c995c0f197a1613216e331a0c3c4a1b1a71f042739e9d58fd6ab41c4de504637da12006c30dbbf264cc88a3c1f8b02b10b27d7c59bca2fd65143149c336e2a9e8e8d3597509ad1d80751fe6695a5942e77a060c701195362b2f37e9bbb4bb7f8aed7510e3b1dfb5c6c7069b7bf2", 0x8b}, {&(0x7f0000002f40)="c2bb05d21c71d81b68392a2c66f96e850215862f4760890fcb4b001564edc84c6d70f7b4de3008d73ab1fabb99ed7aba5ed87c90a1bdad9fe2552d06a2b3697eebe4d58bc91b92e2bae191fa4ba21224012c5f9919f2fcc0b79308449a3847f432588c4a956d1e2bbcd75631e6b85cbbfd1be7c368e362cdc07cdfc57ef7c986078aba226e24c101646d9459ec0d374c860c564b1d0f9324ad8bbeedb1290d82675ae27c1a01a46441ceab995cb734b9a61a6eaf9a0799d09924af2daf3fc53f48269a8b69fd44c15772442ad554ca6c64100fa77d2b1181f05daff6aa0629bc45fc2f5b0c13", 0xe6}, {&(0x7f0000003040)="35f5c77f7f8bc550c2f8365433e084229508a4978671314c04c813dc8ca58bef8fee19df9de5ad8b0dd6cb982084a87755bc6e7eb1a5f95688e466e82437e3ec7f35793ac623f8d86278f0fc1da5f90f3d10c0b57bb5127d46ff152a0fa1c1006ef071a6c8e4af9a76077465bec8034dd926a9382c6068643bae1f81ead7a51d356371c084877b745ee3ee5eb88b0a1fa2d90b09f67594576fc0f32051e7a19549613d68866858041cfaa87135cc6c4acae6042088eb9a1514cd3887e838440100e4a037299687ebaf2fd5818269ba3b2731306e653fc2329d839c8bf3af262f390c30e85a26c73921d34f6e916428a6122275e77077c5ae81f3cc95a9fcfdaf73b0167dbcc8014655a20c48d6222655eb6810d4bccaa6dfc1b33baaf2d139828c4a24f17c8ad4afed24ced7ea4797f0bb1892dad84d10be3e8b532554c3820d8c860632b4944fe23f5c3ddbf2d15463619f1ce2941f65df536984600db3dc243e74f97b6a36359c6bbb0ff8dbee5687c8758bed9891ca72557cd991d697e36b87045210319ae56b79c1de66e173e671693678d6ad4cd4e8e55597cc8ec06244d09c94a5f6712ff22fec5095defe8683eb7767df1bf0e744e9f185718cc8af272c5ce150c29a0f9c4174665279e4f9fb9408283b70708bba443c7a6aefa19576127d631726c1fac04d8447046f557de6ab19d2afdf24accec3dbf5bd9252658c13a67c61f5a8c44cbbd73feaa43d21ab3a319ec7a7c94a69a0381e274a7a86672396026d8bf0844dfa3063d5b18ba2d2a63c78d43141ca1cd588af38d52e08ef630043672fa3ba75cf4d32d1506644726a3c7cb139de5194df6eb749ef264e8a59291f9c6e5a6f28d789bdb74191d6722de30b80ec9b8239657e989c9e67dee676e25428d2461dd8492114fa157e0f3928f68204b52bf06d4fe0a9029dc55f66a7e2703ef9a5243760d652b57287cfa05590520f5b09ee75f2451660369ffff5735c1e2fc4ca8a5d4c5d57443a9016894ed5940db02afe4a4b60f551291f012f5f06c8adc2ebe5e99d329a32f5f9c0374f1d87598cbb186a8040a598ec11eac647e88159183829c8c96c4d2b8aff9c2f7317c6054d8fbdd919f35e2722e93e2190da69c75e2eb4fa9975baa19104b6ae99540568ac4e2221d196bb5685d7badbdfd724d2faf97aebf024f7419cfdd41b12d8e7b4dff5523b689be3dbce4e15b72381ba39793a24a636ecb68d6c157c3af36afedb67143931db1233b0897a1463bc52d4880ac14b705e335582e435579aff08bd2c76e3055b639d4668bd978c9cbf2e283799050d2fca8dbb9cd3f229c106c4c5055d5f8477a1e4365f694eac0d144f0bbc4690a65a31013ef14e8d26c76aff49b7c18e3de0da25ee2ddc1efc9d8da1e6c5a79696780c29c7d7c410916a65d7dc76fa96d3cb3f35ff29f2583d90d4e4c27ecabcad4856d1d683967394d53eafc89c49ff7d12ba4eded9f43927c88c5467899f5d2cff4d8046d70c1ce5d329b816da38e9e9f83613e0a942267bc82cfc6b2c2aa70f70a6189b2bab02be66f4b28604f7a6c83ec7e6e28993018ae7c18f3adc5da3410d12a7858718effa4fe9c1496102c3a3c4df55130108f37da0d0f5d88acbeb6233613fe8e53b2b4dba9f342606c9d4dd21f80e6c2ab1ed24ba9a436feccf3058d4a9956e96ce010af7d83cdf6115eb9aec9d81d6abc2227c82eb2560335fcd875c015e9c78f13fc0d9f020cff858c8ca0bd8c99edc582c749da9bf281cfede678602ee1f04aceb57249310a69bf09804e658b62b649c2376384dd616d61b1ecd34a191eb72b0c2f8932127f41e87b931a08e6c310d22966908325dde8d67d45dc970119318690bc3759e206218b49ea8776043d16ff70d4b44d9f266d8c51ed3872bd145d6a2035ecbe5b356f8e743118fb14bb0873c96c9064f760b9e3d206f91ab14126c893031fdff8894876c1b7c5b0070cfa87057118a2a5388a890b6be3d3a99f7a506bea116f4d65e85d9ee0d33c91d956dbdf5072c91c30721ff44c0ce46ef4f08288508379381f74fe2216bc1708c713de5e3b92d789275599c3991d1d8540e42c03f5c6fedea00c74898fe636f350f25f205a27d2cc5a8d9b9a339293f2e4b8212afc674a566ec9e00033aca234856dd9b38881753bc473fa1fec8ce731452ff57c5e57dfc13db7435a0966e18d8f154c05dcf0de22de33aae2d1363a2cd5e7f9a495dd4087c149f1ba4b537ef5f3f703666a8501684e60aae4a16b4a1271b95808878b11cb668606f99e913bc2bfa382fe09333b0a83121b4958b676087cf47fbd16c07b51812549eba322ae089ee06a6b0f9bd52671133e5991acadc4648dbc5562b3b43402dc19279aff4501b423acb8186cd136002882ce85eb34b6448416f7b5cfcde18c8fec8c78387b42879e30ab26dcac6cd5e55f2242f7d69f6148a2ddf33a3eec1f4781d40fe7127ec5617353edf2c65c574cbb3aacb60a2571a4a513fbf41b252cb71ae97c53237ab59fc6f376a60b71553bbce59d7e46092df25dfa52f6153331e5d2b3ceb654f49bf1521d448d1a25d463a41bcfd98cdb550e2948137c02db1253c037939ec2c40a9b6ac0fe707933098127e832bb7260f63ec5b8e8a3c60bc20d7a2b3306e6acc8cb8b9f7c0c687328c847f3ccd8ba4a79dabfa2873b55aa4c6b9dbe6351ad49194f2dd64da9e6494a57a29fc84a23c73a25811692697deb47fc5d18d117b0dadb63fe9119a052daa19f3e06500dbc596f2e53d2a4d6c806a58e9cb3d770ffffbec85d83981ab72eab6051e37582e9cc69503133cb06c525a55cb706f802fed389e85e23e6a5ef67769842edb7d390a1e915cd5d754d403c34b4dbac0dd957e38c5d740586c5105b974cbb66f650b2287b48182776efde2af6436dd391a4770d2cfc40998d3a8f4c98cba97bd0dc3ba5e8c80547d4336bba2258ed340206ccddcdb42e836ff6386d68bdee03ca3781b78c2bc6673848c6d7fcf9815b94d4eff7decff24e4a5def8a8fcc2d56b81a382bccbe37e9f74bdd963a6c22516abe66395fc5e08ca3655e23edf75e7ef49d7e732112f3c3b39e21a7934c11edf3373017be3d9bebab93d1cc4bf2e0fe841b2a2294336c762c2b6bb960a888cc978bd06c0ce22c6d15dfd15b28c0c7e57a5d897cf43e856444037c3853f54bf516138b88acd3bb40cfa02d4638e3a648b395c76361464db0d7aae9f2339fcfddecfcd544d595dde5ca46835054b7736187429fac77935539c544b69cdb83c9239f719349b6abe33f04234cb4004575a0cb7833d845cfda43c3bc16ae841a9fb952e34b01075c2be34aaa9fc2f6ed8399fa0c2c4e8272c82a878b1b652483a75a56fdb24747532f3d1d43ba2c13b9df2ed9daee1dfa2cba55445f912170527fec0d0d0ed42d1ecb7c770161b209de77f22ae799bb37890df408b6406077ae3ef20dc761791e9be3f2342cc13b38bb2444a965a8264673f6749f71af93d9b61e14056ac7f2fe1fd2e88284ae9481a89c55a541d65a46bc94a3986b8a1dc6c67f3b37179692bc1204c30e2a5cb68ff685043f39dac5ae3dfa5daa4d8b753295fc87606460a2d75fe757612a758b8161961feba9564473296872bc825d28def17b4ad287325e64c516ed548c63520d3d773eb6893dfc99f7dfbe35c948e210c75c6db3ca5bcdc0a3f3c0f9a3238d46c708578ce3853416d4a991309ad6c477d299917341efb89c06784eef97d6b2a1dfea9dab09162d8f5f8aa61cfb7eb06f719d70c340d80b1a3ab6378fd39c29fd19ce50b848b2f79c2266afbfd2bb940af70289f8f7c5676f660c6dea3113a92e55a209299f7eeda4d4f31c3b0b04ce24ca16b919896d76e638c240c27f0c2f6ff71cd63e3d9684a135f9ca24602ad8f0a3f9f7140b8b361027493808f68f6815253573c8b58ab7b5afe5b8613fd1fff291e4784b7f4199034a1995f17c19d768239470928a96f4d643c60372dce3e6240a3e3dabcc1553269f868e528ded85e9a6d6e5985bf4268cea396af0c0b4b74759228d523201eac05538af5e630f81c5c7000ff37b3dbd140e54cb6bd3a5671d06a4f54462385ac9e4ba63e7b3eb3b8beb3410d402fe575be1304d93a634b2366b038a0f4e42dcd9629e8ec969bf8f05d52268e907292ddae48e89f3967220449cc321340349ca43c805a14a4fa5b2719e810c86253657da379083f90596482cc5bff8f6dbd6b640c402106ff527187803e8e09407975793a09e169063a07c71efe319e34d11b3a37cb260db861224b778a624eeadc6b2bf2e2b41ee496707064417433b2a2e9943999219e5227b0aab26e68dedf395981cf9beb917911fe38d864799eb5a7d8514b92c58981161659ec06fd37f82165c1fcb332ee9dcaba44c68d21dfd3efeb04891bd47855d7744bddc6d61c72d07b028baa2e2ece9d84227c24e7064641e150cfb55b5e5e16f26d8a326909eaaa6ab84326776f634dcca2cf73616a81661532c72de84ca06f841efbd99ba034d3adcc4b920c458125bc0465232d62334d4f9c1cea5782d1723b8e74ce45014b937609efd59364c11141d950b2ff44e75ddc25e5286802bcfb8481817535b020d095605cb7a2f0bdea5869a1574ac316c12b19259d81dfa3c8d9d964030ab629634bde61a1c6243972a1d1bca029f1cb4152628cb9c158301f2856cb84d40d2aa17d37e46b5dd14e9f09fc4c1e000175b6a7bd0ef3a812813b07feaaa5c75d781ef2ecb0e7350b8b2fa621998c773df0ab8367358f34c157934b0d971ecaac387f6a4602e5a1e77674d79e69254b8d118c60b0a3250a46f06b14075bc42e0fb0b68f458d30ed892c9c7933106d0c25ca40ddd3b1ab0b9f4e3bac66103dcde72ac3cee4d55ddcf558ebe4f9b124aebfc15380b31fd587f37679421975652365160f1e908269a115bd28e40bf9c3238b24d140145495140fa275c9008d92c03f73ccd29b39ea01a266081fea32b9162a944d9d2c8a44a3398bb5dbb6bbc7e6db36a99fd9620d3dba46c5cc22a597164aeac507875fbcb66b1e959abab9cc688b4430bff6db95f851b294a1f4b1cb1342ca95058a7705715c23c027893bda27407beb30e1c6f05daf4d890326fddb43fb2e94592ab7d7f5ee6cae7a1eabfbda621a5bd7764aeaae1957c704b04f0b517d4f2214a4df2483f40e261f890cd1042ac76b0e2f4c8fb78357efa4ec6bd563e3b78807dad852ba6f9f43f665390da504473001d987e399a86a098073f4321da0d616c85800a9d631cccd37c1c08840218f3c550c5d4e045590fa9bbf3d5c6c69a6f75fee46dec8002caf956f3e62cd0d368e8a833bcb05775d6e179874eefd41a689fe9ac92236a111ea261bc4ce594afe4219e8be978a255e48b940dae92a1a288546bcc4ba900f2d825441f0eb9862de60cef65df320787c606eeb6db9114fe92156a51e4398b54c36162269e77b341260f662411af62f477c29c8e1869e3e02a605557f47cf00772662682907926c5e7972bacc7efc2e600e8036bed5eca5a36dbe632f0b42de387f1dd03423197b1ecc59f80f3df6d29418236ba70dd379e06f281c23f4a138bf5fee4e923232db02a975b8c20d5e469e46658ff1b14b95b0cb983769bba5f13cb6161891bedf561f415cca3da2904ca5a36ca0e60b1652aeefedf8326794f4c0a501f7836b6b1c1f363ded1f3367f59da5e3a5dd4a87984e13623b2e476b53b30ad528d641d62805756ed4f7a5178f8df5e4d83f738d1a9d7ef539be468a009fa1", 0x1000}], 0x4}], 0x4, 0x40001) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000100)) [ 120.546898] ? syscall_return_slowpath+0x5e0/0x5e0 [ 120.551825] ? syscall_return_slowpath+0x31d/0x5e0 [ 120.556754] ? prepare_exit_to_usermode+0x291/0x3b0 [ 120.561770] ? perf_trace_sys_enter+0xb10/0xb10 [ 120.566442] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 120.571287] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 120.576469] RIP: 0033:0x455c97 [ 120.579643] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d bb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 120.598916] RSP: 002b:00007f47d500fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 120.606630] RAX: ffffffffffffffda RBX: 0000000020000490 RCX: 0000000000455c97 [ 120.613910] RDX: 0000000000000015 RSI: 0000000000004c00 RDI: 0000000000000016 [ 120.621184] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 120.628458] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000015 [ 120.635746] R13: 0000000000000000 R14: 00000000004d3e80 R15: 000000000000000f [ 120.650569] EXT4-fs (sda1): journaled quota format not specified 10:55:04 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000005c0)="82780000260f017731f3d87e0b0f20e06635000020000f22e066b9800000c00f326635002000000f30640f02d766b8008000000f23d80f21f86635400000f00f23f8db13b85f078ee82e0f01cf", 0x4d}], 0x1, 0x0, &(0x7f0000000140), 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [0x4b564d02, 0x1]}) 10:55:04 executing program 1 (fault-call:1 fault-nth:16): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:04 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2=0xe0000002, @loopback=0x7f000001}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2=0xe0000002, @loopback=0x7f000001, 0x0, 0x1, [@loopback=0x7f000001]}, 0x14) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000c33f70)={0x1, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x90) close(0xffffffffffffffff) 10:55:04 executing program 6: r0 = socket$bt_rfcomm(0x1f, 0x3, 0x3) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x84000, 0x0) write$P9_RLERROR(r1, &(0x7f00000013c0)={0x14, 0x7, 0x2, {0xb, '/dev/vsock\x00'}}, 0x14) accept$packet(r1, &(0x7f0000001280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, &(0x7f00000012c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000001380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x810}, 0xc, &(0x7f0000001340)={&(0x7f0000001300)=ANY=[@ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00', @ANYRES32=r2, @ANYBLOB="e6002c0708000a0001000000080005000300000008000b0009000000"], 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x84) ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000240)=ANY=[@ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="2d00ffffffeb0000", @ANYPTR=&(0x7f0000000140)=ANY=[@ANYBLOB="02276131d6626399f9285cf473da73cf9b4866e3112457d1fe81991a92bba25e45cf4d4e651151ef0d80a3efc2c385eb2ad52e61705cd42c90b7"], @ANYBLOB="3e0106000100080008000000ff0300002d7972ea36ddbdbc1f3987e9ebebe365916dcce74f23a527101640d9a20738930a1db3834fcec850ede91fc8efd55c347dc95af4e2ad3ecdcd6f7dcdd7e45cc4b6a56080951d57f28b5387c29b1bfa3b609f8a1267f43889355ca6ee66fcfdcc80ccafd221ac4bbea2b1ef92e95f3105ded5ea7b6e9f0e1b5686b2c6c2f7e9e487e41635ca0f539b994b18310ab2c99e630dceb9e2895a2d5d4421f4cc30981a8639f397a231dd015d5ec596fa657c32e536f313774a532c0881dd91dda92b89fdddb6177c7843088798ecf4b0e096bb8383e4e30d4ff46a67d137dc811b15242baef3bc428ddbe216a0aa8ce65cd9744f24e57871b7d3b0eb70ee64f60e7cd6109b883d5f5afbd22cf579e5932bb89630d4864564174ce6d9432e2922ab4bd1b3239fffc352cc1adfd3249e1f414e9d22fbceff19ff9a608856a5c4b92c8c734c0f88394a02ee9a970b110e197d88c9659db077d2430d44ebbebb1cb65cc0fc32e30af62f862b7576548f0ee303a1e0725e17376a70c0aefad0f85be59d69062db517c1a473147def4e2cca554fedcebcc657a450678e49d55791a231aa532bcd090a1cfa0bd070f683aaf241044126678b4d6954d6505325e9cfc759e7abdd2e6363ec99930710bc97a2c38f9b154bd2d95dc727fe29d0892e7e40769503c9a0124b45b8f4f173d2ca8e39f247605e2c2bee453875f3ddb48d2294a7a956a1af524b47a9471a364ae4984a596ae9f0a5ace4ee20717f52a42b7612ff25e65af475a3d393c9289dd5e6c4d219e46ed0bdddf9ce6133aea0476f8a20691459b3aeadc7e2650b87db43aa6e7bc1726df3d870f2c468c335d4d786cca9ad8c42b542d787e65490002d7d73a7a7079ac1526affcb5a19d4ad3c8cb62e32161c96abfd25e1670633c0ad971999e83142d1e7cf88a9f96ee340e1ec6c1b03aeb214a4731d47ecc2a85a199d5c192dbd2ce5b3ca581c7111329406cc9d7110ee3fd0c2f2165e6e169f94f204147cb9278aec8ab319dfd28ba7af5e976f5d64ba797f9d2fe90f27d77b99c21ba16089f2403366d66ecc2ecf12224fb8f4be5b6a8a61e6971fc290761676503b7a241cfa23db3cd8a266c291fd7422b8277576f484f3e6cd5cc36167647907eb901f26f395e16aded959b02387348f6f0cc345ed2e089a7fb09a3c5b3d15c541f1fb707c4289a9d79425399938bb724c310f65893d487e8e61ae521f639662c9506c5fd46522728ac81cebfea176da70ab9dca52526c75760afe8eade6ef8d0fb0544d7364b9b9a7cc24fa67a09448043dde5214bdb51ef757c2f4fb5c7ed8ecfe7a3581367b794124941a30cfed46d85879d0897e291797d54e4bf83ca80a5b5bab55148f1f42210a4ec8ded64e8ec3fc70615691911a40cada8346a0259eacc339b2b4a8473c64878e5f8f65c46e1aad449233466b0070e18ac639a08218d362e6005facb1c872e4881766c6699c3a0b417d04a5010a9f3b8eff56990d30b95aea05110ad0c6c02a24eb5f9135033669d096bcf75f817c2a1f11a515fb065afd46b58c4e8c35c56ef5d3b14e1aca526385a31ad3e438fb22dbcf80b46f0557e47c68cf722dee2a7350cfc39eb63a8d3f626b84bbc017e82d9cb0b5263f4cc0347db6aec12329536fd85fc15b8736fc9ad0be61cd1768676fae8a05ee7bd7f272b89fc481b08d8eea1c2ab83130555fb9a728c2c3ebbd51c90be9aa30fc6bb97f00806a4bd09317622f6820a67834c1898dc171ab3b1d68027154fc9f84e5a85ce4a1a4287960a2eac448668781110bc8c7e864c84cbb5aab745008ea7f61cb33da01bf18fa35588c539cf8cea64eb54573d43f306ea3dfd0539fb7fbb96db1b6c46908f130b4237f0d1aa605f7a5a016bea57e91a700afcf52fb67f95450a596f2c3d6ef5e36f04958ef24c764b3fb1959b040ee34245488ff6ce9289f554477807fc6f60fbcda61e56dccf5d6272ccc5b71edc359fb4aeed4b7333ca6a1caad66560166259ef142dec037e9b6ae59847a6be5b75ba3daedab339cd621c828f80a4d01ea76effc8da848c2c061c70901d842dd0dff3fef3c3c3b8e4e94faa5cb187b8ee53676856eb5098a210a6d17574a52d3d7c1469d15f0dd4f103387e516d701262b64e3e98dfcd8f490e7882386aff95e5a4670b864debfa5e55f6e1086fd481fe0428edfefc5a41ff53057ba4404647fe930910ba7d84cd8a1d902aa609a87645f7390ad2d99327605897d6a21181bfb990b717ffd0254bacca4a468dac9734dc6ce0b873d2fe1612b676efde929250a41f0ce187b0f928fa6df3816e119b85cf1b7a609dd9f653352c4da6086f58425c700aef869603b06da25908217d26c7bbe891a266ed933496940dc0a9b43234d61e7a2c8115484d533f010ac9f3907b971ec2111cfc05d82b7a1742cae9b2520e5227112d85c29fc31c5b8ac856aa7b50bfc29b23f0bffda4488223a08379d364efc1ea3221e6a30ca6dcba2950ef914f70114b67675b138d7472f22b6d438ce3d93cb52981702c67068dafbdc26747a0ee8d55bd58f97f0d63abf27b7aec00b0b9d9357ebd870d41c60ead7bbc56faf507c47f43a10f9f251d69a8b38220b33a07cdb921f8195d1faeb31da4ec2bd4375faad5b434669db3cdeaf6c2fc22e3b998228b7fb8e37cbe08d33a1d8eae83e0477485b6c17086036f5947d8ab659e9cb9496775c7c5661edc0759025f0fe75567c232d06840741fe7fc6a741bc51fe23be39e9786a402c9db9e572fd5e1912ab97d7eb2100784b3ae7eb2a055079f5ee9640a9103caa85210ce5ebac2e621b2fa2fdd3f745291ed359f28407f6586b0f06461886f73f3c80e653cfa15e38035cedee6082e25653e679c64f1c00f3b0709adb0262a91288599f6f282c03d523442d9059fbe1d9c2273772dbd31e03827a4ed71197101de585d0df8b40323da5418123020cf46391df897741210e994671971a5ce5185f0925d9bbb162394836978366688ff77626b9830eb88948201789e5b3123a02eb4e3babee356a78e20e7e2762187c9fad2cfc384877a53c6ad16e9682f033b8f0a93a389ff517121bb85c5b42c4108ef25bea6a2a96a940eb9881c7fb21305a3ed3e5a2e8a070b40918cc2f4677185acb6c940bb7ce9b23695b027ab053fab38f1e2b72fdcc43bdad6aac959f1e497670fd49fb6d6ce031542a1bde9a6733334c044463db0956747216f5292db5f1ba40a87c5cf0ee13c4ac99ebfeb6ffb506b88943f725668923ba649d91acaac2bf2bc929cdcc1ec35224bb46b63f68b625dd0b88e0e4f8467bd40f7ea400161d96ea616da70ae7c2de698ca16025452076242effab2b0c4f1a229147864e90d29650365055fb71859b0786ca63d6fe7f91bee68f937eeadefec22fff5e4188a1d1f3c188fad2a5e42a84eeab127f4df0ec74ca8ce610033d14ecbb4eb68abd002cab417fd4c4d7182345bb3437ee6146a560ed461c447958668360922e223e679a357bb1950f18639ff0a39af5e642055026acfac7ad90b984616dd24bd51c6a0314c513c0f087839da678ff430cfb9a9fd75dbdbe8c935cdea7aba73f0ca0eb3a754b830a0b1cc5a87396d42f12a51f32e7dd6262cfee4d2dd65731c3e9d7ff2d52f3702f212ab60319a9fade3bbce76d444dd60fb9794d266d535e448937aedf44b1647b64ecee9ee7e316c5bc870d5dd36b47c077ab46fbe1c67990c1a82877ca0ba7c6fb480d42cb922b2288b03ae41faad6c07d28745bbf4cb45abcd1df5954e51e016f5209e2803d7dd770d899beb67892688613d821cfc56fcf148b42547e545404273211d65b5d5268136fd56036d11a3b852610615adc3e9b9f7d59bccc1a7055d4cec1797e0d4646415d4152e970269fca799045ad6ecafc0d63e2b37c22e4433f53cc2355d003543c08d55aad4efeb3b608999e5503d442071c8a8dfbc2c7e85435d348772872a2603dfa2a0e5bed6baa7cd0cfc040c51aa62b00eb9f7ce91a306a11b688d9d1e116e48b8f4c7e666efb65e8636dc63f9afc8533576a8e48437b99aba1518932f8abbc6bfbe388154084bb6061b4dc0c437bae424e0650c738af8a70f295cdc42f8f76afe1010e03cc2d846cc7a76824d7cd4b7065ae4978a3df417a99170602f4c372f6bd64dcc502f9b5ceddf1ffe17eee8e6f832024209c4f48f142ae71269515350267827e008010774d3467a2e3a0f9e5062597872715ac0bc218e7244014991f0e17a35badef3fb3cc84a87e6b87cfe32e3514726bf945afa414335980494afe50567e0908f4477d67b8dfa3868e113d35819b2d23c28ace2bde598a3ac2a44ec2eb7a42df0c62ad9c57a90a5795e1c7d830a5c0f0fd830d1bc1725a35ac5cac7b26979a4496aaeaee73235b25a7fe80e89f55603e56f67f028fdc6d094c9597240bb4284cd4d7d778524cf8c83f9996f7e0466793205c4a63d4f7890b1ee99be1292c69b29627fcb8464ac790ae078fa302d4723d24f6e4878571a2465f94b4b8b5b28458311c2c68e8ec754a8c2b72523b6fc9582aeee854b6c008c49d06fceb43ef68e497489544d3082702e73d3eaccc722945fbc81dba18c693c56c5133ca25d06d47a53d216782649b7ffce6797862fdc15d1d4249954dc12655dc6068a2e5aea6daf10c1dd174daa32995d58c52ceabd20d30265954c316310c99fee69d6c53b668a9e99b2f85bb9725da40fd0b8e05eb97b4db24261a65ef5098f2231ac1a0cb60bb771453c92f3d57430f3e60f8487bde83ea770d444327b061b0d4db95ed5313f45e8f1d5892b1b01169202420ce7c10a10aab20ef7abf9b297c94c1063b34d33e9c2d1a2414bda4b24ae98681a61583e30138b341201ba8a692931ff0803be0398adf48f54bb13c43e4c80c2243fbc8d4cbc7ceb9711f6ef549976e36c38409dde64f490893cc4c404b484af293b6a19421b888d9a0cc57915dec1faeda75f5728034e56181eb6b92b7c299786f481126e7b8ba7e88678f436fdc37dd3fc3c456d31126874ca3a5436ad0ecc209ce432a39fe5f7fe500383ecad7f3d54dab521ea8738ebc65fad2067f040c34f37acc14b4abb317aafbacbff94e15aeeab3dbd767a8a9cf98d077207b21592e330cc4a56a1b288623b087a1416095de0251702601512fede7c9b5c19ee55576c211159ec38a6e76e2cd74545f2c0b9f62ad89734ea602c9f9d1557cf054c466c62c31564cb7ee8d7e4969015fc60f1d1beaac2ecdf0abd79c45c3a7267b327450be92d6b88c6e246355fdd2da09d3c14a90cf9fac44191ab13a5e078c4078b49e57a466284a2341929eeb35db2d72765b464dc890d9ffd2a0307a5f2101eef420179aec5608ba5704c84b004770774cfdc77a2d534fa0a7f4d2f3bbb5c218a6a697eeb23f27c7e7901140ab3f5613db2bed658bc07dd168a6e7e7767c77a366fe92a71b3c628c544f2a66243a492adda23b1f09361c2d17b329f8923972b1127047d01d20fdf56bf6eeacd8881d0607d40efdd1c33c90022a4c455c2d942e41b11082977f5515461ff463b3a83c52a82d2abaff39f3102a0e08a7b4526bba118bf961649875c067b84a6a48a00a16653226e7a96a9f811ecad58d7940bfbf5899fa6d96a5db34effe4ca7737b011020c863b3f066d5e501d6136666f2fe2aa13e5b31da4acc3494da4c63db9c4d47b4e971964093426e37fe3651361e61ae188cde2a4f01431a20ee49d60df240f16f2f015024cb9efe0508400b2fc85392ba47c69c46f5210912c662c83c53"]) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000100)=0x3) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) ioctl$KDSKBLED(r0, 0x4b65, 0x7) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r3, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r3}}, 0x10) 10:55:04 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) lseek(0xffffffffffffffff, 0x200000, 0x1) 10:55:04 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup(r0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0505510, &(0x7f0000000280)={0x0, 0x1, 0x0, 0x0, &(0x7f0000000900)=[{}]}) 10:55:04 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000001031900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) 10:55:04 executing program 2: r0 = perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = dup(r0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_open_dev$admmidi(&(0x7f0000000200)='/dev/admmidi#\x00', 0x0, 0x0) r4 = syz_genetlink_get_family_id$team(&(0x7f0000000080)='team\x00') ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'ip6gretap0\x00', 0x0}) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000380)={{{@in=@broadcast, @in6=@mcast1}}, {{@in6=@dev}, 0x0, @in6=@loopback}}, &(0x7f0000000480)=0xe8) accept4$packet(0xffffffffffffffff, &(0x7f0000000580), &(0x7f0000000280)=0x14, 0x7ff) pipe(&(0x7f0000000100)) getsockopt$inet_mreqn(r3, 0x0, 0x0, &(0x7f0000000740)={@rand_addr}, &(0x7f0000000780)=0xc) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000007c0)={{{@in=@multicast1}}, {{@in6}, 0x0, @in=@broadcast}}, &(0x7f00000008c0)=0xe8) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000c40)={'vcan0\x00'}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000022c0)={'dummy0\x00', 0x0}) getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000002300)={{{@in6=@dev, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@rand_addr}}}, &(0x7f0000002400)=0xe8) getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000002500)={{{@in=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}}}, &(0x7f0000002600)=0xe8) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000002700)={0x0, @broadcast, @broadcast}, &(0x7f0000002740)=0xc) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000002b40)={'team0\x00'}) sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000003ac0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000021}, 0xc, &(0x7f0000003a80)={&(0x7f0000003240)={0x348, r4, 0x225, 0x70bd26, 0x25dfdbff, {0x1}, [{{0x8, 0x1}, {0xb0, 0x2, [{0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0xfffffffffffffff7}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r5}}}]}}, {{0x8, 0x1}, {0xbc, 0x2, [{0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8, 0x3, 0xe}, {0x8, 0x4, 0x100}}, {0x8, 0x6, r6}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x7}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8, 0x3, 0xe}, {0x8, 0x4, 0xfffffffffffff4b9}}, {0x8, 0x6, r7}}}]}}, {{0x8, 0x1, r8}, {0x1b0, 0x2, [{0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8, 0x3, 0xe}, {0x8, 0x4, 0x10001}}, {0x8, 0x6, r9}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4}}, {0x8, 0x7}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8, 0x3, 0xb}, {0x8, 0x4, 0x5}}, {0x8, 0x7}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x7}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0x80000000}}, {0x8, 0x6}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0xffffffff}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6}}}]}}]}, 0x348}, 0x1}, 0x40000) 10:55:04 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup(r0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0505510, &(0x7f0000000280)={0x0, 0x1, 0x0, 0x0, &(0x7f0000000900)=[{}]}) 10:55:04 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) lseek(r0, 0x0, 0x1) [ 120.808888] FAULT_INJECTION: forcing a failure. [ 120.808888] name failslab, interval 1, probability 0, space 0, times 0 [ 120.820474] CPU: 1 PID: 8222 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 120.828794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 120.838151] Call Trace: [ 120.840741] dump_stack+0x1c9/0x2b4 [ 120.844371] ? dump_stack_print_info.cold.2+0x52/0x52 [ 120.849570] ? perf_trace_lock+0xde/0x920 [ 120.853726] should_fail.cold.4+0xa/0x11 [ 120.857796] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 120.862909] ? kasan_check_write+0x14/0x20 [ 120.867147] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 120.872071] ? lock_downgrade+0x8f0/0x8f0 [ 120.876212] ? wait_for_completion+0x8d0/0x8d0 [ 120.880807] ? kasan_check_read+0x11/0x20 [ 120.884946] ? do_raw_spin_unlock+0xa7/0x2f0 [ 120.889342] ? kasan_check_write+0x14/0x20 [ 120.893561] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 120.898476] ? kasan_check_write+0x14/0x20 [ 120.902697] ? wait_for_completion+0x8d0/0x8d0 [ 120.907264] ? lock_acquire+0x1e4/0x540 [ 120.911221] ? fs_reclaim_acquire+0x20/0x20 [ 120.915525] ? lock_downgrade+0x8f0/0x8f0 [ 120.919674] ? kernfs_walk_and_get_ns+0x340/0x340 [ 120.924502] ? check_same_owner+0x340/0x340 [ 120.928808] ? rcu_note_context_switch+0x730/0x730 [ 120.933724] __should_failslab+0x124/0x180 [ 120.937945] should_failslab+0x9/0x14 [ 120.941731] kmem_cache_alloc_trace+0x2cb/0x780 [ 120.946386] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 120.951923] ? sysfs_add_file_mode_ns+0x22c/0x560 [ 120.956751] ? sysfs_add_file_mode_ns+0x23c/0x560 [ 120.961576] ? device_create_file+0x1e0/0x1e0 [ 120.966058] kobject_uevent_env+0x20f/0x1110 [ 120.970452] ? internal_create_group+0x39a/0x9e0 [ 120.975197] kobject_uevent+0x1f/0x30 [ 120.978984] lo_ioctl+0x1385/0x1d70 [ 120.982596] ? lo_rw_aio_complete+0x450/0x450 [ 120.987089] blkdev_ioctl+0x9cd/0x2030 [ 120.990957] ? lock_acquire+0x1e4/0x540 [ 120.994915] ? blkpg_ioctl+0xc40/0xc40 [ 120.998786] ? lock_release+0xa30/0xa30 [ 121.002744] ? save_stack+0xa9/0xd0 [ 121.006353] ? save_stack+0x43/0xd0 [ 121.009963] ? __fget+0x4d5/0x740 [ 121.013403] ? ksys_dup3+0x690/0x690 [ 121.017097] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 121.021671] ? kasan_check_write+0x14/0x20 [ 121.025898] ? do_raw_spin_lock+0xc1/0x200 [ 121.030119] block_ioctl+0xee/0x130 [ 121.033725] ? blkdev_fallocate+0x400/0x400 [ 121.038383] do_vfs_ioctl+0x1de/0x1720 [ 121.042257] ? ioctl_preallocate+0x300/0x300 [ 121.046647] ? __fget_light+0x2f7/0x440 [ 121.050610] ? fget_raw+0x20/0x20 [ 121.054052] ? trace_hardirqs_on+0xd/0x10 [ 121.058182] ? kmem_cache_free+0x22e/0x2d0 [ 121.062405] ? putname+0xf7/0x130 [ 121.065842] ? do_sys_open+0x3cb/0x720 [ 121.069714] ? security_file_ioctl+0x94/0xc0 [ 121.074104] ksys_ioctl+0xa9/0xd0 [ 121.077540] __x64_sys_ioctl+0x73/0xb0 [ 121.081415] do_syscall_64+0x1b9/0x820 [ 121.085284] ? finish_task_switch+0x1d3/0x870 [ 121.089765] ? syscall_return_slowpath+0x5e0/0x5e0 [ 121.094689] ? syscall_return_slowpath+0x31d/0x5e0 [ 121.099601] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 121.104609] ? prepare_exit_to_usermode+0x291/0x3b0 [ 121.109611] ? perf_trace_sys_enter+0xb10/0xb10 [ 121.114261] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 121.119099] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 121.124272] RIP: 0033:0x455c97 [ 121.127447] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d bb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 121.146645] RSP: 002b:00007f47d500fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 10:55:04 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) ioctl$KVM_DIRTY_TLB(r0, 0x4010aeaa, &(0x7f0000000140)={0x7, 0x3ff}) openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0x82, 0x0) 10:55:04 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) writev(0xffffffffffffffff, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000001031900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) [ 121.154345] RAX: ffffffffffffffda RBX: 0000000020000490 RCX: 0000000000455c97 [ 121.161593] RDX: 0000000000000015 RSI: 0000000000004c00 RDI: 0000000000000016 [ 121.168843] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 121.176093] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000015 [ 121.183355] R13: 0000000000000000 R14: 00000000004d3e80 R15: 0000000000000010 [ 121.194064] EXT4-fs (sda1): journaled quota format not specified 10:55:04 executing program 2: r0 = syz_open_dev$sndctrl(&(0x7f0000000d00)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0045520, &(0x7f00000002c0)=0xfffffdfd) 10:55:04 executing program 1 (fault-call:1 fault-nth:17): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:04 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) lseek(r0, 0x0, 0x1) 10:55:04 executing program 2: r0 = syz_open_dev$sndctrl(&(0x7f0000000d00)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0045520, &(0x7f00000002c0)=0xfffffdfd) [ 121.346691] FAULT_INJECTION: forcing a failure. [ 121.346691] name failslab, interval 1, probability 0, space 0, times 0 [ 121.357974] CPU: 0 PID: 8256 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 121.366293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 121.375640] Call Trace: [ 121.378218] dump_stack+0x1c9/0x2b4 [ 121.381832] ? dump_stack_print_info.cold.2+0x52/0x52 [ 121.387019] ? perf_trace_lock+0xde/0x920 [ 121.391159] should_fail.cold.4+0xa/0x11 [ 121.395210] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 121.400310] ? save_stack+0xa9/0xd0 [ 121.403923] ? kasan_kmalloc+0xc4/0xe0 [ 121.407792] ? kmem_cache_alloc_trace+0x152/0x780 [ 121.412616] ? kobject_uevent_env+0x20f/0x1110 [ 121.417182] ? kobject_uevent+0x1f/0x30 [ 121.421140] ? lo_ioctl+0x1385/0x1d70 [ 121.424922] ? blkdev_ioctl+0x9cd/0x2030 [ 121.428963] ? block_ioctl+0xee/0x130 [ 121.432747] ? ksys_ioctl+0xa9/0xd0 [ 121.436359] ? __x64_sys_ioctl+0x73/0xb0 [ 121.440405] ? do_syscall_64+0x1b9/0x820 [ 121.444449] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 121.449797] ? kasan_check_write+0x14/0x20 [ 121.454025] ? lock_acquire+0x1e4/0x540 [ 121.457982] ? fs_reclaim_acquire+0x20/0x20 [ 121.462285] ? lock_downgrade+0x8f0/0x8f0 [ 121.466419] ? check_same_owner+0x340/0x340 [ 121.470724] ? lock_release+0xa30/0xa30 [ 121.474695] ? rcu_note_context_switch+0x730/0x730 [ 121.479609] __should_failslab+0x124/0x180 [ 121.483827] should_failslab+0x9/0x14 [ 121.487608] __kmalloc+0x2c8/0x760 [ 121.491132] ? kobject_get_path+0xc2/0x1a0 [ 121.495353] kobject_get_path+0xc2/0x1a0 [ 121.499401] kobject_uevent_env+0x234/0x1110 [ 121.503791] ? internal_create_group+0x39a/0x9e0 [ 121.508547] kobject_uevent+0x1f/0x30 [ 121.512335] lo_ioctl+0x1385/0x1d70 [ 121.515959] ? lo_rw_aio_complete+0x450/0x450 [ 121.520437] blkdev_ioctl+0x9cd/0x2030 [ 121.524310] ? lock_acquire+0x1e4/0x540 [ 121.528269] ? blkpg_ioctl+0xc40/0xc40 [ 121.532149] ? lock_release+0xa30/0xa30 [ 121.536112] ? save_stack+0xa9/0xd0 [ 121.539720] ? save_stack+0x43/0xd0 [ 121.543332] ? __fget+0x4d5/0x740 [ 121.546768] ? ksys_dup3+0x690/0x690 [ 121.550473] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 121.555043] ? kasan_check_write+0x14/0x20 [ 121.559260] ? do_raw_spin_lock+0xc1/0x200 [ 121.563479] block_ioctl+0xee/0x130 [ 121.567101] ? blkdev_fallocate+0x400/0x400 [ 121.571405] do_vfs_ioctl+0x1de/0x1720 [ 121.575274] ? ioctl_preallocate+0x300/0x300 [ 121.579673] ? __fget_light+0x2f7/0x440 [ 121.583630] ? fget_raw+0x20/0x20 [ 121.587067] ? trace_hardirqs_on+0xd/0x10 [ 121.591198] ? kmem_cache_free+0x22e/0x2d0 [ 121.595415] ? putname+0xf7/0x130 [ 121.598850] ? do_sys_open+0x3cb/0x720 [ 121.602722] ? security_file_ioctl+0x94/0xc0 [ 121.607110] ksys_ioctl+0xa9/0xd0 [ 121.610548] __x64_sys_ioctl+0x73/0xb0 [ 121.614420] do_syscall_64+0x1b9/0x820 [ 121.618288] ? finish_task_switch+0x1d3/0x870 [ 121.622766] ? syscall_return_slowpath+0x5e0/0x5e0 [ 121.627680] ? syscall_return_slowpath+0x31d/0x5e0 [ 121.632590] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 121.637592] ? prepare_exit_to_usermode+0x291/0x3b0 [ 121.642853] ? perf_trace_sys_enter+0xb10/0xb10 [ 121.647518] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 121.652354] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 121.657526] RIP: 0033:0x455c97 [ 121.660695] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d bb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 121.679894] RSP: 002b:00007f47d500fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 121.687586] RAX: ffffffffffffffda RBX: 0000000020000490 RCX: 0000000000455c97 [ 121.694835] RDX: 0000000000000015 RSI: 0000000000004c00 RDI: 0000000000000016 [ 121.702083] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 121.709333] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000015 [ 121.716582] R13: 0000000000000000 R14: 00000000004d3e80 R15: 0000000000000011 [ 121.734150] EXT4-fs (sda1): journaled quota format not specified 10:55:05 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={"626373663000000000003c8211e900", 0x4000001}) ioctl$TUNSETGROUP(r0, 0x400454ce, 0x0) 10:55:05 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0), 0x0) 10:55:05 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup(r0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0505510, &(0x7f0000000280)={0x0, 0x1, 0x0, 0x0, &(0x7f0000000900)=[{}]}) 10:55:05 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000001c0)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000180), r1, 0x0, 0x2, 0x4}}, 0x20) r2 = accept(0xffffffffffffff9c, &(0x7f0000000200)=@in6={0x0, 0x0, 0x0, @ipv4={[], [], @loopback}}, &(0x7f0000000280)=0x80) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f00000002c0)={0x32, @empty, 0x4e21, 0x1, 'rr\x00', 0x12, 0xf98, 0x16}, 0x2c) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) r3 = memfd_create(&(0x7f0000000100)='/dev/infiniband/rdma_cm\x00', 0x2) ioctl$SG_SET_RESERVED_SIZE(r3, 0x2275, &(0x7f0000000140)=0x87) openat$null(0xffffffffffffff9c, &(0x7f0000000300)='/dev/null\x00', 0x208800, 0x0) 10:55:05 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) lseek(r0, 0x0, 0x1) 10:55:05 executing program 1 (fault-call:1 fault-nth:18): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x10, 0x0, &(0x7f0000000380)=[@clear_death={0x400c630f}], 0x0, 0x0, &(0x7f0000000480)}) 10:55:05 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0), 0x0) [ 121.802906] binder: 8268:8270 BC_CLEAR_DEATH_NOTIFICATION death notification not active [ 121.850466] binder: BINDER_SET_CONTEXT_MGR already set [ 121.854924] FAULT_INJECTION: forcing a failure. [ 121.854924] name failslab, interval 1, probability 0, space 0, times 0 [ 121.858404] binder: 8268:8270 ioctl 40046207 0 returned -16 [ 121.867076] CPU: 1 PID: 8282 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 121.874662] binder: 8268:8287 BC_CLEAR_DEATH_NOTIFICATION death notification not active [ 121.881052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 121.881058] Call Trace: [ 121.881077] dump_stack+0x1c9/0x2b4 [ 121.881092] ? dump_stack_print_info.cold.2+0x52/0x52 [ 121.881112] should_fail.cold.4+0xa/0x11 [ 121.913986] ? __kernel_text_address+0xd/0x40 [ 121.918492] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 121.923600] ? __save_stack_trace+0x8d/0xf0 [ 121.928495] ? save_stack+0xa9/0xd0 [ 121.932127] ? save_stack+0x43/0xd0 [ 121.935760] ? kasan_kmalloc+0xc4/0xe0 [ 121.939645] ? kasan_slab_alloc+0x12/0x20 [ 121.943784] ? kmem_cache_alloc_node+0x144/0x780 [ 121.948529] ? __alloc_skb+0x119/0x790 [ 121.952404] ? alloc_uevent_skb+0x89/0x220 [ 121.956625] ? kobject_uevent_env+0x866/0x1110 [ 121.961193] ? kobject_uevent+0x1f/0x30 [ 121.965151] ? lo_ioctl+0x1385/0x1d70 [ 121.968933] ? blkdev_ioctl+0x9cd/0x2030 [ 121.972982] ? block_ioctl+0xee/0x130 [ 121.976764] ? do_vfs_ioctl+0x1de/0x1720 [ 121.980806] ? ksys_ioctl+0xa9/0xd0 [ 121.984415] ? __x64_sys_ioctl+0x73/0xb0 [ 121.988465] ? lock_acquire+0x1e4/0x540 [ 121.992424] ? fs_reclaim_acquire+0x20/0x20 [ 121.996732] ? lock_downgrade+0x8f0/0x8f0 [ 122.000871] ? check_same_owner+0x340/0x340 [ 122.005177] ? lock_downgrade+0x8f0/0x8f0 [ 122.009309] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 122.014833] ? rcu_note_context_switch+0x730/0x730 [ 122.019767] __should_failslab+0x124/0x180 [ 122.023993] should_failslab+0x9/0x14 [ 122.027783] kmem_cache_alloc_node_trace+0x26f/0x770 [ 122.032870] ? kasan_kmalloc+0xc4/0xe0 [ 122.036746] __kmalloc_node_track_caller+0x33/0x70 [ 122.041665] __kmalloc_reserve.isra.41+0x3a/0xe0 [ 122.046419] __alloc_skb+0x155/0x790 [ 122.050120] ? skb_scrub_packet+0x490/0x490 [ 122.054426] ? lock_release+0xa30/0xa30 [ 122.058385] ? pointer+0x990/0x990 [ 122.061911] ? device_get_devnode+0x2e0/0x2e0 [ 122.066393] ? kasan_unpoison_shadow+0x35/0x50 [ 122.070969] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 122.075979] ? netlink_has_listeners+0x2cf/0x4a0 [ 122.080721] ? netlink_tap_init_net+0x3e0/0x3e0 [ 122.085376] alloc_uevent_skb+0x89/0x220 [ 122.089426] kobject_uevent_env+0x866/0x1110 [ 122.093821] ? internal_create_group+0x39a/0x9e0 [ 122.098577] kobject_uevent+0x1f/0x30 [ 122.102365] lo_ioctl+0x1385/0x1d70 [ 122.105978] ? lo_rw_aio_complete+0x450/0x450 [ 122.110461] blkdev_ioctl+0x9cd/0x2030 [ 122.114344] ? lock_acquire+0x1e4/0x540 [ 122.118305] ? blkpg_ioctl+0xc40/0xc40 [ 122.122177] ? lock_release+0xa30/0xa30 [ 122.126141] ? save_stack+0xa9/0xd0 [ 122.129751] ? save_stack+0x43/0xd0 [ 122.133364] ? __fget+0x4d5/0x740 [ 122.136805] ? ksys_dup3+0x690/0x690 [ 122.140500] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 122.145067] ? kasan_check_write+0x14/0x20 [ 122.149284] ? do_raw_spin_lock+0xc1/0x200 [ 122.153505] block_ioctl+0xee/0x130 [ 122.157116] ? blkdev_fallocate+0x400/0x400 [ 122.161420] do_vfs_ioctl+0x1de/0x1720 [ 122.165296] ? ioctl_preallocate+0x300/0x300 [ 122.169686] ? __fget_light+0x2f7/0x440 [ 122.173646] ? fget_raw+0x20/0x20 [ 122.177087] ? trace_hardirqs_on+0xd/0x10 [ 122.181219] ? kmem_cache_free+0x22e/0x2d0 [ 122.185438] ? putname+0xf7/0x130 [ 122.188876] ? do_sys_open+0x3cb/0x720 [ 122.192750] ? security_file_ioctl+0x94/0xc0 [ 122.197141] ksys_ioctl+0xa9/0xd0 [ 122.200580] __x64_sys_ioctl+0x73/0xb0 [ 122.204453] do_syscall_64+0x1b9/0x820 [ 122.208326] ? finish_task_switch+0x1d3/0x870 [ 122.212810] ? syscall_return_slowpath+0x5e0/0x5e0 [ 122.217724] ? syscall_return_slowpath+0x31d/0x5e0 [ 122.222637] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 122.227636] ? prepare_exit_to_usermode+0x291/0x3b0 [ 122.232636] ? perf_trace_sys_enter+0xb10/0xb10 [ 122.237290] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 122.242120] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 122.247293] RIP: 0033:0x455c97 [ 122.250461] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d bb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 122.269818] RSP: 002b:00007f47d500fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 122.277512] RAX: ffffffffffffffda RBX: 0000000020000490 RCX: 0000000000455c97 [ 122.284766] RDX: 0000000000000015 RSI: 0000000000004c00 RDI: 0000000000000016 [ 122.292020] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a 10:55:05 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) lseek(r0, 0x200000, 0x0) 10:55:05 executing program 3: syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(0xffffffffffffffff, 0xc0505510, &(0x7f0000000280)={0x0, 0x1, 0x0, 0x0, &(0x7f0000000900)=[{}]}) 10:55:05 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000100)={0xe, 0xffffffffffffffae, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) 10:55:05 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000001c0)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000180), r1, 0x0, 0x2, 0x4}}, 0x20) r2 = accept(0xffffffffffffff9c, &(0x7f0000000200)=@in6={0x0, 0x0, 0x0, @ipv4={[], [], @loopback}}, &(0x7f0000000280)=0x80) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f00000002c0)={0x32, @empty, 0x4e21, 0x1, 'rr\x00', 0x12, 0xf98, 0x16}, 0x2c) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) r3 = memfd_create(&(0x7f0000000100)='/dev/infiniband/rdma_cm\x00', 0x2) ioctl$SG_SET_RESERVED_SIZE(r3, 0x2275, &(0x7f0000000140)=0x87) openat$null(0xffffffffffffff9c, &(0x7f0000000300)='/dev/null\x00', 0x208800, 0x0) [ 122.299277] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000015 [ 122.306529] R13: 0000000000000000 R14: 00000000004d3e80 R15: 0000000000000012 [ 122.316235] EXT4-fs (sda1): journaled quota format not specified 10:55:05 executing program 7 (fault-call:2 fault-nth:0): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:55:06 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) r1 = dup(r0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0505510, &(0x7f0000000280)={0x0, 0x1, 0x0, 0x0, &(0x7f0000000900)=[{}]}) 10:55:06 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0), 0x0) 10:55:06 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) lseek(r0, 0x200000, 0x0) 10:55:06 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) r2 = syz_open_dev$mice(&(0x7f0000000100)='/dev/input/mice\x00', 0x0, 0x400) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000140)=0x400, 0x4) semget(0x1, 0x0, 0x11) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000240)={{{@in6=@loopback, @in=@loopback}}, {{@in6=@ipv4}, 0x0, @in6=@ipv4={[], [], @local}}}, &(0x7f0000000180)=0xe8) 10:55:06 executing program 1 (fault-call:1 fault-nth:19): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) [ 122.443296] FAULT_INJECTION: forcing a failure. [ 122.443296] name failslab, interval 1, probability 0, space 0, times 0 [ 122.454637] CPU: 0 PID: 8316 Comm: syz-executor7 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 122.462969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 122.472327] Call Trace: [ 122.474910] dump_stack+0x1c9/0x2b4 [ 122.478535] ? dump_stack_print_info.cold.2+0x52/0x52 [ 122.483723] ? perf_trace_lock+0x49d/0x920 [ 122.487958] should_fail.cold.4+0xa/0x11 [ 122.492024] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 122.497122] ? zap_class+0x740/0x740 [ 122.500827] ? zap_class+0x740/0x740 [ 122.504571] ? lock_acquire+0x1e4/0x540 [ 122.508536] ? fs_reclaim_acquire+0x20/0x20 [ 122.512853] ? lock_downgrade+0x8f0/0x8f0 [ 122.517000] ? release_sock+0x1ec/0x2c0 [ 122.520971] ? check_same_owner+0x340/0x340 [ 122.525298] ? lock_downgrade+0x8f0/0x8f0 [ 122.529445] ? rcu_note_context_switch+0x730/0x730 [ 122.534376] __should_failslab+0x124/0x180 [ 122.538608] should_failslab+0x9/0x14 [ 122.542406] kmem_cache_alloc_node+0x272/0x780 [ 122.546988] ? __local_bh_enable_ip+0x161/0x230 [ 122.551654] ? _raw_spin_unlock_bh+0x30/0x40 [ 122.556068] __alloc_skb+0x119/0x790 [ 122.559786] ? skb_scrub_packet+0x490/0x490 [ 122.564107] ? netlink_insert+0x15d/0x3f0 [ 122.568261] ? __netlink_insert+0x13d0/0x13d0 [ 122.572762] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 122.578295] ? netlink_autobind.isra.34+0x23b/0x320 [ 122.583327] netlink_sendmsg+0xb29/0xfc0 [ 122.587401] ? netlink_unicast+0x760/0x760 [ 122.591641] ? move_addr_to_kernel.part.20+0x100/0x100 [ 122.596914] ? security_socket_sendmsg+0x94/0xc0 [ 122.601661] ? netlink_unicast+0x760/0x760 [ 122.605892] sock_sendmsg+0xd5/0x120 [ 122.609601] ___sys_sendmsg+0x7fd/0x930 [ 122.613581] ? copy_msghdr_from_user+0x580/0x580 [ 122.618330] ? __f_unlock_pos+0x19/0x20 [ 122.622299] ? lock_downgrade+0x8f0/0x8f0 [ 122.626441] ? proc_fail_nth_write+0x9e/0x210 [ 122.630933] ? __fget_light+0x2f7/0x440 [ 122.634899] ? fget_raw+0x20/0x20 [ 122.638355] ? kasan_check_write+0x14/0x20 [ 122.642582] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 122.647499] ? fsnotify+0xbac/0x14e0 [ 122.651208] ? vfs_write+0x2f3/0x560 [ 122.654918] ? wait_for_completion+0x8d0/0x8d0 [ 122.659489] ? lock_release+0xa30/0xa30 [ 122.663468] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 122.668997] ? sockfd_lookup_light+0xc5/0x160 [ 122.673491] __sys_sendmsg+0x11d/0x290 [ 122.677371] ? __ia32_sys_shutdown+0x80/0x80 [ 122.681782] ? __sb_end_write+0xac/0xe0 [ 122.685759] ? fput+0x130/0x1a0 [ 122.689034] ? ksys_write+0x1ae/0x260 [ 122.692840] ? syscall_slow_exit_work+0x500/0x500 [ 122.697682] __x64_sys_sendmsg+0x78/0xb0 [ 122.701736] do_syscall_64+0x1b9/0x820 [ 122.705615] ? syscall_slow_exit_work+0x500/0x500 [ 122.710451] ? syscall_return_slowpath+0x5e0/0x5e0 [ 122.715372] ? syscall_return_slowpath+0x31d/0x5e0 [ 122.720303] ? prepare_exit_to_usermode+0x291/0x3b0 [ 122.725310] ? perf_trace_sys_enter+0xb10/0xb10 [ 122.729974] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 122.734816] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 122.739994] RIP: 0033:0x455e29 [ 122.743174] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 122.762675] RSP: 002b:00007f2f8780dc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 122.770381] RAX: ffffffffffffffda RBX: 00007f2f8780e6d4 RCX: 0000000000455e29 [ 122.777644] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 122.784905] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 10:55:06 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000001c0)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000180), r1, 0x0, 0x2, 0x4}}, 0x20) r2 = accept(0xffffffffffffff9c, &(0x7f0000000200)=@in6={0x0, 0x0, 0x0, @ipv4={[], [], @loopback}}, &(0x7f0000000280)=0x80) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f00000002c0)={0x32, @empty, 0x4e21, 0x1, 'rr\x00', 0x12, 0xf98, 0x16}, 0x2c) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) r3 = memfd_create(&(0x7f0000000100)='/dev/infiniband/rdma_cm\x00', 0x2) ioctl$SG_SET_RESERVED_SIZE(r3, 0x2275, &(0x7f0000000140)=0x87) openat$null(0xffffffffffffff9c, &(0x7f0000000300)='/dev/null\x00', 0x208800, 0x0) 10:55:06 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)}], 0x1) [ 122.792161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 122.799417] R13: 00000000004c1482 R14: 00000000004d1948 R15: 0000000000000000 [ 122.827965] FAULT_INJECTION: forcing a failure. [ 122.827965] name failslab, interval 1, probability 0, space 0, times 0 10:55:06 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) r1 = dup(r0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0505510, &(0x7f0000000280)={0x0, 0x1, 0x0, 0x0, &(0x7f0000000900)=[{}]}) 10:55:06 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) lseek(r0, 0x200000, 0x0) 10:55:06 executing program 7 (fault-call:2 fault-nth:1): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) [ 122.839249] CPU: 1 PID: 8321 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 122.847566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 122.856915] Call Trace: [ 122.859503] dump_stack+0x1c9/0x2b4 [ 122.863130] ? dump_stack_print_info.cold.2+0x52/0x52 [ 122.868330] should_fail.cold.4+0xa/0x11 [ 122.872398] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 122.877506] ? lock_acquire+0x1e4/0x540 [ 122.881472] ? trace_hardirqs_on+0x10/0x10 [ 122.885701] ? lock_release+0xa30/0xa30 [ 122.889664] ? check_same_owner+0x340/0x340 [ 122.893975] ? rcu_note_context_switch+0x730/0x730 [ 122.898900] ? kasan_check_write+0x14/0x20 [ 122.903123] ? lock_acquire+0x1e4/0x540 [ 122.907084] ? fs_reclaim_acquire+0x20/0x20 [ 122.911390] ? lock_downgrade+0x8f0/0x8f0 [ 122.915522] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 122.921049] ? check_same_owner+0x340/0x340 [ 122.925358] ? number+0x967/0xc90 [ 122.928798] ? rcu_note_context_switch+0x730/0x730 [ 122.933740] __should_failslab+0x124/0x180 [ 122.937966] should_failslab+0x9/0x14 [ 122.941754] kmem_cache_alloc_node+0x272/0x780 [ 122.946317] ? set_precision+0xe0/0xe0 [ 122.950197] __alloc_skb+0x119/0x790 [ 122.953902] ? skb_scrub_packet+0x490/0x490 [ 122.958210] ? lock_release+0xa30/0xa30 [ 122.962169] ? pointer+0x990/0x990 [ 122.965694] ? device_get_devnode+0x2e0/0x2e0 [ 122.970188] ? kasan_unpoison_shadow+0x35/0x50 [ 122.974759] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 122.979767] ? netlink_has_listeners+0x2cf/0x4a0 [ 122.984511] ? netlink_tap_init_net+0x3e0/0x3e0 [ 122.989169] alloc_uevent_skb+0x89/0x220 [ 122.993219] kobject_uevent_env+0x866/0x1110 [ 122.997611] ? internal_create_group+0x39a/0x9e0 [ 123.002358] kobject_uevent+0x1f/0x30 [ 123.006147] lo_ioctl+0x1385/0x1d70 [ 123.009765] ? lo_rw_aio_complete+0x450/0x450 [ 123.014245] blkdev_ioctl+0x9cd/0x2030 [ 123.018118] ? lock_acquire+0x1e4/0x540 [ 123.022075] ? blkpg_ioctl+0xc40/0xc40 [ 123.025949] ? lock_release+0xa30/0xa30 [ 123.029912] ? save_stack+0xa9/0xd0 [ 123.033527] ? save_stack+0x43/0xd0 [ 123.037143] ? __fget+0x4d5/0x740 [ 123.040585] ? ksys_dup3+0x690/0x690 [ 123.044280] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 123.048850] ? kasan_check_write+0x14/0x20 [ 123.053070] ? do_raw_spin_lock+0xc1/0x200 [ 123.057296] block_ioctl+0xee/0x130 [ 123.060907] ? blkdev_fallocate+0x400/0x400 [ 123.065214] do_vfs_ioctl+0x1de/0x1720 [ 123.069089] ? ioctl_preallocate+0x300/0x300 [ 123.073483] ? __fget_light+0x2f7/0x440 [ 123.077443] ? fget_raw+0x20/0x20 [ 123.080883] ? trace_hardirqs_on+0xd/0x10 [ 123.085017] ? kmem_cache_free+0x22e/0x2d0 [ 123.089239] ? putname+0xf7/0x130 [ 123.092676] ? do_sys_open+0x3cb/0x720 [ 123.096560] ? security_file_ioctl+0x94/0xc0 [ 123.100952] ksys_ioctl+0xa9/0xd0 [ 123.104392] __x64_sys_ioctl+0x73/0xb0 [ 123.108266] do_syscall_64+0x1b9/0x820 [ 123.112145] ? finish_task_switch+0x1d3/0x870 [ 123.116627] ? syscall_return_slowpath+0x5e0/0x5e0 [ 123.121541] ? syscall_return_slowpath+0x31d/0x5e0 [ 123.126456] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 123.131458] ? prepare_exit_to_usermode+0x291/0x3b0 [ 123.136461] ? perf_trace_sys_enter+0xb10/0xb10 [ 123.141113] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 123.145945] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 123.151117] RIP: 0033:0x455c97 [ 123.154286] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d bb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 123.173557] RSP: 002b:00007f47d500fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 123.181247] RAX: ffffffffffffffda RBX: 0000000020000490 RCX: 0000000000455c97 [ 123.188500] RDX: 0000000000000015 RSI: 0000000000004c00 RDI: 0000000000000016 10:55:06 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) r1 = dup(r0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0505510, &(0x7f0000000280)={0x0, 0x1, 0x0, 0x0, &(0x7f0000000900)=[{}]}) [ 123.195752] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 123.203008] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000015 [ 123.210285] R13: 0000000000000000 R14: 00000000004d3e80 R15: 0000000000000013 [ 123.248871] EXT4-fs (sda1): journaled quota format not specified [ 123.279636] FAULT_INJECTION: forcing a failure. [ 123.279636] name failslab, interval 1, probability 0, space 0, times 0 [ 123.290963] CPU: 0 PID: 8330 Comm: syz-executor7 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 123.299285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 123.308635] Call Trace: [ 123.311219] dump_stack+0x1c9/0x2b4 [ 123.314843] ? dump_stack_print_info.cold.2+0x52/0x52 [ 123.320032] ? perf_trace_lock+0x49d/0x920 [ 123.324271] should_fail.cold.4+0xa/0x11 [ 123.328332] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 123.333432] ? __save_stack_trace+0x8d/0xf0 [ 123.337772] ? save_stack+0x43/0xd0 [ 123.341389] ? kasan_kmalloc+0xc4/0xe0 [ 123.345269] ? kasan_slab_alloc+0x12/0x20 [ 123.349408] ? kmem_cache_alloc_node+0x144/0x780 [ 123.354157] ? netlink_sendmsg+0xb29/0xfc0 [ 123.358386] ? sock_sendmsg+0xd5/0x120 [ 123.362262] ? ___sys_sendmsg+0x7fd/0x930 [ 123.366397] ? __sys_sendmsg+0x11d/0x290 [ 123.370447] ? __x64_sys_sendmsg+0x78/0xb0 [ 123.374673] ? do_syscall_64+0x1b9/0x820 [ 123.378739] ? lock_acquire+0x1e4/0x540 [ 123.382704] ? fs_reclaim_acquire+0x20/0x20 [ 123.387022] ? lock_downgrade+0x8f0/0x8f0 [ 123.391175] ? check_same_owner+0x340/0x340 [ 123.395506] ? lock_downgrade+0x8f0/0x8f0 [ 123.399652] ? rcu_note_context_switch+0x730/0x730 [ 123.404584] __should_failslab+0x124/0x180 [ 123.408814] should_failslab+0x9/0x14 [ 123.412608] kmem_cache_alloc_node_trace+0x26f/0x770 [ 123.417705] ? kasan_kmalloc+0xc4/0xe0 [ 123.421595] __kmalloc_node_track_caller+0x33/0x70 [ 123.426522] __kmalloc_reserve.isra.41+0x3a/0xe0 [ 123.431277] __alloc_skb+0x155/0x790 [ 123.434989] ? skb_scrub_packet+0x490/0x490 [ 123.439312] ? netlink_insert+0x15d/0x3f0 [ 123.443462] ? __netlink_insert+0x13d0/0x13d0 [ 123.447964] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 123.453493] ? netlink_autobind.isra.34+0x23b/0x320 [ 123.458507] netlink_sendmsg+0xb29/0xfc0 [ 123.462570] ? netlink_unicast+0x760/0x760 [ 123.466801] ? move_addr_to_kernel.part.20+0x100/0x100 [ 123.472072] ? security_socket_sendmsg+0x94/0xc0 [ 123.476816] ? netlink_unicast+0x760/0x760 [ 123.481045] sock_sendmsg+0xd5/0x120 [ 123.484751] ___sys_sendmsg+0x7fd/0x930 [ 123.488727] ? copy_msghdr_from_user+0x580/0x580 [ 123.493474] ? __f_unlock_pos+0x19/0x20 [ 