, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0xf]}]}) 2018/05/04 10:55:34 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) io_destroy(r0) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x20002, 0x0) ioctl$SNDRV_TIMER_IOCTL_INFO(r1, 0x80e85411, &(0x7f00000000c0)=""/12) ioctl$VHOST_GET_VRING_BASE(r1, 0xc008af12, &(0x7f0000000080)) timerfd_gettime(r1, &(0x7f0000000040)) 2018/05/04 10:55:34 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:34 executing program 4: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = epoll_create1(0x0) epoll_wait(r3, &(0x7f0000000040)=[{}], 0x1, 0x8000) ioctl$KVM_GET_IRQCHIP(r0, 0xc208ae62, &(0x7f00000000c0)=@ioapic) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000cd8ff4)) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000007000)) epoll_wait(r3, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r1, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) [ 726.310368] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 726.325725] binder: 6008:6011 transaction failed 29189/-22, size 0-0 line 2856 [ 726.335408] binder: 6009:6012 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:55:34 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1002000000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:34 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046207, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:34 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x700000000000000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 726.358007] binder: 6008:6011 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:55:34 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40010000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0xc0045877, 0x0) 2018/05/04 10:55:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40049409, 0x0) [ 726.424545] binder: undelivered TRANSACTION_ERROR: 29189 [ 726.430358] binder: undelivered TRANSACTION_ERROR: 29189 [ 726.450635] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:55:34 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xffffff7f00000000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:34 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000f2f], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 726.468815] binder: 6026:6027 transaction failed 29189/-22, size 0-0 line 2856 [ 726.486535] binder: 6026:6027 transaction failed 29189/-22, size 0-0 line 2856 [ 726.494779] binder: 6025:6028 transaction failed 29189/-22, size 0-0 line 2856 [ 726.546656] binder: undelivered TRANSACTION_ERROR: 29189 [ 726.552685] binder: undelivered TRANSACTION_ERROR: 29189 [ 726.560324] binder: undelivered TRANSACTION_ERROR: 29189 [ 727.121369] Unknown ioctl -2132257775 [ 727.125485] Unknown ioctl -1073172718 [ 727.131079] Unknown ioctl -2132257775 [ 727.136405] Unknown ioctl -1073172718 2018/05/04 10:55:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x4004623c, 0x0) 2018/05/04 10:55:35 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x20000007, &(0x7f00000000c0)) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sloppy_sctp\x00', 0x2, 0x0) getsockopt$bt_BT_POWER(r0, 0x112, 0x9, &(0x7f0000000040)=0x7f, &(0x7f0000000080)=0x1) 2018/05/04 10:55:35 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x7000000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:35 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd1e1ff7f], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:35 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x10000, 0x0) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r4 = openat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x20d00, 0x84) socket$packet(0x11, 0x2, 0x300) io_submit(r0, 0x2, &(0x7f0000000300)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x8, 0x58a, r1, &(0x7f0000000040)="3603dc37b69488e57582538410a4c375d37f4e91fc2d62e63b10ecc939aba967b7f3287b83fd6e728ff50d5ad289928922854d8275c2e4e71cf68165ada13df7f05d54f430601f4e5615271d4fe028eefba3f9934f8053e3f22071b54b347dc1acb95ad99f21a5bfb5e77aad6d1fdcc749b7cf59e5775816e0b360b69644ca8b9bddb488d965bfbd4648f53f0ec6db2578044f2bb4ff013770683ebb99849b47e7b8675469b361f2e41e1d97d8d34c", 0xaf, 0x80000001, 0x0, 0x1, r2}, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, r3, &(0x7f0000000180)="c92d2de399906623a2d075610dcee5c0449ecc8ac67a9d5f0e175d34c86b0c389845f9212e740219e9ff96e9e59b0997438cafbe398d72173ea5a4375392d09a812a2443b4d97c4fff57b940d3f593b3d6dae801535c81aa2f00f7116d7fe2eff3a00bb7c3e76a7ef2d937db50bca8d8cb4002072e8bf7dff046c811ec83e4a9d202857c72b9aacc7f8ce91ad661b3b8cdd9f7125b7b604b47c6969d3661412364c09a2f7fbaecabd259fd1cdee4bf615b797925538a1044f24f977f71be194dcbf17f8bf4d1d646ccbe7133b1743ce2e8567a78c6d50e2679ec1494bb26b807c2994126d12360a1af6af7e5397916cf6bdfcf", 0xf3, 0x4, 0x0, 0x0, r4}]) io_getevents(r0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) io_destroy(r0) 2018/05/04 10:55:35 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:35 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0xf00]}]}) 2018/05/04 10:55:35 executing program 4: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = epoll_create1(0x0) epoll_wait(r3, &(0x7f0000000040)=[{}], 0x1, 0x8000) ioctl$KVM_GET_IRQCHIP(r0, 0xc208ae62, &(0x7f00000000c0)=@ioapic) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000cd8ff4)) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000007000)) epoll_wait(r3, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r1, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:55:35 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001000000000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 727.435431] binder: 6051:6052 transaction failed 29189/-22, size 0-0 line 2856 [ 727.436954] nla_parse: 2 callbacks suppressed [ 727.436964] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 727.473211] binder: 6051:6052 ioctl 4004623c 0 returned -22 2018/05/04 10:55:35 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc020660b, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 727.495775] binder: 6051:6052 transaction failed 29189/-22, size 0-0 line 2856 [ 727.495928] binder: 6051:6062 ioctl 4004623c 0 returned -22 2018/05/04 10:55:35 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:35 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000348f88)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x100, 0x0) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000080)={0xa4}) remap_file_pages(&(0x7f00004ce000/0x4000)=nil, 0x4000, 0x0, 0x400, 0x0) 2018/05/04 10:55:35 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x3000000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x4004622f, 0x0) 2018/05/04 10:55:35 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x7a000000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 727.578793] binder: undelivered TRANSACTION_ERROR: 29189 [ 727.584748] binder: undelivered TRANSACTION_ERROR: 29189 [ 727.590299] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. 2018/05/04 10:55:35 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800e000000000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 727.630444] binder: 6074:6075 transaction failed 29189/-22, size 0-0 line 2856 [ 727.649471] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 727.660685] binder: 6074:6075 ioctl 4004622f 0 returned -22 [ 727.667866] binder: 6074:6075 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:55:35 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306202, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 727.668499] binder: 6074:6078 ioctl 4004622f 0 returned -22 2018/05/04 10:55:35 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xf0d}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:35 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd1e1ff7f], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 727.739496] binder: 6081:6083 ioctl c0306202 20000040 returned -22 [ 727.744010] binder: undelivered TRANSACTION_ERROR: 29189 [ 727.757883] binder: undelivered TRANSACTION_ERROR: 29189 [ 727.774217] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. 2018/05/04 10:55:36 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0xc0046209, 0x0) 2018/05/04 10:55:36 executing program 2: mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x7, 0x4000) ioctl$KDGKBLED(r0, 0x4b64, &(0x7f0000000140)) mount(&(0x7f00005b9ff8)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='sockfs\x00', 0x1000, 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f00000001c0)={0x6, &(0x7f0000000180)=[{0xff, 0x50, 0x7f, 0x4}, {0x4, 0x80000001, 0x6, 0x3ff}, {0x71, 0x2, 0x9, 0x6}, {0xfffffffffffff411, 0x9, 0x7fff, 0x4}, {0xd8, 0x80000001, 0x7be, 0x1}, {0x7, 0x5, 0x3ff, 0x5}]}, 0x10) umount2(&(0x7f0000000340)='../file0\x00', 0x2) syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:36 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:36 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x140], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:36 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x600000000000000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:36 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x1800]}]}) 2018/05/04 10:55:36 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) io_destroy(r0) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)='cgroup.subtree_control\x00', 0x2, 0x0) r1 = syz_open_dev$admmidi(&(0x7f00000000c0)='/dev/admmidi#\x00', 0x51d2, 0x80) io_submit(r0, 0x39f, &(0x7f0000000140)) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f0000000040)={'veth1_to_bridge\x00'}) 2018/05/04 10:55:36 executing program 4: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = epoll_create1(0x0) epoll_wait(r3, &(0x7f0000000040)=[{}], 0x1, 0x8000) ioctl$KVM_GET_IRQCHIP(r0, 0xc208ae62, &(0x7f00000000c0)=@ioapic) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000cd8ff4)) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000007000)) epoll_wait(r3, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r1, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:55:36 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000f2f], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 728.563204] binder: 6105:6107 transaction failed 29189/-22, size 0-0 line 2856 [ 728.572705] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 728.593633] binder: 6105:6107 ioctl c0046209 0 returned -22 2018/05/04 10:55:36 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x2, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:36 executing program 2: mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x7, 0x4000) ioctl$KDGKBLED(r0, 0x4b64, &(0x7f0000000140)) mount(&(0x7f00005b9ff8)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='sockfs\x00', 0x1000, 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f00000001c0)={0x6, &(0x7f0000000180)=[{0xff, 0x50, 0x7f, 0x4}, {0x4, 0x80000001, 0x6, 0x3ff}, {0x71, 0x2, 0x9, 0x6}, {0xfffffffffffff411, 0x9, 0x7fff, 0x4}, {0xd8, 0x80000001, 0x7be, 0x1}, {0x7, 0x5, 0x3ff, 0x5}]}, 0x10) umount2(&(0x7f0000000340)='../file0\x00', 0x2) syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:36 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xf000000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:36 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffff000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 728.630947] binder: 6105:6107 transaction failed 29189/-22, size 0-0 line 2856 [ 728.667894] binder: 6105:6115 ioctl c0046209 0 returned -22 2018/05/04 10:55:36 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f0f002000000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 728.702373] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. 2018/05/04 10:55:36 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0xc020660b, 0x0) [ 728.761390] binder: undelivered TRANSACTION_ERROR: 29189 [ 728.767758] binder: undelivered TRANSACTION_ERROR: 29189 [ 728.810997] binder: 6130:6131 transaction failed 29189/-22, size 0-0 line 2856 [ 728.818952] binder: 6130:6131 transaction failed 29189/-22, size 0-0 line 2856 [ 728.837248] binder: undelivered TRANSACTION_ERROR: 29189 [ 728.842980] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:55:37 executing program 2: mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x7, 0x4000) ioctl$KDGKBLED(r0, 0x4b64, &(0x7f0000000140)) mount(&(0x7f00005b9ff8)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='sockfs\x00', 0x1000, 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f00000001c0)={0x6, &(0x7f0000000180)=[{0xff, 0x50, 0x7f, 0x4}, {0x4, 0x80000001, 0x6, 0x3ff}, {0x71, 0x2, 0x9, 0x6}, {0xfffffffffffff411, 0x9, 0x7fff, 0x4}, {0xd8, 0x80000001, 0x7be, 0x1}, {0x7, 0x5, 0x3ff, 0x5}]}, 0x10) umount2(&(0x7f0000000340)='../file0\x00', 0x2) syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:37 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ff7f00000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:37 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x52, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:37 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:37 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000001080)=0x0) ptrace$setregset(0x4205, r1, 0x4, &(0x7f0000001040)={&(0x7f0000000040)="2f6b51f7b5fd901985a156b4923ed63e744dbc3c33b3a2ba61951015b9e1a9d77c24ae1d9704fffb303873f7bce493bbc83cbd07aaa753e87d143a2b4d3b6c8eb6f7d2d656a80431480ef7bd31abfa0b24f6830e787ff681f63fbfedd576dbfe09308ef1b4256a6b6af7983e5e21110bc905a67e8acfaf228a8c683761dd72a3f33c9003657370f0d0811d561b39af94557d80300b0d0fdd350a16b3908b8ade4753b52ee8a69cef9b53713a4a36e346bc802f5eb1ccc30b8d80276bc1a4a607e7802187c795c6b0461c5ca0a15a98627127abb72c5292308c38e0fbfb365fdc2f54a0e483ca88f3571e8d4a57bc5faf33ebbcf662d6d95c508cf8977eb962b3e2d6db31f8e3298f04516cd4131cce3717745da18f356f4f33d26c47341e33a714ba1a7aae666416f6447e678f31a87fe6a39e9b312cbf26b338fb0c39e3b6b71b6aeb28ff8fe1cdfe4c801afba0e2fd7aeeef891e7aee97c1217bbe8f1ff493c75ff2c748f526f20d70b1badf459e96f8c5d5add293beca0a157c6ae4318a9de1dee308297f943de2f45ab18f664fe4a02f82f3299bab463c45c2352b30c63ef14d604f6662475cd3f5b3a9f5fe2d97c968937a8b842ad2433be50884db6289df23aec945684a16db7ee8e4aef095c9afeb4fac131b5cb08a1088d717a73efea5fd8f817477b702c514a528d100026393068205ad7ed1288eb780c2da41f735ae91a5774cee816a901b43e57b9e3663e2916695a7eb816e2065f0bf3eeb9616f288d89e463bddfe5d2c47263457a3bbc86b54c92b400acad667a4286bc30449f4166ed73d2c3b28ba8a1c85ef32d9e1bff465b273aad5d2dd59e67695a8a71169cce5a586ae94733818d60dfd665d69e0839b257aeaaf87881e866a9c881c1bbba7e26cb1d28eef037e0c394f77ec53d99ee58eb07d6712511d20a7ecfbf505dc7206d89c2dccf4543403f3e0253bea34755bd9cf5de33e9c93e3881fd1fd37c7575a489ff6ef94cadc7a432a95e62c8f86a23999f58ad4a343b549c1209489063fefb41f830b2c31a767a410c73b947b252d9a8e8455ec0ddbc835b35bde49b748356aab496e6c7cfff1caf8be88b4b6def057430ffa0eebb787048a21a51ee304192d2b6d9bc88b7c05921ad64e083e9e4004f0d96c69363e28435d9433d2106850d794b33362e963b1fbe4ca733834b10dd0ad16888cb5b2229a3f51e5bcb89b255d959d3ad924492dfa9364e0be85c76d74dbf6fdc745a5600a2c310d7223fafe498bdf00a6cb0685159b450803be5942149871f84228fe8a451d052e07bdc5c7e51d924a665fd2371c47cef96ff4ccfc24528ac58d16d0f39313d5b80249263ca4cef54ff1af4d4dc2cebd67f6fd9c052cdb5ec1faa946475e74b532c80a738ecbb82d326dc9fdf444b0110535b989331850cbca4872f3dc92d4d6052de2dc7494fcd6e028e2c085bd34e1f2a8b24ac2c1eed61cb1a8610875a55b4867d764a736bf8e26d58cd49b36f51feb540932b02c49871d25d813531d3958d5f305cd1fb47ca8db317edb66f94360f7c6d9926dfd5666dcc11969268c3ddcff22c9da2859be2f8119a8f8989d3876b4c84d1e30cd48160b5a3f15086be5297bd2465d65b4b0b9f45bf38dcc9461cfedd6de78c42a8995a9d70e702ef1d9a08efc192c307f40d499b2cd44847978f6e7eefc22783b90f26527bf4648cdc4efe0623cd97282d3e7fdfda5ecddf0f9713e9986e54cb78e7e7dd80f35b7e94bebd9229de009b7fe6a4ec479b68096d660080c66f0013f481f40848beaa5e13fa517e1a8bf61d0461cbf1f7d76e7bcb70fc13aa23eb643f1e0157cbcc549a48e3119ba000c9262b8de6be68e22a4330a8c87d7ed799d402b4a62ca19411e5d568aa8f294f9e7cfaf55b44ecc40b864e475ed51183368ae38d195e90c46111a5522a9af0f0ffc1946c4d258c10a341e4bc590b600ba316c69b83d6dd12ffd22bfde9498cc674c5c3ae4de96d645a722423332b9718762568d1c232a991bd12a2895a2fd3e2e5058debdf7933ac06b13bb4dd8c3ad27fdde95c9604f65efdfc4cb5eb39f89227f0dd8cacc8971ed40dc31a4ad662aa94e4d78d0ae43a306f7092207e36294842fd7968f2448de954a532e53ee977cdff4a128f7ac76c303fc9d9c0568c6d22ed51ed193869f56c306edb038150bada4e3b45a0caad5ef7009fa9270120a61dfe2853941d2c4ca09881762f527165706386ec079d9152cd58018e83d54914a7c45566e5eb82cc70d86cf6e5cbf627bc811389b799d2742a9d38c3beaa2cf2e8dc7648519fa77aa910446fb48cb5bf9d2d1ebf062767bbaca7fd97a932d671ba8f0f1fa8f8eca416d65f242ab329dcb7c9495e4580ab7aa2a62e17b17263787903bdffe694ea2060015148a205c7b90ac2ba6beba7f11fc614ca9efbb6fa19dd680bc0d17e30948fd8d173a7f2600bdbaefc824e4240b9f79592605ac77f4c48f5dff076d2ba2d16f9a59d90fddc2da58aeb96d406632b90d8624f4bd5007c4ad5e3576c2a979ba487d749483f364e84a69661136ba46e59f90cadc909b51e52026b79b580950c2cd61036cd00998f0ad967103b619e2f982f3d3023b18c5f660bd37d80e3e52cbad6c5679f149bb814bbb8e75aee243166defc575863d6721dd9858545a991b9e29668b9cfc24450de4d0b9459a96b63df33692771402cb678c3489ca5b48049d5efd8966016b1ae1b9e91b3b5c59a70c60cabc7deb9dc796b34c44eb98a7d7f8628f475669693f6bef3f73b194525be9171a6b3734cf6c8b8dc6726a9113401b3080986e7f716f5ccf42ea754b84b438451f4df5ce17f2680a162aac037bfb50469c9c593866e87b26e6ea1c2a97c5bea29ac3ef7b0d1bf12ab18c7665d3a1f224204172cc80fe2fc18cf4ffd7120e69990c48d247227d8668584230dec02b33257bc26f8af6c5fb336d9f874a9cac56bad7830a50329d1d1f852d0028fff87844d62227f0d395a4ea02e52e85850156c84a085ce2b81be9576a8c21fc4e39061c5b9ffe8b91eb0b0592f364ff30888ba823f8fbae078524f06a0afb185e60c0c50b99889f2a59d1a0faf502a47175da1e77e6c6ba93b597260f577af38921b5923039183c4d198fa8ebe7be88c0e980cbefca31f93897cc3354c48dac0bfceded5d15b4028fc93f5c78b6d4e00ccd0a9a0afa2c9ce78c174cc03c790315c6219e3862f8286ce36ffc9ffa82b7bb2526b32818b3806fed79b606e5546acc9ec5d4b724e44cf79dc81cd07047f576d0023fce0ffde16e1ed4b07e9a0ce2e05a0cf7b146c8f948e03876307c2655e95fa58d4c816ee77eba555832740cb3ec6d1cf113b093e8120cf5ccd9f26e675ab805fe69cadf77f89742031f78a8d8ff404ad43dde8b4f47a06652bd7cc3db4233d896e737309adc760b32bc2e4b6e4ff355edab8fc80447f733bb616ec015fa57e2b4990dd5a16521ba8fd7d30440f63c224675f1d81075150152b485065c379f8fa458a5bf56a46ef628013f4257a45f12e6568bc6553e467c9dec995f236349f02380d52ab7cef75673e543121ce4aa2b082471fc97b6c8450067fc99d3ab2227ec5bb54d96f00296bc408a93298eb388b5fa7e811dc0daddb92ab779a6c5b6b5df3fef58b3b8822a8e8e3a025a36910183d73d8e6e51caee169af3e59096199f2b44a715e0ebb0ea4fa0dd80a1513aa64229a6b9d5cffae13b434f9fa479aa10b6b4032ca0040337a759505742094ddd2540db9660752759cef81e4fbae668da561d1025adcdcd09be94ee5a83077659545956c2265fd8aa79d24478e71ba6ad2c71b6dffba16417b8e96296c00d729cb9d6c0fea836090bbc74065889424d056d4ed1d3902b5f6c6cdfd68154963dbbea4356305142b073891b663f73df300736de5239cedb6236e6a7e8b2bd83230efbbd08755511a0985168e8e78392bfc9a3efeb2b8f4d4def5458e2ef22f560b4572573f29ab080ab81a3fe1354130f7f777f2c78bab48c0d317db76385a3b3a313f5f3f1e87df7dfa345631b0f27412c0c7d04d976fa6916af5313f7fb57b8b7d78d3dd081c35bad8a4a22953bc777edce5add2729c349b1e72197b96c423e7ec7da984f233dcc200717a145ce120c8dab353dbc057e4ad7d76804013014f3608b9de5096d8e05443a3bbb4444e2ad03a5d5c73d40e1b530ddeedff765543797c1dd049ef2089731f1aa57c9f17813710583b538f73f780d2b341dde57c98c22424cd9211a3191b22ae8a2b1c3886fd4a32273f10dc84ee330b766d58f67341db3c6a75681c50e1e975568fdac1566d7a70992a9da76cb2f6f246d28ddc0b5053e94c7fba1a44fa0a4d95f3f27c284050cfde5ca9609a6a8adc1e656b7b325f5d5034682b600312afacbdcdac6ce94d723e920aac0e0d36bc4e6588000b9534a507d799b903f406a7eabece7a31d7ea4138ddbd4c0835a17ed15de4c23ee502ce84ddcfae704a002db9f9a3e7f22f81ebeb7334c07a6685baf4219fb7c5f148f65e8c4ac0ecf6c6072ca4d949749b41ea533b2c6f41e7855e418bb5d957e88ef2c4b8f9d0d3bc3f0742c8d83710f65ee4cc409a5a3f53f3f8b410299d33f5539b2e01a16ae1f9846054a84d7c5c0a3e33f527287eee83a5047194325b93ae1c32df9e49a50e572c7b574304ef03515618e69a6a2f8e5ddc607faeb280b1fb11fae68083ae0e48187a4767df66a2bc522530f6858270111bb7f7a5bb3d5647e6f48632e370c477c2fc413005a35e7bb5cd4273c145d193718d1e37d9a5eeadc90942c5e75bb607824d4accddb12bf82f7393ba908e9dd2f95c2609b0fdc04d1d5ca867f7584402fdbbbec28325f336dc8ac14c596af7412d18093031fe233c50b14b1a81ccaff850ba1125d2823bd8c200c69c13aa777e61bb385c249eb4f018cace303348a50cb029f07adf6240d6c574a0972b86056ecab110ce6f9c6af8e2dc9e5142ce36f1647572c87d0ace0cc016ef09c1f94f8f76faf094bb4ecb8212f80255bdf15f42c748b025d8707673d8798f537257c051650b6956b95a328cdd63e930898aa9017ce715ec4dda01e90b6a364a0ff7a58f1adbcc154d4bff64d076f2d308389b9b33ca4212c1f3c44392191bc543cff5b2aade72ae890c16a056e237c7ebdda6c37cf6d39e02aafc5c2849a26d539eb868fe84941d5ab9cc8c4c08c01364aad387ed36e229fc2d16109ded3af51167e2be9dc9da243e0e6852943cbf2967b97e09e0d9d5d6ecaee760ae9f5345c69fc9d6a4af1f9935de27708dc9d86055279e7e165c7a06d65666af4141988b7c4b8e467b9177d53d1e5753954a426035abd0159c74aac4b661cbece4ce4fc321cd34bcbc58970270330c06f31ea329caaef0159693afd9ee3fea0d6c66333eb50fe8d49118d465ff306905769d2289345603ff68b7c4419dda50816199b4738ab8eeacfa21074f8971cf6574296be7a4f1e129ff6f74199199563da8c5ae1b41f6bc409fa55e746e6591d07671b7657a5217122e0211779d8c5d6cb94d7c91f77a3b7333fc95962ec4961e570eca261b61d6d0e335ec63740d661ea18d0f4595d4cbff4fd4ecad6752750d1524101e65e5efb5badf09efc78c8a1e2fd6b0806f395cef86ff01bf7ccb4ca069e1554a918c974c23ff7bfd5a51c656f4118468fee30a87ca4c562b04a6a383fbe9b99fd3b05e7c022a640b0b304533de66969bdb2cecfd3d95b4ecc2d99e1cae2fe8d19fc1b59576cd8e7994bc1bce07c9bac6c4322d61d", 0x1000}) io_destroy(r0) socket$inet_sctp(0x2, 0x5, 0x84) 2018/05/04 10:55:37 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x5421, 0x0) 2018/05/04 10:55:37 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0xf00]}]}) 2018/05/04 10:55:37 executing program 4: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = epoll_create1(0x0) epoll_wait(r3, &(0x7f0000000040)=[{}], 0x1, 0x8000) ioctl$KVM_GET_IRQCHIP(r0, 0xc208ae62, &(0x7f00000000c0)=@ioapic) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000cd8ff4)) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000007000)) epoll_wait(r3, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r1, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) [ 729.688216] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 729.702183] binder: 6148:6152 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:55:37 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:37 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x6000000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 729.731946] binder: 6141:6155 transaction failed 29189/-22, size 0-0 line 2856 [ 729.741942] binder: 6148:6152 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:55:37 executing program 2: mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x7, 0x4000) ioctl$KDGKBLED(r0, 0x4b64, &(0x7f0000000140)) mount(&(0x7f00005b9ff8)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='sockfs\x00', 0x1000, 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f00000001c0)={0x6, &(0x7f0000000180)=[{0xff, 0x50, 0x7f, 0x4}, {0x4, 0x80000001, 0x6, 0x3ff}, {0x71, 0x2, 0x9, 0x6}, {0xfffffffffffff411, 0x9, 0x7fff, 0x4}, {0xd8, 0x80000001, 0x7be, 0x1}, {0x7, 0x5, 0x3ff, 0x5}]}, 0x10) umount2(&(0x7f0000000340)='../file0\x00', 0x2) syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:37 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x3cd, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:37 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046205, 0x0) 2018/05/04 10:55:37 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd1e1ff7f00000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 729.803304] binder: undelivered TRANSACTION_ERROR: 29189 [ 729.825676] binder: undelivered TRANSACTION_ERROR: 29189 [ 729.834581] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 729.838009] binder: undelivered TRANSACTION_ERROR: 29189 [ 729.851664] binder: 6165:6166 transaction failed 29189/-22, size 0-0 line 2856 [ 729.872750] binder: 6165:6166 ioctl 40046205 0 returned -22 [ 729.879360] binder: 6169:6171 transaction failed 29189/-22, size 0-0 line 2856 [ 729.887757] binder: 6165:6166 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:55:37 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x29000000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:37 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffe1d1], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:37 executing program 2: mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x7, 0x4000) ioctl$KDGKBLED(r0, 0x4b64, &(0x7f0000000140)) mount(&(0x7f00005b9ff8)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='sockfs\x00', 0x1000, 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f00000001c0)={0x6, &(0x7f0000000180)=[{0xff, 0x50, 0x7f, 0x4}, {0x4, 0x80000001, 0x6, 0x3ff}, {0x71, 0x2, 0x9, 0x6}, {0xfffffffffffff411, 0x9, 0x7fff, 0x4}, {0xd8, 0x80000001, 0x7be, 0x1}, {0x7, 0x5, 0x3ff, 0x5}]}, 0x10) umount2(&(0x7f0000000340)='../file0\x00', 0x2) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) [ 729.899808] binder: 6165:6172 ioctl 40046205 0 returned -22 [ 729.929265] binder: undelivered TRANSACTION_ERROR: 29189 [ 729.941792] binder: undelivered TRANSACTION_ERROR: 29189 [ 729.947795] binder: undelivered TRANSACTION_ERROR: 29189 [ 729.957371] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. 2018/05/04 10:55:38 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0xfdfdffff00000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:38 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x68) 2018/05/04 10:55:38 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:38 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:38 executing program 2: mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x7, 0x4000) ioctl$KDGKBLED(r0, 0x4b64, &(0x7f0000000140)) mount(&(0x7f00005b9ff8)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='sockfs\x00', 0x1000, 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f00000001c0)={0x6, &(0x7f0000000180)=[{0xff, 0x50, 0x7f, 0x4}, {0x4, 0x80000001, 0x6, 0x3ff}, {0x71, 0x2, 0x9, 0x6}, {0xfffffffffffff411, 0x9, 0x7fff, 0x4}, {0xd8, 0x80000001, 0x7be, 0x1}, {0x7, 0x5, 0x3ff, 0x5}]}, 0x10) umount2(&(0x7f0000000340)='../file0\x00', 0x2) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:38 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) io_setup(0x0, &(0x7f0000000000)) io_destroy(r0) 2018/05/04 10:55:38 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x18]}]}) 2018/05/04 10:55:38 executing program 4: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = epoll_create1(0x0) epoll_wait(r3, &(0x7f0000000040)=[{}], 0x1, 0x8000) ioctl$KVM_GET_IRQCHIP(r0, 0xc208ae62, &(0x7f00000000c0)=@ioapic) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000cd8ff4)) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000007000)) epoll_wait(r3, &(0x7f0000000000)=[{}], 0x1, 0x0) [ 730.808735] binder: 6197:6199 transaction failed 29189/-22, size 0-0 line 2856 [ 730.818901] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 730.826598] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:55:38 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800e0000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:38 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0xa00000000000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:38 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x6800000000000000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 730.848944] binder: 6197:6199 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:55:38 executing program 2: mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x7, 0x4000) ioctl$KDGKBLED(r0, 0x4b64, &(0x7f0000000140)) mount(&(0x7f00005b9ff8)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='sockfs\x00', 0x1000, 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f00000001c0)={0x6, &(0x7f0000000180)=[{0xff, 0x50, 0x7f, 0x4}, {0x4, 0x80000001, 0x6, 0x3ff}, {0x71, 0x2, 0x9, 0x6}, {0xfffffffffffff411, 0x9, 0x7fff, 0x4}, {0xd8, 0x80000001, 0x7be, 0x1}, {0x7, 0x5, 0x3ff, 0x5}]}, 0x10) umount2(&(0x7f0000000340)='../file0\x00', 0x2) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:38 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x3) 2018/05/04 10:55:38 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10020], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:39 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x3000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 730.922700] binder: undelivered TRANSACTION_ERROR: 29189 [ 730.967911] binder: 6214:6216 transaction failed 29189/-22, size 0-0 line 2856 [ 730.999667] binder: undelivered TRANSACTION_ERROR: 29189 [ 731.010300] binder: 6214:6216 transaction failed 29189/-22, size 0-0 line 2856 [ 731.046848] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:55:39 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4c00000000000000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:39 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:39 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0xf]}]}) 2018/05/04 10:55:39 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x6000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:39 executing program 2: mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x7, 0x4000) ioctl$KDGKBLED(r0, 0x4b64, &(0x7f0000000140)) mount(&(0x7f00005b9ff8)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='sockfs\x00', 0x1000, 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f00000001c0)={0x6, &(0x7f0000000180)=[{0xff, 0x50, 0x7f, 0x4}, {0x4, 0x80000001, 0x6, 0x3ff}, {0x71, 0x2, 0x9, 0x6}, {0xfffffffffffff411, 0x9, 0x7fff, 0x4}, {0xd8, 0x80000001, 0x7be, 0x1}, {0x7, 0x5, 0x3ff, 0x5}]}, 0x10) syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:39 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x4c) 2018/05/04 10:55:39 executing program 5: io_setup(0x40, &(0x7f0000000140)=0x0) io_getevents(r0, 0x2, 0x800000000000200, &(0x7f0000000000)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) r1 = socket$inet6(0xa, 0x1, 0x8010000400000084) shutdown(r1, 0x0) sendto$inet6(r1, &(0x7f00009f1000)='G', 0x1, 0x0, &(0x7f0000108fe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) writev(r1, &(0x7f0000447ff0)=[{&(0x7f00008889ff)="b6", 0x1}], 0x1000000000000076) recvmsg(r1, &(0x7f0000000240)={&(0x7f0000000180)=@vsock={0x0, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000000bc0), 0x0, &(0x7f0000003480)=""/4096, 0x1000}, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x2a, &(0x7f0000000280)={0x5, {{0xa, 0x4e23, 0x10000, @dev={0xfe, 0x80, [], 0x1f}, 0x800000000}}}, 0x88) io_destroy(r0) r2 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$sock_bt(r2, 0xdd1f, &(0x7f0000000080)="fdb36f4e4d96a4a05c529cd3ab38c1d9758dac1c0193ad0a27df62c907bb86a49d8d36020ada1788d58da2db0e0e1acaf5b29af73724695a450177e316fffb981e7be912b96071620f963de6b988a942d8d82ebde2ce0f057aeac6e060cc9d65a9d145a792774fa0c5eb8d949f585c0b80cc6a716ee126fb434e913d26ae7cebc6652582ac7317136eecb07c67eec45dc4e92196") 2018/05/04 10:55:39 executing program 4: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = epoll_create1(0x0) epoll_wait(r3, &(0x7f0000000040)=[{}], 0x1, 0x8000) ioctl$KVM_GET_IRQCHIP(r0, 0xc208ae62, &(0x7f00000000c0)=@ioapic) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000cd8ff4)) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000007000)) epoll_wait(r3, &(0x7f0000000000)=[{}], 0x1, 0x0) [ 731.931261] binder: 6240:6242 transaction failed 29189/-22, size 0-0 line 2856 [ 731.960383] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:55:40 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000100], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:40 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000000000000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:40 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x4c000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 731.977664] binder: 6240:6242 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:55:40 executing program 2: mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x7, 0x4000) ioctl$KDGKBLED(r0, 0x4b64, &(0x7f0000000140)) mount(&(0x7f00005b9ff8)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='sockfs\x00', 0x1000, 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:40 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:40 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x700000000000000) 2018/05/04 10:55:40 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800e000000000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 732.060242] binder: undelivered TRANSACTION_ERROR: 29189 [ 732.098630] binder: 6258:6261 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:55:40 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xf00}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:40 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001000000000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:40 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x74, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 732.115269] binder: undelivered TRANSACTION_ERROR: 29189 [ 732.126233] binder: 6258:6261 transaction failed 29189/-22, size 0-0 line 2856 [ 732.169464] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:55:41 executing program 2: mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x7, 0x4000) ioctl$KDGKBLED(r0, 0x4b64, &(0x7f0000000140)) mount(&(0x7f00005b9ff8)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='sockfs\x00', 0x1000, 0x0) syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:41 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x7400000000000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:41 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x700}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:41 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1002000000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:41 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x3f00000000000000]}]}) 2018/05/04 10:55:41 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) alarm(0x4) r1 = syz_open_dev$mouse(&(0x7f0000000100)='/dev/input/mouse#\x00', 0x6, 0x80000) r2 = syz_open_pts(r1, 0x400) ioctl$KDADDIO(r2, 0x4b34, 0x1) io_destroy(r0) r3 = dup2(r2, r2) accept$packet(r3, &(0x7f0000000080), &(0x7f00000000c0)=0x14) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000140)={{0x4, 0x101}, 'port1\x00', 0x10, 0x18, 0x8, 0xffffffff, 0x1000, 0x3, 0x9, 0x0, 0x1, 0x7}) r4 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x4000, 0x0) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r4, 0x84, 0x13, &(0x7f0000000040)=0x1, 0x4) 2018/05/04 10:55:41 executing program 4: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = epoll_create1(0x0) epoll_wait(r3, &(0x7f0000000040)=[{}], 0x1, 0x8000) ioctl$KVM_GET_IRQCHIP(r0, 0xc208ae62, &(0x7f00000000c0)=@ioapic) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000cd8ff4)) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000007000)) epoll_wait(r3, &(0x7f0000000000)=[{}], 0x1, 0x0) 2018/05/04 10:55:41 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x7a000000) [ 733.053163] nla_parse: 5 callbacks suppressed [ 733.053172] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 733.066661] binder: 6286:6289 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:55:41 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:41 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x4800000000000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:41 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x29}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 733.093639] binder: undelivered TRANSACTION_ERROR: 29189 [ 733.107894] binder: 6286:6289 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:55:41 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x4c000000) 2018/05/04 10:55:41 executing program 2: mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x7, 0x4000) ioctl$KDGKBLED(r0, 0x4b64, &(0x7f0000000140)) mount(&(0x7f00005b9ff8)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='sockfs\x00', 0x1000, 0x0) syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:41 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f0f0020], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 733.158181] binder: undelivered TRANSACTION_ERROR: 29189 [ 733.192594] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 733.207617] binder: 6306:6307 transaction failed 29189/-22, size 0-0 line 2856 [ 733.230551] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:55:41 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:41 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x48}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:41 executing program 2: mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x7, 0x4000) ioctl$KDGKBLED(r0, 0x4b64, &(0x7f0000000140)) mount(&(0x7f00005b9ff8)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='sockfs\x00', 0x1000, 0x0) syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) [ 733.251952] binder: 6306:6307 transaction failed 29189/-22, size 0-0 line 2856 [ 733.296567] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 733.316367] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:55:42 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x400000000000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:42 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x4) 2018/05/04 10:55:42 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe80], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:42 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xffffff7f}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:42 executing program 2: mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x7, 0x4000) ioctl$KDGKBLED(r0, 0x4b64, &(0x7f0000000140)) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:42 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x4000000000000000]}]}) 2018/05/04 10:55:42 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x2, 0x0) flistxattr(r1, &(0x7f0000000040)=""/125, 0x7d) socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000140)) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x40, 0x0) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r2, 0x84, 0x16, &(0x7f0000000100)={0x4, [0x4, 0x3ff, 0x4, 0x3ff]}, 0xc) io_getevents(r0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) io_destroy(r0) 2018/05/04 10:55:42 executing program 4: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = epoll_create1(0x0) epoll_wait(r3, &(0x7f0000000040)=[{}], 0x1, 0x8000) ioctl$KVM_GET_IRQCHIP(r0, 0xc208ae62, &(0x7f00000000c0)=@ioapic) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000cd8ff4)) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000007000)) ioctl$UFFDIO_UNREGISTER(r1, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) [ 734.152339] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 734.155393] binder: 6328:6331 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:55:42 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ff7f], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:42 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x6c000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:42 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x60000000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:42 executing program 2: mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x7, 0x4000) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) [ 734.216225] binder: undelivered TRANSACTION_ERROR: 29189 [ 734.240582] binder: 6328:6331 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:55:42 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xc0f0000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 734.271642] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 734.341200] binder: undelivered TRANSACTION_ERROR: 29189 [ 734.347204] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. 