123.497441] ? lock_downgrade+0x8f0/0x8f0 [ 123.501586] ? proc_fail_nth_write+0x9e/0x210 [ 123.506075] ? __fget_light+0x2f7/0x440 [ 123.510039] ? lock_acquire+0x1e4/0x540 [ 123.514007] ? fget_raw+0x20/0x20 [ 123.517465] ? kasan_check_write+0x14/0x20 [ 123.521704] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 123.526624] ? fsnotify+0xbac/0x14e0 [ 123.530334] ? vfs_write+0x2f3/0x560 [ 123.534040] ? wait_for_completion+0x8d0/0x8d0 [ 123.538614] ? lock_release+0xa30/0xa30 [ 123.542594] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 123.548122] ? sockfd_lookup_light+0xc5/0x160 [ 123.552615] __sys_sendmsg+0x11d/0x290 [ 123.556494] ? __ia32_sys_shutdown+0x80/0x80 [ 123.560897] ? __sb_end_write+0xac/0xe0 [ 123.564871] ? fput+0x130/0x1a0 [ 123.568144] ? ksys_write+0x1ae/0x260 [ 123.571954] ? syscall_slow_exit_work+0x500/0x500 [ 123.576797] __x64_sys_sendmsg+0x78/0xb0 [ 123.580854] do_syscall_64+0x1b9/0x820 [ 123.584730] ? finish_task_switch+0x1d3/0x870 [ 123.589222] ? syscall_return_slowpath+0x5e0/0x5e0 [ 123.594146] ? syscall_return_slowpath+0x31d/0x5e0 [ 123.599068] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 123.604074] ? prepare_exit_to_usermode+0x291/0x3b0 [ 123.609082] ? perf_trace_sys_enter+0xb10/0xb10 [ 123.613742] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 123.618588] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 123.623768] RIP: 0033:0x455e29 [ 123.626946] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 10:55:07 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)}], 0x1) 10:55:07 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000001c0)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000180), r1, 0x0, 0x2, 0x4}}, 0x20) r2 = accept(0xffffffffffffff9c, &(0x7f0000000200)=@in6={0x0, 0x0, 0x0, @ipv4={[], [], @loopback}}, &(0x7f0000000280)=0x80) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f00000002c0)={0x32, @empty, 0x4e21, 0x1, 'rr\x00', 0x12, 0xf98, 0x16}, 0x2c) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) r3 = memfd_create(&(0x7f0000000100)='/dev/infiniband/rdma_cm\x00', 0x2) ioctl$SG_SET_RESERVED_SIZE(r3, 0x2275, &(0x7f0000000140)=0x87) openat$null(0xffffffffffffff9c, &(0x7f0000000300)='/dev/null\x00', 0x208800, 0x0) [ 123.646446] RSP: 002b:00007f2f8780dc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 123.654147] RAX: ffffffffffffffda RBX: 00007f2f8780e6d4 RCX: 0000000000455e29 [ 123.661406] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 123.668664] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 123.675925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 123.683183] R13: 00000000004c1482 R14: 00000000004d1948 R15: 0000000000000001 10:55:07 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000001c0)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000180), r1, 0x0, 0x2, 0x4}}, 0x20) r2 = accept(0xffffffffffffff9c, &(0x7f0000000200)=@in6={0x0, 0x0, 0x0, @ipv4={[], [], @loopback}}, &(0x7f0000000280)=0x80) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f00000002c0)={0x32, @empty, 0x4e21, 0x1, 'rr\x00', 0x12, 0xf98, 0x16}, 0x2c) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) r3 = memfd_create(&(0x7f0000000100)='/dev/infiniband/rdma_cm\x00', 0x2) ioctl$SG_SET_RESERVED_SIZE(r3, 0x2275, &(0x7f0000000140)=0x87) 10:55:07 executing program 7 (fault-call:2 fault-nth:2): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:55:07 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) readlink(&(0x7f0000000100)='./file0\x00', &(0x7f0000000240)=""/162, 0xa2) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x23, 0xfa00, {r1}}, 0x10) 10:55:07 executing program 1 (fault-call:1 fault-nth:20): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:07 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)}], 0x1) 10:55:07 executing program 3: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = dup(0xffffffffffffffff) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r0, 0xc0505510, &(0x7f0000000280)={0x0, 0x1, 0x0, 0x0, &(0x7f0000000900)=[{}]}) [ 123.800921] FAULT_INJECTION: forcing a failure. [ 123.800921] name failslab, interval 1, probability 0, space 0, times 0 [ 123.812280] CPU: 1 PID: 8365 Comm: syz-executor7 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 123.820608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 123.829969] Call Trace: [ 123.832577] dump_stack+0x1c9/0x2b4 [ 123.836223] ? dump_stack_print_info.cold.2+0x52/0x52 [ 123.841431] ? perf_trace_lock+0x49d/0x920 [ 123.845691] should_fail.cold.4+0xa/0x11 [ 123.849765] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 123.854866] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 123.859786] ? fib6_locate_1+0x251/0x740 [ 123.863847] ? wait_for_completion+0x8d0/0x8d0 [ 123.868425] ? lock_acquire+0x1e4/0x540 [ 123.872404] ? lock_downgrade+0x8f0/0x8f0 [ 123.876549] ? lock_release+0xa30/0xa30 [ 123.880515] ? fib6_net_init+0x950/0x950 [ 123.884578] ? lock_acquire+0x1e4/0x540 [ 123.888542] ? fs_reclaim_acquire+0x20/0x20 [ 123.892854] ? lock_downgrade+0x8f0/0x8f0 [ 123.897001] ? netdev_run_todo+0x75e/0xa80 [ 123.901236] ? check_same_owner+0x340/0x340 [ 123.905552] ? rcu_note_context_switch+0x730/0x730 [ 123.910488] __should_failslab+0x124/0x180 [ 123.914721] should_failslab+0x9/0x14 [ 123.918525] kmem_cache_alloc_node+0x272/0x780 [ 123.923116] __alloc_skb+0x119/0x790 [ 123.927443] ? skb_scrub_packet+0x490/0x490 [ 123.931768] ? ip6_route_multipath_del+0x530/0x530 [ 123.936694] ? rtnetlink_rcv_msg+0x3d5/0xc30 [ 123.941123] ? ip6_route_multipath_del+0x530/0x530 [ 123.946049] netlink_ack+0x2df/0xbe0 [ 123.949761] ? netlink_sendmsg+0xfc0/0xfc0 [ 123.954000] netlink_rcv_skb+0x35d/0x440 [ 123.958061] ? rtnetlink_put_metrics+0x690/0x690 [ 123.962814] ? netlink_ack+0xbe0/0xbe0 [ 123.966710] rtnetlink_rcv+0x1c/0x20 [ 123.970416] netlink_unicast+0x5a0/0x760 [ 123.974477] ? netlink_attachskb+0x9a0/0x9a0 [ 123.978880] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 123.984410] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 123.989425] netlink_sendmsg+0xa18/0xfc0 [ 123.993490] ? netlink_unicast+0x760/0x760 [ 123.997722] ? move_addr_to_kernel.part.20+0x100/0x100 [ 124.002996] ? security_socket_sendmsg+0x94/0xc0 [ 124.007758] ? netlink_unicast+0x760/0x760 [ 124.011988] sock_sendmsg+0xd5/0x120 [ 124.015700] ___sys_sendmsg+0x7fd/0x930 [ 124.019673] ? copy_msghdr_from_user+0x580/0x580 [ 124.024423] ? __f_unlock_pos+0x19/0x20 [ 124.028389] ? lock_downgrade+0x8f0/0x8f0 [ 124.032533] ? proc_fail_nth_write+0x9e/0x210 [ 124.037031] ? __fget_light+0x2f7/0x440 [ 124.040997] ? lock_acquire+0x1e4/0x540 [ 124.044969] ? fget_raw+0x20/0x20 [ 124.048423] ? kasan_check_write+0x14/0x20 [ 124.052651] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 124.057571] ? fsnotify+0xbac/0x14e0 [ 124.061275] ? vfs_write+0x2f3/0x560 [ 124.064986] ? wait_for_completion+0x8d0/0x8d0 [ 124.069559] ? lock_release+0xa30/0xa30 [ 124.073540] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 124.079068] ? sockfd_lookup_light+0xc5/0x160 [ 124.083560] __sys_sendmsg+0x11d/0x290 [ 124.087442] ? __ia32_sys_shutdown+0x80/0x80 [ 124.091843] ? __sb_end_write+0xac/0xe0 [ 124.095824] ? fput+0x130/0x1a0 [ 124.099107] ? ksys_write+0x1ae/0x260 [ 124.102922] __x64_sys_sendmsg+0x78/0xb0 [ 124.106980] do_syscall_64+0x1b9/0x820 [ 124.110860] ? finish_task_switch+0x1d3/0x870 [ 124.115350] ? syscall_return_slowpath+0x5e0/0x5e0 [ 124.120272] ? syscall_return_slowpath+0x31d/0x5e0 [ 124.125195] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 124.130204] ? prepare_exit_to_usermode+0x291/0x3b0 [ 124.135213] ? perf_trace_sys_enter+0xb10/0xb10 [ 124.139877] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 124.144722] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 124.149916] RIP: 0033:0x455e29 [ 124.153090] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 124.172582] RSP: 002b:00007f2f8780dc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 124.180286] RAX: ffffffffffffffda RBX: 00007f2f8780e6d4 RCX: 0000000000455e29 [ 124.187555] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 124.194815] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 10:55:07 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f000000010319000000070000000681", 0x10}], 0x1) [ 124.202071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 124.209330] R13: 00000000004c1482 R14: 00000000004d1948 R15: 0000000000000002 [ 124.239739] FAULT_INJECTION: forcing a failure. [ 124.239739] name failslab, interval 1, probability 0, space 0, times 0 10:55:07 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000001c0)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000180), r1, 0x0, 0x2, 0x4}}, 0x20) r2 = accept(0xffffffffffffff9c, &(0x7f0000000200)=@in6={0x0, 0x0, 0x0, @ipv4={[], [], @loopback}}, &(0x7f0000000280)=0x80) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f00000002c0)={0x32, @empty, 0x4e21, 0x1, 'rr\x00', 0x12, 0xf98, 0x16}, 0x2c) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) memfd_create(&(0x7f0000000100)='/dev/infiniband/rdma_cm\x00', 0x2) 10:55:07 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f000000010319000000070000000681", 0x10}], 0x1) [ 124.251049] CPU: 0 PID: 8372 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 124.259361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 124.268712] Call Trace: [ 124.271303] dump_stack+0x1c9/0x2b4 [ 124.274932] ? dump_stack_print_info.cold.2+0x52/0x52 [ 124.280131] ? perf_trace_lock+0xde/0x920 [ 124.284293] should_fail.cold.4+0xa/0x11 [ 124.288354] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 124.293454] ? __save_stack_trace+0x8d/0xf0 [ 124.297788] ? save_stack+0x43/0xd0 10:55:07 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) r2 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000240)={@in6={{0xa, 0x4e24, 0x80000000, @ipv4={[], [0xff, 0xff], @multicast2=0xe0000002}, 0x9}}, 0x36e, 0x6, 0x81, "c3e8400c14c060d7303ba5ac55645c13bb708e52a5a21c62c3fc09ee7cb9c7e24ac567268e82025086bc7262a44fbd8b3ab3384a44bad678fcb168e47fd72590a698b249ca99b37d22e1c6cc84045401"}, 0xd8) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) [ 124.301420] ? kasan_slab_alloc+0x12/0x20 [ 124.305573] ? kmem_cache_alloc_node+0x144/0x780 [ 124.310338] ? alloc_uevent_skb+0x89/0x220 [ 124.314574] ? kobject_uevent_env+0x866/0x1110 [ 124.319160] ? kobject_uevent+0x1f/0x30 [ 124.323137] ? lo_ioctl+0x1385/0x1d70 [ 124.326941] ? block_ioctl+0xee/0x130 [ 124.330747] ? lock_acquire+0x1e4/0x540 [ 124.334703] ? fs_reclaim_acquire+0x20/0x20 [ 124.339018] ? lock_downgrade+0x8f0/0x8f0 [ 124.343190] ? check_same_owner+0x340/0x340 [ 124.347511] ? lock_downgrade+0x8f0/0x8f0 [ 124.351667] ? rcu_note_context_switch+0x730/0x730 [ 124.356589] __should_failslab+0x124/0x180 [ 124.360811] should_failslab+0x9/0x14 [ 124.364609] kmem_cache_alloc_node_trace+0x26f/0x770 [ 124.369700] ? kasan_kmalloc+0xc4/0xe0 [ 124.373578] __kmalloc_node_track_caller+0x33/0x70 [ 124.378496] __kmalloc_reserve.isra.41+0x3a/0xe0 [ 124.383250] __alloc_skb+0x155/0x790 [ 124.386960] ? skb_scrub_packet+0x490/0x490 [ 124.391283] ? lock_release+0xa30/0xa30 [ 124.395242] ? device_get_devnode+0x2e0/0x2e0 [ 124.399734] ? kasan_unpoison_shadow+0x35/0x50 [ 124.404319] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 124.409319] ? netlink_has_listeners+0x2cf/0x4a0 [ 124.414069] ? netlink_tap_init_net+0x3e0/0x3e0 [ 124.418727] alloc_uevent_skb+0x89/0x220 [ 124.422772] kobject_uevent_env+0x866/0x1110 [ 124.427179] ? internal_create_group+0x39a/0x9e0 [ 124.431922] kobject_uevent+0x1f/0x30 [ 124.435712] lo_ioctl+0x1385/0x1d70 [ 124.439334] ? lo_rw_aio_complete+0x450/0x450 [ 124.443825] blkdev_ioctl+0x9cd/0x2030 [ 124.447697] ? lock_acquire+0x1e4/0x540 [ 124.451664] ? blkpg_ioctl+0xc40/0xc40 [ 124.455540] ? lock_release+0xa30/0xa30 [ 124.459499] ? save_stack+0xa9/0xd0 [ 124.463105] ? save_stack+0x43/0xd0 [ 124.466724] ? __fget+0x4d5/0x740 [ 124.470167] ? ksys_dup3+0x690/0x690 [ 124.473860] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 124.478424] ? kasan_check_write+0x14/0x20 [ 124.482636] ? do_raw_spin_lock+0xc1/0x200 [ 124.486857] block_ioctl+0xee/0x130 [ 124.490465] ? blkdev_fallocate+0x400/0x400 [ 124.494765] do_vfs_ioctl+0x1de/0x1720 [ 124.498634] ? ioctl_preallocate+0x300/0x300 [ 124.503026] ? __fget_light+0x2f7/0x440 [ 124.506991] ? fget_raw+0x20/0x20 [ 124.510428] ? trace_hardirqs_on+0xd/0x10 [ 124.514553] ? kmem_cache_free+0x22e/0x2d0 [ 124.518771] ? putname+0xf7/0x130 [ 124.522206] ? do_sys_open+0x3cb/0x720 [ 124.526077] ? security_file_ioctl+0x94/0xc0 [ 124.530472] ksys_ioctl+0xa9/0xd0 [ 124.533923] __x64_sys_ioctl+0x73/0xb0 [ 124.537793] do_syscall_64+0x1b9/0x820 [ 124.541662] ? finish_task_switch+0x1d3/0x870 [ 124.546140] ? syscall_return_slowpath+0x5e0/0x5e0 [ 124.551050] ? syscall_return_slowpath+0x31d/0x5e0 [ 124.555961] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 124.560960] ? prepare_exit_to_usermode+0x291/0x3b0 [ 124.565957] ? perf_trace_sys_enter+0xb10/0xb10 [ 124.570608] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 124.575430] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 124.580599] RIP: 0033:0x455c97 [ 124.583765] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d bb fb ff c3 66 2e 0f 1f 84 00 00 00 00 10:55:08 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000001c0)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000180), r1, 0x0, 0x2, 0x4}}, 0x20) r2 = accept(0xffffffffffffff9c, &(0x7f0000000200)=@in6={0x0, 0x0, 0x0, @ipv4={[], [], @loopback}}, &(0x7f0000000280)=0x80) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f00000002c0)={0x32, @empty, 0x4e21, 0x1, 'rr\x00', 0x12, 0xf98, 0x16}, 0x2c) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) [ 124.602911] RSP: 002b:00007f47d500fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 124.610598] RAX: ffffffffffffffda RBX: 0000000020000490 RCX: 0000000000455c97 [ 124.617851] RDX: 0000000000000015 RSI: 0000000000004c00 RDI: 0000000000000016 [ 124.625107] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 124.632361] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000015 [ 124.639611] R13: 0000000000000000 R14: 00000000004d3e80 R15: 0000000000000014 10:55:08 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup(r0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0505510, &(0x7f0000000280)={0x0, 0x1, 0x0, 0x0, &(0x7f0000000900)=[{}]}) 10:55:08 executing program 7 (fault-call:2 fault-nth:3): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:55:08 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000140)={&(0x7f0000000100)='./file0\x00', r0}, 0x10) r2 = msgget$private(0x0, 0x10) msgsnd(r2, &(0x7f0000000240)={0x1, "7fe3b7e163999038ddff1a89c6a81e6feb3addba4d0f7d3123e4deb9879c9155ce11527d3e786c775aa7582e152b5e0ae4dc88ff0482f08d1b08fc71ffaaed0a45d205316657d160ddd0ac082dae7bdd3030fcd15f0d3280c88f0e70457133cbb932774675907aee8221f04ce7bc8f6b891cc6f4216dfe627fed4671e6121bc2855ba52c1d1fbb9611bc98b80d30be4a8003d095a0fd584fc47092242d5b04b670be72778d36f3ebdb3c6eeb7a091a7c2ed866515a29aedd5aa997a128ffb516f40173b1438a582c12a46906a9666098091dea696db9f17d13c9885b3a3dac28848c85a9b84f349298746de54510"}, 0xf6, 0x800) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) [ 124.667806] EXT4-fs (sda1): journaled quota format not specified 10:55:08 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f000000010319000000070000000681", 0x10}], 0x1) 10:55:08 executing program 1 (fault-call:1 fault-nth:21): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) [ 124.753332] FAULT_INJECTION: forcing a failure. [ 124.753332] name failslab, interval 1, probability 0, space 0, times 0 [ 124.764608] CPU: 1 PID: 8409 Comm: syz-executor7 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 124.772929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 124.782283] Call Trace: [ 124.784869] dump_stack+0x1c9/0x2b4 [ 124.788499] ? dump_stack_print_info.cold.2+0x52/0x52 [ 124.793693] ? perf_trace_lock+0x49d/0x920 [ 124.797941] should_fail.cold.4+0xa/0x11 [ 124.802002] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 124.807103] ? __save_stack_trace+0x8d/0xf0 [ 124.811440] ? save_stack+0x43/0xd0 [ 124.815061] ? kasan_kmalloc+0xc4/0xe0 [ 124.818939] ? kasan_slab_alloc+0x12/0x20 [ 124.823079] ? kmem_cache_alloc_node+0x144/0x780 [ 124.827826] ? netlink_ack+0x2df/0xbe0 [ 124.831701] ? netlink_rcv_skb+0x35d/0x440 [ 124.835932] ? rtnetlink_rcv+0x1c/0x20 [ 124.839811] ? netlink_unicast+0x5a0/0x760 [ 124.844036] ? netlink_sendmsg+0xa18/0xfc0 [ 124.848261] ? sock_sendmsg+0xd5/0x120 [ 124.852150] ? lock_acquire+0x1e4/0x540 [ 124.856116] ? fs_reclaim_acquire+0x20/0x20 [ 124.860446] ? lock_downgrade+0x8f0/0x8f0 [ 124.864597] ? check_same_owner+0x340/0x340 [ 124.868913] ? lock_downgrade+0x8f0/0x8f0 [ 124.873052] ? mutex_unlock+0xd/0x10 [ 124.876760] ? rcu_note_context_switch+0x730/0x730 [ 124.881708] __should_failslab+0x124/0x180 [ 124.885951] should_failslab+0x9/0x14 [ 124.889744] kmem_cache_alloc_node_trace+0x26f/0x770 [ 124.894854] ? kasan_kmalloc+0xc4/0xe0 [ 124.898760] __kmalloc_node_track_caller+0x33/0x70 [ 124.903692] __kmalloc_reserve.isra.41+0x3a/0xe0 [ 124.908465] __alloc_skb+0x155/0x790 [ 124.912180] ? skb_scrub_packet+0x490/0x490 [ 124.916503] ? ip6_route_multipath_del+0x530/0x530 [ 124.921434] ? rtnetlink_rcv_msg+0x3d5/0xc30 [ 124.925867] ? ip6_route_multipath_del+0x530/0x530 [ 124.930796] netlink_ack+0x2df/0xbe0 [ 124.934515] ? netlink_sendmsg+0xfc0/0xfc0 [ 124.938764] netlink_rcv_skb+0x35d/0x440 [ 124.942819] ? rtnetlink_put_metrics+0x690/0x690 [ 124.947571] ? netlink_ack+0xbe0/0xbe0 [ 124.951468] rtnetlink_rcv+0x1c/0x20 [ 124.955175] netlink_unicast+0x5a0/0x760 [ 124.959236] ? netlink_attachskb+0x9a0/0x9a0 [ 124.963637] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 124.969167] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 124.974188] netlink_sendmsg+0xa18/0xfc0 [ 124.978252] ? netlink_unicast+0x760/0x760 [ 124.982481] ? move_addr_to_kernel.part.20+0x100/0x100 [ 124.987753] ? security_socket_sendmsg+0x94/0xc0 [ 124.992510] ? netlink_unicast+0x760/0x760 [ 124.996742] sock_sendmsg+0xd5/0x120 [ 125.000449] ___sys_sendmsg+0x7fd/0x930 [ 125.004433] ? copy_msghdr_from_user+0x580/0x580 [ 125.009183] ? __f_unlock_pos+0x19/0x20 [ 125.013159] ? lock_downgrade+0x8f0/0x8f0 [ 125.017303] ? proc_fail_nth_write+0x9e/0x210 [ 125.021796] ? __fget_light+0x2f7/0x440 [ 125.025761] ? lock_acquire+0x1e4/0x540 [ 125.029733] ? fget_raw+0x20/0x20 [ 125.033185] ? kasan_check_write+0x14/0x20 [ 125.037424] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 125.042341] ? fsnotify+0xbac/0x14e0 [ 125.046048] ? vfs_write+0x2f3/0x560 [ 125.049756] ? wait_for_completion+0x8d0/0x8d0 [ 125.054332] ? lock_release+0xa30/0xa30 [ 125.058311] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 125.063842] ? sockfd_lookup_light+0xc5/0x160 [ 125.068334] __sys_sendmsg+0x11d/0x290 [ 125.072232] ? __ia32_sys_shutdown+0x80/0x80 [ 125.076644] ? __sb_end_write+0xac/0xe0 [ 125.080616] ? fput+0x130/0x1a0 [ 125.083897] ? ksys_write+0x1ae/0x260 [ 125.087716] __x64_sys_sendmsg+0x78/0xb0 [ 125.091774] do_syscall_64+0x1b9/0x820 [ 125.095650] ? finish_task_switch+0x1d3/0x870 [ 125.100141] ? syscall_return_slowpath+0x5e0/0x5e0 [ 125.105066] ? syscall_return_slowpath+0x31d/0x5e0 [ 125.109991] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 125.115008] ? prepare_exit_to_usermode+0x291/0x3b0 [ 125.120029] ? perf_trace_sys_enter+0xb10/0xb10 [ 125.124698] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 125.129543] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 125.134722] RIP: 0033:0x455e29 10:55:08 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup(r0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0505510, &(0x7f0000000280)={0x0, 0x1, 0x0, 0x0, &(0x7f0000000900)=[{}]}) 10:55:08 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000001c0)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000180), r1, 0x0, 0x2, 0x4}}, 0x20) accept(0xffffffffffffff9c, &(0x7f0000000200)=@in6={0x0, 0x0, 0x0, @ipv4={[], [], @loopback}}, &(0x7f0000000280)=0x80) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) [ 125.137895] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 125.157394] RSP: 002b:00007f2f8780dc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 125.165096] RAX: ffffffffffffffda RBX: 00007f2f8780e6d4 RCX: 0000000000455e29 [ 125.172362] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000014 [ 125.179621] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 125.186881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 125.194139] R13: 00000000004c1482 R14: 00000000004d1948 R15: 0000000000000003 10:55:08 executing program 7 (fault-call:2 fault-nth:4): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:55:08 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r1 = syz_open_dev$audion(&(0x7f0000000100)='/dev/audio#\x00', 0x4, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8924, &(0x7f0000000140)={'sit0\x00', @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff]}) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r2, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r2}}, 0x10) 10:55:08 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000001c0)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000180), r1, 0x0, 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) 10:55:08 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup(r0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0505510, &(0x7f0000000280)={0x0, 0x1, 0x0, 0x0, &(0x7f0000000900)=[{}]}) 10:55:08 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000001031900000007000000068100023b0509000100", 0x18}], 0x1) [ 125.256226] FAULT_INJECTION: forcing a failure. [ 125.256226] name failslab, interval 1, probability 0, space 0, times 0 [ 125.267499] CPU: 1 PID: 8422 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 125.275811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 125.285158] Call Trace: [ 125.287750] dump_stack+0x1c9/0x2b4 [ 125.291383] ? dump_stack_print_info.cold.2+0x52/0x52 [ 125.296583] should_fail.cold.4+0xa/0x11 [ 125.300652] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 125.305763] ? lock_repin_lock+0x430/0x430 [ 125.310014] ? __schedule+0x884/0x1ed0 [ 125.313911] ? __sched_text_start+0x8/0x8 [ 125.318063] ? __fget+0x4d5/0x740 [ 125.321524] ? lock_acquire+0x1e4/0x540 [ 125.325501] ? fs_reclaim_acquire+0x20/0x20 [ 125.329832] ? lock_downgrade+0x8f0/0x8f0 [ 125.333992] ? check_same_owner+0x340/0x340 [ 125.338309] ? block_ioctl+0xee/0x130 [ 125.342100] ? rcu_note_context_switch+0x730/0x730 [ 125.347024] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 125.352550] __should_failslab+0x124/0x180 [ 125.356773] should_failslab+0x9/0x14 [ 125.360561] kmem_cache_alloc+0x2af/0x760 [ 125.364695] ? __schedule+0x1ed0/0x1ed0 [ 125.368657] ? fget_raw+0x20/0x20 [ 125.372106] getname_flags+0xd0/0x5a0 [ 125.375896] do_mkdirat+0xc5/0x310 [ 125.379424] ? __ia32_sys_mknod+0xb0/0xb0 [ 125.383559] ? syscall_slow_exit_work+0x500/0x500 [ 125.388401] ? ksys_ioctl+0x81/0xd0 [ 125.392025] __x64_sys_mkdir+0x5c/0x80 [ 125.395899] do_syscall_64+0x1b9/0x820 [ 125.399772] ? finish_task_switch+0x1d3/0x870 [ 125.404252] ? syscall_return_slowpath+0x5e0/0x5e0 [ 125.409173] ? syscall_return_slowpath+0x31d/0x5e0 [ 125.414093] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 125.419098] ? prepare_exit_to_usermode+0x291/0x3b0 [ 125.424100] ? perf_trace_sys_enter+0xb10/0xb10 [ 125.428757] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 125.433589] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 125.438761] RIP: 0033:0x455267 [ 125.441929] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 125.461208] RSP: 002b:00007f47d500fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 125.468900] RAX: ffffffffffffffda RBX: 0000000020000490 RCX: 0000000000455267 [ 125.476152] RDX: 0000000000000015 RSI: 00000000000001ff RDI: 0000000020000040 [ 125.483402] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 125.490653] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000015 [ 125.497907] R13: 0000000000000000 R14: 00000000004d3e80 R15: 0000000000000015 10:55:09 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup(r0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0505510, &(0x7f0000000280)={0x0, 0x1, 0x0, 0x0, &(0x7f0000000900)=[{}]}) 10:55:09 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) [ 125.506856] EXT4-fs (sda1): journaled quota format not specified 10:55:09 executing program 6: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot\x00', 0x100, 0x0) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000140)) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r2, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r2}}, 0x10) 10:55:09 executing program 1 (fault-call:1 fault-nth:22): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:09 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000001031900000007000000068100023b0509000100", 0x18}], 0x1) 10:55:09 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) 10:55:09 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) [ 125.645370] FAULT_INJECTION: forcing a failure. [ 125.645370] name failslab, interval 1, probability 0, space 0, times 0 [ 125.656648] CPU: 0 PID: 8461 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 125.664961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 125.674312] Call Trace: [ 125.676903] dump_stack+0x1c9/0x2b4 [ 125.680525] ? dump_stack_print_info.cold.2+0x52/0x52 [ 125.685719] should_fail.cold.4+0xa/0x11 [ 125.689790] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 125.694897] ? lock_repin_lock+0x430/0x430 [ 125.699135] ? __schedule+0x884/0x1ed0 [ 125.703045] ? __sched_text_start+0x8/0x8 [ 125.707177] ? __fget+0x4d5/0x740 [ 125.710619] ? lock_acquire+0x1e4/0x540 [ 125.714576] ? fs_reclaim_acquire+0x20/0x20 [ 125.718881] ? lock_downgrade+0x8f0/0x8f0 [ 125.723025] ? check_same_owner+0x340/0x340 [ 125.727332] ? block_ioctl+0xee/0x130 [ 125.731119] ? rcu_note_context_switch+0x730/0x730 [ 125.736041] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 125.741578] __should_failslab+0x124/0x180 [ 125.745800] should_failslab+0x9/0x14 [ 125.749587] kmem_cache_alloc+0x2af/0x760 [ 125.753719] ? __schedule+0x1ed0/0x1ed0 [ 125.757678] ? fget_raw+0x20/0x20 [ 125.761121] getname_flags+0xd0/0x5a0 [ 125.764914] do_mkdirat+0xc5/0x310 [ 125.768440] ? __ia32_sys_mknod+0xb0/0xb0 [ 