2018/05/04 10:55:43 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40010000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:43 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x60000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x200000000000000) 2018/05/04 10:55:43 executing program 2: mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:43 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x100000000000000]}]}) 2018/05/04 10:55:43 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x7400}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:43 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) r1 = dup2(0xffffffffffffff9c, 0xffffffffffffff9c) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, &(0x7f0000000040)=0x0) sendmsg$nl_generic(r1, &(0x7f0000000400)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20208}, 0xc, &(0x7f00000003c0)={&(0x7f0000000080)={0x32c, 0x2c, 0x800, 0x70bd2c, 0x25dfdbff, {0xf}, [@generic="bf5243a231425d324564b58e641201a42eae6eba92275af3532c265df613a788e847c10019e1a6e8c74672bda9e33349feaa5ca15c6ef78559f7acf9c67ca696e5fe2d2e5d3a9c3bf1284fe2255f24d770fd055501149ce6ee6c637afcc3347be1b4f703efb4afd9d56125de753ae69819b5de57076db28742b889c7316368251f37a9f4f50ec86920ffbdc9e502b0ba1c78816d6db044663cb23ef76880c3ddf7", @nested={0x20, 0x8e, [@typed={0x14, 0x4f, @ipv6}, @typed={0x8, 0x1b, @pid=r2}]}, @nested={0xc, 0x6e, [@typed={0x8, 0x50, @ipv4}]}, @generic="666ce05341fd47549b9186031fcb77f0120bad573d0e40f930dadabcda4938043a9c3bb506062a56d89c0bc76e4408b8aee7ad0526cbc467568c4b3d04df135bca1d401c82079a378789166daf0c91ad2d0c3cdbe0af530ee95d47d8285e355f406ab60d520573d3ddc50ee48d01", @typed={0x8, 0x57, @str='\x00'}, @generic="6fc5562d49a27df53a4563e5fa0180bb1b9225a79055aa659454d94c291576724e885c58d36dc15991ca348b0aea5222173f83b650401947082a86ce460da6a6f05ebf2e830f399d0b551701ee38184b28e3d7483530a7e2df5475cfb93b2bb193df00eb5fc53e1e13f31b2fee3e4e4159e65228af915b5fde9f2c108e2e6c4d57bfa4a23bff75b57fd83dfe1debad34ccd187d5480b40b8b2d007575ba9e69fffc6bb7f73b174f5e672681151d92354fd47b616c432d069c05f48e73e164b5c952434df11f2bf498f37327d89fae5bad9e4ade05ab971eb265068b67a4123ba1d87da357ac44c1cb31301e0489412cbb4a1f7", @generic="51cdf277918319c90aacafa3df4443c7662705e5e90c628531c2979e73c4e7dccad7e98e718943f114274404d9e6a8a937504d5b9b4c0ad3f9aabb4c32b9fa2fdcb8deebc1e085d166f9b8fd3db0e5ae7ab683f953d5b16c6cca7d605cc4848524d684fac17b7beafc4dc70998cf4c24e457bbb4b69bae2e761249ad95de436632f1a656aca4f61fa1b666781efc1ca49f23c8fe9fead973311c0773372610a8afb91cbb8b7bf6866b7011c385521be8bad466f5b0dc46ade4e93621cb2f0c9d30b9ae2e910efe2899779bbe383cb49508f9ae95aa4fb2e06c5e747d8d7a4784"]}, 0x32c}, 0x1, 0x0, 0x0, 0x800}, 0x40000) fcntl$notify(r1, 0x402, 0x1) io_destroy(r0) 2018/05/04 10:55:43 executing program 4: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = epoll_create1(0x0) epoll_wait(r3, &(0x7f0000000040)=[{}], 0x1, 0x8000) ioctl$KVM_GET_IRQCHIP(r0, 0xc208ae62, &(0x7f00000000c0)=@ioapic) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000cd8ff4)) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000007000)) ioctl$UFFDIO_UNREGISTER(r1, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:55:43 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800e], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 735.279361] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 735.288799] binder: 6365:6374 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:55:43 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x5000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:43 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x5000000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 735.326160] binder: undelivered TRANSACTION_ERROR: 29189 [ 735.343615] binder: 6365:6374 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:55:43 executing program 2: chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:43 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x600) 2018/05/04 10:55:43 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x500}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 735.395607] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 735.428207] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:55:43 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd1e1ff7f00000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:43 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x7400, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 735.468333] binder: 6392:6393 transaction failed 29189/-22, size 0-0 line 2856 [ 735.478414] binder: undelivered TRANSACTION_ERROR: 29189 [ 735.501198] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 735.501300] binder: 6392:6393 transaction failed 29189/-22, size 0-0 line 2856 [ 735.562845] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:55:44 executing program 2: chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:44 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1002000000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:44 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x6c}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:44 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) io_destroy(r0) io_setup(0x88, &(0x7f0000000000)) 2018/05/04 10:55:44 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x6c00) 2018/05/04 10:55:44 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x2000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:44 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x40000000]}]}) 2018/05/04 10:55:44 executing program 4: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = epoll_create1(0x0) epoll_wait(r3, &(0x7f0000000040)=[{}], 0x1, 0x8000) ioctl$KVM_GET_IRQCHIP(r0, 0xc208ae62, &(0x7f00000000c0)=@ioapic) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000cd8ff4)) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000007000)) ioctl$UFFDIO_UNREGISTER(r1, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) [ 736.395009] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 736.410947] binder: 6411:6423 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:55:44 executing program 2: chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:44 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x4c00, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:44 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f0f0020], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 736.435257] binder: undelivered TRANSACTION_ERROR: 29189 [ 736.447239] binder: 6411:6423 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:55:44 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x74}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:44 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x300) 2018/05/04 10:55:44 executing program 2: mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:44 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x48000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 736.521577] binder: undelivered TRANSACTION_ERROR: 29189 [ 736.567223] binder: 6437:6438 transaction failed 29189/-22, size 0-0 line 2856 [ 736.588816] binder: undelivered TRANSACTION_ERROR: 29189 [ 736.612303] binder: 6437:6438 transaction failed 29189/-22, size 0-0 line 2856 [ 736.652652] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:55:45 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:45 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x5}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:45 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x7a00, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:45 executing program 4: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = epoll_create1(0x0) epoll_wait(r3, &(0x7f0000000040)=[{}], 0x1, 0x8000) ioctl$KVM_GET_IRQCHIP(r0, 0xc208ae62, &(0x7f00000000c0)=@ioapic) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000cd8ff4)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f0000007000)) epoll_wait(r3, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r1, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:55:45 executing program 2: mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:45 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0xffffff7f00000000) 2018/05/04 10:55:45 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x1000000]}]}) 2018/05/04 10:55:45 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r0, 0x2, 0x2, &(0x7f0000000380)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) io_destroy(r0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=0x0) prctl$setendian(0x14, 0x3) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='memory.current\x00', 0x0, 0x0) ioctl$EVIOCGPHYS(r2, 0x80404507, &(0x7f00000000c0)=""/81) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x6c, &(0x7f0000000140)={0x0, 0xfd, "aeaa35681ad2d31a8292f965e6ea0be35e95bd4ae04b86b99dd3d5b0811a3bd9cd74f5725fdc90d48ea567017b5f1be7e0bc7cfba617dfecb12924f68a78ac9501dfb025a0c49aa505684c05bfc4bcdae1b78f4941b9f6ea2f6f3c36eca74e4ecde6f7801a217bc6a2bb364945ba0e33bc79b40fd19454e90cba82c3ca9a29dbc56918725e77c9360d2af54abc44adc95d804c4c69f25deee6e8cd0ff5e699daa5397e1f2ec41d191fc879bd3a1d17c996836b2a14966c1ebac027877f4c95337bf26538abc7ee9568717cbd7b5915c3d4a4d333776c165d149e2ed9bfdd661be0e0fea8136bf74fd4bc8bb27304a4804f334b47a9aa5373570c8901f1"}, &(0x7f0000000280)=0x105) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f00000002c0)={r3, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}}}, 0x84) sched_rr_get_interval(r1, &(0x7f0000000040)) 2018/05/04 10:55:45 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000100], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 737.516226] binder: 6462:6463 transaction failed 29189/-22, size 0-0 line 2856 [ 737.554545] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:55:45 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x6000000000000000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:45 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x48, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:45 executing program 2: mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:45 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 737.577103] binder: 6462:6463 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:55:45 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ff7f00000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:45 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40030000000000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:45 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x6c) 2018/05/04 10:55:45 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x200000000000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 737.688410] binder: undelivered TRANSACTION_ERROR: 29189 [ 737.732588] binder: 6487:6489 transaction failed 29189/-22, size 0-0 line 2856 [ 737.757326] binder: undelivered TRANSACTION_ERROR: 29189 [ 737.770018] binder: 6487:6489 transaction failed 29189/-22, size 0-0 line 2856 [ 737.796379] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:55:46 executing program 4: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) ioctl$KVM_GET_IRQCHIP(r0, 0xc208ae62, &(0x7f00000000c0)=@ioapic) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r1, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:55:46 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800e000000000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:46 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xc0f000000000000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:46 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x68000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:46 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x4c00000000000000) 2018/05/04 10:55:46 executing program 5: io_getevents(0x0, 0x8001, 0x49db08993b3a7db4, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000000080)={0x77359400}) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) clock_settime(0x4, &(0x7f0000000100)={r0, r1+30000000}) r2 = dup2(0xffffffffffffff9c, 0xffffffffffffffff) ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f0000000040)={'bcsf0\x00', 0x400}) ioctl$KVM_SET_IDENTITY_MAP_ADDR(r2, 0x4008ae48, &(0x7f0000000000)=0xf000) syz_init_net_socket$llc(0x1a, 0x520158ed1b335354, 0x0) io_destroy(0x0) 2018/05/04 10:55:46 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x17000000]}]}) 2018/05/04 10:55:46 executing program 2: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x4c) [ 738.630550] binder: 6504:6507 transaction failed 29189/-22, size 0-0 line 2856 [ 738.641162] nla_parse: 4 callbacks suppressed [ 738.641171] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 738.661805] binder: undelivered TRANSACTION_ERROR: 29189 [ 738.667629] binder: 6509:6513 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:55:46 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001000000000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:46 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x428880, 0x0) io_destroy(r0) 2018/05/04 10:55:46 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xd0f}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:46 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0xa000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 738.692733] binder: 6504:6507 transaction failed 29189/-22, size 0-0 line 2856 [ 738.701079] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:55:46 executing program 2 (fault-call:3 fault-nth:0): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:46 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd1e1ff7f], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:46 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x7000000) 2018/05/04 10:55:46 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x700, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 738.771503] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 738.804421] binder: undelivered TRANSACTION_ERROR: 29189 [ 738.839966] FAULT_INJECTION: forcing a failure. [ 738.839966] name failslab, interval 1, probability 0, space 0, times 0 [ 738.845098] binder: 6533:6534 transaction failed 29189/-22, size 0-0 line 2856 [ 738.851295] CPU: 0 PID: 6530 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 738.851307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 738.851315] Call Trace: [ 738.851352] dump_stack+0x1b9/0x294 [ 738.881470] ? dump_stack_print_info.cold.2+0x52/0x52 [ 738.886684] ? graph_lock+0x170/0x170 [ 738.890515] should_fail.cold.4+0xa/0x1a [ 738.890596] binder: undelivered TRANSACTION_ERROR: 29189 [ 738.894585] ? lock_downgrade+0x8e0/0x8e0 [ 738.894606] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 738.894622] ? find_held_lock+0x36/0x1c0 [ 738.894647] ? find_held_lock+0x36/0x1c0 [ 738.894685] ? check_same_owner+0x320/0x320 [ 738.894704] ? rcu_note_context_switch+0x710/0x710 [ 738.894724] ? wait_for_completion+0x870/0x870 [ 738.911102] binder: 6533:6534 transaction failed 29189/-22, size 0-0 line 2856 [ 738.913462] __should_failslab+0x124/0x180 [ 738.913483] should_failslab+0x9/0x14 [ 738.913502] kmem_cache_alloc+0x2af/0x760 [ 738.913528] getname_flags+0xd0/0x5a0 [ 738.913548] getname+0x19/0x20 [ 738.913571] do_sys_open+0x39a/0x740 [ 738.950806] binder: undelivered TRANSACTION_ERROR: 29189 [ 738.950935] ? filp_open+0x80/0x80 [ 738.970589] ? ksys_mount+0xa8/0x140 [ 738.974328] __x64_sys_open+0x7e/0xc0 [ 738.978154] do_syscall_64+0x1b1/0x800 [ 738.982062] ? finish_task_switch+0x1ca/0x810 [ 738.986579] ? syscall_return_slowpath+0x5c0/0x5c0 [ 738.991530] ? syscall_return_slowpath+0x30f/0x5c0 [ 738.996483] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 739.001870] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 739.006736] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 739.011936] RIP: 0033:0x40fbd1 [ 739.015123] RSP: 002b:00007fb75655d800 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 739.022836] RAX: ffffffffffffffda RBX: 00007fb75655e6d4 RCX: 000000000040fbd1 [ 739.030103] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00000000004ba29e [ 739.037378] RBP: 000000000000c000 R08: 0000000000000000 R09: 0000000000000000 [ 739.044658] R10: 0000000020000100 R11: 0000000000000293 R12: 0000000000000000 [ 739.051934] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:55:47 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x6800}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:47 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x2000000) 2018/05/04 10:55:47 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x1700]}]}) 2018/05/04 10:55:47 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x5, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:47 executing program 2 (fault-call:3 fault-nth:1): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:47 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800e], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:47 executing program 4: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) ioctl$KVM_GET_IRQCHIP(r0, 0xc208ae62, &(0x7f00000000c0)=@ioapic) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r1, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:55:47 executing program 5: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) connect$vsock_dgram(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @host=0x2}, 0x10) io_setup(0x401, &(0x7f0000fa5000)=0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000080)={0x0, 0x3}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000100)={r2, 0xfff, 0x20}, 0xc) io_getevents(r1, 0x2, 0x800000000000157, &(0x7f0000000140)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) io_destroy(r1) [ 739.742806] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 739.756447] binder: 6551:6558 transaction failed 29189/-22, size 0-0 line 2856 [ 739.767363] FAULT_INJECTION: forcing a failure. [ 739.767363] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 739.779216] CPU: 0 PID: 6548 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 739.786408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 739.795775] Call Trace: [ 739.798371] dump_stack+0x1b9/0x294 [ 739.801998] ? dump_stack_print_info.cold.2+0x52/0x52 [ 739.807197] should_fail.cold.4+0xa/0x1a [ 739.811251] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 739.816352] ? debug_check_no_locks_freed+0x310/0x310 [ 739.821542] ? _parse_integer+0x13b/0x190 [ 739.825681] ? graph_lock+0x170/0x170 [ 739.829475] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 739.835002] ? _kstrtoull+0x180/0x230 [ 739.838795] ? _parse_integer+0x190/0x190 [ 739.842933] ? graph_lock+0x170/0x170 [ 739.846725] ? lock_release+0xa10/0xa10 [ 739.850694] ? check_same_owner+0x320/0x320 [ 739.855008] ? find_held_lock+0x36/0x1c0 [ 739.859065] ? graph_lock+0x170/0x170 [ 739.862859] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 739.868383] ? should_fail+0x21b/0xbcd [ 739.872269] ? lock_downgrade+0x8e0/0x8e0 [ 739.876416] __alloc_pages_nodemask+0x34e/0xd70 [ 739.881077] ? find_held_lock+0x36/0x1c0 [ 739.885126] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 739.890133] ? find_held_lock+0x36/0x1c0 [ 739.894202] ? check_same_owner+0x320/0x320 [ 739.898517] cache_grow_begin+0x72/0x6c0 [ 739.902574] kmem_cache_alloc+0x689/0x760 [ 739.906719] getname_flags+0xd0/0x5a0 [ 739.910510] getname+0x19/0x20 [ 739.913711] do_sys_open+0x39a/0x740 [ 739.917421] ? filp_open+0x80/0x80 [ 739.920967] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 739.925805] __x64_sys_open+0x7e/0xc0 [ 739.929596] do_syscall_64+0x1b1/0x800 [ 739.933485] ? finish_task_switch+0x1ca/0x810 [ 739.937970] ? syscall_return_slowpath+0x5c0/0x5c0 [ 739.942910] ? syscall_return_slowpath+0x30f/0x5c0 [ 739.947833] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 739.953208] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 739.958047] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 739.963225] RIP: 0033:0x40fbd1 [ 739.966408] RSP: 002b:00007fb75655d800 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 739.974107] RAX: ffffffffffffffda RBX: 00007fb75655e6d4 RCX: 000000000040fbd1 [ 739.981460] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00000000004ba29e [ 739.988718] RBP: 000000000000c000 R08: 0000000000000000 R09: 0000000000000000 [ 739.995978] R10: 0000000020000100 R11: 0000000000000293 R12: 0000000000000000 [ 740.003238] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 740.020237] binder: 6554:6562 unknown command 0 [ 740.025473] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:55:48 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x140], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:48 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x68}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 740.041494] binder: 6554:6562 ioctl c0306201 20000040 returned -22 [ 740.048886] binder: 6551:6558 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:55:48 executing program 2 (fault-call:3 fault-nth:2): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:48 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x600000000000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:48 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x48) 2018/05/04 10:55:48 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffff000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 740.091847] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 740.110832] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:55:48 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000000000000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 740.206624] binder: 6572:6573 transaction failed 29189/-22, size 0-0 line 2856 [ 740.224470] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 740.240720] FAULT_INJECTION: forcing a failure. [ 740.240720] name failslab, interval 1, probability 0, space 0, times 0 2018/05/04 10:55:48 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f0f002000000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:48 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x20000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 740.252062] CPU: 0 PID: 6569 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 740.259266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 740.268630] Call Trace: [ 740.271247] dump_stack+0x1b9/0x294 [ 740.274908] ? dump_stack_print_info.cold.2+0x52/0x52 [ 740.280131] should_fail.cold.4+0xa/0x1a [ 740.284229] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 740.289364] ? debug_check_no_locks_freed+0x310/0x310 [ 740.294582] ? print_usage_bug+0xc0/0xc0 [ 740.298677] ? find_held_lock+0x36/0x1c0 [ 740.302781] ? check_same_owner+0x320/0x320 2018/05/04 10:55:48 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0xfffffdfd, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 740.307185] ? rcu_note_context_switch+0x710/0x710 [ 740.312152] __should_failslab+0x124/0x180 [ 740.316423] should_failslab+0x9/0x14 [ 740.320255] kmem_cache_alloc+0x2af/0x760 [ 740.324436] ? debug_check_no_locks_freed+0x310/0x310 [ 740.329664] get_empty_filp+0x125/0x520 [ 740.333666] ? proc_nr_files+0x60/0x60 [ 740.337573] ? lock_downgrade+0x8e0/0x8e0 [ 740.341738] ? graph_lock+0x170/0x170 [ 740.345567] ? kasan_check_read+0x11/0x20 [ 740.349727] ? rcu_is_watching+0x85/0x140 [ 740.353901] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 740.359119] path_openat+0x116/0x4e20 [ 740.362964] ? unwind_get_return_address+0x61/0xa0 [ 740.367924] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 740.372969] ? path_lookupat.isra.44+0xbd0/0xbd0 [ 740.377753] ? find_held_lock+0x36/0x1c0 [ 740.381848] ? lock_downgrade+0x8e0/0x8e0 [ 740.386020] ? do_sys_open+0x39a/0x740 [ 740.389937] ? kasan_check_read+0x11/0x20 [ 740.394108] ? do_raw_spin_unlock+0x9e/0x2e0 [ 740.397106] binder: undelivered TRANSACTION_ERROR: 29189 [ 740.398536] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 740.398551] ? __lock_is_held+0xb5/0x140 [ 740.398577] ? _raw_spin_unlock+0x22/0x30 [ 740.416798] binder: 6572:6573 transaction failed 29189/-22, size 0-0 line 2856 [ 740.416827] ? __alloc_fd+0x346/0x700 [ 740.427978] ? usercopy_warn+0x120/0x120 [ 740.432063] do_filp_open+0x249/0x350 [ 740.435880] ? may_open_dev+0x100/0x100 [ 740.439872] ? strncpy_from_user+0x3b6/0x500 [ 740.444305] ? mpi_free.cold.1+0x19/0x19 [ 740.448395] ? get_unused_fd_flags+0x121/0x190 [ 740.452996] ? getname_flags+0xd0/0x5a0 [ 740.456993] ? getname_flags+0x26e/0x5a0 [ 740.461112] do_sys_open+0x56f/0x740 [ 740.464960] ? filp_open+0x80/0x80 [ 740.468521] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 740.473385] __x64_sys_open+0x7e/0xc0 [ 740.477208] do_syscall_64+0x1b1/0x800 [ 740.478227] binder: undelivered TRANSACTION_ERROR: 29189 [ 740.481103] ? finish_task_switch+0x1ca/0x810 [ 740.481130] ? syscall_return_slowpath+0x5c0/0x5c0 [ 740.481147] ? syscall_return_slowpath+0x30f/0x5c0 [ 740.481168] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 740.481187] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 740.481206] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 740.481220] RIP: 0033:0x40fbd1 [ 740.519510] RSP: 002b:00007fb75655d800 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 740.527315] RAX: ffffffffffffffda RBX: 00007fb75655e6d4 RCX: 000000000040fbd1 [ 740.534581] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00000000004ba29e [ 740.541844] RBP: 000000000000c000 R08: 0000000000000000 R09: 0000000000000000 [ 740.549129] R10: 0000000020000100 R11: 0000000000000293 R12: 0000000000000000 [ 740.556408] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:55:48 executing program 2 (fault-call:3 fault-nth:3): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:48 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) io_destroy(r0) 2018/05/04 10:55:48 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x3f00]}]}) 2018/05/04 10:55:48 executing program 4: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) ioctl$KVM_GET_IRQCHIP(r0, 0xc208ae62, &(0x7f00000000c0)=@ioapic) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r1, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:55:48 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10020], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:48 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xc40d000000000000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:48 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x6c, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:48 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x300000000000000) [ 740.859160] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 740.876418] binder: 6603:6608 transaction failed 29189/-22, size 0-0 line 2856 [ 740.899946] binder: undelivered TRANSACTION_ERROR: 29189 [ 740.914268] binder: 6603:6608 transaction failed 29189/-22, size 0-0 line 2856 [ 740.918483] FAULT_INJECTION: forcing a failure. [ 740.918483] name failslab, interval 1, probability 0, space 0, times 0 [ 740.933139] CPU: 0 PID: 6610 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 740.940341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 2018/05/04 10:55:49 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xf000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:49 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x6c00000000000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:49 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:49 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x6c00000000000000) [ 740.949709] Call Trace: [ 740.952315] dump_stack+0x1b9/0x294 [ 740.955972] ? dump_stack_print_info.cold.2+0x52/0x52 [ 740.961180] ? unwind_get_return_address+0x61/0xa0 [ 740.963073] binder: undelivered TRANSACTION_ERROR: 29189 [ 740.966124] ? __save_stack_trace+0x7e/0xd0 [ 740.966149] should_fail.cold.4+0xa/0x1a [ 740.966166] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 740.966186] ? save_stack+0x43/0xd0 [ 740.988728] ? __kasan_slab_free+0x11a/0x170 [ 740.993164] ? kasan_slab_free+0xe/0x10 [ 740.997261] ? kmem_cache_free+0x86/0x2d0 [ 741.001434] ? do_sys_open+0x554/0x740 [ 741.005342] ? __x64_sys_open+0x7e/0xc0 [ 741.009344] ? do_syscall_64+0x1b1/0x800 [ 741.013424] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 741.018823] ? find_held_lock+0x36/0x1c0 [ 741.020260] binder: 6616:6617 transaction failed 29189/-22, size 0-0 line 2856 [ 741.022916] ? check_same_owner+0x320/0x320 [ 741.022932] ? rcu_is_watching+0x85/0x140 [ 741.022949] ? rcu_note_context_switch+0x710/0x710 [ 741.022969] __should_failslab+0x124/0x180 2018/05/04 10:55:49 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ff7f], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 741.022986] should_failslab+0x9/0x14 [ 741.023001] __kmalloc_track_caller+0x2c4/0x760 [ 741.023024] ? strncpy_from_user+0x500/0x500 [ 741.023044] ? strndup_user+0x77/0xd0 [ 741.039561] binder: undelivered TRANSACTION_ERROR: 29189 [ 741.044044] memdup_user+0x2c/0xa0 [ 741.044060] strndup_user+0x77/0xd0 [ 741.044083] ksys_mount+0x3c/0x140 [ 741.044100] __x64_sys_mount+0xbe/0x150 [ 741.044116] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 741.044134] do_syscall_64+0x1b1/0x800 [ 741.044148] ? finish_task_switch+0x1ca/0x810 2018/05/04 10:55:49 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x6c000000) 2018/05/04 10:55:49 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffe1d1], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 741.044162] ? syscall_return_slowpath+0x5c0/0x5c0 [ 741.044180] ? syscall_return_slowpath+0x30f/0x5c0 [ 741.059290] binder: 6616:6617 transaction failed 29189/-22, size 0-0 line 2856 [ 741.061287] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 741.061312] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 741.061331] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 741.061343] RIP: 0033:0x455979 [ 741.061351] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 741.061368] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 2018/05/04 10:55:49 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x3, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 741.061375] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 741.061389] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 741.096216] binder: undelivered TRANSACTION_ERROR: 29189 [ 741.098652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 741.098662] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 741.107776] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 741.145366] binder: 6622:6623 transaction failed 29189/-22, size 0-0 line 2856 [ 741.234668] binder: 6628:6629 unknown command 64 [ 741.240213] binder: 6628:6629 ioctl c0306201 20000040 returned -22 [ 741.245398] binder: undelivered TRANSACTION_ERROR: 29189 [ 741.253295] binder: 6622:6623 transaction failed 29189/-22, size 0-0 line 2856 [ 741.277674] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:55:49 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xffffff9e}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:49 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe80], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:49 executing program 2 (fault-call:3 fault-nth:4): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:49 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0xa, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:49 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x6000000) 2018/05/04 10:55:49 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) io_destroy(r0) 2018/05/04 10:55:49 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:55:49 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x80ffff00000000]}]}) [ 741.958894] binder: 6643:6647 transaction failed 29189/-22, size 0-0 line 2856 [ 741.966504] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 741.992213] binder: 6638:6652 unknown command 0 [ 741.997854] binder: undelivered TRANSACTION_ERROR: 29189 [ 742.002011] FAULT_INJECTION: forcing a failure. [ 742.002011] name failslab, interval 1, probability 0, space 0, times 0 [ 742.014703] CPU: 0 PID: 6649 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 742.016288] binder: 6643:6647 transaction failed 29189/-22, size 0-0 line 2856 [ 742.021893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 742.021900] Call Trace: [ 742.021926] dump_stack+0x1b9/0x294 [ 742.021949] ? dump_stack_print_info.cold.2+0x52/0x52 [ 742.021972] should_fail.cold.4+0xa/0x1a [ 742.021995] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 742.059198] ? save_stack+0x43/0xd0 [ 742.062814] ? kasan_kmalloc+0xc4/0xe0 [ 742.066687] ? __kmalloc_track_caller+0x14a/0x760 [ 742.071518] ? memdup_user+0x2c/0xa0 [ 742.075217] ? strndup_user+0x77/0xd0 [ 742.079021] ? graph_lock+0x170/0x170 [ 742.082828] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 742.088178] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 742.093533] ? find_held_lock+0x36/0x1c0 [ 742.097598] ? check_same_owner+0x320/0x320 [ 742.101908] ? lock_release+0xa10/0xa10 [ 742.105893] ? rcu_note_context_switch+0x710/0x710 [ 742.110814] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 742.115821] ? __check_object_size+0x95/0x5d9 [ 742.120302] __should_failslab+0x124/0x180 [ 742.124527] should_failslab+0x9/0x14 [ 742.128314] __kmalloc_track_caller+0x2c4/0x760 [ 742.132976] ? strncpy_from_user+0x500/0x500 [ 742.137377] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 742.142902] ? strndup_user+0x77/0xd0 [ 742.146689] memdup_user+0x2c/0xa0 [ 742.150217] strndup_user+0x77/0xd0 [ 742.153835] ksys_mount+0x73/0x140 [ 742.157375] __x64_sys_mount+0xbe/0x150 [ 742.161337] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 742.166347] do_syscall_64+0x1b1/0x800 [ 742.170223] ? finish_task_switch+0x1ca/0x810 [ 742.174707] ? syscall_return_slowpath+0x5c0/0x5c0 [ 742.179626] ? syscall_return_slowpath+0x30f/0x5c0 [ 742.184548] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 742.189910] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 742.194742] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 742.199919] RIP: 0033:0x455979 2018/05/04 10:55:50 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000f2f], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:50 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x500000000000000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 742.203094] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 742.210789] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 742.218048] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 742.225305] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 742.232562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 742.239817] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 742.249278] binder: 6638:6652 ioctl c0306201 20000040 returned -22 2018/05/04 10:55:50 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x6000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 742.306837] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 742.308156] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:55:51 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x6) 2018/05/04 10:55:51 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xf0}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:51 executing program 2 (fault-call:3 fault-nth:5): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:51 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x2, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:51 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x1000008202, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x92}) write(r1, &(0x7f0000000080)="c3", 0x1) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0) ioctl$LOOP_CLR_FD(r2, 0x4c01) r3 = syz_open_pts(r1, 0x0) ioctl$TCSETS(r1, 0x5402, &(0x7f0000000040)={0x0, 0x3, 0x0, 0x677acfed, 0x4, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffffe}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$TIOCGLCKTRMIOS(r4, 0x5412, &(0x7f0000000100)={0xffffffff}) ioctl$KDMKTONE(r1, 0x4b30, 0x1) io_destroy(r0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x501000, 0x56) getsockopt$IP6T_SO_GET_ENTRIES(r5, 0x29, 0x41, &(0x7f00000003c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000c9000000810e1378b16941c8b4540870c59ed228496f1619f1b140db6c107ef228bcb93ab1958c2b3309c73b854f16dd4f6adfc71a4fbf279939521f4d2ac861554fecf83c7c11fd9de1a7faba9aeb28397a15810cb21fbdffc7d1b7fcd9107679b6e4848a961cf99cda6bf01066adf399727c85c108af2835fec1ec19f5e3babfcbf124f3e5281e1f365f0802103767d7291c6c48184aeab24b0c31a1084e44d97b4708ca328c6cf7c62329ac4f5f488cb72552705c51e2c0e4335b7a4af67679f88b111719f0311e012192192e386c42a09361585689a27f144ca6a8dec18fc875e96fc4385d2b6ce150f6ffba20ce78da1bacc1c18b47009195acb27a305fa89bee6e5fced2a397577466e8867341a8f92f2eb135a32306cb85ed14c5d50ae601a60e97f79aee246679e138bf6d4fd221ab10bf9543934f0642d01e349a8138b3a162a5602e563e6303bbeb88a5033a9fc1c204ea6ecca6447dd1a81f2a9ebfdfc98d46a3ee72ca88182b7498b39480b055a775f2d7720904b5fe620a81f28a481e75fa69d214d9e9232890564a4b0db00fd9a094de7783673b35516061f59d2a77ebacb5a8dcba7dc92da240b354c27f7dc276bedbd62115e7b42f029e3e3578befca5aaefcf522f943440b8a2a91016360113cf3f4c0d0cf74b048ff29ddd6faa8a70940334a990b237c675a7b24f3327394b23246126cb640e7a280d"], &(0x7f0000000140)=0xed) 2018/05/04 10:55:51 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x80ffff]}]}) 2018/05/04 10:55:51 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:55:51 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40010000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 743.084442] binder: 6674:6683 transaction failed 29189/-22, size 0-0 line 2856 [ 743.096226] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 743.110515] binder: 6678:6687 unknown command 16456 [ 743.120123] binder: 6678:6687 ioctl c0306201 20000040 returned -22 2018/05/04 10:55:51 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x6}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 743.137141] binder: undelivered TRANSACTION_ERROR: 29189 [ 743.146854] binder: 6674:6683 transaction failed 29189/-22, size 0-0 line 2856 [ 743.155106] binder: 6678:6687 unknown command 16456 [ 743.163479] binder: 6678:6687 ioctl c0306201 20000040 returned -22 [ 743.174929] FAULT_INJECTION: forcing a failure. [ 743.174929] name failslab, interval 1, probability 0, space 0, times 0 2018/05/04 10:55:51 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800e0000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:51 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x300000000000000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 743.186214] CPU: 0 PID: 6684 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 743.193412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 743.202773] Call Trace: [ 743.205383] dump_stack+0x1b9/0x294 [ 743.209035] ? dump_stack_print_info.cold.2+0x52/0x52 [ 743.214243] ? find_held_lock+0x36/0x1c0 [ 743.218328] should_fail.cold.4+0xa/0x1a [ 743.222407] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 743.227535] ? kasan_check_read+0x11/0x20 [ 743.231704] ? rcu_bh_force_quiescent_state+0x20/0x20 2018/05/04 10:55:51 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x6800000000000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x100000000000000) [ 743.236922] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 743.242131] ? find_held_lock+0x36/0x1c0 [ 743.246228] ? check_same_owner+0x320/0x320 [ 743.250570] ? rcu_note_context_switch+0x710/0x710 [ 743.254478] binder: undelivered TRANSACTION_ERROR: 29189 [ 743.255509] ? save_stack+0xa9/0xd0 [ 743.255530] __should_failslab+0x124/0x180 [ 743.255551] should_failslab+0x9/0x14 [ 743.255569] kmem_cache_alloc+0x2af/0x760 [ 743.255597] getname_flags+0xd0/0x5a0 [ 743.255614] user_path_at_empty+0x2d/0x50 [ 743.255630] do_mount+0x172/0x3070 [ 743.288329] ? copy_mount_string+0x40/0x40 [ 743.292583] ? rcu_pm_notify+0xc0/0xc0 [ 743.296499] ? copy_mount_options+0x5f/0x380 [ 743.300928] ? rcu_read_lock_sched_held+0x108/0x120 [ 743.302960] binder: 6697:6698 transaction failed 29189/-22, size 0-0 line 2856 [ 743.305954] ? kmem_cache_alloc_trace+0x616/0x780 [ 743.305979] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 743.305996] ? _copy_from_user+0xdf/0x150 [ 743.306017] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 743.306033] ? copy_mount_options+0x285/0x380 2018/05/04 10:55:51 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x100000000000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 743.306051] ksys_mount+0x12d/0x140 [ 743.306069] __x64_sys_mount+0xbe/0x150 [ 743.306084] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 743.306100] do_syscall_64+0x1b1/0x800 [ 743.306119] ? finish_task_switch+0x1ca/0x810 [ 743.339989] binder: undelivered TRANSACTION_ERROR: 29189 [ 743.341642] ? syscall_return_slowpath+0x5c0/0x5c0 [ 743.341659] ? syscall_return_slowpath+0x30f/0x5c0 [ 743.341682] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 743.341702] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 743.341722] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 743.341733] RIP: 0033:0x455979 [ 743.341740] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 743.341759] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 743.358390] binder: 6697:6698 transaction failed 29189/-22, size 0-0 line 2856 [ 743.359079] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 743.359089] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 743.359098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 2018/05/04 10:55:51 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x68000000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:51 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800e0000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:51 executing program 2 (fault-call:3 fault-nth:6): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:51 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400300}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:51 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x600, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 743.359107] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 743.539202] binder: undelivered TRANSACTION_ERROR: 29189 [ 743.541700] FAULT_INJECTION: forcing a failure. [ 743.541700] name failslab, interval 1, probability 0, space 0, times 0 [ 743.556059] CPU: 0 PID: 6716 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 743.563262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 743.572622] Call Trace: [ 743.575209] dump_stack+0x1b9/0x294 [ 743.578841] ? dump_stack_print_info.cold.2+0x52/0x52 [ 743.584036] ? find_held_lock+0x36/0x1c0 [ 743.588097] should_fail.cold.4+0xa/0x1a [ 743.592156] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 743.597257] ? kasan_check_read+0x11/0x20 [ 743.601400] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 743.606595] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 743.611792] ? find_held_lock+0x36/0x1c0 [ 743.615861] ? check_same_owner+0x320/0x320 [ 743.620179] ? rcu_note_context_switch+0x710/0x710 [ 743.625107] ? save_stack+0xa9/0xd0 [ 743.628732] __should_failslab+0x124/0x180 [ 743.632971] should_failslab+0x9/0x14 [ 743.636775] kmem_cache_alloc+0x2af/0x760 [ 743.640921] getname_flags+0xd0/0x5a0 [ 743.644725] user_path_at_empty+0x2d/0x50 [ 743.648870] do_mount+0x172/0x3070 [ 743.652414] ? copy_mount_string+0x40/0x40 [ 743.656638] ? rcu_pm_notify+0xc0/0xc0 [ 743.660525] ? copy_mount_options+0x5f/0x380 [ 743.664959] ? rcu_read_lock_sched_held+0x108/0x120 [ 743.669979] ? kmem_cache_alloc_trace+0x616/0x780 [ 743.674835] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 743.680386] ? _copy_from_user+0xdf/0x150 [ 743.684532] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 743.690075] ? copy_mount_options+0x285/0x380 [ 743.694566] ksys_mount+0x12d/0x140 [ 743.698192] __x64_sys_mount+0xbe/0x150 [ 743.702167] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 743.707183] do_syscall_64+0x1b1/0x800 [ 743.711061] ? finish_task_switch+0x1ca/0x810 [ 743.715562] ? syscall_return_slowpath+0x5c0/0x5c0 [ 743.720501] ? syscall_return_slowpath+0x30f/0x5c0 [ 743.725427] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 743.730802] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 743.735646] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 743.740829] RIP: 0033:0x455979 [ 743.744040] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 743.751742] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 743.759012] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 743.766283] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 743.773543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 743.780808] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:55:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x6000000000000000) 2018/05/04 10:55:52 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xc0f}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:52 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10020], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:52 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x7a, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:52 executing program 2 (fault-call:3 fault-nth:7): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:52 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:55:52 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0xffff8000]}]}) 2018/05/04 10:55:52 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000000)={0x0, 0x80000, 0xffffffffffffff9c}) r2 = syz_open_dev$mice(&(0x7f0000000080)='/dev/input/mice\x00', 0x0, 