125.772576] ? syscall_slow_exit_work+0x500/0x500 [ 125.777403] ? ksys_ioctl+0x81/0xd0 [ 125.781025] __x64_sys_mkdir+0x5c/0x80 [ 125.784898] do_syscall_64+0x1b9/0x820 [ 125.788768] ? finish_task_switch+0x1d3/0x870 [ 125.793250] ? syscall_return_slowpath+0x5e0/0x5e0 [ 125.798166] ? syscall_return_slowpath+0x31d/0x5e0 [ 125.803085] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 125.808087] ? prepare_exit_to_usermode+0x291/0x3b0 [ 125.813100] ? perf_trace_sys_enter+0xb10/0xb10 [ 125.817761] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 125.822607] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 125.827778] RIP: 0033:0x455267 [ 125.830946] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 125.850242] RSP: 002b:00007f47d500fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 125.857934] RAX: ffffffffffffffda RBX: 0000000020000490 RCX: 0000000000455267 [ 125.865188] RDX: 0000000000000015 RSI: 00000000000001ff RDI: 0000000020000040 [ 125.872438] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 125.879689] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000015 [ 125.886942] R13: 0000000000000000 R14: 00000000004d3e80 R15: 0000000000000016 10:55:09 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) 10:55:09 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup(r0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0505510, &(0x7f0000000280)={0x0, 0x1, 0x0, 0x0, &(0x7f0000000900)=[{}]}) 10:55:09 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000001031900000007000000068100023b0509000100", 0x18}], 0x1) [ 125.897385] EXT4-fs (sda1): journaled quota format not specified 10:55:09 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = inotify_init() ioctl$INOTIFY_IOC_SETNEXTWD(r2, 0x40044900, 0x7) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) 10:55:09 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup(r0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0505510, &(0x7f0000000280)={0x0, 0x1, 0x0, 0x0, &(0x7f0000000900)=[{}]}) 10:55:09 executing program 1 (fault-call:1 fault-nth:23): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:09 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000001c0)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000180), 0xffffffffffffffff, 0x0, 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00}, 0x10) 10:55:09 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000001031900000007000000068100023b0509000100010100ff", 0x1c}], 0x1) 10:55:09 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x20000410, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) [ 126.019581] FAULT_INJECTION: forcing a failure. [ 126.019581] name failslab, interval 1, probability 0, space 0, times 0 [ 126.030874] CPU: 0 PID: 8497 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 126.039191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 126.048540] Call Trace: [ 126.051137] dump_stack+0x1c9/0x2b4 [ 126.054755] ? dump_stack_print_info.cold.2+0x52/0x52 [ 126.059940] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 126.064518] should_fail.cold.4+0xa/0x11 [ 126.068572] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 126.073688] ? lock_acquire+0x1e4/0x540 [ 126.077651] ? handle_mm_fault+0x417/0xc80 [ 126.081876] ? lock_acquire+0x1e4/0x540 [ 126.085835] ? fs_reclaim_acquire+0x20/0x20 [ 126.090145] ? lock_downgrade+0x8f0/0x8f0 [ 126.094516] ? check_same_owner+0x340/0x340 [ 126.098829] ? rcu_note_context_switch+0x730/0x730 [ 126.103750] __should_failslab+0x124/0x180 [ 126.107976] should_failslab+0x9/0x14 [ 126.111763] __kmalloc_track_caller+0x2c4/0x760 [ 126.116423] ? strncpy_from_user+0x510/0x510 [ 126.120818] ? strndup_user+0x77/0xd0 [ 126.124606] memdup_user+0x2c/0xa0 [ 126.128134] strndup_user+0x77/0xd0 [ 126.131750] ksys_mount+0x3c/0x140 [ 126.135285] __x64_sys_mount+0xbe/0x150 [ 126.139248] do_syscall_64+0x1b9/0x820 [ 126.143132] ? finish_task_switch+0x1d3/0x870 [ 126.147614] ? syscall_return_slowpath+0x5e0/0x5e0 [ 126.152529] ? syscall_return_slowpath+0x31d/0x5e0 [ 126.157448] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 126.162450] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 126.167974] ? prepare_exit_to_usermode+0x291/0x3b0 [ 126.172976] ? perf_trace_sys_enter+0xb10/0xb10 [ 126.177630] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 126.182464] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 126.187638] RIP: 0033:0x45885a [ 126.190806] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 8f fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 126.210120] RSP: 002b:00007f47d500fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 10:55:09 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup(0xffffffffffffffff) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0505510, &(0x7f0000000280)={0x0, 0x1, 0x0, 0x0, &(0x7f0000000900)=[{}]}) [ 126.217814] RAX: ffffffffffffffda RBX: 00007f47d500fb30 RCX: 000000000045885a [ 126.225065] RDX: 00007f47d500fad0 RSI: 0000000020000040 RDI: 00007f47d500faf0 [ 126.232318] RBP: 0000000020000040 R08: 00007f47d500fb30 R09: 00007f47d500fad0 [ 126.239571] R10: 0000000000000020 R11: 0000000000000206 R12: 0000000000000015 [ 126.246822] R13: 0000000000000020 R14: 00000000004d3e80 R15: 0000000000000017 10:55:09 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0xffffffec, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) 10:55:09 executing program 1 (fault-call:1 fault-nth:24): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:09 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup(r0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(0xffffffffffffffff, 0xc0505510, &(0x7f0000000280)={0x0, 0x1, 0x0, 0x0, &(0x7f0000000900)=[{}]}) 10:55:09 executing program 2: write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f00000001c0)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000180), r0, 0x0, 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r0}}, 0x10) 10:55:09 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000001031900000007000000068100023b0509000100010100ff", 0x1c}], 0x1) 10:55:10 executing program 2: write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f00000001c0)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000180), r0, 0x0, 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r0}}, 0x10) 10:55:10 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x280, 0x0) ioctl$TUNSETSNDBUF(r2, 0x400454d4, &(0x7f0000000180)=0x9f45) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) 10:55:10 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000001031900000007000000068100023b0509000100010100ff", 0x1c}], 0x1) 10:55:10 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup(r0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0505510, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900)}) 10:55:10 executing program 2: write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f00000001c0)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000180), r0, 0x0, 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r0}}, 0x10) 10:55:10 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x3}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:55:10 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) syz_open_dev$vcsa(&(0x7f0000000100)='/dev/vcsa#\x00', 0x9, 0x0) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) 10:55:10 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000001031900000007000000068100023b0509000100010100ff3ffe", 0x1e}], 0x1) 10:55:10 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup(r0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0505510, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900)}) [ 126.510427] FAULT_INJECTION: forcing a failure. [ 126.510427] name failslab, interval 1, probability 0, space 0, times 0 [ 126.521720] CPU: 1 PID: 8542 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 126.530034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 126.539382] Call Trace: [ 126.541976] dump_stack+0x1c9/0x2b4 [ 126.545612] ? dump_stack_print_info.cold.2+0x52/0x52 [ 126.550806] ? __kernel_text_address+0xd/0x40 [ 126.555306] ? unwind_get_return_address+0x61/0xa0 10:55:10 executing program 6: openat$rtc(0xffffffffffffff9c, &(0x7f0000000240)='/dev/rtc0\x00', 0x480100, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/rfkill\x00', 0xc001, 0x0) ioctl$EVIOCGREP(r0, 0x80084503, &(0x7f0000000580)=""/93) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) r3 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x93, 0x40000) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup.net/syz0\x00', 0x200002, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r2, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f0000000100)={0x7, 0x8, 0xfa00, {r2}}, 0x10) getsockname$inet6(r3, &(0x7f0000000140)={0x0, 0x0, 0x0, @loopback}, &(0x7f0000000180)=0x1c) 10:55:10 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000001c0)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000180), r1, 0x0, 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) 10:55:10 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000001c0)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000180), r1, 0x0, 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) [ 126.560244] should_fail.cold.4+0xa/0x11 [ 126.564309] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 126.569417] ? save_stack+0xa9/0xd0 [ 126.573047] ? save_stack+0x43/0xd0 [ 126.576680] ? kasan_kmalloc+0xc4/0xe0 [ 126.580573] ? __kmalloc_track_caller+0x14a/0x760 [ 126.585422] ? memdup_user+0x2c/0xa0 [ 126.589137] ? strndup_user+0x77/0xd0 [ 126.592942] ? ksys_mount+0x3c/0x140 [ 126.596661] ? do_syscall_64+0x1b9/0x820 [ 126.600725] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 126.606098] ? lock_acquire+0x1e4/0x540 [ 126.610081] ? handle_mm_fault+0x417/0xc80 [ 126.614320] ? lock_release+0xa30/0xa30 [ 126.618299] ? lock_acquire+0x1e4/0x540 [ 126.622274] ? fs_reclaim_acquire+0x20/0x20 [ 126.626607] ? lock_downgrade+0x8f0/0x8f0 [ 126.630760] ? check_same_owner+0x340/0x340 [ 126.635086] ? lock_release+0xa30/0xa30 [ 126.639060] ? rcu_note_context_switch+0x730/0x730 [ 126.643991] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 126.649013] __should_failslab+0x124/0x180 [ 126.653252] should_failslab+0x9/0x14 [ 126.657054] __kmalloc_track_caller+0x2c4/0x760 [ 126.661734] ? strncpy_from_user+0x510/0x510 [ 126.666145] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 126.671689] ? strndup_user+0x77/0xd0 [ 126.675495] memdup_user+0x2c/0xa0 [ 126.679039] strndup_user+0x77/0xd0 [ 126.682670] ksys_mount+0x73/0x140 [ 126.686223] __x64_sys_mount+0xbe/0x150 [ 126.690180] do_syscall_64+0x1b9/0x820 [ 126.694050] ? syscall_return_slowpath+0x5e0/0x5e0 [ 126.698966] ? syscall_return_slowpath+0x31d/0x5e0 [ 126.703877] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 126.708875] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 126.714390] ? prepare_exit_to_usermode+0x291/0x3b0 [ 126.719385] ? perf_trace_sys_enter+0xb10/0xb10 [ 126.724041] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 126.728875] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 126.734047] RIP: 0033:0x45885a [ 126.737215] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 8f fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 126.756370] RSP: 002b:00007f47d500fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 126.764063] RAX: ffffffffffffffda RBX: 00007f47d500fb30 RCX: 000000000045885a [ 126.771314] RDX: 00007f47d500fad0 RSI: 0000000020000040 RDI: 00007f47d500faf0 [ 126.778566] RBP: 0000000020000040 R08: 00007f47d500fb30 R09: 00007f47d500fad0 [ 126.785816] R10: 0000000000000020 R11: 0000000000000206 R12: 0000000000000015 [ 126.793066] R13: 0000000000000020 R14: 00000000004d3e80 R15: 0000000000000018 10:55:10 executing program 1 (fault-call:1 fault-nth:25): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:10 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f00000001c0)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000180), r1, 0x0, 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) 10:55:10 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) r2 = syz_open_dev$vcsa(&(0x7f0000000180)='/dev/vcsa#\x00', 0x24c, 0x4800) ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000000240)) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1, 0xfffffffffffffffc}}, 0x5d) r3 = getpgid(0xffffffffffffffff) migrate_pages(r3, 0x0, &(0x7f0000000100)=0x55, &(0x7f0000000140)=0x9) 10:55:10 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2, 0x2000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:55:10 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000001031900000007000000068100023b0509000100010100ff3ffe", 0x1e}], 0x1) 10:55:10 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup(r0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0505510, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900)}) [ 126.906468] FAULT_INJECTION: forcing a failure. [ 126.906468] name failslab, interval 1, probability 0, space 0, times 0 [ 126.917746] CPU: 1 PID: 8606 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 126.926060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 126.935414] Call Trace: [ 126.938011] dump_stack+0x1c9/0x2b4 [ 126.941825] ? dump_stack_print_info.cold.2+0x52/0x52 [ 126.947029] ? __kernel_text_address+0xd/0x40 [ 126.951531] ? unwind_get_return_address+0x61/0xa0 10:55:10 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2, 0x85010000}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:55:10 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) r2 = syz_open_dev$audion(&(0x7f0000000100)='/dev/audio#\x00', 0x10000, 0x400000) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r2, 0x40485404, &(0x7f0000000140)={{0x0, 0x3, 0x39a, 0x3, 0x2b}, 0x8, 0xe46}) 10:55:10 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000001031900000007000000068100023b0509000100010100ff3ffe", 0x1e}], 0x1) 10:55:10 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f00000001c0)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000180), r1, 0x0, 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) [ 126.956479] should_fail.cold.4+0xa/0x11 [ 126.960556] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 126.965668] ? save_stack+0xa9/0xd0 [ 126.969338] ? kasan_kmalloc+0xc4/0xe0 [ 126.973229] ? __kmalloc_track_caller+0x14a/0x760 [ 126.978079] ? memdup_user+0x2c/0xa0 [ 126.981796] ? strndup_user+0x77/0xd0 [ 126.985601] ? ksys_mount+0x73/0x140 [ 126.989313] ? __x64_sys_mount+0xbe/0x150 [ 126.993457] ? do_syscall_64+0x1b9/0x820 [ 126.997517] ? lock_acquire+0x1e4/0x540 [ 127.001483] ? handle_mm_fault+0x417/0xc80 [ 127.005713] ? lock_release+0xa30/0xa30 [ 127.009676] ? lock_acquire+0x1e4/0x540 [ 127.013639] ? fs_reclaim_acquire+0x20/0x20 [ 127.017946] ? lock_downgrade+0x8f0/0x8f0 [ 127.022087] ? check_same_owner+0x340/0x340 [ 127.026395] ? lock_release+0xa30/0xa30 [ 127.030357] ? check_same_owner+0x340/0x340 [ 127.034663] ? rcu_note_context_switch+0x730/0x730 [ 127.039579] ? __check_object_size+0x9d/0x5f2 [ 127.044063] __should_failslab+0x124/0x180 [ 127.048318] should_failslab+0x9/0x14 [ 127.052107] kmem_cache_alloc_trace+0x2cb/0x780 [ 127.056764] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 127.062288] ? _copy_from_user+0xdf/0x150 [ 127.066423] copy_mount_options+0x5f/0x380 [ 127.070660] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 127.076189] ksys_mount+0xd0/0x140 [ 127.079716] __x64_sys_mount+0xbe/0x150 [ 127.083678] do_syscall_64+0x1b9/0x820 [ 127.087552] ? syscall_return_slowpath+0x5e0/0x5e0 [ 127.092477] ? syscall_return_slowpath+0x31d/0x5e0 [ 127.097394] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 127.102394] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 127.107919] ? prepare_exit_to_usermode+0x291/0x3b0 [ 127.112921] ? perf_trace_sys_enter+0xb10/0xb10 [ 127.117576] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 127.122417] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 127.127599] RIP: 0033:0x45885a [ 127.130771] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 8f fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 127.150050] RSP: 002b:00007f47d500fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 127.157744] RAX: ffffffffffffffda RBX: 00007f47d500fb30 RCX: 000000000045885a [ 127.164996] RDX: 00007f47d500fad0 RSI: 0000000020000040 RDI: 00007f47d500faf0 [ 127.172255] RBP: 0000000020000040 R08: 00007f47d500fb30 R09: 00007f47d500fad0 [ 127.179527] R10: 0000000000000020 R11: 0000000000000206 R12: 0000000000000015 [ 127.186780] R13: 0000000000000020 R14: 00000000004d3e80 R15: 0000000000000019 10:55:10 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2, 0xf000}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:55:10 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) getcwd(&(0x7f0000000440)=""/219, 0x106) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) 10:55:10 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f00000001c0)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000180), r1, 0x0, 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) 10:55:10 executing program 1 (fault-call:1 fault-nth:26): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:10 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, 0xffffffffffffffff, 0x0, 0x1, 0x4}}, 0x1af) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x40000, 0x0) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00}, 0x10) pipe2(&(0x7f0000000100)={0xffffffffffffffff}, 0x4000) ioctl$EVIOCGSW(r1, 0x8040451b, &(0x7f0000000140)=""/90) 10:55:10 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000001c0)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000180), 0xffffffffffffffff, 0x0, 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) [ 127.292106] FAULT_INJECTION: forcing a failure. [ 127.292106] name failslab, interval 1, probability 0, space 0, times 0 [ 127.303374] CPU: 0 PID: 8635 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 127.311691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 127.321039] Call Trace: [ 127.323616] dump_stack+0x1c9/0x2b4 [ 127.327251] ? dump_stack_print_info.cold.2+0x52/0x52 [ 127.332448] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 127.337468] ? bpf_prog_kallsyms_find+0xde/0x4c0 [ 127.342231] should_fail.cold.4+0xa/0x11 [ 127.346299] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 127.351405] ? lock_release+0xa30/0xa30 [ 127.355381] ? kasan_check_read+0x11/0x20 [ 127.359526] ? rcu_is_watching+0x8c/0x150 [ 127.363671] ? is_bpf_text_address+0xd7/0x170 [ 127.368162] ? kernel_text_address+0x79/0xf0 [ 127.372567] ? __kernel_text_address+0xd/0x40 [ 127.377056] ? lock_acquire+0x1e4/0x540 [ 127.381025] ? fs_reclaim_acquire+0x20/0x20 [ 127.385333] ? lock_downgrade+0x8f0/0x8f0 [ 127.389470] ? check_same_owner+0x340/0x340 [ 127.393778] ? save_stack+0xa9/0xd0 [ 127.397397] ? rcu_note_context_switch+0x730/0x730 [ 127.402310] ? kmem_cache_alloc_trace+0x152/0x780 [ 127.407136] ? copy_mount_options+0x5f/0x380 [ 127.411550] __should_failslab+0x124/0x180 [ 127.415777] should_failslab+0x9/0x14 [ 127.419563] kmem_cache_alloc+0x2af/0x760 [ 127.423698] ? lock_acquire+0x1e4/0x540 [ 127.427660] ? handle_mm_fault+0x417/0xc80 [ 127.431882] ? lock_release+0xa30/0xa30 [ 127.435849] getname_flags+0xd0/0x5a0 [ 127.439638] user_path_at_empty+0x2d/0x50 [ 127.443776] do_mount+0x180/0x1fb0 [ 127.447302] ? check_same_owner+0x340/0x340 [ 127.451607] ? lock_release+0xa30/0xa30 [ 127.455564] ? check_same_owner+0x340/0x340 [ 127.459874] ? copy_mount_string+0x40/0x40 [ 127.464098] ? retint_kernel+0x10/0x10 [ 127.467978] ? copy_mount_options+0x1a1/0x380 [ 127.472479] ? copy_mount_options+0x1b2/0x380 [ 127.476959] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 127.482480] ? copy_mount_options+0x285/0x380 [ 127.486964] ksys_mount+0x12d/0x140 [ 127.490580] __x64_sys_mount+0xbe/0x150 [ 127.494543] do_syscall_64+0x1b9/0x820 [ 127.498412] ? finish_task_switch+0x1d3/0x870 [ 127.502892] ? syscall_return_slowpath+0x5e0/0x5e0 [ 127.507808] ? syscall_return_slowpath+0x31d/0x5e0 [ 127.512725] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 127.517726] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 127.523246] ? prepare_exit_to_usermode+0x291/0x3b0 [ 127.528256] ? perf_trace_sys_enter+0xb10/0xb10 [ 127.532910] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 127.537741] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 127.542911] RIP: 0033:0x45885a [ 127.546080] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 8f fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 127.565350] RSP: 002b:00007f47d500fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 127.573042] RAX: ffffffffffffffda RBX: 00007f47d500fb30 RCX: 000000000045885a [ 127.580295] RDX: 00007f47d500fad0 RSI: 0000000020000040 RDI: 00007f47d500faf0 10:55:11 executing program 4: r0 = socket$inet(0x10, 0x3, 0xc) sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f0000017fdc)="2400000002031f001cfffd946fa2830020200a000900010001e700000000a3a20404ff7e", 0x24}], 0x1}, 0x0) sendmsg(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f0000000640)="2400000001031f001cfffd946fa2830020200a000900030002e712000000a3a20404ff7e", 0x24}], 0x1}, 0x0) 10:55:11 executing program 5: r0 = socket(0x1f, 0x80003, 0x1) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r0, 0x800448d2, &(0x7f0000000000)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, "7990a4de6087540a9607bc4824a6c092446d824b0e8aa2ccdc87f3087cabb58d0067d56aadcb07474e69b06c2ecf7d502abd7ee719f192401d2aa97594e5da4e65d80c87154ac67ae41db63fac2976ef8fb4654b85c9d4f767bd2e8f8d9717e3086b20aac067a8d49cc86d12ece53d1745653efa6d3fd57f8d057702f475fc93"}) 10:55:11 executing program 0: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x4c05, &(0x7f0000000480)) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nullb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x2012, r0, 0x0) 10:55:11 executing program 3: setitimer(0x2, &(0x7f0000000040)={{0x77359400}, {0x77359400}}, &(0x7f0000001340)) setitimer(0x2, &(0x7f0000000000)={{}, {0x0, 0x2710}}, 0x0) [ 127.587557] RBP: 0000000020000040 R08: 00007f47d500fb30 R09: 00007f47d500fad0 [ 127.594813] R10: 0000000000000020 R11: 0000000000000206 R12: 0000000000000015 [ 127.602064] R13: 0000000000000020 R14: 00000000004d3e80 R15: 000000000000001a 10:55:11 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000001c0)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000180), 0xffffffffffffffff, 0x0, 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) 10:55:11 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000001c0)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000180), 0xffffffffffffffff, 0x0, 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) 10:55:11 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x68) listen(r0, 0xffffffffffffff7f) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendto$inet6(r1, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c) r2 = accept$inet6(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, @mcast2}, &(0x7f00000000c0)=0x1c) write$binfmt_misc(r2, &(0x7f0000000300)=ANY=[@ANYBLOB=')'], 0x1) dup2(r2, r1) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000100), &(0x7f0000000140)=0x14) [ 127.634218] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 10:55:11 executing program 5: r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a}, 0x0, 0x0, 0xfffffffffffffffc) r1 = add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f00000000c0)={0x73, 0x79, 0x7a}, 0x0, 0x0, r0) keyctl$describe(0x6, r1, &(0x7f0000000100)=""/70, 0x46) 10:55:11 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x101400, 0x0) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000140)={0x7, 0x8, 0xfa00, {r1, 0xfffffffffffffffe}}, 0x10) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x840, 0x0) 10:55:11 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2, 0xfffffffffffff000}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) [ 127.676032] netlink: 'syz-executor4': attribute type 3 has an invalid length. [ 127.683388] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 10:55:11 executing program 5: r0 = socket$kcm(0xa, 0x2, 0x11) sendmsg$kcm(r0, &(0x7f0000000200)={&(0x7f0000000000)=@in={0xa, 0x4e23, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x80, &(0x7f0000000080), 0x0, &(0x7f0000000140)}, 0x0) 10:55:11 executing program 1 (fault-call:1 fault-nth:27): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:11 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000001c0)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000180), r1, 0x0, 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) [ 127.744812] netlink: 'syz-executor4': attribute type 3 has an invalid length. [ 127.752227] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. [ 127.763325] netlink: 'syz-executor4': attribute type 3 has an invalid length. [ 127.770684] netlink: 4 bytes leftover after parsing attributes in process `syz-executor4'. 