0x0) io_cancel(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x1, r1, &(0x7f0000000040)="408958b17651d45cb8c70a5c70ae835f6defc4b8a61606f9bb518bda5eef4357", 0x20, 0x0, 0x0, 0x1, r2}, &(0x7f0000000100)) io_destroy(r0) [ 744.190272] binder: 6728:6730 transaction failed 29189/-22, size 0-0 line 2856 [ 744.202191] nla_parse: 4 callbacks suppressed [ 744.202200] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 744.232753] binder: undelivered TRANSACTION_ERROR: 29189 [ 744.249859] FAULT_INJECTION: forcing a failure. [ 744.249859] name failslab, interval 1, probability 0, space 0, times 0 [ 744.253967] binder: 6728:6730 transaction failed 29189/-22, size 0-0 line 2856 [ 744.261299] CPU: 1 PID: 6738 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 744.276644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 744.286007] Call Trace: [ 744.288614] dump_stack+0x1b9/0x294 [ 744.292262] ? dump_stack_print_info.cold.2+0x52/0x52 [ 744.297473] ? find_held_lock+0x36/0x1c0 [ 744.301553] should_fail.cold.4+0xa/0x1a [ 744.305647] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 744.307039] binder: undelivered TRANSACTION_ERROR: 29189 [ 744.310767] ? kasan_check_read+0x11/0x20 [ 744.310789] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 744.310807] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 744.310826] ? find_held_lock+0x36/0x1c0 [ 744.334849] ? check_same_owner+0x320/0x320 [ 744.339192] ? rcu_note_context_switch+0x710/0x710 [ 744.344140] ? save_stack+0xa9/0xd0 [ 744.347777] __should_failslab+0x124/0x180 [ 744.352024] should_failslab+0x9/0x14 [ 744.355849] kmem_cache_alloc+0x2af/0x760 [ 744.360012] ? find_held_lock+0x36/0x1c0 [ 744.364096] getname_flags+0xd0/0x5a0 [ 744.367911] user_path_at_empty+0x2d/0x50 [ 744.372071] do_mount+0x172/0x3070 [ 744.375487] binder: 6746:6747 transaction failed 29189/-22, size 0-0 line 2856 [ 744.375620] ? do_raw_spin_unlock+0x9e/0x2e0 [ 744.375641] ? copy_mount_string+0x40/0x40 [ 744.375657] ? rcu_pm_notify+0xc0/0xc0 [ 744.375682] ? copy_mount_options+0x5f/0x380 [ 744.399943] ? rcu_read_lock_sched_held+0x108/0x120 [ 744.404979] ? kmem_cache_alloc_trace+0x616/0x780 [ 744.406383] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 744.409837] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 744.409859] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 2018/05/04 10:55:52 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffff000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:52 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x7000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0xffffff7f) 2018/05/04 10:55:52 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x6000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 744.409875] ? copy_mount_options+0x285/0x380 [ 744.409894] ksys_mount+0x12d/0x140 [ 744.409911] __x64_sys_mount+0xbe/0x150 [ 744.409927] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 744.409945] do_syscall_64+0x1b1/0x800 [ 744.409965] ? finish_task_switch+0x1ca/0x810 [ 744.418963] binder: undelivered TRANSACTION_ERROR: 29189 [ 744.424060] ? syscall_return_slowpath+0x5c0/0x5c0 [ 744.424076] ? syscall_return_slowpath+0x30f/0x5c0 [ 744.424095] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 744.424114] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 744.424134] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 744.424145] RIP: 0033:0x455979 [ 744.424153] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 744.424169] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 744.424176] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 744.424189] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 744.443151] binder: 6746:6747 transaction failed 29189/-22, size 0-0 line 2856 [ 744.446769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 744.446778] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 744.552068] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:55:53 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x300000000000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:53 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x7}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:53 executing program 2 (fault-call:3 fault-nth:8): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:53 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x2000000000000000) 2018/05/04 10:55:53 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x17]}]}) 2018/05/04 10:55:53 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:55:53 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r0, 0x2, 0x1, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) io_destroy(r0) 2018/05/04 10:55:53 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ff7f00000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 745.313968] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 745.319671] binder: 6760:6762 transaction failed 29189/-22, size 0-0 line 2856 [ 745.365457] binder: undelivered TRANSACTION_ERROR: 29189 [ 745.371858] FAULT_INJECTION: forcing a failure. [ 745.371858] name failslab, interval 1, probability 0, space 0, times 0 [ 745.383213] CPU: 0 PID: 6772 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 745.390415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 745.399777] Call Trace: [ 745.402374] dump_stack+0x1b9/0x294 [ 745.406015] ? dump_stack_print_info.cold.2+0x52/0x52 [ 745.411217] should_fail.cold.4+0xa/0x1a [ 745.415269] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 745.420368] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 745.425551] ? is_bpf_text_address+0xd7/0x170 [ 745.430050] ? find_held_lock+0x36/0x1c0 [ 745.434208] ? check_same_owner+0x320/0x320 [ 745.438519] ? kasan_slab_free+0xe/0x10 [ 745.443583] ? kmem_cache_free+0x86/0x2d0 [ 745.447723] ? putname+0xf2/0x130 [ 745.451167] ? rcu_note_context_switch+0x710/0x710 [ 745.456170] ? ksys_mount+0x12d/0x140 [ 745.459963] ? __x64_sys_mount+0xbe/0x150 [ 745.464272] ? do_syscall_64+0x1b1/0x800 [ 745.468322] __should_failslab+0x124/0x180 [ 745.472548] should_failslab+0x9/0x14 [ 745.476336] kmem_cache_alloc+0x2af/0x760 [ 745.480477] ? kasan_check_write+0x14/0x20 [ 745.484705] ? do_raw_spin_lock+0xc1/0x200 [ 745.488945] alloc_vfsmnt+0xe0/0x9d0 [ 745.492648] ? mnt_free_id.isra.27+0x60/0x60 [ 745.497047] ? kasan_check_read+0x11/0x20 [ 745.501187] ? graph_lock+0x170/0x170 [ 745.504994] ? rcu_pm_notify+0xc0/0xc0 [ 745.508883] ? trace_hardirqs_off+0xd/0x10 [ 745.513109] ? putname+0xf2/0x130 [ 745.516552] ? putname+0xf2/0x130 [ 745.519997] ? find_held_lock+0x36/0x1c0 [ 745.524062] ? lock_downgrade+0x8e0/0x8e0 [ 745.528210] ? module_unload_free+0x5b0/0x5b0 [ 745.532699] ? lock_release+0xa10/0xa10 [ 745.536675] ? mpi_free.cold.1+0x19/0x19 [ 745.540826] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 745.546360] vfs_kern_mount.part.34+0x88/0x4d0 [ 745.550943] ? may_umount+0xb0/0xb0 [ 745.554564] ? _raw_read_unlock+0x22/0x30 [ 745.558709] ? __get_fs_type+0x97/0xc0 [ 745.562591] do_mount+0x564/0x3070 [ 745.566130] ? copy_mount_string+0x40/0x40 [ 745.570353] ? rcu_pm_notify+0xc0/0xc0 [ 745.574235] ? copy_mount_options+0x5f/0x380 [ 745.578631] ? rcu_read_lock_sched_held+0x108/0x120 [ 745.583639] ? kmem_cache_alloc_trace+0x616/0x780 [ 745.588475] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 745.594020] ? _copy_from_user+0xdf/0x150 [ 745.598172] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 745.603715] ? copy_mount_options+0x285/0x380 [ 745.608206] ksys_mount+0x12d/0x140 [ 745.611835] __x64_sys_mount+0xbe/0x150 [ 745.615801] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 745.620811] do_syscall_64+0x1b1/0x800 [ 745.624695] ? finish_task_switch+0x1ca/0x810 [ 745.629180] ? syscall_return_slowpath+0x5c0/0x5c0 [ 745.634102] ? syscall_return_slowpath+0x30f/0x5c0 [ 745.639028] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 745.644399] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 745.649232] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 745.654406] RIP: 0033:0x455979 [ 745.657582] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 2018/05/04 10:55:53 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x80000) connect$pptp(r1, &(0x7f0000000040)={0x18, 0x2, {0x3, @broadcast=0xffffffff}}, 0x1e) io_destroy(r0) 2018/05/04 10:55:53 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x60}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:53 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x7a00000000000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 745.665290] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 745.672545] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 745.679801] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 745.687058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 745.694315] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 745.705706] binder: 6760:6762 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:55:53 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f0f0020], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x5) [ 745.769394] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 745.774899] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:55:53 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffff000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:53 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:53 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0xffffff7f00000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:53 executing program 2 (fault-call:3 fault-nth:9): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) [ 745.817813] binder: 6790:6791 transaction failed 29189/-22, size 0-0 line 2856 [ 745.847987] binder: undelivered TRANSACTION_ERROR: 29189 [ 745.856015] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. 2018/05/04 10:55:53 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:53 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x7a00}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 745.875341] binder: 6790:6791 transaction failed 29189/-22, size 0-0 line 2856 [ 745.924481] binder: undelivered TRANSACTION_ERROR: 29189 [ 745.935564] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 745.960788] FAULT_INJECTION: forcing a failure. [ 745.960788] name failslab, interval 1, probability 0, space 0, times 0 [ 745.972182] CPU: 1 PID: 6804 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 745.979378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 745.988742] Call Trace: [ 745.991353] dump_stack+0x1b9/0x294 [ 745.995004] ? dump_stack_print_info.cold.2+0x52/0x52 [ 746.000220] ? kasan_check_write+0x14/0x20 [ 746.004481] should_fail.cold.4+0xa/0x1a [ 746.008568] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 746.013699] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 746.019348] ? rcu_is_watching+0x85/0x140 [ 746.023518] ? rcu_pm_notify+0xc0/0xc0 [ 746.027415] ? find_held_lock+0x36/0x1c0 [ 746.031481] ? check_same_owner+0x320/0x320 [ 746.035803] ? rcu_note_context_switch+0x710/0x710 [ 746.041073] __should_failslab+0x124/0x180 [ 746.045315] should_failslab+0x9/0x14 [ 746.049116] kmem_cache_alloc_trace+0x2cb/0x780 [ 746.053871] ? kasan_check_write+0x14/0x20 [ 746.058105] ? do_raw_spin_lock+0xc1/0x200 [ 746.062343] sget_userns+0x1c7/0xf00 [ 746.066057] ? get_anon_bdev+0x2f0/0x2f0 [ 746.070128] ? destroy_unused_super.part.11+0x110/0x110 [ 746.075487] ? __alloc_pages_nodemask+0xacf/0xd70 [ 746.080335] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 746.085380] ? kasan_check_read+0x11/0x20 [ 746.089524] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 746.095065] ? cap_capable+0x1f9/0x260 [ 746.098963] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 746.104505] ? security_capable+0x99/0xc0 [ 746.108659] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 746.114198] ? ns_capable_common+0x13f/0x170 [ 746.118610] ? get_anon_bdev+0x2f0/0x2f0 [ 746.122674] sget+0x10b/0x150 [ 746.125790] ? fuse_get_root_inode+0x190/0x190 [ 746.130381] mount_nodev+0x33/0x110 [ 746.134016] fuse_mount+0x2c/0x40 [ 746.137485] mount_fs+0xae/0x328 [ 746.140871] vfs_kern_mount.part.34+0xd4/0x4d0 [ 746.145477] ? may_umount+0xb0/0xb0 [ 746.149110] ? _raw_read_unlock+0x22/0x30 [ 746.153271] ? __get_fs_type+0x97/0xc0 [ 746.157170] do_mount+0x564/0x3070 [ 746.160701] ? copy_mount_string+0x40/0x40 [ 746.164927] ? rcu_pm_notify+0xc0/0xc0 [ 746.168807] ? copy_mount_options+0x5f/0x380 [ 746.173206] ? rcu_read_lock_sched_held+0x108/0x120 [ 746.178213] ? kmem_cache_alloc_trace+0x616/0x780 [ 746.183061] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 746.188609] ? _copy_from_user+0xdf/0x150 [ 746.192781] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 746.198311] ? copy_mount_options+0x285/0x380 [ 746.202796] ksys_mount+0x12d/0x140 [ 746.206422] __x64_sys_mount+0xbe/0x150 [ 746.210394] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 746.215412] do_syscall_64+0x1b1/0x800 [ 746.219289] ? finish_task_switch+0x1ca/0x810 [ 746.223774] ? syscall_return_slowpath+0x5c0/0x5c0 [ 746.228693] ? syscall_return_slowpath+0x30f/0x5c0 [ 746.233620] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 746.238989] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 746.243835] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 746.249014] RIP: 0033:0x455979 [ 746.252199] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 746.259902] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 746.267175] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 746.275112] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 746.282382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 746.289644] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:55:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x4800000000000000) 2018/05/04 10:55:54 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f0f002000000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:54 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x4000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:54 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x6c00}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:54 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000cd8ff4)) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000007000)) epoll_wait(0xffffffffffffffff, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:55:54 executing program 2 (fault-call:3 fault-nth:10): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:54 executing program 5: io_setup(0x6, &(0x7f0000000040)=0x0) io_getevents(r0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) io_destroy(r0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/udplite6\x00') ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0) 2018/05/04 10:55:54 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0xfffffdfd]}]}) [ 746.613417] binder: 6820:6822 transaction failed 29189/-22, size 0-0 line 2856 [ 746.626975] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 746.647311] binder: undelivered TRANSACTION_ERROR: 29189 [ 746.661302] FAULT_INJECTION: forcing a failure. [ 746.661302] name failslab, interval 1, probability 0, space 0, times 0 [ 746.663203] binder: 6820:6822 transaction failed 29189/-22, size 0-0 line 2856 [ 746.672733] CPU: 0 PID: 6829 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 746.687226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 746.696591] Call Trace: [ 746.699199] dump_stack+0x1b9/0x294 [ 746.702846] ? dump_stack_print_info.cold.2+0x52/0x52 [ 746.708060] ? kernel_text_address+0x79/0xf0 [ 746.712490] ? __unwind_start+0x166/0x330 [ 746.716658] ? __kernel_text_address+0xd/0x40 [ 746.721181] should_fail.cold.4+0xa/0x1a [ 746.725270] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 746.730404] ? save_stack+0x43/0xd0 [ 746.734053] ? kasan_kmalloc+0xc4/0xe0 [ 746.737051] binder: undelivered TRANSACTION_ERROR: 29189 [ 746.738033] ? kasan_slab_alloc+0x12/0x20 [ 746.738051] ? kmem_cache_alloc+0x12e/0x760 [ 746.738065] ? alloc_vfsmnt+0xe0/0x9d0 [ 746.738080] ? vfs_kern_mount.part.34+0x88/0x4d0 [ 746.738099] ? find_held_lock+0x36/0x1c0 [ 746.738133] ? check_same_owner+0x320/0x320 [ 746.769026] ? rcu_note_context_switch+0x710/0x710 [ 746.773982] __should_failslab+0x124/0x180 [ 746.778238] should_failslab+0x9/0x14 [ 746.782058] __kmalloc_track_caller+0x2c4/0x760 [ 746.786742] ? kasan_check_read+0x11/0x20 [ 746.790907] ? do_raw_spin_unlock+0x9e/0x2e0 [ 746.795331] ? kstrdup_const+0x66/0x80 [ 746.799244] kstrdup+0x39/0x70 [ 746.802451] kstrdup_const+0x66/0x80 [ 746.806177] alloc_vfsmnt+0x1b3/0x9d0 [ 746.809991] ? mnt_free_id.isra.27+0x60/0x60 [ 746.814410] ? kasan_check_read+0x11/0x20 [ 746.818570] ? graph_lock+0x170/0x170 [ 746.822400] ? rcu_pm_notify+0xc0/0xc0 [ 746.823766] binder: 6837:6838 transaction failed 29189/-22, size 0-0 line 2856 [ 746.826301] ? trace_hardirqs_off+0xd/0x10 [ 746.826320] ? putname+0xf2/0x130 [ 746.826337] ? putname+0xf2/0x130 [ 746.826353] ? find_held_lock+0x36/0x1c0 [ 746.826377] ? lock_downgrade+0x8e0/0x8e0 [ 746.826392] ? module_unload_free+0x5b0/0x5b0 [ 746.826406] ? lock_release+0xa10/0xa10 [ 746.826424] ? mpi_free.cold.1+0x19/0x19 [ 746.826446] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 746.853375] binder: undelivered TRANSACTION_ERROR: 29189 [ 746.857590] vfs_kern_mount.part.34+0x88/0x4d0 [ 746.857609] ? may_umount+0xb0/0xb0 [ 746.857628] ? _raw_read_unlock+0x22/0x30 [ 746.857640] ? __get_fs_type+0x97/0xc0 [ 746.857660] do_mount+0x564/0x3070 [ 746.857676] ? do_raw_spin_unlock+0x9e/0x2e0 [ 746.857693] ? copy_mount_string+0x40/0x40 [ 746.857707] ? rcu_pm_notify+0xc0/0xc0 [ 746.857726] ? copy_mount_options+0x5f/0x380 [ 746.857744] ? rcu_read_lock_sched_held+0x108/0x120 [ 746.876136] binder: 6837:6838 transaction failed 29189/-22, size 0-0 line 2856 [ 746.876898] ? kmem_cache_alloc_trace+0x616/0x780 [ 746.876921] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 746.876942] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 746.876959] ? copy_mount_options+0x285/0x380 [ 746.876976] ksys_mount+0x12d/0x140 [ 746.876992] __x64_sys_mount+0xbe/0x150 [ 746.954395] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 746.959405] do_syscall_64+0x1b1/0x800 [ 746.963283] ? finish_task_switch+0x1ca/0x810 [ 746.967768] ? syscall_return_slowpath+0x5c0/0x5c0 [ 746.972688] ? syscall_return_slowpath+0x30f/0x5c0 [ 746.977615] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 746.982970] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 746.987803] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 746.992979] RIP: 0033:0x455979 [ 746.996154] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 747.003852] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 2018/05/04 10:55:54 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x74000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:54 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ff7f], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:54 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xf}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:54 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = epoll_create1(0x0) epoll_wait(r1, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000cd8ff4)) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000007000)) epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:55:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x20000000) 2018/05/04 10:55:54 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x6, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 747.011108] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 747.018371] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 747.025630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 747.032889] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 747.045007] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. 2018/05/04 10:55:55 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x68000000) [ 747.068881] binder: 6841:6844 unknown command 0 [ 747.071313] binder: undelivered TRANSACTION_ERROR: 29189 [ 747.078626] binder: 6841:6844 ioctl c0306201 20000040 returned -22 [ 747.119521] binder: 6845:6847 transaction failed 29189/-22, size 0-0 line 2856 [ 747.138325] binder: undelivered TRANSACTION_ERROR: 29189 [ 747.144514] binder: 6845:6847 transaction failed 29189/-22, size 0-0 line 2856 [ 747.165853] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:55:55 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe80], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:55 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x68, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:55 executing program 2 (fault-call:3 fault-nth:11): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:55 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2900000000000000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:55 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x7) 2018/05/04 10:55:55 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x400, 0x0) connect$ipx(r1, &(0x7f0000000040)={0x4, 0xf0b, 0x45, "8799f63ebcc8", 0x7}, 0x10) io_getevents(r0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) 2018/05/04 10:55:55 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = epoll_create1(0x0) epoll_wait(r1, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000cd8ff4)) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000007000)) epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:55:55 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0xf00000000000000]}]}) 2018/05/04 10:55:55 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x140], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 747.756843] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 747.767665] binder: 6865:6866 transaction failed 29189/-22, size 0-0 line 2856 [ 747.779465] binder: undelivered TRANSACTION_ERROR: 29189 [ 747.788773] binder: 6865:6866 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:55:55 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4c00}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 747.848510] binder: undelivered TRANSACTION_ERROR: 29189 [ 747.854893] FAULT_INJECTION: forcing a failure. [ 747.854893] name failslab, interval 1, probability 0, space 0, times 0 [ 747.866835] CPU: 1 PID: 6871 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 747.869908] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 747.874071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 747.892152] Call Trace: [ 747.894765] dump_stack+0x1b9/0x294 2018/05/04 10:55:55 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x7a00000000000000) 2018/05/04 10:55:55 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffff000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 747.898413] ? dump_stack_print_info.cold.2+0x52/0x52 [ 747.903627] ? kernel_text_address+0x79/0xf0 [ 747.908062] ? __unwind_start+0x166/0x330 [ 747.912240] should_fail.cold.4+0xa/0x1a [ 747.916342] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 747.921493] ? graph_lock+0x170/0x170 [ 747.925923] ? save_stack+0x43/0xd0 [ 747.929569] ? kasan_kmalloc+0xc4/0xe0 [ 747.933477] ? __kmalloc+0x14e/0x760 [ 747.937212] ? __list_lru_init+0xdd/0x790 [ 747.941380] ? find_held_lock+0x36/0x1c0 2018/05/04 10:55:56 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x7, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:56 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001000000000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:56 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xf00000000000000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 747.945466] ? __lock_is_held+0xb5/0x140 [ 747.949560] ? check_same_owner+0x320/0x320 [ 747.953909] ? rcu_note_context_switch+0x710/0x710 [ 747.958864] __should_failslab+0x124/0x180 [ 747.963132] should_failslab+0x9/0x14 [ 747.966951] kmem_cache_alloc_node_trace+0x26f/0x770 [ 747.972075] ? mark_held_locks+0xc9/0x160 [ 747.976307] ? __raw_spin_lock_init+0x1c/0x100 [ 747.980922] __kmalloc_node+0x33/0x70 [ 747.984747] kvmalloc_node+0x6b/0x100 [ 747.988577] __list_lru_init+0x559/0x790 [ 747.992661] ? list_lru_destroy+0x4c0/0x4c0 2018/05/04 10:55:56 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xc40d0000}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 747.997007] ? mark_held_locks+0xc9/0x160 [ 748.001171] ? __raw_spin_lock_init+0x1c/0x100 [ 748.005768] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 748.010803] ? __lockdep_init_map+0x105/0x590 [ 748.015332] ? lockdep_init_map+0x9/0x10 [ 748.019421] sget_userns+0x73a/0xf00 [ 748.023156] ? get_anon_bdev+0x2f0/0x2f0 [ 748.027248] ? destroy_unused_super.part.11+0x110/0x110 [ 748.032630] ? __alloc_pages_nodemask+0xacf/0xd70 [ 748.037509] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 748.042553] ? kasan_check_read+0x11/0x20 2018/05/04 10:55:56 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x600}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 748.047094] ? cap_capable+0x1f9/0x260 [ 748.051011] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 748.056585] ? security_capable+0x99/0xc0 [ 748.060755] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 748.065953] binder: 6877:6885 transaction failed 29189/-22, size 0-0 line 2856 [ 748.066305] ? ns_capable_common+0x13f/0x170 [ 748.066323] ? get_anon_bdev+0x2f0/0x2f0 [ 748.066341] sget+0x10b/0x150 [ 748.085343] ? fuse_get_root_inode+0x190/0x190 [ 748.089948] mount_nodev+0x33/0x110 [ 748.093612] fuse_mount+0x2c/0x40 [ 748.097087] mount_fs+0xae/0x328 [ 748.100474] vfs_kern_mount.part.34+0xd4/0x4d0 [ 748.100652] binder: undelivered TRANSACTION_ERROR: 29189 [ 748.105072] ? may_umount+0xb0/0xb0 [ 748.105090] ? _raw_read_unlock+0x22/0x30 [ 748.105103] ? __get_fs_type+0x97/0xc0 [ 748.105122] do_mount+0x564/0x3070 [ 748.105142] ? copy_mount_string+0x40/0x40 [ 748.105159] ? rcu_pm_notify+0xc0/0xc0 [ 748.105180] ? copy_mount_options+0x5f/0x380 [ 748.105193] ? rcu_read_lock_sched_held+0x108/0x120 [ 748.105209] ? kmem_cache_alloc_trace+0x616/0x780 [ 748.105230] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 748.133655] binder: 6877:6885 transaction failed 29189/-22, size 0-0 line 2856 [ 748.133967] ? _copy_from_user+0xdf/0x150 [ 748.165235] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 748.170792] ? copy_mount_options+0x285/0x380 [ 748.175309] ksys_mount+0x12d/0x140 [ 748.178959] __x64_sys_mount+0xbe/0x150 [ 748.182409] binder: undelivered TRANSACTION_ERROR: 29189 [ 748.182950] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 748.193411] do_syscall_64+0x1b1/0x800 2018/05/04 10:55:56 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd1e1ff7f00000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 748.197325] ? finish_task_switch+0x1ca/0x810 [ 748.198536] binder: 6881:6887 unknown command 0 [ 748.201832] ? syscall_return_slowpath+0x5c0/0x5c0 [ 748.201849] ? syscall_return_slowpath+0x30f/0x5c0 [ 748.201867] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 748.201885] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 748.201903] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 748.208399] binder: 6881:6887 ioctl c0306201 20000040 returned -22 [ 748.211496] RIP: 0033:0x455979 [ 748.211505] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 748.211521] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 748.211529] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 748.211538] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 748.211547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 748.211555] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:55:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x6800) 2018/05/04 10:55:56 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x325, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:56 executing program 2 (fault-call:3 fault-nth:12): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:56 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x60, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:56 executing program 5: io_setup(0x401, &(0x7f0000000000)=0x0) io_getevents(r0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) io_destroy(r0) epoll_create1(0x80000) r1 = syz_open_dev$adsp(&(0x7f00000000c0)='/dev/adsp#\x00', 0x9, 0x101000) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000100)=0x7, 0x4) r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x9, 0x100) ioctl$GIO_SCRNMAP(r2, 0x4b40, &(0x7f0000000080)=""/27) 2018/05/04 10:55:56 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x1700000000000000]}]}) 2018/05/04 10:55:56 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = epoll_create1(0x0) epoll_wait(r1, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000cd8ff4)) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000007000)) epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:55:56 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800e000000000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:56 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd1e1ff7f], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:56 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x30a, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 748.838550] binder: 6911:6913 transaction failed 29189/-22, size 0-0 line 2856 [ 748.873567] binder: undelivered TRANSACTION_ERROR: 29189 [ 748.906609] binder: 6911:6913 transaction failed 29189/-22, size 0-0 line 2856 [ 748.953914] binder: undelivered TRANSACTION_ERROR: 29189 [ 748.954106] FAULT_INJECTION: forcing a failure. [ 748.954106] name failslab, interval 1, probability 0, space 0, times 0 [ 748.970823] CPU: 1 PID: 6918 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 748.978019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 748.987384] Call Trace: [ 748.989985] dump_stack+0x1b9/0x294 [ 748.993637] ? dump_stack_print_info.cold.2+0x52/0x52 [ 748.998870] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 749.004105] should_fail.cold.4+0xa/0x1a [ 749.008186] ? is_bpf_text_address+0xd7/0x170 [ 749.012704] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 749.017829] ? unwind_get_return_address+0x61/0xa0 [ 749.022758] ? __save_stack_trace+0x7e/0xd0 [ 749.027079] ? graph_lock+0x170/0x170 [ 749.030875] ? find_held_lock+0x36/0x1c0 [ 749.034947] ? __lock_is_held+0xb5/0x140 [ 749.039047] ? check_same_owner+0x320/0x320 [ 749.043378] ? rcu_note_context_switch+0x710/0x710 [ 749.048319] __should_failslab+0x124/0x180 [ 749.052561] should_failslab+0x9/0x14 [ 749.056374] kmem_cache_alloc_trace+0x2cb/0x780 [ 749.061048] ? __kmalloc_node+0x33/0x70 [ 749.065192] ? __kmalloc_node+0x33/0x70 [ 749.069160] ? rcu_read_lock_sched_held+0x108/0x120 [ 749.074188] __memcg_init_list_lru_node+0x17d/0x2c0 [ 749.079207] ? kvfree_rcu+0x20/0x20 [ 749.082824] ? __kmalloc_node+0x47/0x70 [ 749.086788] __list_lru_init+0x456/0x790 [ 749.090849] ? list_lru_destroy+0x4c0/0x4c0 [ 749.095175] ? mark_held_locks+0xc9/0x160 [ 749.099312] ? __raw_spin_lock_init+0x1c/0x100 [ 749.103891] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 749.108932] ? __lockdep_init_map+0x105/0x590 [ 749.113415] ? lockdep_init_map+0x9/0x10 [ 749.117472] sget_userns+0x73a/0xf00 [ 749.121172] ? get_anon_bdev+0x2f0/0x2f0 [ 749.125229] ? destroy_unused_super.part.11+0x110/0x110 [ 749.130594] ? __alloc_pages_nodemask+0xacf/0xd70 [ 749.135438] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 749.140453] ? kasan_check_read+0x11/0x20 [ 749.144603] ? cap_capable+0x1f9/0x260 [ 749.148506] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 749.154047] ? security_capable+0x99/0xc0 [ 749.158195] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 749.163726] ? ns_capable_common+0x13f/0x170 [ 749.168129] ? get_anon_bdev+0x2f0/0x2f0 [ 749.172181] sget+0x10b/0x150 [ 749.175283] ? fuse_get_root_inode+0x190/0x190 [ 749.179855] mount_nodev+0x33/0x110 [ 749.183484] fuse_mount+0x2c/0x40 [ 749.186929] mount_fs+0xae/0x328 [ 749.190305] vfs_kern_mount.part.34+0xd4/0x4d0 [ 749.194891] ? may_umount+0xb0/0xb0 [ 749.198513] ? _raw_read_unlock+0x22/0x30 [ 749.202649] ? __get_fs_type+0x97/0xc0 [ 749.206535] do_mount+0x564/0x3070 [ 749.210079] ? copy_mount_string+0x40/0x40 [ 749.214317] ? rcu_pm_notify+0xc0/0xc0 [ 749.218207] ? copy_mount_options+0x5f/0x380 [ 749.222607] ? rcu_read_lock_sched_held+0x108/0x120 [ 749.227631] ? kmem_cache_alloc_trace+0x616/0x780 [ 749.232488] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 749.238024] ? _copy_from_user+0xdf/0x150 [ 749.242186] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 749.247733] ? copy_mount_options+0x285/0x380 [ 749.252251] ksys_mount+0x12d/0x140 [ 749.255878] __x64_sys_mount+0xbe/0x150 [ 749.259858] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 749.264897] do_syscall_64+0x1b1/0x800 [ 749.268791] ? finish_task_switch+0x1ca/0x810 [ 749.273287] ? syscall_return_slowpath+0x5c0/0x5c0 [ 749.278222] ? syscall_return_slowpath+0x30f/0x5c0 [ 749.283161] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 749.288525] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 749.293361] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 749.298543] RIP: 0033:0x455979 [ 749.301715] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 749.309410] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 749.316664] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 749.323927] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 749.331195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 749.338456] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:55:57 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x700) 2018/05/04 10:55:57 executing program 2 (fault-call:3 fault-nth:13): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:57 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:57 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x2000000000000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:57 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0xfdfdffff00000000]}]}) 2018/05/04 10:55:57 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000500)='/dev/dsp\x00', 0x28000, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f0000000540)={'mangle\x00', 0x3, [{}, {}, {}]}, 0x58) io_getevents(r0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) io_destroy(r0) r2 = accept$ax25(0xffffffffffffff9c, &(0x7f0000000080), &(0x7f00000000c0)=0x10) recvmmsg(r2, &(0x7f0000000440)=[{{&(0x7f0000000100)=@pppol2tpv3={0x0, 0x0, {0x0, 0xffffffffffffffff, {0x0, 0x0, @rand_addr}}}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000180)=""/63, 0x3f}, {&(0x7f00000001c0)=""/63, 0x3f}, {&(0x7f0000000200)=""/133, 0x85}, {&(0x7f00000002c0)=""/176, 0xb0}], 0x4, &(0x7f00000003c0)=""/75, 0x4b}, 0x2}], 0x1, 0x0, &(0x7f0000000480)={0x0, 0x1c9c380}) r3 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x800, 0x440100) connect$ipx(r3, &(0x7f0000000040)={0x4, 0x1297, 0x0, "995a95697a0f", 0x10001}, 0x10) accept$ax25(r3, &(0x7f00000004c0), &(0x7f00000005c0)=0x10) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000600)=0x1d) 2018/05/04 10:55:57 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) [ 749.961055] nla_parse: 6 callbacks suppressed [ 749.961065] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 749.976659] binder: 6942:6943 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:55:58 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1002000000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:58 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x2000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 750.013377] binder: undelivered TRANSACTION_ERROR: 29189 [ 750.015017] FAULT_INJECTION: forcing a failure. [ 750.015017] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 750.030719] CPU: 1 PID: 6948 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 750.037444] binder: 6942:6943 transaction failed 29189/-22, size 0-0 line 2856 [ 750.037915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 750.054634] Call Trace: [ 750.057237] dump_stack+0x1b9/0x294 2018/05/04 10:55:58 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0xa00, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x1000000) [ 750.060903] ? dump_stack_print_info.cold.2+0x52/0x52 [ 750.066126] ? graph_lock+0x170/0x170 [ 750.069944] ? update_load_avg+0x2570/0x2570 [ 750.074373] should_fail.cold.4+0xa/0x1a [ 750.078448] ? print_usage_bug+0xc0/0xc0 [ 750.082524] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 750.087650] ? debug_check_no_locks_freed+0x310/0x310 [ 750.092875] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 750.093254] binder: undelivered TRANSACTION_ERROR: 29189 [ 750.097898] ? pcpu_next_fit_region.constprop.23+0x334/0x410 [ 750.097922] ? kasan_check_write+0x14/0x20 2018/05/04 10:55:58 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 750.097940] ? __mutex_unlock_slowpath+0x180/0x8a0 [ 750.097961] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 750.097975] ? should_fail+0x21b/0xbcd [ 750.097994] __alloc_pages_nodemask+0x34e/0xd70 [ 750.132458] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 750.137600] ? find_held_lock+0x36/0x1c0 [ 750.141702] ? check_same_owner+0x320/0x320 [ 750.146046] cache_grow_begin+0x72/0x6c0 [ 750.150131] kmem_cache_alloc_trace+0x6a5/0x780 [ 750.154839] ? kasan_check_write+0x14/0x20 [ 750.159090] ? do_raw_spin_lock+0xc1/0x200 [ 750.163344] sget_userns+0x1c7/0xf00 [ 750.166422] binder: 6954:6957 transaction failed 29189/-22, size 0-0 line 2856 [ 750.167059] ? get_anon_bdev+0x2f0/0x2f0 [ 750.167082] ? destroy_unused_super.part.11+0x110/0x110 [ 750.167100] ? __alloc_pages_nodemask+0xacf/0xd70 [ 750.179137] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 750.183852] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 750.183875] ? kasan_check_read+0x11/0x20 [ 750.183895] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 2018/05/04 10:55:58 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x1000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:58 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 750.183909] ? cap_capable+0x1f9/0x260 [ 750.183929] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 750.204551] binder: undelivered TRANSACTION_ERROR: 29189 [ 750.206460] ? security_capable+0x99/0xc0 [ 750.206484] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 750.206500] ? ns_capable_common+0x13f/0x170 [ 750.206516] ? get_anon_bdev+0x2f0/0x2f0 [ 750.206532] sget+0x10b/0x150 [ 750.237779] binder: 6954:6957 transaction failed 29189/-22, size 0-0 line 2856 [ 750.241135] ? fuse_get_root_inode+0x190/0x190 [ 750.241151] mount_nodev+0x33/0x110 2018/05/04 10:55:58 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x500, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 750.241166] fuse_mount+0x2c/0x40 [ 750.241182] mount_fs+0xae/0x328 [ 750.241200] vfs_kern_mount.part.34+0xd4/0x4d0 [ 750.241215] ? may_umount+0xb0/0xb0 [ 750.241231] ? _raw_read_unlock+0x22/0x30 [ 750.241247] ? __get_fs_type+0x97/0xc0 [ 750.275572] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 750.276208] do_mount+0x564/0x3070 [ 750.276228] ? do_raw_spin_unlock+0x9e/0x2e0 [ 750.276246] ? copy_mount_string+0x40/0x40 [ 750.276262] ? rcu_pm_notify+0xc0/0xc0 [ 750.276287] ? copy_mount_options+0x5f/0x380 [ 750.316903] ? rcu_read_lock_sched_held+0x108/0x120 [ 750.321941] ? kmem_cache_alloc_trace+0x616/0x780 [ 750.326816] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 750.332390] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 750.337960] ? copy_mount_options+0x285/0x380 [ 750.342561] ksys_mount+0x12d/0x140 [ 750.346199] __x64_sys_mount+0xbe/0x150 [ 750.350183] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 750.355211] do_syscall_64+0x1b1/0x800 [ 750.359112] ? finish_task_switch+0x1ca/0x810 [ 750.363621] ? syscall_return_slowpath+0x5c0/0x5c0 [ 750.368559] ? syscall_return_slowpath+0x30f/0x5c0 [ 750.373504] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 750.378885] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 750.383738] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 750.388934] RIP: 0033:0x455979 [ 750.390652] binder: undelivered TRANSACTION_ERROR: 29189 [ 750.392118] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 750.392135] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 750.392143] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 750.392152] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 750.392161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 750.392168] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:55:59 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:55:59 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x6800, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x48000000) 2018/05/04 10:55:59 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0xfdfdffff]}]}) 2018/05/04 10:55:59 executing program 2 (fault-call:3 fault-nth:14): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:59 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800e], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:59 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:55:59 executing program 5: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffff9c, 0x84, 0x1d, &(0x7f0000000000)={0x3, [0x0, 0x0, 0x0]}, &(0x7f0000000040)=0x10) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000080)={0x2, 0x8000, 0x0, 0xffffffff, r1}, &(0x7f00000000c0)=0x10) io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r2, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) io_destroy(r2) [ 751.063871] binder: 6977:6981 transaction failed 29189/-22, size 0-0 line 2856 [ 751.080515] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 751.090683] binder: undelivered TRANSACTION_ERROR: 29189 [ 751.107923] FAULT_INJECTION: forcing a failure. [ 751.107923] name failslab, interval 1, probability 0, space 0, times 0 [ 751.119336] CPU: 0 PID: 6988 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 751.126534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 751.135891] Call Trace: [ 751.138486] dump_stack+0x1b9/0x294 [ 751.142115] ? dump_stack_print_info.cold.2+0x52/0x52 [ 751.147304] ? finish_task_switch+0x1ca/0x810 [ 751.151787] ? finish_task_switch+0x182/0x810 [ 751.156277] should_fail.cold.4+0xa/0x1a [ 751.160338] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 751.165431] ? __schedule+0x809/0x1e30 [ 751.169311] ? __sched_text_start+0x8/0x8 [ 751.173455] ? find_held_lock+0x36/0x1c0 [ 751.177505] ? __lock_is_held+0xb5/0x140 [ 751.181562] ? check_same_owner+0x320/0x320 [ 751.185883] __should_failslab+0x124/0x180 [ 751.190107] should_failslab+0x9/0x14 [ 751.193911] kmem_cache_alloc_trace+0x2cb/0x780 [ 751.198566] ? __kmalloc_node+0x33/0x70 [ 751.202524] ? __kmalloc_node+0x33/0x70 [ 751.206485] ? rcu_read_lock_sched_held+0x108/0x120 [ 751.211493] __memcg_init_list_lru_node+0x17d/0x2c0 [ 