10:55:11 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x40300, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r2, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r2}}, 0x10) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000240)={0x0, 0xff}, &(0x7f0000000280)=0x8) getsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f00000002c0)={r3, 0x85da, 0x1, 0x2}, &(0x7f0000000300)=0x10) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000100)={0x10, 0x30, 0xfa00, {&(0x7f0000000000), 0x3, {0xa, 0x4e20, 0x38d, @mcast2={0xff, 0x2, [], 0x1}, 0x1}, r2}}, 0x38) 10:55:11 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000001c0)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000180), r1, 0x0, 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00}, 0x10) 10:55:11 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000040)="025cc83d6d345f8f762070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)="2e2f6367726f75702e63707500eac5bea7af575a45fddd5af3a7709295a69e7bc5fd0592bf2a4dc8ace908be8842141ca2a714ed0163d4afd8ac48123d4869e05556a93347d6a7430e03a5f2beb186f16bacf2e4dcdcf3b9ff1d99165ce38d996e7798fe471d9a0d81acd08788fcc9892a2487efcde7a649614b14ba1c18", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000240)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000000)=0xfffffffffffffffa, 0x12) [ 127.841873] FAULT_INJECTION: forcing a failure. [ 127.841873] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 127.853856] CPU: 1 PID: 8701 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 127.862175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 127.872402] Call Trace: [ 127.875002] dump_stack+0x1c9/0x2b4 [ 127.878633] ? dump_stack_print_info.cold.2+0x52/0x52 [ 127.883832] should_fail.cold.4+0xa/0x11 [ 127.887902] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 127.893017] ? lock_acquire+0x1e4/0x540 [ 127.896999] ? is_bpf_text_address+0xae/0x170 [ 127.901503] ? lock_downgrade+0x8f0/0x8f0 [ 127.905658] ? lock_release+0xa30/0xa30 [ 127.909642] ? trace_hardirqs_on+0x10/0x10 [ 127.913885] ? trace_hardirqs_on+0x10/0x10 [ 127.918126] ? is_bpf_text_address+0xd7/0x170 [ 127.922631] ? kernel_text_address+0x79/0xf0 [ 127.927729] ? __kernel_text_address+0xd/0x40 [ 127.932233] ? unwind_get_return_address+0x61/0xa0 [ 127.937168] ? __save_stack_trace+0x8d/0xf0 [ 127.941498] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 127.947046] ? should_fail+0x246/0xd86 [ 127.950947] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 127.956060] __alloc_pages_nodemask+0x36e/0xdb0 [ 127.960735] ? __kmalloc_track_caller+0x14a/0x760 [ 127.965584] ? memdup_user+0x2c/0xa0 [ 127.969305] ? strndup_user+0x77/0xd0 [ 127.973109] ? ksys_mount+0x73/0x140 [ 127.976833] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 127.981862] ? handle_mm_fault+0x417/0xc80 [ 127.986107] ? lock_release+0xa30/0xa30 [ 127.990093] ? lock_acquire+0x1e4/0x540 [ 127.994074] ? fs_reclaim_acquire+0x20/0x20 [ 127.998407] ? lock_downgrade+0x8f0/0x8f0 [ 128.002568] ? lock_release+0xa30/0xa30 [ 128.006550] ? check_same_owner+0x340/0x340 [ 128.010875] ? lock_release+0xa30/0xa30 [ 128.014855] cache_grow_begin+0x91/0x710 [ 128.018927] kmem_cache_alloc_trace+0x6a5/0x780 [ 128.023601] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 128.029145] copy_mount_options+0x5f/0x380 [ 128.033384] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 128.038924] ksys_mount+0xd0/0x140 [ 128.042474] __x64_sys_mount+0xbe/0x150 [ 128.046457] do_syscall_64+0x1b9/0x820 [ 128.050344] ? finish_task_switch+0x1d3/0x870 [ 128.054843] ? syscall_return_slowpath+0x5e0/0x5e0 [ 128.059776] ? syscall_return_slowpath+0x31d/0x5e0 [ 128.064700] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 128.069715] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 128.075234] ? prepare_exit_to_usermode+0x291/0x3b0 [ 128.080231] ? perf_trace_sys_enter+0xb10/0xb10 [ 128.084879] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 128.089706] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 128.094873] RIP: 0033:0x45885a [ 128.098039] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 8f fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 128.117175] RSP: 002b:00007f47d500fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 128.124865] RAX: ffffffffffffffda RBX: 00007f47d500fb30 RCX: 000000000045885a [ 128.132125] RDX: 00007f47d500fad0 RSI: 0000000020000040 RDI: 00007f47d500faf0 10:55:11 executing program 4: perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sendmsg$IPVS_CMD_ZERO(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000000100)={&(0x7f0000000280)={0x30, 0x0, 0x0, 0x0, 0x0, {0x10}, [@IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5}, @IPVS_SVC_ATTR_AF={0x8, 0x1}]}]}, 0x30}, 0x1}, 0x4000800) 10:55:11 executing program 5: perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semctl$SEM_INFO(0x0, 0x0, 0x13, &(0x7f0000000100)=""/66) [ 128.139382] RBP: 0000000020000040 R08: 00007f47d500fb30 R09: 00007f47d500fad0 [ 128.146638] R10: 0000000000000020 R11: 0000000000000206 R12: 0000000000000015 [ 128.153894] R13: 0000000000000020 R14: 00000000004d3e80 R15: 000000000000001b [ 128.164666] EXT4-fs (sda1): journaled quota format not specified 10:55:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000180)=ANY=[@ANYBLOB="a3de5013672f4a440d2e9d650e9c0855e71415eaf8"], &(0x7f0000000340)=0x1) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x0, 0x0, &(0x7f0000000040), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000040)={0x0, 0x117000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 10:55:11 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x6, 0xfa00, {r1}}, 0x10) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0x80000, 0x0) write$P9_RSYMLINK(r2, &(0x7f0000000140)={0x14, 0x11, 0x2, {0x8, 0x1, 0x3}}, 0x14) 10:55:11 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2, 0xffffff9e}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:55:11 executing program 1 (fault-call:1 fault-nth:28): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:11 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000003080)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r1, &(0x7f0000000040)={&(0x7f0000000400)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @mcast1}}}, 0x80, &(0x7f00000034c0)=[{&(0x7f0000003400)=""/153, 0x99}], 0x1, &(0x7f0000000940)=""/42, 0x2a}, 0x202) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f00000004c0), 0x1000002c0) sendmmsg(r0, &(0x7f000000d8c0)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000340)='#', 0x1}], 0x1}}], 0x1, 0x0) sendto$inet(r0, &(0x7f0000000080)="87", 0x1, 0x0, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") recvfrom(r1, &(0x7f0000003540)=""/68, 0x44, 0x10062, &(0x7f0000003640)=@hci={0x1f}, 0x707000) 10:55:11 executing program 2: mkdir(&(0x7f0000000980)='./control\x00', 0x0) statfs(&(0x7f0000000040)='./control\x00', &(0x7f0000000080)=""/26) 10:55:11 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 10:55:11 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14, 0x18}}}, 0x1c) sendmmsg(r0, &(0x7f0000000ac0)=[{{0x0, 0x0, &(0x7f00000005c0), 0x0, &(0x7f0000000680)=[{0x10, 0x109}], 0x10, 0x4040}, 0x1}, {{&(0x7f0000000840)=@vsock={0x28, 0x0, 0xffffffff, @hyper}, 0x80, &(0x7f0000000940)=[{&(0x7f00000008c0)="a1f4611e75c26b86305a902bd6a6f5838c0b3da603ad2726c48dbcaaa6d4e62f09244dff2efc8121dc0f23366339e20bfcef502462438e43404a119da9b6c7fa84ab41470a91123c1146ae11a81c3c2b4fd484", 0x53}], 0x1, &(0x7f0000000980)=[{0x60, 0x29, 0x6, "19ed83306129fa4c74e621e1f302d813cc6684c4d201c49d5530984e5911c75566fffb4f0350ba5feb77fe7c7d6039ec7ac107803dafb513f6e74118c38dbb3c2892b90404f5a9d8c4"}], 0x60, 0x4000010}, 0x2}], 0x2, 0x20007ffc) 10:55:11 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @ipv4={[], [0xff, 0xff]}}, 0x1c) listen(r0, 0xffffffffffffff7f) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r1, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f00000004c0)={0x0, @in={{0x2, 0x4e23, @local={0xac, 0x14, 0x14, 0xaa}}}}, &(0x7f0000000380)=0x98) [ 128.326795] FAULT_INJECTION: forcing a failure. [ 128.326795] name failslab, interval 1, probability 0, space 0, times 0 [ 128.338139] CPU: 0 PID: 8757 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 128.346450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 128.355799] Call Trace: [ 128.358394] dump_stack+0x1c9/0x2b4 [ 128.362023] ? dump_stack_print_info.cold.2+0x52/0x52 [ 128.367217] ? should_fail+0x235/0xd86 [ 128.371093] should_fail.cold.4+0xa/0x11 [ 128.375138] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 128.380225] ? lock_release+0xa30/0xa30 [ 128.384184] ? kasan_check_read+0x11/0x20 [ 128.388351] ? rcu_is_watching+0x8c/0x150 [ 128.392492] ? is_bpf_text_address+0xd7/0x170 [ 128.396983] ? kernel_text_address+0x79/0xf0 [ 128.401380] ? __kernel_text_address+0xd/0x40 [ 128.405861] ? lock_acquire+0x1e4/0x540 [ 128.409869] ? fs_reclaim_acquire+0x20/0x20 [ 128.414173] ? lock_downgrade+0x8f0/0x8f0 [ 128.418308] ? check_same_owner+0x340/0x340 [ 128.422611] ? save_stack+0xa9/0xd0 [ 128.426229] ? rcu_note_context_switch+0x730/0x730 [ 128.431138] ? kmem_cache_alloc_trace+0x152/0x780 [ 128.435966] ? copy_mount_options+0x5f/0x380 [ 128.440356] __should_failslab+0x124/0x180 [ 128.444577] should_failslab+0x9/0x14 [ 128.448370] kmem_cache_alloc+0x2af/0x760 [ 128.452505] ? lock_acquire+0x1e4/0x540 [ 128.456471] getname_flags+0xd0/0x5a0 [ 128.460253] user_path_at_empty+0x2d/0x50 [ 128.464382] do_mount+0x180/0x1fb0 [ 128.467910] ? copy_mount_string+0x40/0x40 [ 128.472146] ? retint_kernel+0x10/0x10 [ 128.476022] ? copy_mount_options+0x1f0/0x380 [ 128.480498] ? copy_mount_options+0x1f6/0x380 [ 128.484980] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 128.490500] ? copy_mount_options+0x285/0x380 [ 128.494979] ksys_mount+0x12d/0x140 [ 128.498590] __x64_sys_mount+0xbe/0x150 [ 128.502552] do_syscall_64+0x1b9/0x820 [ 128.506421] ? syscall_return_slowpath+0x5e0/0x5e0 [ 128.511331] ? syscall_return_slowpath+0x31d/0x5e0 [ 128.516241] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 128.521239] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 128.526756] ? prepare_exit_to_usermode+0x291/0x3b0 [ 128.531756] ? perf_trace_sys_enter+0xb10/0xb10 [ 128.536407] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 128.541235] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 128.546403] RIP: 0033:0x45885a [ 128.549576] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 8f fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 128.568743] RSP: 002b:00007f47d500fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 10:55:11 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2, 0x8501000000000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:55:11 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x20000000000111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa}, {0xa, 0x0, 0x0, @ipv4={[], [0xff, 0xff], @loopback=0x7f000001}}, r1}}, 0x48) 10:55:12 executing program 6: r0 = syz_open_dev$audion(&(0x7f0000000100)='/dev/audio#\x00', 0x2, 0x40000) ioctl$sock_bt_bnep_BNEPCONNDEL(r0, 0x400442c9, &(0x7f00000002c0)={0x5, @link_local={0x1, 0x80, 0xc2}}) sendmsg$can_raw(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x1d}, 0x10, &(0x7f0000000240)={&(0x7f0000000180)=@can={{0x0, 0x800, 0x1ff, 0x9}, 0x2, 0x2, 0x0, 0x0, "53845644789b7088"}, 0x10}, 0x1, 0x0, 0x0, 0x4000005}, 0x10) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x1, 0xfa00, {0xffffffffffffffff, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) r3 = syz_genetlink_get_family_id$team(&(0x7f0000000340)='team\x00') getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000a00)={0x0, @loopback, @multicast2}, &(0x7f00000003c0)=0x3) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000400)={'vcan0\x00', 0x0}) getsockname$packet(r0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000480)=0x14) getpeername$packet(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000000500)=0x14) accept$packet(r0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000580)=0x14) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000005c0)={{{@in=@local, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in6=@local}}, &(0x7f00000006c0)=0xe8) sendmsg$TEAM_CMD_PORT_LIST_GET(r0, &(0x7f0000000900)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000008c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="a0010000", @ANYRES16=r3, @ANYBLOB="00032dbd7000fddbdf250300000008000100", @ANYRES32=r4, @ANYBLOB="80000200400001002400010000000000000000000000000000000000000020000000080003000e000000080004000200000001800600", @ANYRES32=r5, @ANYBLOB="3c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000008000300060000000400040008000600", @ANYRES32=r6, @ANYBLOB="08000100", @ANYRES32=r7, @ANYBLOB="fc000200400001002400010071756575655f69640000000000000000000000000000000000000000000000000800030003000000080004006007000008000600", @ANYRES32=r8, @ANYBLOB="40000100240001007072696f72697479000000000000000000000000000000000000000000000000080003000e000000080004000300000008000600", @ANYRES32=r9, @ANYBLOB="38000100240001006c625f73746174735f726566726573685f696e74657276616c000000000000000800030003000000080004000000000040000100240001006d6f6465000000000000000000000000000000000000000000000000000000000800030005000000100004006c6f616462616c616e636500"], 0x1a0}, 0x1, 0x0, 0x0, 0x4000001}, 0x20000000) ioctl$IOC_PR_REGISTER(r0, 0x401870c8, &(0x7f0000000940)={0x1, 0x1, 0x1}) write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r2, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r2}}, 0x10) [ 128.576434] RAX: ffffffffffffffda RBX: 00007f47d500fb30 RCX: 000000000045885a [ 128.583686] RDX: 00007f47d500fad0 RSI: 0000000020000040 RDI: 00007f47d500faf0 [ 128.590935] RBP: 0000000020000040 R08: 00007f47d500fb30 R09: 00007f47d500fad0 [ 128.598186] R10: 0000000000000020 R11: 0000000000000206 R12: 0000000000000015 [ 128.605443] R13: 0000000000000020 R14: 00000000004d3e80 R15: 000000000000001c 10:55:12 executing program 1 (fault-call:1 fault-nth:29): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:12 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2, 0xf00000000000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:55:12 executing program 4: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x0, 0x0) r1 = open(&(0x7f0000ae8ff8)='./file0\x00', 0x14104a, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000200)={0x0, 0x0, [0x0, 0x0, 0x0, 0x117b]}) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000040)) write$evdev(r1, &(0x7f0000037fe8)=[{}], 0x18) sendfile(r1, r1, &(0x7f00009bcffe), 0x2000000800004c39) creat(&(0x7f00000000c0)='./file0\x00', 0x0) 10:55:12 executing program 6: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000140), 0x111, 0x1005}}, 0x20) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) listxattr(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)=""/180, 0xb4) write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r2, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f00000003c0)={0x12, 0x10, 0xfa00, {&(0x7f0000000380), r2, r1}}, 0x18) write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r2}}, 0x10) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000340)={0x7, 0x8, 0xfa00, {r2, 0xfff}}, 0x10) [ 128.752643] FAULT_INJECTION: forcing a failure. [ 128.752643] name failslab, interval 1, probability 0, space 0, times 0 [ 128.763975] CPU: 0 PID: 8793 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 128.772300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 128.781651] Call Trace: [ 128.784252] dump_stack+0x1c9/0x2b4 [ 128.787905] ? dump_stack_print_info.cold.2+0x52/0x52 [ 128.793102] ? trace_hardirqs_on+0xd/0x10 [ 128.797255] ? perf_trace_lock+0xde/0x920 10:55:12 executing program 0: recvmmsg(0xffffffffffffffff, &(0x7f0000007840)=[{{&(0x7f0000001440)=@pptp={0x0, 0x0, {0x0, @loopback}}, 0x80, &(0x7f00000015c0)=[{&(0x7f00000014c0)=""/234, 0xea}], 0x0, &(0x7f0000000000)=""/240, 0xf0}}], 0x1, 0x0, &(0x7f0000007a80)) r0 = syz_open_procfs(0x0, &(0x7f0000000200)="6e65742f69705f7673003a2eb4c2e2da6b3747b31fd2ec1c785e3698713ff8708c0d7d26fa57af2d5855b8943218e2c78b93d449aae581d6002617bcb15e02bc61233ab43192a185b0d24935bb4baae69a0d09aef5f6bd8bda45ae71589fd80a34054dcaa85d5c85d993") preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) 10:55:12 executing program 2: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000ae8ff8)='./file0\x00', 0x14104a, 0x0) write$evdev(r0, &(0x7f0000037fe8)=[{}], 0x18) sendfile(r0, r0, &(0x7f00009bcffe), 0x2000000800004c39) creat(&(0x7f00000000c0)='./file0\x00', 0x0) [ 128.801414] should_fail.cold.4+0xa/0x11 [ 128.804197] QAT: Invalid ioctl [ 128.805479] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 128.805500] ? lock_acquire+0x1e4/0x540 [ 128.817733] ? is_bpf_text_address+0xae/0x170 [ 128.822236] ? lock_downgrade+0x8f0/0x8f0 [ 128.826397] ? kasan_check_read+0x11/0x20 [ 128.830546] ? rcu_is_watching+0x8c/0x150 [ 128.834699] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 128.839375] ? lock_acquire+0x1e4/0x540 [ 128.843352] ? fs_reclaim_acquire+0x20/0x20 [ 128.847681] ? lock_downgrade+0x8f0/0x8f0 [ 128.851837] ? check_same_owner+0x340/0x340 [ 128.856149] ? rcu_note_context_switch+0x730/0x730 [ 128.861070] __should_failslab+0x124/0x180 [ 128.865294] should_failslab+0x9/0x14 [ 128.869078] __kmalloc+0x2c8/0x760 [ 128.872605] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 128.878127] ? match_token+0x49e/0x670 [ 128.881998] ? match_strdup+0x5e/0xa0 [ 128.885789] match_strdup+0x5e/0xa0 [ 128.889402] set_qf_name+0x14b/0x3e0 [ 128.893103] parse_options+0xd3e/0x29d0 [ 128.897178] ? clear_qf_name+0x150/0x150 [ 128.901226] ? kasan_unpoison_shadow+0x35/0x50 [ 128.905793] ? kasan_kmalloc+0xc4/0xe0 [ 128.909669] ? __kmalloc_track_caller+0x311/0x760 [ 128.914496] ? kasan_check_write+0x14/0x20 [ 128.918718] ? memcpy+0x45/0x50 [ 128.921986] ext4_remount+0x675/0x2650 [ 128.925877] ? ext4_register_li_request+0xa20/0xa20 [ 128.930885] ? shrink_dentry_list+0x7c0/0x7c0 [ 128.935373] ? lock_release+0xa30/0xa30 [ 128.939339] ? ext4_register_li_request+0xa20/0xa20 [ 128.944338] do_remount_sb+0x497/0x850 [ 128.948214] ? user_get_super+0x250/0x250 [ 128.952351] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 128.957875] ? security_capable+0x99/0xc0 [ 128.962028] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 128.967549] ? ns_capable_common+0x13f/0x170 [ 128.971948] do_mount+0x167d/0x1fb0 [ 128.975567] ? copy_mount_string+0x40/0x40 [ 128.979787] ? kasan_kmalloc+0xc4/0xe0 [ 128.983661] ? kmem_cache_alloc_trace+0x318/0x780 [ 128.988490] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 128.994015] ? _copy_from_user+0xdf/0x150 [ 128.998149] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 129.003668] ? copy_mount_options+0x285/0x380 [ 129.008150] ksys_mount+0x12d/0x140 [ 129.011766] __x64_sys_mount+0xbe/0x150 [ 129.015730] do_syscall_64+0x1b9/0x820 [ 129.019602] ? finish_task_switch+0x1d3/0x870 [ 129.024081] ? syscall_return_slowpath+0x5e0/0x5e0 [ 129.028997] ? syscall_return_slowpath+0x31d/0x5e0 [ 129.033913] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 129.038914] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 129.044436] ? prepare_exit_to_usermode+0x291/0x3b0 [ 129.049435] ? perf_trace_sys_enter+0xb10/0xb10 [ 129.054087] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 129.058918] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 129.064091] RIP: 0033:0x45885a [ 129.067263] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 8f fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 129.086532] RSP: 002b:00007f47d500fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 129.094228] RAX: ffffffffffffffda RBX: 00007f47d500fb30 RCX: 000000000045885a 10:55:12 executing program 0: perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfd, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f0000000100)='threaded\x00', 0x9) [ 129.101481] RDX: 00007f47d500fad0 RSI: 0000000020000040 RDI: 00007f47d500faf0 [ 129.108736] RBP: 0000000020000040 R08: 00007f47d500fb30 R09: 00007f47d500fad0 [ 129.115989] R10: 0000000000000020 R11: 0000000000000206 R12: 0000000000000015 [ 129.123243] R13: 0000000000000020 R14: 00000000004d3e80 R15: 000000000000001d [ 129.131216] EXT4-fs (sda1): Not enough memory for storing quotafile name 10:55:12 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000001000)={{0x3}}) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0) 10:55:12 executing program 5: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000140)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000100), r1, 0x0, 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) 10:55:12 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f}}, 0x20) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0}, &(0x7f0000000140)=0xc) ioprio_get$pid(0x1, r2) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) 10:55:12 executing program 1 (fault-call:1 fault-nth:30): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:12 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2, 0x3}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) [ 129.248787] EXT4-fs (sda1): journaled quota format not specified [ 129.273196] FAULT_INJECTION: forcing a failure. [ 129.273196] name failslab, interval 1, probability 0, space 0, times 0 [ 129.284511] CPU: 1 PID: 8826 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 129.292826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 129.302179] Call Trace: [ 129.304767] dump_stack+0x1c9/0x2b4 [ 129.308384] ? dump_stack_print_info.cold.2+0x52/0x52 [ 129.313559] ? is_bpf_text_address+0xd7/0x170 [ 129.318046] should_fail.cold.4+0xa/0x11 [ 129.322098] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 129.327208] ? save_stack+0xa9/0xd0 [ 129.330822] ? save_stack+0x43/0xd0 [ 129.334432] ? kasan_kmalloc+0xc4/0xe0 [ 129.338302] ? kmem_cache_alloc_trace+0x152/0x780 [ 129.343129] ? kobject_uevent_env+0x20f/0x1110 [ 129.347695] ? kobject_uevent+0x1f/0x30 [ 129.351655] ? loop_clr_fd+0x62f/0xd60 [ 129.355525] ? lo_ioctl+0x875/0x1d70 [ 129.359232] ? blkdev_ioctl+0x9cd/0x2030 [ 129.363279] ? block_ioctl+0xee/0x130 [ 129.367062] ? do_vfs_ioctl+0x1de/0x1720 [ 129.371107] ? ksys_ioctl+0xa9/0xd0 [ 129.374727] ? __x64_sys_ioctl+0x73/0xb0 [ 129.378773] ? do_syscall_64+0x1b9/0x820 [ 129.382817] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 129.388173] ? lock_acquire+0x1e4/0x540 [ 129.392131] ? fs_reclaim_acquire+0x20/0x20 [ 129.396439] ? lock_downgrade+0x8f0/0x8f0 [ 129.400575] ? check_same_owner+0x340/0x340 [ 129.404880] ? lock_release+0xa30/0xa30 [ 129.408841] ? rcu_note_context_switch+0x730/0x730 [ 129.413756] __should_failslab+0x124/0x180 [ 129.417985] should_failslab+0x9/0x14 [ 129.421772] __kmalloc+0x2c8/0x760 [ 129.425302] ? kobject_get_path+0xc2/0x1a0 [ 129.429538] kobject_get_path+0xc2/0x1a0 [ 129.433584] kobject_uevent_env+0x234/0x1110 [ 129.437985] kobject_uevent+0x1f/0x30 [ 129.441771] loop_clr_fd+0x62f/0xd60 [ 129.445473] ? loop_attr_do_show_backing_file+0x1a0/0x1a0 [ 129.450998] lo_ioctl+0x875/0x1d70 [ 129.454526] ? lock_release+0xa30/0xa30 [ 129.458490] ? lo_rw_aio_complete+0x450/0x450 [ 129.462973] blkdev_ioctl+0x9cd/0x2030 [ 129.467364] ? lock_acquire+0x1e4/0x540 [ 129.471329] ? blkpg_ioctl+0xc40/0xc40 [ 129.475206] ? lock_release+0xa30/0xa30 [ 129.479166] ? kernel_text_address+0x79/0xf0 [ 129.483558] ? __kernel_text_address+0xd/0x40 [ 129.488036] ? unwind_get_return_address+0x61/0xa0 [ 129.492950] ? __save_stack_trace+0x8d/0xf0 [ 129.497258] ? __fget+0x4d5/0x740 [ 129.500697] ? ksys_dup3+0x690/0x690 [ 129.504394] ? __kasan_slab_free+0x11a/0x170 [ 129.508788] ? kfree+0xd9/0x260 [ 129.512051] ? ksys_mount+0xa3/0x140 [ 129.515747] ? __x64_sys_mount+0xbe/0x150 [ 129.519970] ? do_syscall_64+0x1b9/0x820 [ 129.524019] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 129.529371] block_ioctl+0xee/0x130 [ 129.532980] ? blkdev_fallocate+0x400/0x400 [ 129.537286] do_vfs_ioctl+0x1de/0x1720 [ 129.541159] ? kasan_check_write+0x14/0x20 [ 129.545377] ? do_raw_spin_lock+0xc1/0x200 [ 129.549597] ? ioctl_preallocate+0x300/0x300 [ 129.554006] ? __fget_light+0x2f7/0x440 [ 129.557967] ? fget_raw+0x20/0x20 [ 129.561407] ? trace_hardirqs_off+0xd/0x10 [ 129.565626] ? quarantine_put+0x10d/0x1b0 [ 129.569762] ? __kasan_slab_free+0x131/0x170 [ 129.574162] ? security_file_ioctl+0x94/0xc0 [ 129.578554] ksys_ioctl+0xa9/0xd0 [ 129.581993] __x64_sys_ioctl+0x73/0xb0 [ 129.585873] do_syscall_64+0x1b9/0x820 [ 129.589745] ? syscall_slow_exit_work+0x500/0x500 [ 129.594574] ? syscall_return_slowpath+0x5e0/0x5e0 [ 129.599487] ? syscall_return_slowpath+0x31d/0x5e0 [ 129.604403] ? prepare_exit_to_usermode+0x291/0x3b0 [ 129.609402] ? perf_trace_sys_enter+0xb10/0xb10 [ 129.614151] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 129.618982] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 129.624166] RIP: 0033:0x455c97 [ 129.627358] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d bb fb ff c3 66 2e 0f 1f 84 00 00 00 00 10:55:13 executing program 0: perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f0000000140)={0xa}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000040)='threaded\x00', 0xfd87) 10:55:13 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000001000)={{0x3}}) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0) 10:55:13 executing program 5: mkdir(&(0x7f0000000280)='./file0\x00', 0x0) lstat(&(0x7f0000000180)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_fuse_mount(&(0x7f0000000340)='./file0\x00', 0x4000, 0x0, r0, 0x4, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x3000, 0x8c0, &(0x7f0000ffb000/0x3000)=nil) perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$loop(&(0x7f000091dff5)='/dev/loop#\x00', 0x0, 0x0) madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) connect$unix(0xffffffffffffffff, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) msync(&(0x7f0000cb0000/0x3000)=nil, 0x3000, 0x7) syz_fuse_mount(&(0x7f0000000140)='./file0/.ile0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 129.646626] RSP: 002b:00007f47d500fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 129.654319] RAX: ffffffffffffffda RBX: 00007f47d500fb30 RCX: 0000000000455c97 [ 129.661571] RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000016 [ 129.668823] RBP: 0000000020000040 R08: 00007f47d500fb30 R09: 00007f47d500fad0 [ 129.676075] R10: 0000000000000020 R11: 0000000000000246 R12: 0000000000000015 [ 129.683329] R13: 0000000000000020 R14: 00000000004d3e80 R15: 000000000000001e 10:55:13 executing program 6: socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) ioctl$sock_SIOCBRADDBR(r0, 0x89a0, &(0x7f00000002c0)='gretap0\x00') r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x117}}, 0x20) r3 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000240)='tls\x00', 0x4) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000140)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x5, @empty, 0x100000000}, {0xa, 0x4e24, 0xc1f7, @loopback={0x0, 0x1}, 0x56b}, r2, 0x80}}, 0x48) write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r2, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f00000000c0)={0x7, 0xffffff4f, 0xfa00, {r2}}, 0x10) syz_open_dev$mouse(&(0x7f0000000100)='/dev/input/mouse#\x00', 0x9, 0x48c7d) [ 129.727629] QAT: Invalid ioctl 10:55:13 executing program 1 (fault-call:1 fault-nth:31): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:13 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2, 0xfffffff0}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:55:13 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RUNLINKAT(r1, &(0x7f00000002c0)={0x7, 0x4d}, 0x7) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000440)='9p\x00', 0x0, &(0x7f0000000380)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) write$P9_RREADDIR(r1, &(0x7f0000000480)={0x2a, 