751.216498] ? kvfree_rcu+0x20/0x20 [ 751.220113] ? __kmalloc_node+0x47/0x70 [ 751.224080] __list_lru_init+0x456/0x790 [ 751.228138] ? list_lru_destroy+0x4c0/0x4c0 [ 751.232450] ? mark_held_locks+0xc9/0x160 [ 751.236584] ? __raw_spin_lock_init+0x1c/0x100 [ 751.241163] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 751.246174] ? __lockdep_init_map+0x105/0x590 [ 751.250661] ? lockdep_init_map+0x9/0x10 [ 751.254720] sget_userns+0x73a/0xf00 [ 751.258423] ? get_anon_bdev+0x2f0/0x2f0 [ 751.262485] ? destroy_unused_super.part.11+0x110/0x110 [ 751.267838] ? __alloc_pages_nodemask+0xacf/0xd70 [ 751.272672] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 751.277678] ? kasan_check_read+0x11/0x20 [ 751.281820] ? cap_capable+0x1f9/0x260 [ 751.285707] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 751.291233] ? security_capable+0x99/0xc0 [ 751.295372] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 751.300900] ? ns_capable_common+0x13f/0x170 [ 751.305298] ? get_anon_bdev+0x2f0/0x2f0 [ 751.309347] sget+0x10b/0x150 [ 751.312444] ? fuse_get_root_inode+0x190/0x190 [ 751.317026] mount_nodev+0x33/0x110 [ 751.320642] fuse_mount+0x2c/0x40 [ 751.324085] mount_fs+0xae/0x328 [ 751.327442] vfs_kern_mount.part.34+0xd4/0x4d0 [ 751.332017] ? may_umount+0xb0/0xb0 [ 751.335640] ? _raw_read_unlock+0x22/0x30 [ 751.339776] ? __get_fs_type+0x97/0xc0 [ 751.343654] do_mount+0x564/0x3070 [ 751.347191] ? copy_mount_string+0x40/0x40 [ 751.351423] ? rcu_pm_notify+0xc0/0xc0 [ 751.355301] ? copy_mount_options+0x5f/0x380 [ 751.359706] ? rcu_read_lock_sched_held+0x108/0x120 [ 751.364712] ? kmem_cache_alloc_trace+0x616/0x780 [ 751.369548] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 751.375076] ? _copy_from_user+0xdf/0x150 [ 751.379219] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 751.384764] ? copy_mount_options+0x285/0x380 [ 751.389258] ksys_mount+0x12d/0x140 [ 751.392874] __x64_sys_mount+0xbe/0x150 [ 751.396836] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 751.401843] do_syscall_64+0x1b1/0x800 [ 751.405721] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 751.410643] ? syscall_return_slowpath+0x5c0/0x5c0 [ 751.415561] ? syscall_return_slowpath+0x30f/0x5c0 [ 751.420482] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 751.425839] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 751.430672] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 751.435851] RIP: 0033:0x455979 [ 751.439027] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 751.447479] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 751.454739] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 2018/05/04 10:55:59 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000f2f], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:59 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x4c, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:59 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 751.461995] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 751.469254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 751.476512] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 751.504978] binder: 6977:6981 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:55:59 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x6000000000000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:55:59 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000100], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x500000000000000) 2018/05/04 10:55:59 executing program 2 (fault-call:3 fault-nth:15): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:55:59 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0xffffff7f, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 751.564327] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 751.597010] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:55:59 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffe1d1], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:55:59 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 751.640721] binder: 7007:7008 transaction failed 29189/-22, size 0-0 line 2856 [ 751.656718] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:55:59 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 751.685407] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 751.694817] FAULT_INJECTION: forcing a failure. [ 751.694817] name failslab, interval 1, probability 0, space 0, times 0 [ 751.706169] CPU: 0 PID: 7010 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 751.706796] binder: 7007:7008 transaction failed 29189/-22, size 0-0 line 2856 [ 751.713393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 751.713398] Call Trace: [ 751.713426] dump_stack+0x1b9/0x294 [ 751.713446] ? dump_stack_print_info.cold.2+0x52/0x52 [ 751.713465] ? __save_stack_trace+0x7e/0xd0 [ 751.713489] should_fail.cold.4+0xa/0x1a [ 751.713506] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 751.713523] ? save_stack+0x43/0xd0 [ 751.713535] ? kasan_kmalloc+0xc4/0xe0 [ 751.713549] ? kmem_cache_alloc_trace+0x152/0x780 [ 751.713562] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 751.713573] ? __list_lru_init+0x456/0x790 [ 751.713585] ? sget_userns+0x73a/0xf00 [ 751.713598] ? graph_lock+0x170/0x170 [ 751.713617] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 751.789315] ? do_mount+0x564/0x3070 [ 751.791005] binder: undelivered TRANSACTION_ERROR: 29189 [ 751.793055] ? ksys_mount+0x12d/0x140 [ 751.793072] ? __x64_sys_mount+0xbe/0x150 [ 751.793090] ? do_syscall_64+0x1b1/0x800 [ 751.793107] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 751.793127] ? find_held_lock+0x36/0x1c0 [ 751.793147] ? __lock_is_held+0xb5/0x140 [ 751.793182] ? check_same_owner+0x320/0x320 [ 751.793202] ? rcu_note_context_switch+0x710/0x710 [ 751.833329] __should_failslab+0x124/0x180 [ 751.837588] should_failslab+0x9/0x14 [ 751.841404] kmem_cache_alloc_trace+0x2cb/0x780 [ 751.846092] ? __kmalloc_node+0x33/0x70 [ 751.850117] ? __kmalloc_node+0x33/0x70 [ 751.854103] ? rcu_read_lock_sched_held+0x108/0x120 [ 751.859136] __memcg_init_list_lru_node+0x17d/0x2c0 [ 751.864172] ? kvfree_rcu+0x20/0x20 [ 751.867797] ? __kmalloc_node+0x47/0x70 [ 751.871769] __list_lru_init+0x456/0x790 [ 751.875826] ? list_lru_destroy+0x4c0/0x4c0 [ 751.880156] ? mark_held_locks+0xc9/0x160 [ 751.884334] ? __raw_spin_lock_init+0x1c/0x100 [ 751.888931] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 751.893962] ? __lockdep_init_map+0x105/0x590 [ 751.898481] ? lockdep_init_map+0x9/0x10 [ 751.902561] sget_userns+0x73a/0xf00 [ 751.906292] ? get_anon_bdev+0x2f0/0x2f0 [ 751.910364] ? destroy_unused_super.part.11+0x110/0x110 [ 751.915729] ? __alloc_pages_nodemask+0xacf/0xd70 [ 751.920579] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 751.925598] ? kasan_check_read+0x11/0x20 [ 751.929748] ? cap_capable+0x1f9/0x260 [ 751.933640] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 751.939175] ? security_capable+0x99/0xc0 [ 751.943315] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 751.948841] ? ns_capable_common+0x13f/0x170 [ 751.953241] ? get_anon_bdev+0x2f0/0x2f0 [ 751.957292] sget+0x10b/0x150 [ 751.960387] ? fuse_get_root_inode+0x190/0x190 [ 751.965047] mount_nodev+0x33/0x110 [ 751.968769] fuse_mount+0x2c/0x40 [ 751.972223] mount_fs+0xae/0x328 [ 751.975693] vfs_kern_mount.part.34+0xd4/0x4d0 [ 751.980269] ? may_umount+0xb0/0xb0 [ 751.983886] ? _raw_read_unlock+0x22/0x30 [ 751.988043] ? __get_fs_type+0x97/0xc0 [ 751.991928] do_mount+0x564/0x3070 [ 751.995470] ? copy_mount_string+0x40/0x40 [ 751.999701] ? rcu_pm_notify+0xc0/0xc0 [ 752.003583] ? copy_mount_options+0x5f/0x380 [ 752.007980] ? rcu_read_lock_sched_held+0x108/0x120 [ 752.012985] ? kmem_cache_alloc_trace+0x616/0x780 [ 752.017822] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 752.023351] ? _copy_from_user+0xdf/0x150 [ 752.027491] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 752.033032] ? copy_mount_options+0x285/0x380 [ 752.037519] ksys_mount+0x12d/0x140 [ 752.041139] __x64_sys_mount+0xbe/0x150 [ 752.045109] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 752.050117] do_syscall_64+0x1b1/0x800 [ 752.053993] ? finish_task_switch+0x1ca/0x810 [ 752.058486] ? syscall_return_slowpath+0x5c0/0x5c0 [ 752.063407] ? syscall_return_slowpath+0x30f/0x5c0 [ 752.068332] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 752.073696] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 752.078533] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 752.083710] RIP: 0033:0x455979 [ 752.086886] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 752.094582] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 752.101847] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 752.109277] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 752.116535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 752.123795] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:00 executing program 2 (fault-call:3 fault-nth:16): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:00 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x1800000000000000]}]}) 2018/05/04 10:56:00 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0xffffffffffffff9c, 0x6, 0x1, 0x800, &(0x7f0000000000)=[0x0, 0x0], 0x2}, 0x20) ioctl$EVIOCSABS20(r1, 0x401845e0, &(0x7f0000000080)={0x7, 0x100000001, 0x6, 0x7fffffff, 0x2}) io_destroy(r0) 2018/05/04 10:56:00 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40010000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:00 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x600000000000000) 2018/05/04 10:56:00 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x300, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:00 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) [ 752.322014] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 752.334862] binder: 7038:7041 transaction failed 29189/-22, size 0-0 line 2856 [ 752.336152] FAULT_INJECTION: forcing a failure. [ 752.336152] name failslab, interval 1, probability 0, space 0, times 0 [ 752.353670] CPU: 0 PID: 7031 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 752.360867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 752.370223] Call Trace: [ 752.372815] dump_stack+0x1b9/0x294 [ 752.376434] ? dump_stack_print_info.cold.2+0x52/0x52 [ 752.381612] ? __save_stack_trace+0x7e/0xd0 [ 752.385928] should_fail.cold.4+0xa/0x1a [ 752.389980] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 752.395075] ? save_stack+0x43/0xd0 [ 752.398690] ? kasan_kmalloc+0xc4/0xe0 [ 752.402563] ? kmem_cache_alloc_trace+0x152/0x780 [ 752.407396] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 752.412584] ? __list_lru_init+0x456/0x790 [ 752.416807] ? sget_userns+0x73a/0xf00 [ 752.420685] ? graph_lock+0x170/0x170 [ 752.424472] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 752.429224] ? do_mount+0x564/0x3070 [ 752.432923] ? ksys_mount+0x12d/0x140 [ 752.436709] ? __x64_sys_mount+0xbe/0x150 [ 752.440851] ? do_syscall_64+0x1b1/0x800 [ 752.444914] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 752.450268] ? find_held_lock+0x36/0x1c0 [ 752.454330] ? __lock_is_held+0xb5/0x140 [ 752.458391] ? check_same_owner+0x320/0x320 [ 752.462704] ? rcu_note_context_switch+0x710/0x710 [ 752.467628] __should_failslab+0x124/0x180 [ 752.471853] should_failslab+0x9/0x14 [ 752.475643] kmem_cache_alloc_trace+0x2cb/0x780 [ 752.480302] ? __kmalloc_node+0x33/0x70 [ 752.484263] ? __kmalloc_node+0x33/0x70 [ 752.488226] ? rcu_read_lock_sched_held+0x108/0x120 [ 752.493233] __memcg_init_list_lru_node+0x17d/0x2c0 [ 752.498241] ? kvfree_rcu+0x20/0x20 [ 752.501858] ? __kmalloc_node+0x47/0x70 [ 752.505823] __list_lru_init+0x456/0x790 [ 752.509873] ? list_lru_destroy+0x4c0/0x4c0 [ 752.514184] ? mark_held_locks+0xc9/0x160 [ 752.518323] ? __raw_spin_lock_init+0x1c/0x100 [ 752.522892] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 752.527896] ? __lockdep_init_map+0x105/0x590 [ 752.532392] ? lockdep_init_map+0x9/0x10 [ 752.536445] sget_userns+0x73a/0xf00 [ 752.540146] ? get_anon_bdev+0x2f0/0x2f0 [ 752.544209] ? destroy_unused_super.part.11+0x110/0x110 [ 752.549573] ? __alloc_pages_nodemask+0xacf/0xd70 [ 752.554417] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 752.559430] ? kasan_check_read+0x11/0x20 [ 752.563565] ? cap_capable+0x1f9/0x260 [ 752.567451] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 752.572973] ? security_capable+0x99/0xc0 [ 752.577124] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 752.582647] ? ns_capable_common+0x13f/0x170 [ 752.587045] ? get_anon_bdev+0x2f0/0x2f0 [ 752.591092] sget+0x10b/0x150 [ 752.594202] ? fuse_get_root_inode+0x190/0x190 [ 752.598770] mount_nodev+0x33/0x110 [ 752.602383] fuse_mount+0x2c/0x40 [ 752.605823] mount_fs+0xae/0x328 [ 752.609179] vfs_kern_mount.part.34+0xd4/0x4d0 [ 752.613746] ? may_umount+0xb0/0xb0 [ 752.617360] ? _raw_read_unlock+0x22/0x30 [ 752.621493] ? __get_fs_type+0x97/0xc0 [ 752.625372] do_mount+0x564/0x3070 [ 752.628913] ? copy_mount_string+0x40/0x40 [ 752.633138] ? rcu_pm_notify+0xc0/0xc0 [ 752.637026] ? copy_mount_options+0x5f/0x380 [ 752.641434] ? rcu_read_lock_sched_held+0x108/0x120 [ 752.646455] ? kmem_cache_alloc_trace+0x616/0x780 [ 752.651300] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 752.656846] ? _copy_from_user+0xdf/0x150 [ 752.661008] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 752.666545] ? copy_mount_options+0x285/0x380 [ 752.671045] ksys_mount+0x12d/0x140 [ 752.674675] __x64_sys_mount+0xbe/0x150 [ 752.678641] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 752.683650] do_syscall_64+0x1b1/0x800 [ 752.687531] ? finish_task_switch+0x1ca/0x810 [ 752.692027] ? syscall_return_slowpath+0x5c0/0x5c0 [ 752.696960] ? syscall_return_slowpath+0x30f/0x5c0 [ 752.701890] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 752.707249] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 752.712087] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 752.717273] RIP: 0033:0x455979 [ 752.720449] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 752.728149] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 752.735407] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 752.742666] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 752.749924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 752.757194] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:00 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:00 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x4800, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:00 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 752.769215] binder: undelivered TRANSACTION_ERROR: 29189 [ 752.776842] binder: 7038:7041 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:56:00 executing program 2 (fault-call:3 fault-nth:17): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x400000000000000) [ 752.847336] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 752.868706] binder: undelivered TRANSACTION_ERROR: 29189 [ 752.888655] FAULT_INJECTION: forcing a failure. [ 752.888655] name failslab, interval 1, probability 0, space 0, times 0 [ 752.900150] CPU: 0 PID: 7056 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 752.907352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 752.912590] binder: 7057:7058 transaction failed 29189/-22, size 0-0 line 2856 [ 752.916708] Call Trace: [ 752.916736] dump_stack+0x1b9/0x294 [ 752.916756] ? dump_stack_print_info.cold.2+0x52/0x52 [ 752.916776] ? __save_stack_trace+0x7e/0xd0 [ 752.916799] should_fail.cold.4+0xa/0x1a [ 752.916822] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 752.930640] binder: undelivered TRANSACTION_ERROR: 29189 [ 752.935569] ? save_stack+0x43/0xd0 [ 752.935584] ? kasan_kmalloc+0xc4/0xe0 [ 752.935600] ? kmem_cache_alloc_trace+0x152/0x780 [ 752.935616] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 752.935629] ? __list_lru_init+0x456/0x790 [ 752.935643] ? sget_userns+0x73a/0xf00 [ 752.935657] ? graph_lock+0x170/0x170 [ 752.935671] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 752.935689] ? do_mount+0x564/0x3070 [ 752.941905] binder: 7057:7058 transaction failed 29189/-22, size 0-0 line 2856 [ 752.944069] ? ksys_mount+0x12d/0x140 [ 752.944090] ? __x64_sys_mount+0xbe/0x150 [ 752.944109] ? do_syscall_64+0x1b1/0x800 [ 752.944124] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 752.944142] ? find_held_lock+0x36/0x1c0 [ 752.944161] ? __lock_is_held+0xb5/0x140 [ 753.025350] ? check_same_owner+0x320/0x320 [ 753.029692] ? rcu_note_context_switch+0x710/0x710 [ 753.032158] binder: undelivered TRANSACTION_ERROR: 29189 [ 753.034637] __should_failslab+0x124/0x180 [ 753.034657] should_failslab+0x9/0x14 2018/05/04 10:56:01 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ff7f], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:01 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x4, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:01 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x2000) [ 753.034674] kmem_cache_alloc_trace+0x2cb/0x780 [ 753.034688] ? __kmalloc_node+0x33/0x70 [ 753.034702] ? __kmalloc_node+0x33/0x70 [ 753.034718] ? rcu_read_lock_sched_held+0x108/0x120 [ 753.034736] __memcg_init_list_lru_node+0x17d/0x2c0 [ 753.034752] ? kvfree_rcu+0x20/0x20 [ 753.058859] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 753.060807] ? __kmalloc_node+0x47/0x70 [ 753.060830] __list_lru_init+0x456/0x790 [ 753.060848] ? list_lru_destroy+0x4c0/0x4c0 [ 753.060866] ? mark_held_locks+0xc9/0x160 [ 753.060884] ? __raw_spin_lock_init+0x1c/0x100 [ 753.060900] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 753.060915] ? __lockdep_init_map+0x105/0x590 [ 753.060930] ? lockdep_init_map+0x9/0x10 [ 753.060946] sget_userns+0x73a/0xf00 [ 753.060963] ? get_anon_bdev+0x2f0/0x2f0 [ 753.101819] binder: 7065:7068 transaction failed 29189/-22, size 0-0 line 2856 [ 753.104207] ? destroy_unused_super.part.11+0x110/0x110 [ 753.104225] ? __alloc_pages_nodemask+0xacf/0xd70 [ 753.104243] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 753.104263] ? kasan_check_read+0x11/0x20 [ 753.104281] ? cap_capable+0x1f9/0x260 [ 753.104305] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 753.115545] binder: 7060:7067 unknown command 0 [ 753.117842] ? security_capable+0x99/0xc0 [ 753.117866] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 753.117881] ? ns_capable_common+0x13f/0x170 [ 753.117898] ? get_anon_bdev+0x2f0/0x2f0 [ 753.117915] sget+0x10b/0x150 [ 753.148754] binder: undelivered TRANSACTION_ERROR: 29189 [ 753.152394] ? fuse_get_root_inode+0x190/0x190 [ 753.152413] mount_nodev+0x33/0x110 [ 753.152428] fuse_mount+0x2c/0x40 [ 753.152445] mount_fs+0xae/0x328 [ 753.152464] vfs_kern_mount.part.34+0xd4/0x4d0 [ 753.152478] ? may_umount+0xb0/0xb0 [ 753.152499] ? _raw_read_unlock+0x22/0x30 [ 753.158973] binder: 7060:7067 ioctl c0306201 20000040 returned -22 [ 753.161909] ? __get_fs_type+0x97/0xc0 [ 753.161930] do_mount+0x564/0x3070 [ 753.161952] ? copy_mount_string+0x40/0x40 [ 753.161967] ? rcu_pm_notify+0xc0/0xc0 [ 753.161986] ? copy_mount_options+0x5f/0x380 [ 753.162004] ? rcu_read_lock_sched_held+0x108/0x120 [ 753.198347] binder: 7065:7068 transaction failed 29189/-22, size 0-0 line 2856 [ 753.201508] ? kmem_cache_alloc_trace+0x616/0x780 [ 753.201529] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 753.201547] ? _copy_from_user+0xdf/0x150 [ 753.201565] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 753.201581] ? copy_mount_options+0x285/0x380 [ 753.201594] ksys_mount+0x12d/0x140 [ 753.201611] __x64_sys_mount+0xbe/0x150 [ 753.254937] binder: undelivered TRANSACTION_ERROR: 29189 [ 753.259319] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 753.259340] do_syscall_64+0x1b1/0x800 [ 753.259356] ? finish_task_switch+0x1ca/0x810 [ 753.259375] ? syscall_return_slowpath+0x5c0/0x5c0 [ 753.259391] ? syscall_return_slowpath+0x30f/0x5c0 [ 753.259411] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 753.259427] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 753.259444] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 753.335411] RIP: 0033:0x455979 [ 753.338588] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 753.346293] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 753.353558] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 753.360815] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 753.368768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 753.376032] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:01 executing program 2 (fault-call:3 fault-nth:18): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:01 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x18000000]}]}) 2018/05/04 10:56:01 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) r1 = getegid() getresgid(&(0x7f0000000040)=0x0, &(0x7f0000000080), &(0x7f00000000c0)) setregid(r1, r2) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002640)='memory.events\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffff9c, 0x84, 0x70, &(0x7f0000002680)={0x0, @in={{0x2, 0x4e20, @multicast1=0xe0000001}}, [0x104, 0x94f, 0x3, 0x80, 0x2, 0x6, 0xc6d, 0x8, 0xffffffffffffff81, 0x637, 0xc, 0x4, 0x5, 0x8, 0x5]}, &(0x7f0000002780)=0x100) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000002800)={r4, 0x20, &(0x7f00000027c0)=[@in={0x2, 0x4e20, @multicast2=0xe0000002}, @in={0x2, 0x4e22, @remote={0xac, 0x14, 0x14, 