0x29, 0x1, {0x0, [{{}, 0x0, 0x0, 0x7, './file0'}]}}, 0x2a) write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0) syz_fuse_mount(&(0x7f00000001c0)='./file0\x00', 0x6003, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) 10:55:13 executing program 4: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x0, 0x0) r1 = open(&(0x7f0000ae8ff8)='./file0\x00', 0x14104a, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000200)={0x0, 0x0, [0x0, 0x0, 0x0, 0x117b]}) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000040)) write$evdev(r1, &(0x7f0000037fe8)=[{}], 0x18) sendfile(r1, r1, &(0x7f00009bcffe), 0x2000000800004c39) creat(&(0x7f00000000c0)='./file0\x00', 0x0) 10:55:13 executing program 3: perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f00000007c0)='rxrpc_s\x00', &(0x7f0000000800)={0x73, 0x79, 0x7a}, &(0x7f0000000840), 0x0, 0x0) add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f00000000c0)={0x73, 0x79, 0x7a}, 0x0, 0x0, 0xfffffffffffffffb) [ 129.833639] QAT: Invalid ioctl [ 129.847833] FAULT_INJECTION: forcing a failure. [ 129.847833] name failslab, interval 1, probability 0, space 0, times 0 [ 129.859156] CPU: 1 PID: 8870 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 129.867477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 129.876824] Call Trace: [ 129.879410] dump_stack+0x1c9/0x2b4 [ 129.883034] ? dump_stack_print_info.cold.2+0x52/0x52 [ 129.888213] ? trace_hardirqs_on+0xd/0x10 [ 129.892354] should_fail.cold.4+0xa/0x11 [ 129.896402] ? bpf_prog_kallsyms_find+0xde/0x4c0 [ 129.901148] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 129.906239] ? lock_acquire+0x1e4/0x540 [ 129.910198] ? is_bpf_text_address+0xae/0x170 [ 129.914679] ? lock_downgrade+0x8f0/0x8f0 [ 129.918822] ? kasan_check_read+0x11/0x20 [ 129.922964] ? rcu_is_watching+0x8c/0x150 [ 129.927645] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 129.932315] ? lock_acquire+0x1e4/0x540 [ 129.936291] ? fs_reclaim_acquire+0x20/0x20 [ 129.940601] ? lock_downgrade+0x8f0/0x8f0 [ 129.944745] ? check_same_owner+0x340/0x340 [ 129.949087] ? rcu_note_context_switch+0x730/0x730 [ 129.954028] __should_failslab+0x124/0x180 [ 129.958252] should_failslab+0x9/0x14 [ 129.962041] __kmalloc+0x2c8/0x760 [ 129.965571] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 129.971094] ? match_token+0x49e/0x670 [ 129.974976] ? match_strdup+0x5e/0xa0 [ 129.978770] match_strdup+0x5e/0xa0 [ 129.982383] set_qf_name+0x14b/0x3e0 [ 129.986086] parse_options+0xd3e/0x29d0 [ 129.990057] ? clear_qf_name+0x150/0x150 [ 129.994109] ? kasan_unpoison_shadow+0x35/0x50 [ 129.998676] ? kasan_kmalloc+0xc4/0xe0 [ 130.002571] ? __kmalloc_track_caller+0x311/0x760 [ 130.007403] ? kasan_check_write+0x14/0x20 [ 130.011628] ? memcpy+0x45/0x50 [ 130.014896] ext4_remount+0x675/0x2650 [ 130.018782] ? ext4_register_li_request+0xa20/0xa20 [ 130.023789] ? shrink_dentry_list+0x7c0/0x7c0 [ 130.028283] ? lock_release+0xa30/0xa30 [ 130.032245] ? ext4_register_li_request+0xa20/0xa20 [ 130.037245] do_remount_sb+0x497/0x850 [ 130.041120] ? user_get_super+0x250/0x250 [ 130.045256] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 130.050822] ? security_capable+0x99/0xc0 [ 130.054969] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 130.060515] ? ns_capable_common+0x13f/0x170 [ 130.064925] do_mount+0x167d/0x1fb0 [ 130.068543] ? copy_mount_string+0x40/0x40 [ 130.072765] ? kasan_kmalloc+0xc4/0xe0 [ 130.076641] ? kmem_cache_alloc_trace+0x318/0x780 [ 130.081469] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 130.087043] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 130.092579] ? copy_mount_options+0x285/0x380 [ 130.097071] ksys_mount+0x12d/0x140 [ 130.100686] __x64_sys_mount+0xbe/0x150 [ 130.104651] do_syscall_64+0x1b9/0x820 [ 130.108524] ? finish_task_switch+0x1d3/0x870 [ 130.113010] ? syscall_return_slowpath+0x5e0/0x5e0 [ 130.117927] ? syscall_return_slowpath+0x31d/0x5e0 [ 130.122850] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 130.127852] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 130.133373] ? prepare_exit_to_usermode+0x291/0x3b0 [ 130.138374] ? perf_trace_sys_enter+0xb10/0xb10 [ 130.143032] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 130.147865] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 130.153038] RIP: 0033:0x45885a [ 130.156207] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 8f fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 130.175494] RSP: 002b:00007f47d500fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 130.183186] RAX: ffffffffffffffda RBX: 00007f47d500fb30 RCX: 000000000045885a [ 130.190438] RDX: 00007f47d500fad0 RSI: 0000000020000040 RDI: 00007f47d500faf0 [ 130.197691] RBP: 0000000020000040 R08: 00007f47d500fb30 R09: 00007f47d500fad0 [ 130.204942] R10: 0000000000000020 R11: 0000000000000206 R12: 0000000000000015 [ 130.212193] R13: 0000000000000020 R14: 00000000004d3e80 R15: 000000000000001f [ 130.219599] EXT4-fs (sda1): Not enough memory for storing quotafile name 10:55:13 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt(r1, 0x65, 0x1, &(0x7f0000000080), 0x1d0) dup3(r0, r1, 0x0) 10:55:13 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) clock_gettime(0x3, &(0x7f0000000100)) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_DESTROY_ID(r0, &(0x7f0000000180)={0x1, 0x10, 0xfa00, {&(0x7f0000000140), r1}}, 0x18) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) 10:55:13 executing program 5: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e20}, 0x1c) listen(r0, 0x1000008000) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000280)='/dev/rfkill\x00', 0x0, 0x0) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f00000002c0)={0x4, 0x4f, 0x73, 0x4, 0x2ec, 0x7, 0x8, 0x2, 0x400, 0x3, 0x4, 0x3ff}) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000700)={0x1}, 0x8) r2 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r2, &(0x7f0000000100)={0x2, 0x4e20, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) r3 = accept4(r0, &(0x7f0000000000)=@in={0x0, 0x0, @local}, &(0x7f0000000080)=0x80, 0x0) setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000180), 0x0) r4 = socket(0x10, 0x3, 0x0) write(r3, &(0x7f0000000300)="5c9a507426bd168af0e7d4f8a20fd04cd29ceeec24047cb3e405283b7bee4007a85386abdb12ce86ee63406b180e3b1c83ba5a6d0dc2258a7c538d135303d259bd59edd409924cd983e0da817e0e8708b3e10b4dd69b4d08676d43a4ff94025556468ccca59b73a4cbf2ec38674f9cff52894cf58b76ca7bb1f06280d529dd3fe01f711b6615cc14900d9eee", 0x8c) ioctl$sock_ifreq(r4, 0x89f3, &(0x7f0000000140)={'ip6tnl0\x00', @ifru_data=&(0x7f00000000c0)="a325d3c91116bf66fed2b246a94500aa6593352d29be1746fd84168b6ef37b32"}) close(r3) 10:55:13 executing program 1 (fault-call:1 fault-nth:32): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:13 executing program 3: r0 = userfaultfd(0x0) r1 = memfd_create(&(0x7f0000000040)='cgroup(eth1[*nodev\x00', 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000080)={&(0x7f000018e000/0x4000)=nil, 0x4000}, &(0x7f00000000c0)=0x10) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x48}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000b4e000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000182000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f00000be000/0x2000)=nil) setsockopt$IP_VS_SO_SET_DELDEST(r1, 0x0, 0x488, &(0x7f0000000100)={{0x62, @multicast2=0xe0000002, 0x4e21, 0x4, 'fo\x00', 0x0, 0x7, 0x32}, {@multicast1=0xe0000001, 0x4e22, 0x0, 0x3, 0x7}}, 0x44) close(r0) connect$bt_l2cap(r1, &(0x7f0000000200)={0x1f, 0x1, {0x82, 0x91, 0x10001, 0x2, 0xe9, 0x7}, 0xf3, 0x8}, 0xe) 10:55:13 executing program 0: r0 = perf_event_open(&(0x7f0000014f88)={0x1, 0x78}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000014f88)={0x0, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$alg(0x26, 0x5, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000a00)=[{{&(0x7f0000000240)=@l2, 0x80, &(0x7f0000000000), 0x10000299, &(0x7f0000000900)=""/252, 0xec}, 0xfffffffffffffffc}], 0x0, 0x10000, 0x0) dup3(r1, r0, 0x0) 10:55:14 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) socket$bt_bnep(0x1f, 0x3, 0x4) [ 130.396889] FAULT_INJECTION: forcing a failure. [ 130.396889] name failslab, interval 1, probability 0, space 0, times 0 [ 130.408180] CPU: 1 PID: 8902 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 130.416498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 130.425852] Call Trace: [ 130.428447] dump_stack+0x1c9/0x2b4 [ 130.432084] ? dump_stack_print_info.cold.2+0x52/0x52 [ 130.437284] ? trace_hardirqs_on+0xd/0x10 [ 130.441441] ? perf_trace_lock+0xde/0x920 10:55:14 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket(0x10, 0x803, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/softnet_stat\x00') sendfile(r1, r2, &(0x7f0000000000), 0x80000000) 10:55:14 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000ffff01000000fff3856e5e010000000000000000008000000043476a4768", 0x22, 0x1c0}]) 10:55:14 executing program 2: openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) unshare(0x400) pselect6(0x40, &(0x7f0000f33fc0)={0x3ffffd}, &(0x7f0000768000), &(0x7f0000000040), &(0x7f0000349000), &(0x7f0000f14000)={&(0x7f00000000c0), 0x8}) [ 130.445597] should_fail.cold.4+0xa/0x11 [ 130.449666] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 130.454781] ? lock_acquire+0x1e4/0x540 [ 130.458758] ? is_bpf_text_address+0xae/0x170 [ 130.463262] ? lock_downgrade+0x8f0/0x8f0 [ 130.467433] ? kasan_check_read+0x11/0x20 [ 130.471589] ? rcu_is_watching+0x8c/0x150 [ 130.475747] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 130.480429] ? lock_acquire+0x1e4/0x540 [ 130.484413] ? fs_reclaim_acquire+0x20/0x20 [ 130.488747] ? lock_downgrade+0x8f0/0x8f0 [ 130.492905] ? check_same_owner+0x340/0x340 [ 130.497216] ? rcu_note_context_switch+0x730/0x730 [ 130.502135] __should_failslab+0x124/0x180 [ 130.506380] should_failslab+0x9/0x14 [ 130.510168] __kmalloc+0x2c8/0x760 [ 130.513697] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 130.519217] ? match_token+0x49e/0x670 [ 130.523092] ? match_strdup+0x5e/0xa0 [ 130.526883] match_strdup+0x5e/0xa0 [ 130.530499] set_qf_name+0x14b/0x3e0 [ 130.534199] parse_options+0xd3e/0x29d0 [ 130.538165] ? clear_qf_name+0x150/0x150 [ 130.542215] ? kasan_unpoison_shadow+0x35/0x50 [ 130.546785] ? kasan_kmalloc+0xc4/0xe0 [ 130.550668] ? __kmalloc_track_caller+0x311/0x760 [ 130.555496] ? kasan_check_write+0x14/0x20 [ 130.559720] ? memcpy+0x45/0x50 [ 130.562990] ext4_remount+0x675/0x2650 [ 130.566877] ? ext4_register_li_request+0xa20/0xa20 [ 130.571884] ? shrink_dentry_list+0x7c0/0x7c0 [ 130.576371] ? lock_release+0xa30/0xa30 [ 130.580329] ? ext4_register_li_request+0xa20/0xa20 [ 130.585333] do_remount_sb+0x497/0x850 [ 130.589211] ? user_get_super+0x250/0x250 [ 130.593356] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 130.598880] ? security_capable+0x99/0xc0 [ 130.603019] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 130.608542] ? ns_capable_common+0x13f/0x170 [ 130.612939] do_mount+0x167d/0x1fb0 [ 130.616554] ? copy_mount_string+0x40/0x40 [ 130.620784] ? kasan_kmalloc+0xc4/0xe0 [ 130.624658] ? kmem_cache_alloc_trace+0x318/0x780 [ 130.629486] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 130.635028] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 130.640549] ? copy_mount_options+0x285/0x380 [ 130.645032] ksys_mount+0x12d/0x140 [ 130.648645] __x64_sys_mount+0xbe/0x150 [ 130.652610] do_syscall_64+0x1b9/0x820 [ 130.656492] ? finish_task_switch+0x1d3/0x870 [ 130.660972] ? syscall_return_slowpath+0x5e0/0x5e0 [ 130.665884] ? syscall_return_slowpath+0x31d/0x5e0 [ 130.670803] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 130.675805] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 130.681327] ? prepare_exit_to_usermode+0x291/0x3b0 [ 130.686329] ? perf_trace_sys_enter+0xb10/0xb10 [ 130.690987] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 130.695826] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 130.700997] RIP: 0033:0x45885a [ 130.704172] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 8f fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 130.723443] RSP: 002b:00007f47d500fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 130.731139] RAX: ffffffffffffffda RBX: 00007f47d500fb30 RCX: 000000000045885a [ 130.738394] RDX: 00007f47d500fad0 RSI: 0000000020000040 RDI: 00007f47d500faf0 [ 130.745649] RBP: 0000000020000040 R08: 00007f47d500fb30 R09: 00007f47d500fad0 [ 130.752904] R10: 0000000000000020 R11: 0000000000000206 R12: 0000000000000015 [ 130.760171] R13: 0000000000000020 R14: 00000000004d3e80 R15: 0000000000000020 [ 130.767853] EXT4-fs (sda1): Not enough memory for storing quotafile name 10:55:14 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2, 0x200000000000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:55:14 executing program 1 (fault-call:1 fault-nth:33): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:14 executing program 0: [ 130.859428] Dev loop5: unable to read RDB block 1 [ 130.864411] loop5: AHDI p1 p3 [ 130.867635] loop5: partition table partially beyond EOD, truncated [ 130.895217] loop5: p1 start 4294149486 is beyond EOD, truncated 10:55:14 executing program 6: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x101400, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000140)={0xffffffffffffffff}, 0x2, 0xb}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000240)={0x7, 0x8, 0xfa00, {r1, 0x7fffffff}}, 0x10) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r3, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r2, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r3}}, 0x10) 10:55:14 executing program 4: r0 = epoll_create1(0x0) r1 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000080)) epoll_wait(r0, &(0x7f00000002c0)=[{}], 0x1, 0xffffffffffffffc0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timerfd_settime(r1, 0x0, &(0x7f0000000040)={{}, {0x0, 0x989680}}, &(0x7f0000037000)) epoll_wait(r0, &(0x7f0000000180)=[{}], 0x92, 0x6) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000440)={0x7}) 10:55:14 executing program 2: bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000780)}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000140)={0xffffffffffffffff, &(0x7f0000000080), &(0x7f00000000c0)=""/1}, 0x18) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f9, &(0x7f0000000140)='sit0\x00') [ 130.906904] EXT4-fs (sda1): journaled quota format not specified 10:55:14 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2, 0xffffff7f}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) [ 130.946860] FAULT_INJECTION: forcing a failure. [ 130.946860] name failslab, interval 1, probability 0, space 0, times 0 [ 130.958160] CPU: 1 PID: 8938 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 130.966482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 130.975832] Call Trace: [ 130.978427] dump_stack+0x1c9/0x2b4 [ 130.982057] ? dump_stack_print_info.cold.2+0x52/0x52 [ 130.987252] should_fail.cold.4+0xa/0x11 [ 130.991321] ? __kernel_text_address+0xd/0x40 [ 130.995816] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 131.000912] ? __save_stack_trace+0x8d/0xf0 [ 131.005235] ? save_stack+0xa9/0xd0 [ 131.008852] ? save_stack+0x43/0xd0 [ 131.012464] ? kasan_kmalloc+0xc4/0xe0 [ 131.016334] ? kasan_slab_alloc+0x12/0x20 [ 131.020467] ? kmem_cache_alloc_node+0x144/0x780 [ 131.025208] ? __alloc_skb+0x119/0x790 [ 131.029081] ? alloc_uevent_skb+0x89/0x220 [ 131.033297] ? kobject_uevent_env+0x866/0x1110 [ 131.037860] ? kobject_uevent+0x1f/0x30 [ 131.041820] ? loop_clr_fd+0x62f/0xd60 [ 131.045692] ? lo_ioctl+0x875/0x1d70 [ 131.049389] ? blkdev_ioctl+0x9cd/0x2030 [ 131.053449] ? block_ioctl+0xee/0x130 [ 131.057234] ? do_vfs_ioctl+0x1de/0x1720 [ 131.061286] ? ksys_ioctl+0xa9/0xd0 [ 131.064906] ? lock_acquire+0x1e4/0x540 [ 131.068869] ? fs_reclaim_acquire+0x20/0x20 [ 131.073439] ? lock_downgrade+0x8f0/0x8f0 [ 131.077578] ? check_same_owner+0x340/0x340 [ 131.081885] ? lock_downgrade+0x8f0/0x8f0 [ 131.086036] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 131.091560] ? rcu_note_context_switch+0x730/0x730 [ 131.096482] __should_failslab+0x124/0x180 [ 131.100709] should_failslab+0x9/0x14 [ 131.104498] kmem_cache_alloc_node_trace+0x26f/0x770 [ 131.109586] ? kasan_kmalloc+0xc4/0xe0 [ 131.113466] __kmalloc_node_track_caller+0x33/0x70 [ 131.118383] __kmalloc_reserve.isra.41+0x3a/0xe0 [ 131.123124] __alloc_skb+0x155/0x790 [ 131.126825] ? skb_scrub_packet+0x490/0x490 [ 131.131132] ? lock_release+0xa30/0xa30 [ 131.135088] ? pointer+0x990/0x990 [ 131.138612] ? device_get_devnode+0x2e0/0x2e0 [ 131.143089] ? kasan_unpoison_shadow+0x35/0x50 [ 131.147660] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 131.153099] ? netlink_has_listeners+0x2cf/0x4a0 [ 131.157844] ? netlink_tap_init_net+0x3e0/0x3e0 [ 131.162498] alloc_uevent_skb+0x89/0x220 [ 131.166545] kobject_uevent_env+0x866/0x1110 [ 131.170944] kobject_uevent+0x1f/0x30 [ 131.174729] loop_clr_fd+0x62f/0xd60 [ 131.178429] ? loop_attr_do_show_backing_file+0x1a0/0x1a0 [ 131.183955] lo_ioctl+0x875/0x1d70 [ 131.187480] ? lock_release+0xa30/0xa30 [ 131.191443] ? lo_rw_aio_complete+0x450/0x450 [ 131.195925] blkdev_ioctl+0x9cd/0x2030 [ 131.199796] ? lock_acquire+0x1e4/0x540 [ 131.203753] ? blkpg_ioctl+0xc40/0xc40 [ 131.207625] ? lock_release+0xa30/0xa30 [ 131.211583] ? kernel_text_address+0x79/0xf0 [ 131.215978] ? __kernel_text_address+0xd/0x40 [ 131.220459] ? unwind_get_return_address+0x61/0xa0 [ 131.225374] ? __save_stack_trace+0x8d/0xf0 [ 131.229684] ? __fget+0x4d5/0x740 [ 131.233125] ? ksys_dup3+0x690/0x690 [ 131.236824] ? __kasan_slab_free+0x11a/0x170 [ 131.241215] ? kfree+0xd9/0x260 [ 131.244479] ? ksys_mount+0xa3/0x140 [ 131.248178] ? __x64_sys_mount+0xbe/0x150 [ 131.252310] ? do_syscall_64+0x1b9/0x820 [ 131.256355] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 131.261707] block_ioctl+0xee/0x130 [ 131.265319] ? blkdev_fallocate+0x400/0x400 [ 131.269625] do_vfs_ioctl+0x1de/0x1720 [ 131.273512] ? kasan_check_write+0x14/0x20 [ 131.277729] ? do_raw_spin_lock+0xc1/0x200 [ 131.282035] ? ioctl_preallocate+0x300/0x300 [ 131.286425] ? __fget_light+0x2f7/0x440 [ 131.290383] ? fget_raw+0x20/0x20 [ 131.293822] ? trace_hardirqs_off+0xd/0x10 [ 131.298039] ? quarantine_put+0x10d/0x1b0 [ 131.302180] ? __kasan_slab_free+0x131/0x170 [ 131.306577] ? security_file_ioctl+0x94/0xc0 [ 131.310969] ksys_ioctl+0xa9/0xd0 [ 131.314407] __x64_sys_ioctl+0x73/0xb0 [ 131.318280] do_syscall_64+0x1b9/0x820 [ 131.322159] ? finish_task_switch+0x1d3/0x870 [ 131.326645] ? syscall_return_slowpath+0x5e0/0x5e0 [ 131.331562] ? syscall_return_slowpath+0x31d/0x5e0 [ 131.336477] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 131.341483] ? prepare_exit_to_usermode+0x291/0x3b0 [ 131.346484] ? perf_trace_sys_enter+0xb10/0xb10 [ 131.351140] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 131.355977] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 131.361151] RIP: 0033:0x455c97 [ 131.364326] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d bb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 131.383596] RSP: 002b:00007f47d500fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 131.391290] RAX: ffffffffffffffda RBX: 00007f47d500fb30 RCX: 0000000000455c97 10:55:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_INTERRUPT(r2, 0x4004ae86, &(0x7f0000000240)) sendfile(r1, r0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480), 0x10) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000002c0)) ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, &(0x7f0000000040)={0x101ff, 0x0, &(0x7f0000ff9000/0x4000)=nil}) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000080)) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000300)={[{0x0, 0x200, 0x0, 0x4, 0x8, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x6}, {0x40, 0x401, 0xfc, 0x0, 0x200, 0x400, 0xffffffffffffba1c, 0x8, 0x99f, 0xfffffffffffffe97, 0x2, 0x7ff, 0x8}, {0x578fd98a, 0x0, 0x7, 0x0, 0x400, 0x1, 0x7, 0x5, 0x0, 0x4d, 0x9, 0x8}], 0x7}) openat$vcs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vcs\x00', 0x0, 0x0) [ 131.398541] RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000016 [ 131.405795] RBP: 0000000020000040 R08: 00007f47d500fb30 R09: 00007f47d500fad0 [ 131.413048] R10: 0000000000000020 R11: 0000000000000246 R12: 0000000000000015 [ 131.420298] R13: 0000000000000020 R14: 00000000004d3e80 R15: 0000000000000021 [ 131.444214] Dev loop5: unable to read RDB block 1 10:55:15 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x1d6) 10:55:15 executing program 2: syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='\nxt2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) [ 131.449185] loop5: AHDI p1 p3 [ 131.452408] loop5: partition table partially beyond EOD, truncated [ 131.459215] loop5: p1 start 4294149486 is beyond EOD, truncated 10:55:15 executing program 3: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c0045009, &(0x7f00000001c0)=0x1) readv(r0, &(0x7f0000395000)=[{&(0x7f00004d2000)=""/4096, 0x1000}], 0x1) 10:55:15 executing program 1 (fault-call:1 fault-nth:34): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:15 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000ffff01000000fff3856e5e010000000000000000008000000043476a4768", 0x22, 0x1c0}]) 10:55:15 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14}}}, 0x1c) sendmmsg(r0, &(0x7f00000002c0), 0x4cc, 0x0) 10:55:15 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2, 0x400300}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:55:15 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) r2 = shmget$private(0x0, 0x3000, 0x1004, &(0x7f0000ffd000/0x3000)=nil) shmat(r2, &(0x7f0000ffd000/0x3000)=nil, 0x0) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vga_arbiter\x00', 0x701001, 0x0) r4 = getegid() ioctl$TUNSETGROUP(r3, 0x400454ce, r4) getsockopt$inet6_opts(r3, 0x29, 0x3f, &(0x7f0000000300)=""/91, &(0x7f0000000380)=0x5b) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000140), 0x13f, 0xb}}, 0x20) setsockopt$inet_MCAST_LEAVE_GROUP(r3, 0x0, 0x2d, &(0x7f0000000240)={0x67, {{0x2, 0x4e21, @remote={0xac, 0x14, 0x14, 0xbb}}}}, 0x88) [ 131.558258] EXT4-fs (sda1): journaled quota format not specified [ 131.628289] EXT4-fs (sda1): journaled quota format not specified [ 131.641450] Dev loop5: unable to read RDB block 1 [ 131.646369] loop5: AHDI p1 p3 [ 131.649599] loop5: partition table partially beyond EOD, truncated 10:55:15 executing program 2: [ 131.673519] loop5: p1 start 4294149486 is beyond EOD, truncated [ 131.682096] FAULT_INJECTION: forcing a failure. [ 131.682096] name failslab, interval 1, probability 0, space 0, times 0 [ 131.693336] CPU: 1 PID: 8996 Comm: syz-executor1 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 131.701646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 131.710997] Call Trace: [ 131.713593] dump_stack+0x1c9/0x2b4 [ 131.717312] ? dump_stack_print_info.cold.2+0x52/0x52 [ 131.722503] should_fail.cold.4+0xa/0x11 [ 131.726559] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 131.731651] ? lock_acquire+0x1e4/0x540 [ 131.735615] ? trace_hardirqs_on+0x10/0x10 [ 131.739836] ? lock_release+0xa30/0xa30 [ 131.743794] ? check_same_owner+0x340/0x340 [ 131.748103] ? rcu_note_context_switch+0x730/0x730 [ 131.753031] ? kasan_check_write+0x14/0x20 [ 131.757256] ? lock_acquire+0x1e4/0x540 [ 131.761215] ? fs_reclaim_acquire+0x20/0x20 [ 131.765524] ? lock_downgrade+0x8f0/0x8f0 [ 131.769662] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 131.775188] ? check_same_owner+0x340/0x340 [ 131.779493] ? number+0x967/0xc90 [ 131.782930] ? rcu_note_context_switch+0x730/0x730 [ 131.787849] __should_failslab+0x124/0x180 [ 131.792072] should_failslab+0x9/0x14 [ 131.795860] kmem_cache_alloc_node+0x272/0x780 [ 131.800428] ? set_precision+0xe0/0xe0 [ 131.804310] __alloc_skb+0x119/0x790 [ 131.808017] ? skb_scrub_packet+0x490/0x490 [ 131.812329] ? lock_release+0xa30/0xa30 [ 131.816286] ? pointer+0x990/0x990 [ 131.819813] ? device_get_devnode+0x2e0/0x2e0 [ 131.824295] ? kasan_unpoison_shadow+0x35/0x50 [ 131.828869] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 131.833874] ? netlink_has_listeners+0x2cf/0x4a0 [ 131.838615] ? netlink_tap_init_net+0x3e0/0x3e0 [ 131.843272] alloc_uevent_skb+0x89/0x220 [ 131.847321] kobject_uevent_env+0x866/0x1110 [ 131.851720] kobject_uevent+0x1f/0x30 [ 131.855507] loop_clr_fd+0x62f/0xd60 [ 131.859209] ? loop_attr_do_show_backing_file+0x1a0/0x1a0 [ 131.864736] lo_ioctl+0x875/0x1d70 [ 131.868267] ? lock_release+0xa30/0xa30 [ 131.872237] ? lo_rw_aio_complete+0x450/0x450 [ 131.876730] blkdev_ioctl+0x9cd/0x2030 [ 131.880607] ? lock_acquire+0x1e4/0x540 [ 131.884568] ? blkpg_ioctl+0xc40/0xc40 [ 131.888443] ? lock_release+0xa30/0xa30 [ 131.892405] ? kernel_text_address+0x79/0xf0 [ 131.896802] ? __kernel_text_address+0xd/0x40 [ 131.901284] ? unwind_get_return_address+0x61/0xa0 [ 131.906197] ? __save_stack_trace+0x8d/0xf0 [ 131.910508] ? __fget+0x4d5/0x740 [ 131.913948] ? ksys_dup3+0x690/0x690 [ 131.917646] ? __kasan_slab_free+0x11a/0x170 [ 131.922037] ? kfree+0xd9/0x260 [ 131.925299] ? ksys_mount+0xa3/0x140 [ 131.929388] ? __x64_sys_mount+0xbe/0x150 [ 131.933522] ? do_syscall_64+0x1b9/0x820 [ 131.937569] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 131.942922] block_ioctl+0xee/0x130 [ 131.946540] ? blkdev_fallocate+0x400/0x400 [ 131.950847] do_vfs_ioctl+0x1de/0x1720 [ 131.954722] ? kasan_check_write+0x14/0x20 [ 131.958940] ? do_raw_spin_lock+0xc1/0x200 [ 131.963161] ? ioctl_preallocate+0x300/0x300 [ 131.967553] ? __fget_light+0x2f7/0x440 [ 131.971510] ? fget_raw+0x20/0x20 [ 131.974953] ? trace_hardirqs_off+0xd/0x10 [ 131.979169] ? quarantine_put+0x10d/0x1b0 [ 131.983305] ? __kasan_slab_free+0x131/0x170 [ 131.987705] ? security_file_ioctl+0x94/0xc0 [ 131.992097] ksys_ioctl+0xa9/0xd0 [ 131.995539] __x64_sys_ioctl+0x73/0xb0 [ 131.999412] do_syscall_64+0x1b9/0x820 [ 132.003284] ? syscall_return_slowpath+0x5e0/0x5e0 [ 132.008200] ? syscall_return_slowpath+0x31d/0x5e0 [ 132.013116] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 132.018119] ? prepare_exit_to_usermode+0x291/0x3b0 [ 132.023125] ? perf_trace_sys_enter+0xb10/0xb10 [ 132.027783] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 132.032619] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 132.037790] RIP: 0033:0x455c97 [ 132.040958] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d bb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 132.060236] RSP: 002b:00007f47d500fa88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 132.067929] RAX: ffffffffffffffda RBX: 00007f47d500fb30 RCX: 0000000000455c97 10:55:15 executing program 6: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffff9c, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x2c, &(0x7f0000000100)=[@in6={0xa, 0x4e22, 0x1, @remote={0xfe, 0x80, [], 0xbb}, 0x7ff}, @in={0x2, 0x4e20}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000240)=@assoc_value={r1, 0x7}, &(0x7f0000000280)=0x8) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r3, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r2, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r3}}, 0x10) 10:55:15 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2, 0x1000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:55:15 executing program 0: [ 132.075180] RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000016 [ 132.082436] RBP: 0000000020000040 R08: 00007f47d500fb30 R09: 00007f47d500fad0 [ 132.089687] R10: 0000000000000020 R11: 0000000000000246 R12: 0000000000000015 [ 132.096942] R13: 0000000000000020 R14: 00000000004d3e80 R15: 0000000000000022 10:55:15 executing program 4: 10:55:15 executing program 0: 10:55:15 executing program 2: 10:55:15 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) pipe2(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) ioctl$RTC_PIE_OFF(r2, 0x7006) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) 10:55:15 executing program 1 (fault-call:1 fault-nth:35): syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:15 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000ffff01000000fff3856e5e010000000000000000008000000043476a4768", 0x22, 0x1c0}]) 10:55:15 executing program 3: 10:55:15 executing program 2: 10:55:15 executing program 0: 10:55:15 executing program 4: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) r0 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)='cgroup.subtree_control\x00', 0x2, 0x0) write$P9_RATTACH(r0, &(0x7f0000000040)={0x14, 0x69}, 0x14) 10:55:15 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) 10:55:15 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2, 0xf0}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) [ 132.280719] Dev loop5: unable to read RDB block 1 [ 132.284033] EXT4-fs (sda1): journaled quota format not specified [ 132.285674] loop5: AHDI p1 p3 [ 132.294981] loop5: partition table partially beyond EOD, truncated 10:55:15 executing program 1: syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:16 executing program 0: 10:55:16 executing program 2: 10:55:16 executing program 3: 10:55:16 executing program 4: 10:55:16 executing program 2: 10:55:16 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) dup(r0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='net/sco\x00') unlinkat(r2, &(0x7f0000000140)='./file0\x00', 0x0) 10:55:16 executing program 0: 10:55:16 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2, 0x9effffff00000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) [ 132.417123] loop5: p1 start 4294149486 is beyond EOD, truncated [ 132.440379] EXT4-fs (sda1): journaled quota format not specified 10:55:16 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000ffff01000000fff3856e5e010000000000000000008000000043476a4768", 0x22, 0x1c0}]) 10:55:16 executing program 4: 10:55:16 executing program 3: r0 = socket$can_raw(0x1d, 0x3, 0x1) sendmmsg(r0, &(0x7f0000007f00)=[{{&(0x7f0000000480)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev={0xac, 0x14, 0x14}}}}, 0x80, &(0x7f0000000700)}}], 0x1, 0x0) 10:55:16 executing program 1: syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='%xt2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:16 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/ptype\x00') preadv(r0, &(0x7f0000000480)=[{&(0x7f0000000380)=""/242, 0xf2}], 0x1, 0x10400003) 10:55:16 executing program 6: r0 = accept$inet(0xffffffffffffffff, 0x0, &(0x7f0000000100)) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000340)='/dev/null\x00', 0x200, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r1, 0xc1205531, &(0x7f0000000400)={0x20, 0x6, 0x8, 0x1, [], [], [], 0x4b, 0x1, 0x3, 0x77, "d198893469b54a776569af6360ccc650"}) ioctl$ION_IOC_HEAP_QUERY(r1, 0xc0184908, &(0x7f00000005c0)={0x34, 0x0, &(0x7f0000000580)}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000140)={'tunl0\x00', 0xc102}) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000300)='/dev/rtc0\x00', 0x100, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r1, 0xc008551a, &(0x7f0000000780)=ANY=[@ANYBLOB="3f00000010000000070000000700000006070000000800e8a42501a5f563290c815d90385f2776c9a5d4d1b70c9a5f8d86c0228c8e49317d52a841a82f48183e50dc93929e69f5359d689d252ebc023943767ee2e94e38071174298c8d171ef146788576e0c4527a6e830b8690dd95cec0bff613e0d1965bb9f1fc8d735d44407bb18faa560eec593673e3288bd466d373cbb9d0e7ff6715ecf4e0cf72d7f99ad6155c1529894f7987f32d26f833971c8223220b8ac9ae1b40c7aec06dc025fbd5ae4b92f3e915a321098085c02bc06d973193c47f35f99825bde4a0e63e312109d96a7332313e06c5955127a8169fbe0de262b1dd7d181c3cbd647c930987c025eb3c1eee3e6f0b2ba13b716541b06cde8147003a76082c6fdc4c6b0a07801cfdb6574cdc4e6e2b3deada78d097b979eaf0b83251d4dd7955737b2ce6165759d557c65b13835bdd000000"]) r5 = syz_open_dev$mice(&(0x7f0000000380)='/dev/input/mice\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f0000000640)={0x2, 0x4, 0x8, 0x130, 0x0}, &(0x7f0000000680)=0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000a40)={r6, 0x4c, &(0x7f00000006c0)=[@in={0x2, 0x4e20, @rand_addr=0x80000001}, @in={0x2, 0x4e23, @broadcast=0xffffffff}, @in6={0xa, 0x4e22, 0xff, @dev={0xfe, 0x80, [], 0xe}, 0xff}, @in={0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}]}, &(0x7f0000000a80)=0x10) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x100000, 0x1000, &(0x7f0000ffc000/0x1000)=nil}) setsockopt$bt_hci_HCI_FILTER(r5, 0x0, 0x2, &(0x7f00000003c0)={0x9, 0x286, 0x80000001, 0x7fff}, 0x10) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r4, 0x0, 0x1, 0x4}}, 0x1af) getsockopt$inet_sctp_SCTP_MAXSEG(r3, 0x84, 0xd, &(0x7f0000000540)=@assoc_value={0x0, 0x9}, &(0x7f0000000600)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f0000000900)=ANY=[@ANYRES32=r7, @ANYBLOB="e00000002fe9fcfe4f765b1c3a348dfe9ee41c8b67e61ce38b73ac99a88f8e900a5a81eb083ba867358b63421838567eb628f8f1a51e6faad0a3660157fc64261cb4db3d01d19b732f55153f239c69479c0a06bdf9804ffe8b66d580c1dad004801ec2340e639e674920fad432e0c2d082c093a4743a6d7b62bb5c7342e9c2495eabf524ae5966c4a302000000000000007de5b36ea5d2c70546ac4881647cff5dddf45597ddc42b6fda1a8c28d247f7649a43cf7c59911e06f82ea592b02baecd6bab47f7de52d9e83943b08245f9a7c8f2bb41c39056fa7ec83a5c30e72cb8c2b5ccda2888faf9b297a78c94fc1729ba6110713048d1aaea31a5b6da889f9c429c871a5365608ca50c5ce7df2322d81945168d"], &(0x7f0000000740)=0xe8) ioctl$ION_IOC_HEAP_QUERY(r5, 0xc0184908, &(0x7f0000000240)={0x34, 0x0, &(0x7f0000000180)}) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r5, 0x6, 0x16, &(0x7f0000000280)=[{0x3, 0x3125}], 0x1) write$RDMA_USER_CM_CMD_LISTEN(r2, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r4}}, 0x10) r8 = pkey_alloc(0x0, 0x3) pkey_free(r8) 10:55:16 executing program 4: 10:55:16 executing program 0: 10:55:16 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2, 0xf0ffffff00000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:55:16 executing program 3: [ 132.629391] Dev loop5: unable to read RDB block 1 [ 132.634342] loop5: AHDI p1 p3 [ 132.637613] loop5: partition table partially beyond EOD, truncated 10:55:16 executing program 2: 10:55:16 executing program 4: 10:55:16 executing program 0: 10:55:16 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x0, 0x0) ioctl$BLKBSZSET(r2, 0x40081271, &(0x7f0000000140)=0x9) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) 10:55:16 executing program 1: syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='\nxt2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) [ 132.720636] loop5: p1 start 4294149486 is beyond EOD, truncated 10:55:16 executing program 3: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x1, 0x3, &(0x7f0000346fc8)=@framed={{0x18}, [], {0x95}}, &(0x7f000031cff6)="73792a6b802b0c000000", 0xdc6d, 0xfb, &(0x7f0000000000)=""/251}, 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000013c0)={r0, 0x50, &(0x7f0000001340)={0x0, 0x0}}, 0x10) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000001400)=r1, 0x4) 10:55:16 executing program 5: socket$inet6(0xa, 0x1000000000002, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000ffff01000000fff3856e5e010000000000000000008000000043476a4768", 0x22, 0x1c0}]) 10:55:16 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2, 0xf0ffffff}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:55:16 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(tnepres)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)='\n\a', 0x2) 10:55:16 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f0000000080), &(0x7f00000000c0), 0x0) 10:55:16 executing program 1: syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ex\n2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:16 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(&(0x7f0000000000)='2::]:e:\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='ceph\x00', 0x0, &(0x7f00000000c0)) 10:55:16 executing program 6: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/cuse\x00', 0x301, 0x0) ioctl$SG_GET_TIMEOUT(r0, 0x2202, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) ppoll(&(0x7f0000000140)=[{r1}, {r0, 0x100}, {r1, 0x80}, {r0, 0x1}, {r1, 0x1008}, {r1, 0x20}], 0x6, &(0x7f0000000240)={r2, r3+10000000}, &(0x7f0000000280), 0x8) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r4, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r4}}, 0x10) 10:55:16 executing program 4: r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1ff, 0x480c0) perf_event_open(&(0x7f0000002900)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x2, &(0x7f0000ed4000)=0x7b, 0x4) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000080)={0x0}, &(0x7f00000000c0)=0xc) fcntl$setownex(r0, 0xf, &(0x7f0000000100)={0x1, r2}) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x7a) geteuid() sendto$inet(r1, &(0x7f0000617fc9), 0xfe41, 0x10000002000091b, &(0x7f0000deaff0)={0x2, 0x4e23, @loopback=0x7f000001, [0x22b]}, 0x10) 10:55:16 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2, 0xf0ffff}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) [ 132.922434] Dev loop5: unable to read RDB block 1 [ 132.927392] loop5: AHDI p1 p3 [ 132.930652] loop5: partition table partially beyond EOD, truncated [ 132.945780] libceph: parse_ips bad ip '2::]:e' 10:55:16 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) r2 = creat(&(0x7f0000000100)='./file0\x00', 0x10) ioctl$SNDRV_CTL_IOCTL_PVERSION(r2, 0x80045500, &(0x7f0000000140)) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) 10:55:16 executing program 1: syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ex%2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:16 executing program 3: r0 = socket$inet(0x2, 0x3, 0x1) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x29, &(0x7f0000000000)={{{@in=@multicast2=0xe0000002, @in=@multicast1=0xe0000001}}, {{@in6}, 0x0, @in6=@loopback={0x0, 0x1}}}, 0xf) [ 132.984983] loop5: p1 start 4294149486 is beyond EOD, truncated 10:55:16 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)="799fb96cfe89d42f0000f600000000400b0000", 0xf0, 0x0) 10:55:16 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2, 0xffffff7f00000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:55:16 executing program 5: socket$inet6(0xa, 0x1000000000002, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000ffff01000000fff3856e5e010000000000000000008000000043476a4768", 0x22, 0x1c0}]) 10:55:16 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) prctl$void(0x3) getresuid(&(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) 10:55:16 executing program 1: syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext\n\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:16 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'sha1_mb\x00'}, 0x58) r1 = accept4(r0, 0x0, &(0x7f0000000180)=0x3d6, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) sendfile(r1, r2, &(0x7f00000002c0), 0x10000000000443) [ 133.171610] Dev loop5: unable to read RDB block 1 [ 133.176563] loop5: AHDI p1 p3 [ 133.179773] loop5: partition table partially beyond EOD, truncated [ 133.205647] EXT4-fs: 4 callbacks suppressed [ 133.205655] EXT4-fs (sda1): journaled quota format not specified 10:55:16 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r0) 10:55:16 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nullb0\x00', 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r0, 0x0) futex(&(0x7f0000000040), 0x1, 0x0, &(0x7f0000000140), &(0x7f0000000200), 0x0) 10:55:16 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/autofs\x00', 0x40000, 0x0) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0xffffffffffffff31, 0xfa00, {r1}}, 0x10) ioctl$SG_SET_KEEP_ORPHAN(r2, 0x2287, &(0x7f0000000140)=0x3) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{0xa, 0x4e24, 0x3290, @empty, 0x3}, {0xa, 0x4e22, 0x400, @loopback={0x0, 0x1}, 0x8}, r1, 0xcb9}}, 0x48) 10:55:16 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2, 0x100000000000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:55:16 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)={0x9, 0x3, 0x3, 0x400000bff}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r0, &(0x7f0000000040), &(0x7f0000000080)}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000001c0)={r0, &(0x7f0000000040)}, 0x10) [ 133.235547] loop5: p1 start 4294149486 is beyond EOD, truncated 10:55:17 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='bpf\x00', 0x0, &(0x7f0000000340)) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x9, 0x2, 0x40, 0x1f}, 0x2c) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000100)={&(0x7f0000000080)='./file0/file0\x00', r0}, 0x10) bpf$OBJ_GET_PROG(0x7, &(0x7f0000001500)={&(0x7f00000014c0)='./file0/file0\x00', 0x0, 0x8}, 0x10) 10:55:17 executing program 5: socket$inet6(0xa, 0x1000000000002, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000ffff01000000fff3856e5e010000000000000000008000000043476a4768", 0x22, 0x1c0}]) 10:55:17 executing program 1: syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='extD\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:17 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1}, 0x2c) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xb, 0x40, 0xa9, 0xa37, 0x1, 0x1}, 0x2c) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000000040)={r0, &(0x7f0000000340), &(0x7f0000001440)=""/4096}, 0x18) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000380)={r0, &(0x7f00000000c0)="01"}, 0x10) 10:55:17 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2, 0x3f000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:55:17 executing program 2: semget$private(0x0, 0x4, 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$mice(&(0x7f0000000300)='/dev/input/mice\x00', 0x0, 0x88200) fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000040)=0x6) socket$pptp(0x18, 0x1, 0x2) 10:55:17 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0xffffffffffffffa7) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$loop(&(0x7f00000004c0)='/dev/loop#\x00', 0x0, 0x1) r3 = memfd_create(&(0x7f00000001c0)="74166e750800007869fad000008c00", 0x0) ioctl$LOOP_CHANGE_FD(r2, 0x4c00, r3) dup3(r0, r0, 0x80000) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000100), &(0x7f0000000140)=0x4) 10:55:17 executing program 3: r0 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/uts\x00') ioctl$VT_RELDISP(r0, 0xb701) [ 133.397320] EXT4-fs (sda1): journaled quota format not specified [ 133.412404] Dev loop5: unable to read RDB block 1 [ 133.417330] loop5: AHDI p1 p3 [ 133.420554] loop5: partition table partially beyond EOD, truncated [ 133.429101] loop5: p1 start 4294149486 is beyond EOD, truncated 10:55:17 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000180)='/dev/input/event#\x00', 0x20000000000000, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f0000000000)) dup2(r1, r0) 10:55:17 executing program 1: syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:17 executing program 5: ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000ffff01000000fff3856e5e010000000000000000008000000043476a4768", 0x22, 0x1c0}]) 10:55:17 executing program 4: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) listen(r0, 0x1) r1 = socket$inet6(0xa, 0x80006, 0x0) connect$inet6(r1, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) sendmsg(r1, &(0x7f0000000140)={&(0x7f0000000080)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}}, 0x80, &(0x7f0000001680), 0x0, &(0x7f0000001700)}, 0x0) sendmsg$kcm(r1, &(0x7f00000015c0)={0x0, 0x0, &(0x7f0000000100), 0x219, &(0x7f0000000080)}, 0x0) r2 = accept4$inet6(r0, &(0x7f0000000000), &(0x7f0000000040)=0x1c, 0x0) dup2(r1, r2) 10:55:17 executing program 2: mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000004, 0x8031, 0xffffffffffffffff, 0x0) mremap(&(0x7f000015b000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f000030b000/0x2000)=nil) 10:55:17 executing program 3: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount(&(0x7f0000000080)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f00000000c0)='devpts\x00', 0x0, &(0x7f0000000100)="c2") 10:55:17 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2, 0x8501}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:55:17 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r1 = accept(0xffffffffffffffff, &(0x7f0000000640)=@pppol2tpv3in6={0x0, 0x0, {0x0, 0xffffffffffffffff}}, &(0x7f00000006c0)=0x83) getsockopt$inet6_mreq(0xffffffffffffff9c, 0x29, 0x1f, &(0x7f0000000240)={@ipv4={[], [], @multicast1}, 0x0}, &(0x7f0000000280)=0x14) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f00000002c0)={0x0, 0x0}, &(0x7f0000000300)=0xc) setsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000340)={{{@in=@dev={0xac, 0x14, 0x14, 0xb}, @in6, 0x4e21, 0x56, 0x4e23, 0xdd08, 0xa, 0x80, 0x0, 0xff, r3, r4}, {0x1, 0xde3, 0x3, 0x100, 0x40, 0x9, 0xf87, 0x101}, {0x4, 0x1, 0x9}, 0xeaa9, 0x6e6bbf, 0x1, 0x0, 0x2, 0x3}, {{@in6=@mcast2={0xff, 0x2, [], 0x1}, 0x4d4, 0x2b}, 0xa, @in6=@mcast2={0xff, 0x2, [], 0x1}, 0x0, 0x0, 0x3, 0x87, 0x9, 0x8000, 0x6}}, 0xe8) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) getsockopt$inet6_dccp_buf(r2, 0x21, 0x2, &(0x7f0000000440)=""/200, &(0x7f0000000540)=0xc8) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r5, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r5}}, 0x10) r6 = dup3(r2, r2, 0x80000) write$P9_RLOPEN(r6, &(0x7f0000000580)={0x18, 0xd, 0x1, {{0x30, 0x9, 0x5}, 0x7}}, 0x18) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r6, 0x40505330, &(0x7f00000005c0)={{0xd0c, 0x2}, {0x1000000000000000, 0xff}, 0x43, 0x2, 0x4a000000000000}) [ 133.588862] EXT4-fs (sda1): journaled quota format not specified [ 133.615324] Dev loop5: unable to read RDB block 1 [ 133.620272] loop5: AHDI p1 p3 [ 133.623491] loop5: partition table partially beyond EOD, truncated [ 133.637240] dccp_close: ABORT with 665 bytes unread [ 133.640552] devpts: called with bogus options 10:55:17 executing program 0: r0 = socket(0xa, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f00000000c0)=@nat={'nat\x00', 0x19, 0x2, 0x250, [0x20000280, 0x0, 0x0, 0x200002b0, 0x200002e0], 0x0, &(0x7f0000000000), &(0x7f0000000280)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x3, 0x0, 0x0, 'vcan0\x00', 'bridge0\x00', 'sit0\x00', 'team0\x00', @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [], 0xe0, 0xe0, 0x118, [@cpu={'cpu\x00', 0x8}, @statistic={'statistic\x00', 0x18}]}}, @snat={'snat\x00', 0x10, {{@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, 0xffffffffffffffff}}}}, {{{0x1b, 0x0, 0x0, 'team_slave_1\x00', 'irlan0\x00', 'irlan0\x00', 'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2}, [], @random="f646793b7b39", [], 0x70, 0x70, 0xa8}}, @snat={'snat\x00', 0x10, {{@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, 0xffffffffffffffff}}}}]}]}, 0x2c8) 10:55:17 executing program 1: syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:17 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) ioctl$int_in(r0, 0x5473, &(0x7f0000000100)=0x2) 10:55:17 executing program 4: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f00000001c0)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) ptrace(0x4207, r1) ptrace$peek(0x1, r1, &(0x7f0000000000)) [ 133.686411] loop5: p1 start 4294149486 is beyond EOD, truncated 10:55:17 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2, 0x185}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:55:17 executing program 5: ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000ffff01000000fff3856e5e010000000000000000008000000043476a4768", 0x22, 0x1c0}]) 10:55:17 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={&(0x7f0000000080)={0x10}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)=@mpls_getroute={0x28, 0x1a, 0x801, 0x0, 0x0, {0x1c}, [@RTA_DST={0xc, 0x1, [{}, {}]}]}, 0x28}, 0x1}, 0x0) [ 133.772706] EXT4-fs (sda1): journaled quota format not specified 10:55:17 executing program 4: semop(0x0, &(0x7f00000000c0)=[{0x0, 0x9}], 0x2aaaaaaaaaaaaaf4) semop(0x0, &(0x7f0000000000)=[{}, {}], 0x66) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r1 = semget(0x2, 0x6, 0x1c0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000100)={{{@in=@rand_addr, @in6=@ipv4={[], [], @loopback}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f0000000200)=0xe8) getgroups(0x4, &(0x7f0000000240)=[0xee00, 0xffffffffffffffff, 0xee01, 0xee00]) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000280)={{{@in=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in=@dev}}, &(0x7f0000000380)=0xe8) stat(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) semctl$IPC_SET(r1, 0x0, 0x1, &(0x7f0000000480)={{0x3, r2, r3, r4, r5, 0x2, 0x80000001}, 0x7bb000000000, 0xff, 0x7}) semctl$IPC_RMID(r1, 0x0, 0x0) getsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000040), &(0x7f0000000080)=0x10) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000040)) r6 = semget(0x2, 0x2, 0x280) semctl$IPC_RMID(r6, 0x0, 0x0) 10:55:17 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000100)={0x7, 0x8, 0xfa00, {r1, 0x64}}, 0x10) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) pipe2(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) ioctl$BLKGETSIZE(r2, 0x1260, &(0x7f0000000180)) 10:55:17 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETAF(r1, 0x540f, &(0x7f00000000c0)) 10:55:17 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000002000)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4, 0x0, &(0x7f0000000000)=[@register_looper={0x630b}], 0x1, 0x0, &(0x7f0000000040)="f0"}) 10:55:17 executing program 1: syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)="65787432f6", &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) [ 133.827246] Dev loop5: unable to read RDB block 1 [ 133.828238] netlink: 'syz-executor3': attribute type 1 has an invalid length. [ 133.832154] loop5: AHDI p1 p3 [ 133.832163] loop5: partition table partially beyond EOD, truncated [ 133.846385] loop5: p1 start 4294149486 is beyond EOD, truncated [ 133.959353] EXT4-fs (sda1): journaled quota format not specified [ 134.021723] binder: 9400:9407 ERROR: BC_REGISTER_LOOPER called without request [ 134.049001] binder: BINDER_SET_CONTEXT_MGR already set [ 134.054445] binder: 9400:9419 ioctl 40046207 0 returned -16 [ 134.063316] binder: 9400:9419 ERROR: BC_REGISTER_LOOPER called without request [ 134.063644] binder_alloc: 9400: binder_alloc_buf, no vma [ 134.076226] binder: 9400:9407 transaction failed 29189/-3, size 0-0 line 2967 10:55:17 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000000)={&(0x7f000000c000)={0x10, 0x34000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x2c, 0x823, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, @fd}]}, 0x1c}, 0x1}, 0x0) 10:55:17 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2, 0xf0ffffffffffff}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:55:17 executing program 4: unshare(0x400) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/igmp6\x00') fstat(r0, &(0x7f0000000000)) 10:55:17 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_NEXT_CMD_LEN(r0, 0x2283, &(0x7f0000000000)=0x47) write$binfmt_elf64(r0, &(0x7f0000000300)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) 10:55:17 executing program 5: ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000ffff01000000fff3856e5e010000000000000000008000000043476a4768", 0x22, 0x1c0}]) 10:55:17 executing program 6: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x1, 0x0) setsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f0000000180)=0x100, 0x2) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r2, 0x0, 0x1, 0x4}}, 0x1d4) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000440)={0x0, 0xdd, "8907b466dc36413cc2441c2fe465ba80e9dbc83064cab488b9372445d6243c89e8415320554271148fe734e8dcb6fb8838cbec1b866fbc22b1c56df44beeb5da60dceaf14b4d282f72437dd6fd02aae98f3468c2345eaaa98a6e97c1e02781f774514fa8e338ab49afd27738476a2a554410012df21537cd47a8b39ee1b0fe966cdd1e5494e3ea51173a12a7cb3ec00ffb9f29faebcee671d329479e131caf8b88f3d10858c6c0221c2a8ea03d8149dc5749bbfddefc86cf98c5dd0c0030c918b71d1e334b7d3c99040eebe11e6037804cde486386eed0ef7d71dcf41c"}, &(0x7f0000000540)=0xe5) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000580)={r3, 0x0, 0x20}, &(0x7f00000005c0)=0xc) write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f0000000100)={0x13, 0x10, 0xfa00, {&(0x7f0000000240), r2, 0x3}}, 0x18) write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r2}}, 0x10) 10:55:17 executing program 1: syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:17 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2, 0x3f00}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) [ 134.181557] sg_write: data in/out 262108/13 bytes for SCSI command 0x0-- guessing data in; [ 134.181557] program syz-executor0 not setting count and/or reply_len properly [ 134.185374] netlink: 4 bytes leftover after parsing attributes in process `syz-executor2'. [ 134.200534] EXT4-fs (sda1): journaled quota format not specified [ 134.212488] binder: release 9400:9407 transaction 8 in, still active [ 134.219052] binder: send failed reply for transaction 8 to 9400:9407 10:55:17 executing program 1: syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:17 executing program 4: r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f0000000040)="1f0000000104ff00fd4354c007110000f305010008000100020423dcffdf00", 0x1f) [ 134.237500] Dev loop5: unable to read RDB block 1 [ 134.242449] loop5: AHDI p1 p3 [ 134.245667] loop5: partition table partially beyond EOD, truncated [ 134.253176] binder: undelivered TRANSACTION_ERROR: 29189 [ 134.266787] loop5: p1 start 4294149486 is beyond EOD, truncated [ 134.279752] binder: undelivered TRANSACTION_COMPLETE 10:55:17 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_NEXT_CMD_LEN(r0, 0x2283, &(0x7f0000000000)=0x47) write$binfmt_elf64(r0, &(0x7f0000000300)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) 10:55:17 executing program 3: r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setresgid(r2, r2, 0x0) setresuid(0x0, r1, 0x0) setresgid(0x0, 0x0, 0x0) [ 134.284951] binder: undelivered TRANSACTION_ERROR: 29189 10:55:17 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000140)=@filter={'filter\x00', 0xe, 0x5, 0x590, [0x0, 0x20000240, 0x20000310, 0x200005e0], 0x0, &(0x7f0000000100), &(0x7f0000000240)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x0, 0x0, 0xdada, 'bcsf0\x00', 'bond_slave_1\x00', 'veth0\x00', 'ip6tnl0\x00', @empty, [0xff, 0x0, 0xff, 0x0, 0xff, 0xff], @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [0x0, 0xff, 0xff, 0x0, 0x0, 0xff], 0x70, 0x70, 0xa0}}, @common=@AUDIT={'AUDIT\x00', 0x8}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff, 0x2, [{{{0x9, 0x20, 0x89ff, 'bcsf0\x00', 'team_slave_1\x00', '\x00', 'nr0\x00', @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xd}, [0xff, 0xff, 0xff, 0x0, 0x0, 0xff], @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [0xff, 0xff, 0xff, 0x0, 0xff, 0xff], 0xa8, 0xa8, 0xf0, [@cluster={'cluster\x00', 0x10, {{0x2, 0x3, 0x2314, 0x1}}}]}}, @common=@RATEEST={'RATEEST\x00', 0x20, {{'syz0\x00', 0xde, 0x5, 0x81}}}}, {{{0x3, 0x2, 0x0, 'veth0_to_team\x00', 'bpq0\x00', 'bond0\x00', 'teql0\x00', @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @empty, [0x0, 0xff, 0xff, 0x0, 0xff], 0xe8, 0x168, 0x1b0, [@ip6={'ip6\x00', 0x50, {{@ipv4={[], [0xff, 0xff]}, @loopback={0x0, 0x1}, [0xffffff00, 0xffffffff, 0xff0000ff], [0xffffffff, 0xff, 0xffffff00], 0x3, 0x3c, 0x8, 0x61, 0x4e21, 0x4e23, 0x4e21, 0x4e23}}}]}, [@common=@STANDARD={'\x00', 0x8, {0xffffffffffffffff}}, @common=@IDLETIMER={'IDLETIMER\x00', 0x28, {{0x8, 'syz1\x00', 0xffffffff}}}]}, @common=@ERROR={'ERROR\x00', 0x20, {"8013cd456e1d09fb8f6b9ab9fa0a3796f211f89a9479c72fdd26e690ed5b"}}}]}, {0x0, '\x00', 0x3, 0xffffffffffffffff, 0x2, [{{{0x11, 0x1, 0x88f8, 'gre0\x00', 'veth0_to_bond\x00', 'veth0_to_team\x00', 'ip6gre0\x00', @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x1d}, [0xff, 0xff, 0xff, 0xff, 0x0, 0xff], @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [0x0, 0xff, 0xff], 0xa0, 0xa0, 0xd0, [@pkttype={'pkttype\x00', 0x8, {{0x7}}}]}}, @common=@redirect={'redirect\x00', 0x8}}, {{{0x0, 0x0, 0x22eb, 'vlan0\x00', 'syz_tun\x00', 'bridge_slave_1\x00', 'ip6gre0\x00', @link_local={0x1, 0x80, 0xc2}, [0x0, 0xff, 0xff, 0x0, 0xff, 0xff], @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [0xff, 0x0, 0xff, 0x0, 0xff, 0xff], 0x70, 0x70, 0xc0}}, @common=@log={'log\x00', 0x28, {{0x59, "2b7c4b771eb585dc7bb085f0d0fa1315d42d6cf77c0441247581a1aa48bb", 0x8}}}}]}, {0x0, '\x00', 0x5}]}, 0x608) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) [ 134.309652] netlink: 4 bytes leftover after parsing attributes in process `syz-executor2'. [ 134.326703] EXT4-fs (sda1): journaled quota format not specified [ 134.331781] netlink: 3 bytes leftover after parsing attributes in process `syz-executor4'. 10:55:18 executing program 1: syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:18 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000000)={&(0x7f000000c000)={0x10, 0x34000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x2c, 0x823, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, @fd}]}, 0x1c}, 0x1}, 0x0) 10:55:18 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001880)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(poly1305-simd)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000480)="73a89a31bb11d78a72ff8aa90f40bd93d51a8a743ec9ee647ee324af539e23435c4f0c1cb4f6f31784ac8af0a98e6311800d2940cf45c15ea3d6874f993fad2437c31f794a50fb5590e17eb7595e11d5fd67ad51428397deae2d84cd9f74ef08b4ce79fb9af2286844bbf2b0587bc6e1cbf16316330446aee8e75be98ce311c78474640cd979a90addef1bcffa91adff05b320e2be198a5b8c9f1d2b648102d02d615920cf47d5e0dc8fa08288c97516ba6b8c172a42d27aff5575568722292cbb57016099827ab65b847fff02a83b1303b97a4858d79508300a5d7de45640909461541f09fdd5e109a2748e9fdb7dcfbbe290017d585a11326153227fa41cf94fd1cb6cdeba7cda2724d9c0f1f2b58f79bce927b3d9e50f93e691ccdda6f55c1e", 0x121) 10:55:18 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2, 0xf000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:55:18 executing program 5: r0 = socket$inet6(0xa, 0x0, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000ffff01000000fff3856e5e010000000000000000008000000043476a4768", 0x22, 0x1c0}]) 10:55:18 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f00005a5000)={&(0x7f000059fff4)={0x10}, 0xc, &(0x7f0000007000)={&(0x7f0000070000)={0x18, 0x1c, 0x109, 0x0, 0x0, {0x40000001}, [@nested={0x4, 0x2}]}, 0x18}, 0x1}, 0x0) [ 134.397798] sg_write: data in/out 262108/13 bytes for SCSI command 0x0-- guessing data in; [ 134.397798] program syz-executor0 not setting count and/or reply_len properly 10:55:18 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) r2 = creat(&(0x7f0000000100)='./file0\x00', 0x0) ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000140)={{0x5, 0x5, 0x2, 0x2, 0x7, 0x5447}, 0x3}) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0x10) ioctl$void(r0, 0xc0045c77) [ 134.466826] EXT4-fs (sda1): journaled quota format not specified [ 134.492270] netlink: 4 bytes leftover after parsing attributes in process `syz-executor2'. 10:55:18 executing program 4: openat$sequencer2(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/sequencer2\x00', 0x0, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x101, 0x1}) pselect6(0x40, &(0x7f0000000040)={0x3ffffd}, &(0x7f0000768000), &(0x7f0000086000), &(0x7f0000349000)={0x0, 0x989680}, &(0x7f0000f14000)={&(0x7f0000a65ff8), 0x8}) 10:55:18 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_NEXT_CMD_LEN(r0, 0x2283, &(0x7f0000000000)=0x47) write$binfmt_elf64(r0, &(0x7f0000000300)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) 10:55:18 executing program 1: syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:18 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2, 0xf00}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:55:18 executing program 3: mkdir(&(0x7f0000000200)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f000000c000)='ramfs\x00', 0x0, &(0x7f00000002c0)) symlink(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0/file0\x00') syz_mount_image$f2fs(&(0x7f0000000a40)='f2fs\x00', &(0x7f0000000ac0)='./file0/file0\x00', 0x0, 0x0, &(0x7f0000000c00), 0x0, &(0x7f0000000c80)=ANY=[]) 10:55:18 executing program 2: r0 = perf_event_open(&(0x7f00004e7000)={0x2, 0x78, 0xdf}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) 10:55:18 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x401, 0xe6) ioctl$TCGETS(r1, 0x5401, &(0x7f0000000140)) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r2, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r2}}, 0x10) [ 134.576945] Dev loop5: unable to read RDB block 1 [ 134.581870] loop5: AHDI p1 p3 [ 134.585105] loop5: partition table partially beyond EOD, truncated [ 134.622350] sg_write: data in/out 262108/13 bytes for SCSI command 0x0-- guessing data in; [ 134.622350] program syz-executor0 not setting count and/or reply_len properly [ 134.659773] EXT4-fs (sda1): journaled quota format not specified 10:55:18 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2, 0x34000}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) 10:55:18 executing program 6: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) fcntl$addseals(r0, 0x409, 0x8) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x16, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0xfffffffffffffffe}}, 0x20) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt(r2, 0x1, 0x7, &(0x7f0000000240)="ccdc2e87b96208e4c9ec1343fcea5e45a86acab16bb645f53189247d5594ecbee72731936d2ba0010ffaff933ec7cbc377385f4af02bad03f12558a7336618477caa24ac9b0ff433d1fc9774eec082706448e09cef0459b45645e004affedc6238fa5da9528acb107c2a82319ed98fb5815bedb479b7b375ad5f592ffcf29e10f6ac5dbc8734ebbf0404d7ec2744520aff64a63cbab708b1", 0x98) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000200)={0xe, 0x11, 0xfa00, @id_resuseaddr={&(0x7f00000001c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x1af) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r1}}, 0xe) [ 134.688752] loop5: p1 start 4294149486 is beyond EOD, truncated 10:55:18 executing program 5: r0 = socket$inet6(0xa, 0x0, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="04000000ffff01000000fff3856e5e010000000000000000008000000043476a4768", 0x22, 0x1c0}]) 10:55:18 executing program 2: r0 = perf_event_open(&(0x7f00004e7000)={0x2, 0x78, 0xdf}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) 10:55:18 executing program 1: syz_fuseblk_mount(&(0x7f0000001a80)='./file0\x00', &(0x7f0000001ac0)='./file0\x00', 0x0, 0xffffffffffffffff, 0xee01, 0x0, 0x0, 0x1000) syz_mount_image$ext4(&(0x7f0000000100)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000480), 0x20, &(0x7f0000000080)={[{@usrjquota='usrjquota=', 0xa}]}) 10:55:18 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000100)='memory.high\x00', 0x2, 0x0) io_setup(0x3ff, &(0x7f0000000380)=0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) io_submit(r2, 0x1c2, &(0x7f0000000380)) dup3(r0, r4, 0x0) sendfile(r1, r1, &(0x7f0000000040), 0x1) 10:55:18 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_NEXT_CMD_LEN(r0, 0x2283, &(0x7f0000000000)=0x47) write$binfmt_elf64(r0, &(0x7f0000000300)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x78) 10:55:18 executing program 3: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x0, 0x0) ioctl$EVIOCGLED(r0, 0x80404519, &(0x7f0000000100)=""/52) ioctl$sock_SIOCSPGRP(r0, 0x406855c9, &(0x7f0000000140)) 10:55:18 executing program 2: r0 = perf_event_open(&(0x7f00004e7000)={0x2, 0x78, 0xdf}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) 10:55:18 executing program 7: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000100)={0x10, 0x2, 0x40030000000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)=@ipv6_delroute={0x1c, 0x19, 0xc01, 0x0, 0x0, {0xa}}, 0x1c}, 0x1}, 0x0) [ 134.849259] ================================================================== [ 134.856666] BUG: KASAN: slab-out-of-bounds in find_first_bit+0xf7/0x100 [ 134.863419] Read of size 8 at addr ffff8801cdb1cf50 by task syz-executor4/9566 [ 134.870769] [ 134.872401] CPU: 0 PID: 9566 Comm: syz-executor4 Not tainted 4.18.0-rc4-next-20180710+ #3 [ 134.880708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 134.889388] EXT4-fs (sda1): journaled quota format not specified [ 134.890048] Call Trace: 10:55:18 executing program 3: perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000600), 0x0, &(0x7f00000001c0)) [ 134.890069] dump_stack+0x1c9/0x2b4 [ 134.890086] ? dump_stack_print_info.cold.2+0x52/0x52 [ 134.890098] ? printk+0xa7/0xcf [ 134.890115] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 134.915608] ? find_first_bit+0xf7/0x100 [ 134.919672] print_address_description+0x6c/0x20b [ 134.924514] ? find_first_bit+0xf7/0x100 [ 134.928578] kasan_report.cold.7+0x242/0x30d [ 134.932989] __asan_report_load8_noabort+0x14/0x20 [ 134.937917] find_first_bit+0xf7/0x100 [ 134.941807] shrink_slab+0x5d0/0xdb0 [ 134.945526] ? shrink_node_memcg+0xc91/0x18f0 [ 134.950030] ? unregister_memcg_shrinker.isra.39+0x50/0x50 [ 134.955664] ? shrink_active_list+0x1830/0x1830 [ 134.960360] shrink_node+0x429/0x16a0 [ 134.964180] ? shrink_node_memcg+0x18f0/0x18f0 [ 134.968768] ? kvm_clock_read+0x25/0x30 [ 134.972749] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 134.977762] ? ktime_get_raw_ts64+0x4f0/0x4f0 [ 134.982256] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 134.987285] do_try_to_free_pages+0x3e7/0x1290 [ 134.991864] ? shrink_node+0x16a0/0x16a0 [ 134.995904] ? lock_release+0xa30/0xa30 [ 134.999862] ? check_same_owner+0x340/0x340 [ 135.004252] ? lock_downgrade+0x8f0/0x8f0 [ 135.008382] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 135.013906] ? _parse_integer+0x13b/0x190 [ 135.018043] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 135.023562] try_to_free_mem_cgroup_pages+0x49d/0xc90 [ 135.028734] ? pointer_string+0x1b0/0x1b0 [ 135.032871] ? __mutex_lock+0x6c4/0x1680 [ 135.036919] ? try_to_free_pages+0xb80/0xb80 [ 135.041310] ? memparse+0x171/0x1d0 [ 135.044929] ? get_options+0x380/0x380 [ 135.048798] ? kasan_kmalloc+0xc4/0xe0 [ 135.052663] ? __kmalloc+0x14e/0x760 [ 135.056357] ? kernfs_fop_write+0x33d/0x480 [ 135.060655] ? __vfs_write+0x117/0x9d0 [ 135.064519] ? __kernel_write+0x10c/0x370 [ 135.068650] ? write_pipe_buf+0x181/0x240 [ 135.072789] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 135.078305] ? page_counter_memparse+0xb5/0x1e0 [ 135.082956] ? page_counter_set_low+0x180/0x180 [ 135.087608] ? cgroup_control+0x180/0x180 [ 135.091740] memory_high_write+0x283/0x310 [ 135.095957] ? mem_cgroup_css_released+0x140/0x140 [ 135.100873] ? lock_downgrade+0x8f0/0x8f0 [ 135.105013] ? lock_release+0xa30/0xa30 [ 135.108980] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 135.114152] cgroup_file_write+0x31f/0x840 [ 135.118374] ? mem_cgroup_css_released+0x140/0x140 [ 135.123291] ? cgroup_migrate_add_task+0xcd0/0xcd0 [ 135.128208] ? __kmalloc+0x315/0x760 [ 135.131913] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 135.137434] ? cgroup_migrate_add_task+0xcd0/0xcd0 [ 135.142352] kernfs_fop_write+0x2ba/0x480 [ 135.146490] __vfs_write+0x117/0x9d0 [ 135.150185] ? kernfs_fop_open+0x1020/0x1020 [ 135.154573] ? kernel_read+0x120/0x120 [ 135.158439] ? default_file_splice_read+0x864/0xb10 [ 135.163433] ? splice_direct_to_actor+0x6fc/0x8f0 [ 135.168255] ? do_splice_direct+0x2d4/0x420 [ 135.172553] ? do_sendfile+0x62a/0xe20 [ 135.176418] ? __x64_sys_sendfile64+0x15d/0x250 [ 135.181067] ? iter_file_splice_write+0x1010/0x1010 [ 135.186065] ? check_same_owner+0x340/0x340 [ 135.190374] ? rcu_note_context_switch+0x730/0x730 [ 135.195291] __kernel_write+0x10c/0x370 [ 135.199250] write_pipe_buf+0x181/0x240 [ 135.203211] ? do_splice_direct+0x420/0x420 [ 135.207512] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 135.213035] ? splice_from_pipe_next.part.9+0x296/0x340 [ 135.218378] ? __ia32_sys_membarrier+0x150/0x150 [ 135.223124] __splice_from_pipe+0x38e/0x7c0 [ 135.227441] ? do_splice_direct+0x420/0x420 [ 135.231759] splice_from_pipe+0x1ea/0x340 [ 135.235896] ? do_splice_direct+0x420/0x420 [ 135.240197] ? splice_shrink_spd+0xd0/0xd0 [ 135.244415] ? security_file_permission+0x1c2/0x230 [ 135.249421] default_file_splice_write+0x3c/0x90 [ 135.254160] ? generic_splice_sendpage+0x50/0x50 [ 135.258903] direct_splice_actor+0x128/0x190 [ 135.263296] splice_direct_to_actor+0x318/0x8f0 [ 135.267947] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 135.273462] ? pipe_to_sendpage+0x400/0x400 [ 135.277765] ? do_splice_to+0x190/0x190 [ 135.281752] ? security_file_permission+0x1c2/0x230 [ 135.286776] ? rw_verify_area+0x118/0x360 [ 135.290905] do_splice_direct+0x2d4/0x420 [ 135.295040] ? splice_direct_to_actor+0x8f0/0x8f0 [ 135.299878] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 135.305402] ? __sb_start_write+0x17f/0x300 [ 135.309713] do_sendfile+0x62a/0xe20 [ 135.313412] ? do_compat_pwritev64+0x1c0/0x1c0 [ 135.317977] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 135.323582] ? _copy_from_user+0xdf/0x150 [ 135.327724] __x64_sys_sendfile64+0x15d/0x250 [ 135.332210] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 135.336785] ? ksys_ioctl+0x81/0xd0 [ 135.340416] do_syscall_64+0x1b9/0x820 [ 135.344294] ? finish_task_switch+0x1d3/0x870 [ 135.348770] ? syscall_return_slowpath+0x5e0/0x5e0 [ 135.353677] ? syscall_return_slowpath+0x31d/0x5e0 [ 135.358586] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 135.363594] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 135.368428] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 135.373596] RIP: 0033:0x455e29 [ 135.376762] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 135.395887] RSP: 002b:00007fcda6553c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 135.403574] RAX: ffffffffffffffda RBX: 00007fcda65546d4 RCX: 0000000000455e29 [ 135.410824] RDX: 0000000020000040 RSI: 0000000000000014 RDI: 0000000000000014 [ 135.418081] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 135.425338] R10: 0000000000000001 R11: 0000000000000246 R12: 00000000ffffffff [ 135.432604] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000000 [ 135.439863] [ 135.441468] Allocated by task 8882: [ 135.445101] save_stack+0x43/0xd0 [ 135.448535] kasan_kmalloc+0xc4/0xe0 [ 135.452225] __kmalloc_node+0x47/0x70 [ 135.456008] kvmalloc_node+0x65/0xf0 [ 135.459710] memcg_expand_shrinker_maps+0x1b1/0x3c0 [ 135.464711] prealloc_shrinker+0x29e/0x450 [ 135.468926] alloc_super+0x8dd/0xb10 [ 135.472619] sget_userns+0x276/0x860 [ 135.476328] sget+0x10b/0x150 [ 135.479412] mount_nodev+0x38/0x120 [ 135.483029] fuse_mount+0x34/0x40 [ 135.486474] legacy_get_tree+0x118/0x440 [ 135.490520] vfs_get_tree+0x1cb/0x5c0 [ 135.494298] do_mount+0x6c1/0x1fb0 [ 135.497820] ksys_mount+0x12d/0x140 [ 135.501433] __x64_sys_mount+0xbe/0x150 [ 135.505393] do_syscall_64+0x1b9/0x820 [ 135.509269] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 135.514446] [ 135.516054] Freed by task 4489: [ 135.519316] save_stack+0x43/0xd0 [ 135.522750] __kasan_slab_free+0x11a/0x170 [ 135.526966] kasan_slab_free+0xe/0x10 [ 135.530742] kfree+0xd9/0x260 [ 135.533832] kvfree+0x61/0x70 [ 135.536936] __vunmap+0x326/0x460 [ 135.540371] vfree+0x68/0x100 [ 135.543465] do_ipt_get_ctl+0xa1f/0xc00 [ 135.547423] nf_getsockopt+0x80/0xe0 [ 135.551119] ip_getsockopt+0x1fb/0x2b0 [ 135.554987] tcp_getsockopt+0x93/0xe0 [ 135.558773] sock_common_getsockopt+0x9a/0xe0 [ 135.563246] __sys_getsockopt+0x1ad/0x390 [ 135.567370] __x64_sys_getsockopt+0xbe/0x150 [ 135.571764] do_syscall_64+0x1b9/0x820 [ 135.575630] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 135.580791] [ 135.582399] The buggy address belongs to the object at ffff8801cdb1cf40 [ 135.582399] which belongs to the cache kmalloc-32 of size 32 [ 135.594859] The buggy address is located 16 bytes inside of [ 135.594859] 32-byte region [ffff8801cdb1cf40, ffff8801cdb1cf60) [ 135.606532] The buggy address belongs to the page: [ 135.611442] page:ffffea000736c700 count:1 mapcount:0 mapping:ffff8801da8001c0 index:0xffff8801cdb1cfc1 [ 135.620864] flags: 0x2fffc0000000100(slab) [ 135.625080] raw: 02fffc0000000100 ffffea0007388908 ffffea000734c0c8 ffff8801da8001c0 [ 135.632944] raw: ffff8801cdb1cfc1 ffff8801cdb1c000 000000010000003f 0000000000000000 [ 135.640805] page dumped because: kasan: bad access detected [ 135.646487] [ 135.648088] Memory state around the buggy address: [ 135.652999] ffff8801cdb1ce00: 00 01 fc fc fc fc fc fc 00 01 fc fc fc fc fc fc [ 135.660340] ffff8801cdb1ce80: fb fb fb fb fc fc fc fc 06 fc fc fc fc fc fc fc [ 135.667684] >ffff8801cdb1cf00: 00 01 fc fc fc fc fc fc 00 00 06 fc fc fc fc fc [ 135.671811] sg_write: data in/out 262108/13 bytes for SCSI command 0x0-- guessing data in; [ 135.671811] program syz-executor0 not setting count and/or reply_len properly [ 135.675025] ^ [ 135.675036] ffff8801cdb1cf80: 06 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 135.675046] ffff8801cdb1d000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 135.675051] ================================================================== [ 135.675212] Kernel panic - not syncing: panic_on_warn set ... [ 135.675212] [ 135.726119] CPU: 0 PID: 9566 Comm: syz-executor4 Tainted: G B 4.18.0-rc4-next-20180710+ #3 [ 135.735801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 135.745134] Call Trace: [ 135.747706] dump_stack+0x1c9/0x2b4 [ 135.751315] ? dump_stack_print_info.cold.2+0x52/0x52 [ 135.756486] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 135.761225] panic+0x238/0x4e7 [ 135.764401] ? add_taint.cold.5+0x16/0x16 [ 135.768532] ? do_raw_spin_unlock+0xa7/0x2f0 [ 135.772921] ? do_raw_spin_unlock+0xa7/0x2f0 [ 135.777313] ? find_first_bit+0xf7/0x100 [ 135.781353] kasan_end_report+0x47/0x4f [ 135.785307] kasan_report.cold.7+0x76/0x30d [ 135.789609] __asan_report_load8_noabort+0x14/0x20 [ 135.794518] find_first_bit+0xf7/0x100 [ 135.798388] shrink_slab+0x5d0/0xdb0 [ 135.802083] ? shrink_node_memcg+0xc91/0x18f0 [ 135.806563] ? unregister_memcg_shrinker.isra.39+0x50/0x50 [ 135.812167] ? shrink_active_list+0x1830/0x1830 [ 135.816830] shrink_node+0x429/0x16a0 [ 135.820620] ? shrink_node_memcg+0x18f0/0x18f0 [ 135.825184] ? kvm_clock_read+0x25/0x30 [ 135.829140] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 135.834141] ? ktime_get_raw_ts64+0x4f0/0x4f0 [ 135.838622] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 135.843623] do_try_to_free_pages+0x3e7/0x1290 [ 135.848189] ? shrink_node+0x16a0/0x16a0 [ 135.852245] ? lock_release+0xa30/0xa30 [ 135.856198] ? check_same_owner+0x340/0x340 [ 135.860498] ? lock_downgrade+0x8f0/0x8f0 [ 135.864629] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 135.870145] ? _parse_integer+0x13b/0x190 [ 135.874292] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 135.879818] try_to_free_mem_cgroup_pages+0x49d/0xc90 [ 135.884988] ? pointer_string+0x1b0/0x1b0 [ 135.889116] ? __mutex_lock+0x6c4/0x1680 [ 135.893158] ? try_to_free_pages+0xb80/0xb80 [ 135.897550] ? memparse+0x171/0x1d0 [ 135.901159] ? get_options+0x380/0x380 [ 135.905028] ? kasan_kmalloc+0xc4/0xe0 [ 135.908903] ? __kmalloc+0x14e/0x760 [ 135.912598] ? kernfs_fop_write+0x33d/0x480 [ 135.916902] ? __vfs_write+0x117/0x9d0 [ 135.920767] ? __kernel_write+0x10c/0x370 [ 135.924897] ? write_pipe_buf+0x181/0x240 [ 135.929034] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 135.934554] ? page_counter_memparse+0xb5/0x1e0 [ 135.939207] ? page_counter_set_low+0x180/0x180 [ 135.943854] ? cgroup_control+0x180/0x180 [ 135.947997] memory_high_write+0x283/0x310 [ 135.952229] ? mem_cgroup_css_released+0x140/0x140 [ 135.957158] ? lock_downgrade+0x8f0/0x8f0 [ 135.961290] ? lock_release+0xa30/0xa30 [ 135.965257] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 135.970435] cgroup_file_write+0x31f/0x840 [ 135.974654] ? mem_cgroup_css_released+0x140/0x140 [ 135.979562] ? cgroup_migrate_add_task+0xcd0/0xcd0 [ 135.984473] ? __kmalloc+0x315/0x760 [ 135.988170] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 135.993700] ? cgroup_migrate_add_task+0xcd0/0xcd0 [ 135.998612] kernfs_fop_write+0x2ba/0x480 [ 136.002744] __vfs_write+0x117/0x9d0 [ 136.006442] ? kernfs_fop_open+0x1020/0x1020 [ 136.010830] ? kernel_read+0x120/0x120 [ 136.014708] ? default_file_splice_read+0x864/0xb10 [ 136.019706] ? splice_direct_to_actor+0x6fc/0x8f0 [ 136.024530] ? do_splice_direct+0x2d4/0x420 [ 136.028830] ? do_sendfile+0x62a/0xe20 [ 136.032698] ? __x64_sys_sendfile64+0x15d/0x250 [ 136.037364] ? iter_file_splice_write+0x1010/0x1010 [ 136.042361] ? check_same_owner+0x340/0x340 [ 136.046668] ? rcu_note_context_switch+0x730/0x730 [ 136.051582] __kernel_write+0x10c/0x370 [ 136.055540] write_pipe_buf+0x181/0x240 [ 136.059498] ? do_splice_direct+0x420/0x420 [ 136.063812] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 136.069331] ? splice_from_pipe_next.part.9+0x296/0x340 [ 136.074676] ? __ia32_sys_membarrier+0x150/0x150 [ 136.079427] __splice_from_pipe+0x38e/0x7c0 [ 136.083732] ? do_splice_direct+0x420/0x420 [ 136.088046] splice_from_pipe+0x1ea/0x340 [ 136.092177] ? do_splice_direct+0x420/0x420 [ 136.097089] ? splice_shrink_spd+0xd0/0xd0 [ 136.101312] ? security_file_permission+0x1c2/0x230 [ 136.106310] default_file_splice_write+0x3c/0x90 [ 136.111050] ? generic_splice_sendpage+0x50/0x50 [ 136.115788] direct_splice_actor+0x128/0x190 [ 136.120180] splice_direct_to_actor+0x318/0x8f0 [ 136.124832] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 136.130353] ? pipe_to_sendpage+0x400/0x400 [ 136.134660] ? do_splice_to+0x190/0x190 [ 136.138617] ? security_file_permission+0x1c2/0x230 [ 136.143616] ? rw_verify_area+0x118/0x360 [ 136.147748] do_splice_direct+0x2d4/0x420 [ 136.151883] ? splice_direct_to_actor+0x8f0/0x8f0 [ 136.156710] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 136.162230] ? __sb_start_write+0x17f/0x300 [ 136.166537] do_sendfile+0x62a/0xe20 [ 136.170237] ? do_compat_pwritev64+0x1c0/0x1c0 [ 136.174811] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 136.180329] ? _copy_from_user+0xdf/0x150 [ 136.184461] __x64_sys_sendfile64+0x15d/0x250 [ 136.188937] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 136.193497] ? ksys_ioctl+0x81/0xd0 [ 136.197109] do_syscall_64+0x1b9/0x820 [ 136.200978] ? finish_task_switch+0x1d3/0x870 [ 136.205456] ? syscall_return_slowpath+0x5e0/0x5e0 [ 136.210370] ? syscall_return_slowpath+0x31d/0x5e0 [ 136.215278] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 136.220279] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 136.225105] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 136.230271] RIP: 0033:0x455e29 [ 136.233438] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 136.252603] RSP: 002b:00007fcda6553c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 136.260302] RAX: ffffffffffffffda RBX: 00007fcda65546d4 RCX: 0000000000455e29 [ 136.267551] RDX: 0000000020000040 RSI: 0000000000000014 RDI: 0000000000000014 [ 136.274798] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 136.282047] R10: 0000000000000001 R11: 0000000000000246 R12: 00000000ffffffff [ 136.289294] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000000 [ 136.297003] Dumping ftrace buffer: [ 136.300533] (ftrace buffer empty) [ 136.304219] Kernel Offset: disabled [ 136.307831] Rebooting in 86400 seconds..