0xbb}}]}, &(0x7f0000002840)=0x10) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000000)) io_getevents(r0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) io_destroy(r0) 2018/05/04 10:56:01 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40010000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:01 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:01 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:01 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x4c00000000000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x7400000000000000) [ 753.540013] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 753.540053] binder: 7088:7089 transaction failed 29189/-22, size 0-0 line 2856 [ 753.571207] FAULT_INJECTION: forcing a failure. [ 753.571207] name failslab, interval 1, probability 0, space 0, times 0 [ 753.582568] CPU: 1 PID: 7092 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 2018/05/04 10:56:01 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10020], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:01 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x7a000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 753.589768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 753.599134] Call Trace: [ 753.601753] dump_stack+0x1b9/0x294 [ 753.602405] binder: undelivered TRANSACTION_ERROR: 29189 [ 753.605394] ? dump_stack_print_info.cold.2+0x52/0x52 [ 753.605415] ? __save_stack_trace+0x7e/0xd0 [ 753.605436] should_fail.cold.4+0xa/0x1a [ 753.624440] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 753.629571] ? save_stack+0x43/0xd0 [ 753.633217] ? kasan_kmalloc+0xc4/0xe0 [ 753.637125] ? kmem_cache_alloc_trace+0x152/0x780 [ 753.641753] binder: 7088:7089 transaction failed 29189/-22, size 0-0 line 2856 [ 753.641982] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 753.654520] ? __list_lru_init+0x456/0x790 [ 753.658769] ? sget_userns+0x73a/0xf00 [ 753.662670] ? graph_lock+0x170/0x170 [ 753.666491] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 753.671266] ? do_mount+0x564/0x3070 [ 753.674993] ? ksys_mount+0x12d/0x140 [ 753.678808] ? __x64_sys_mount+0xbe/0x150 [ 753.682970] ? do_syscall_64+0x1b1/0x800 [ 753.687040] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 753.692409] ? find_held_lock+0x36/0x1c0 [ 753.696470] ? __lock_is_held+0xb5/0x140 [ 753.700535] ? check_same_owner+0x320/0x320 [ 753.704852] ? rcu_note_context_switch+0x710/0x710 [ 753.709791] __should_failslab+0x124/0x180 [ 753.714022] should_failslab+0x9/0x14 [ 753.717824] kmem_cache_alloc_trace+0x2cb/0x780 [ 753.722493] ? __kmalloc_node+0x33/0x70 [ 753.726478] ? __kmalloc_node+0x33/0x70 [ 753.730444] ? rcu_read_lock_sched_held+0x108/0x120 [ 753.735451] __memcg_init_list_lru_node+0x17d/0x2c0 [ 753.740458] ? kvfree_rcu+0x20/0x20 [ 753.744078] ? __kmalloc_node+0x47/0x70 [ 753.748047] __list_lru_init+0x456/0x790 [ 753.752097] ? list_lru_destroy+0x4c0/0x4c0 [ 753.756459] ? mark_held_locks+0xc9/0x160 [ 753.760600] ? __raw_spin_lock_init+0x1c/0x100 [ 753.765171] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 753.770178] ? __lockdep_init_map+0x105/0x590 [ 753.774665] ? lockdep_init_map+0x9/0x10 [ 753.778727] sget_userns+0x73a/0xf00 [ 753.782427] ? get_anon_bdev+0x2f0/0x2f0 [ 753.786487] ? destroy_unused_super.part.11+0x110/0x110 [ 753.791852] ? __alloc_pages_nodemask+0xacf/0xd70 [ 753.796691] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 753.801698] ? kasan_check_read+0x11/0x20 [ 753.805837] ? cap_capable+0x1f9/0x260 [ 753.809722] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 753.815251] ? security_capable+0x99/0xc0 [ 753.819390] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 753.824924] ? ns_capable_common+0x13f/0x170 [ 753.829332] ? get_anon_bdev+0x2f0/0x2f0 [ 753.833387] sget+0x10b/0x150 [ 753.836487] ? fuse_get_root_inode+0x190/0x190 [ 753.841062] mount_nodev+0x33/0x110 [ 753.844677] fuse_mount+0x2c/0x40 [ 753.848123] mount_fs+0xae/0x328 [ 753.851487] vfs_kern_mount.part.34+0xd4/0x4d0 [ 753.856065] ? may_umount+0xb0/0xb0 [ 753.859687] ? _raw_read_unlock+0x22/0x30 [ 753.863828] ? __get_fs_type+0x97/0xc0 [ 753.867712] do_mount+0x564/0x3070 [ 753.871249] ? do_raw_spin_unlock+0x9e/0x2e0 [ 753.875647] ? copy_mount_string+0x40/0x40 [ 753.879868] ? rcu_pm_notify+0xc0/0xc0 [ 753.883746] ? copy_mount_options+0x5f/0x380 [ 753.888142] ? rcu_read_lock_sched_held+0x108/0x120 [ 753.893145] ? kmem_cache_alloc_trace+0x616/0x780 [ 753.897986] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 753.903517] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 753.909049] ? copy_mount_options+0x285/0x380 [ 753.913534] ksys_mount+0x12d/0x140 [ 753.917153] __x64_sys_mount+0xbe/0x150 [ 753.921116] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 753.926134] do_syscall_64+0x1b1/0x800 [ 753.930013] ? finish_task_switch+0x1ca/0x810 [ 753.934527] ? syscall_return_slowpath+0x5c0/0x5c0 [ 753.939455] ? syscall_return_slowpath+0x30f/0x5c0 [ 753.944377] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 753.949739] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 753.954582] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 753.959775] RIP: 0033:0x455979 [ 753.962951] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 753.970645] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 753.977901] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 2018/05/04 10:56:02 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:02 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800e000000000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 753.985158] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 753.992415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 753.999672] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0xfdfdffff) 2018/05/04 10:56:02 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x6c00, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 754.047206] binder: undelivered TRANSACTION_ERROR: 29189 [ 754.095488] binder: 7107:7108 transaction failed 29189/-22, size 0-0 line 2856 [ 754.124487] binder: undelivered TRANSACTION_ERROR: 29189 [ 754.131882] binder: 7107:7108 transaction failed 29189/-22, size 0-0 line 2856 [ 754.159205] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:56:02 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:02 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ff7f00000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:02 executing program 2 (fault-call:3 fault-nth:19): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:02 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x500000000000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:02 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x74000000) 2018/05/04 10:56:02 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0xf000000]}]}) 2018/05/04 10:56:02 executing program 5: io_setup(0xffffffff, &(0x7f0000000180)=0x0) io_getevents(r0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) io_destroy(r0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x2, 0x0) listxattr(&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=""/188, 0xbc) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000100)={r1, &(0x7f00000002c0)="701592bc497ac18af84d62a855f3182b924aa2c999da0c3ea24e77e2a8a4589efb7eec60", &(0x7f0000000080)=""/122}, 0x18) ioctl$RNDADDTOENTCNT(r1, 0x40045201, &(0x7f0000000280)=0x5) [ 754.678637] binder: 7124:7128 transaction failed 29189/-22, size 0-0 line 2856 [ 754.709155] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:56:02 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) io_destroy(r0) 2018/05/04 10:56:02 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f0f002000000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:02 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 754.729904] binder: 7124:7128 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:56:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x7a00) [ 754.792318] FAULT_INJECTION: forcing a failure. [ 754.792318] name failslab, interval 1, probability 0, space 0, times 0 [ 754.803680] CPU: 1 PID: 7137 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 754.810875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 754.820240] Call Trace: [ 754.822867] dump_stack+0x1b9/0x294 [ 754.826522] ? dump_stack_print_info.cold.2+0x52/0x52 [ 754.829570] binder: undelivered TRANSACTION_ERROR: 29189 [ 754.831741] ? __save_stack_trace+0x7e/0xd0 2018/05/04 10:56:02 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1002000000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 754.831769] should_fail.cold.4+0xa/0x1a [ 754.831789] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 754.831808] ? save_stack+0x43/0xd0 [ 754.831821] ? kasan_kmalloc+0xc4/0xe0 [ 754.831833] ? kmem_cache_alloc_trace+0x152/0x780 [ 754.831850] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 754.868308] ? __list_lru_init+0x456/0x790 [ 754.870139] binder: 7145:7147 transaction failed 29189/-22, size 0-0 line 2856 [ 754.872558] ? sget_userns+0x73a/0xf00 [ 754.872578] ? graph_lock+0x170/0x170 [ 754.872594] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 754.872608] ? do_mount+0x564/0x3070 [ 754.872620] ? ksys_mount+0x12d/0x140 [ 754.872638] ? __x64_sys_mount+0xbe/0x150 [ 754.904153] ? do_syscall_64+0x1b1/0x800 [ 754.906142] binder: undelivered TRANSACTION_ERROR: 29189 [ 754.908224] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 754.908246] ? find_held_lock+0x36/0x1c0 [ 754.908265] ? __lock_is_held+0xb5/0x140 [ 754.908291] ? check_same_owner+0x320/0x320 [ 754.908307] ? rcu_note_context_switch+0x710/0x710 [ 754.908326] __should_failslab+0x124/0x180 [ 754.928363] binder: 7145:7147 transaction failed 29189/-22, size 0-0 line 2856 [ 754.931578] should_failslab+0x9/0x14 [ 754.931597] kmem_cache_alloc_trace+0x2cb/0x780 [ 754.931610] ? __kmalloc_node+0x33/0x70 [ 754.931624] ? __kmalloc_node+0x33/0x70 [ 754.931639] ? rcu_read_lock_sched_held+0x108/0x120 [ 754.931657] __memcg_init_list_lru_node+0x17d/0x2c0 [ 754.931670] ? kvfree_rcu+0x20/0x20 [ 754.931687] ? __kmalloc_node+0x47/0x70 [ 754.955835] binder: undelivered TRANSACTION_ERROR: 29189 [ 754.956637] __list_lru_init+0x456/0x790 [ 754.956656] ? list_lru_destroy+0x4c0/0x4c0 [ 754.956673] ? mark_held_locks+0xc9/0x160 [ 754.956691] ? __raw_spin_lock_init+0x1c/0x100 [ 754.956708] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 754.956723] ? __lockdep_init_map+0x105/0x590 [ 754.956739] ? lockdep_init_map+0x9/0x10 [ 754.956757] sget_userns+0x73a/0xf00 [ 754.962958] nla_parse: 2 callbacks suppressed [ 754.962967] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 754.964692] ? get_anon_bdev+0x2f0/0x2f0 [ 754.964715] ? destroy_unused_super.part.11+0x110/0x110 [ 754.964732] ? __alloc_pages_nodemask+0xacf/0xd70 [ 754.964754] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 755.054335] ? kasan_check_read+0x11/0x20 [ 755.058481] ? cap_capable+0x1f9/0x260 [ 755.062378] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 755.067923] ? security_capable+0x99/0xc0 [ 755.072074] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 755.077613] ? ns_capable_common+0x13f/0x170 [ 755.082035] ? get_anon_bdev+0x2f0/0x2f0 [ 755.086103] sget+0x10b/0x150 [ 755.089213] ? fuse_get_root_inode+0x190/0x190 [ 755.093792] mount_nodev+0x33/0x110 [ 755.097416] fuse_mount+0x2c/0x40 [ 755.100874] mount_fs+0xae/0x328 [ 755.104256] vfs_kern_mount.part.34+0xd4/0x4d0 [ 755.108847] ? may_umount+0xb0/0xb0 [ 755.112464] ? _raw_read_unlock+0x22/0x30 [ 755.116603] ? __get_fs_type+0x97/0xc0 [ 755.120497] do_mount+0x564/0x3070 [ 755.124052] ? copy_mount_string+0x40/0x40 [ 755.128296] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 755.133062] ? retint_kernel+0x10/0x10 [ 755.136958] ? copy_mount_options+0x213/0x380 [ 755.141463] ? write_comp_data+0x70/0x70 [ 755.145520] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 755.151057] ? copy_mount_options+0x285/0x380 [ 755.155544] ksys_mount+0x12d/0x140 [ 755.159176] __x64_sys_mount+0xbe/0x150 [ 755.163149] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 755.168157] do_syscall_64+0x1b1/0x800 [ 755.172046] ? finish_task_switch+0x1ca/0x810 [ 755.176550] ? syscall_return_slowpath+0x5c0/0x5c0 [ 755.181483] ? syscall_return_slowpath+0x30f/0x5c0 [ 755.186428] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 755.191793] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 755.196641] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 755.201926] RIP: 0033:0x455979 [ 755.205120] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 755.212830] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 755.220109] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 755.227369] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 755.234642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 755.241911] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:03 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f0f0020], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:03 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x700000000000000, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:03 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x3f000000]}]}) 2018/05/04 10:56:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x4000000) 2018/05/04 10:56:03 executing program 2 (fault-call:3 fault-nth:20): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:03 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:03 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x0, 0x0) recvmsg$kcm(r1, &(0x7f0000000200)={&(0x7f0000000040)=@ll, 0x80, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/199, 0xc7}], 0x1, 0x0, 0x0, 0x9}, 0x10000) io_destroy(r0) 2018/05/04 10:56:03 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) [ 755.821346] binder: 7165:7168 transaction failed 29189/-22, size 0-0 line 2856 [ 755.831603] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 755.841241] FAULT_INJECTION: forcing a failure. [ 755.841241] name failslab, interval 1, probability 0, space 0, times 0 [ 755.852653] CPU: 1 PID: 7162 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 755.859849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 755.869214] Call Trace: [ 755.871802] dump_stack+0x1b9/0x294 [ 755.875430] ? dump_stack_print_info.cold.2+0x52/0x52 [ 755.880617] ? __save_stack_trace+0x7e/0xd0 [ 755.884930] should_fail.cold.4+0xa/0x1a [ 755.888979] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 755.894073] ? save_stack+0x43/0xd0 [ 755.897695] ? kasan_kmalloc+0xc4/0xe0 [ 755.901569] ? kmem_cache_alloc_trace+0x152/0x780 [ 755.906398] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 755.911575] ? __list_lru_init+0x456/0x790 [ 755.915909] ? sget_userns+0x73a/0xf00 [ 755.919789] ? graph_lock+0x170/0x170 [ 755.923576] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 755.928329] ? do_mount+0x564/0x3070 [ 755.932033] ? ksys_mount+0x12d/0x140 [ 755.935821] ? __x64_sys_mount+0xbe/0x150 [ 755.939958] ? do_syscall_64+0x1b1/0x800 [ 755.944015] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 755.949372] ? find_held_lock+0x36/0x1c0 [ 755.953431] ? __lock_is_held+0xb5/0x140 [ 755.957491] ? check_same_owner+0x320/0x320 [ 755.961807] ? rcu_note_context_switch+0x710/0x710 [ 755.966728] __should_failslab+0x124/0x180 [ 755.970955] should_failslab+0x9/0x14 [ 755.974744] kmem_cache_alloc_trace+0x2cb/0x780 [ 755.979402] ? __kmalloc_node+0x33/0x70 [ 755.983364] ? __kmalloc_node+0x33/0x70 [ 755.987332] ? rcu_read_lock_sched_held+0x108/0x120 [ 755.992341] __memcg_init_list_lru_node+0x17d/0x2c0 [ 755.997347] ? kvfree_rcu+0x20/0x20 [ 756.000962] ? __kmalloc_node+0x47/0x70 [ 756.004929] __list_lru_init+0x456/0x790 [ 756.008980] ? list_lru_destroy+0x4c0/0x4c0 [ 756.013291] ? mark_held_locks+0xc9/0x160 [ 756.017435] ? __raw_spin_lock_init+0x1c/0x100 [ 756.022015] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 756.027029] ? __lockdep_init_map+0x105/0x590 [ 756.031512] ? lockdep_init_map+0x9/0x10 [ 756.035649] sget_userns+0x73a/0xf00 [ 756.039346] ? get_anon_bdev+0x2f0/0x2f0 [ 756.043401] ? destroy_unused_super.part.11+0x110/0x110 [ 756.048756] ? __alloc_pages_nodemask+0xacf/0xd70 [ 756.053589] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 756.058596] ? kasan_check_read+0x11/0x20 [ 756.062732] ? cap_capable+0x1f9/0x260 [ 756.066614] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 756.072139] ? security_capable+0x99/0xc0 [ 756.076296] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 756.081835] ? ns_capable_common+0x13f/0x170 [ 756.086240] ? get_anon_bdev+0x2f0/0x2f0 [ 756.090289] sget+0x10b/0x150 [ 756.093389] ? fuse_get_root_inode+0x190/0x190 [ 756.097960] mount_nodev+0x33/0x110 [ 756.101578] fuse_mount+0x2c/0x40 [ 756.105028] mount_fs+0xae/0x328 [ 756.108385] vfs_kern_mount.part.34+0xd4/0x4d0 [ 756.112957] ? may_umount+0xb0/0xb0 [ 756.116582] ? _raw_read_unlock+0x22/0x30 [ 756.120715] ? __get_fs_type+0x97/0xc0 [ 756.124606] do_mount+0x564/0x3070 [ 756.128147] ? copy_mount_string+0x40/0x40 [ 756.132371] ? rcu_pm_notify+0xc0/0xc0 [ 756.136249] ? copy_mount_options+0x5f/0x380 [ 756.140644] ? rcu_read_lock_sched_held+0x108/0x120 [ 756.145651] ? kmem_cache_alloc_trace+0x616/0x780 [ 756.150487] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 756.156016] ? _copy_from_user+0xdf/0x150 [ 756.160157] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 756.165679] ? copy_mount_options+0x285/0x380 [ 756.170167] ksys_mount+0x12d/0x140 [ 756.173791] __x64_sys_mount+0xbe/0x150 [ 756.177762] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 756.182774] do_syscall_64+0x1b1/0x800 [ 756.186653] ? finish_task_switch+0x1ca/0x810 [ 756.191147] ? syscall_return_slowpath+0x5c0/0x5c0 [ 756.196066] ? syscall_return_slowpath+0x30f/0x5c0 [ 756.200991] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 756.206350] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 756.211183] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 756.216363] RIP: 0033:0x455979 2018/05/04 10:56:04 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd1e1ff7f], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 756.219536] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 756.227238] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 756.234495] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 756.241749] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 756.249006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 756.256264] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:04 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0xfdfdffff, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:04 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 756.271896] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:56:04 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:04 executing program 2 (fault-call:3 fault-nth:21): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) [ 756.323594] binder: 7165:7168 transaction failed 29189/-22, size 0-0 line 2856 [ 756.339985] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. 2018/05/04 10:56:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0xfffffdfd) 2018/05/04 10:56:04 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffff000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:04 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40406301}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:04 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 756.382705] binder: undelivered TRANSACTION_ERROR: 29189 [ 756.421250] binder: 7186:7187 transaction failed 29189/-22, size 0-0 line 2856 [ 756.463942] binder: undelivered TRANSACTION_ERROR: 29189 [ 756.472555] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 756.475875] FAULT_INJECTION: forcing a failure. [ 756.475875] name failslab, interval 1, probability 0, space 0, times 0 [ 756.492621] CPU: 0 PID: 7190 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 756.499199] binder: 7188:7195 got reply transaction with no transaction stack 2018/05/04 10:56:04 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 756.499856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 756.499863] Call Trace: [ 756.499891] dump_stack+0x1b9/0x294 [ 756.499909] ? dump_stack_print_info.cold.2+0x52/0x52 [ 756.499932] ? __save_stack_trace+0x7e/0xd0 [ 756.507251] binder: 7188:7195 transaction failed 29201/-71, size 0-0 line 2763 [ 756.516577] should_fail.cold.4+0xa/0x1a [ 756.516598] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 756.516615] ? save_stack+0x43/0xd0 [ 756.516633] ? kasan_kmalloc+0xc4/0xe0 [ 756.534858] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 756.539668] ? kmem_cache_alloc_trace+0x152/0x780 [ 756.539684] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 756.539696] ? __list_lru_init+0x456/0x790 [ 756.539709] ? sget_userns+0x73a/0xf00 [ 756.539726] ? graph_lock+0x170/0x170 [ 756.539741] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 756.539754] ? do_mount+0x564/0x3070 [ 756.539766] ? ksys_mount+0x12d/0x140 [ 756.539789] ? __x64_sys_mount+0xbe/0x150 [ 756.574814] binder: undelivered TRANSACTION_ERROR: 29201 [ 756.575037] ? do_syscall_64+0x1b1/0x800 [ 756.575056] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 756.589325] binder: 7186:7187 transaction failed 29189/-22, size 0-0 line 2856 [ 756.591692] ? find_held_lock+0x36/0x1c0 [ 756.591713] ? __lock_is_held+0xb5/0x140 [ 756.591741] ? check_same_owner+0x320/0x320 [ 756.591761] ? rcu_note_context_switch+0x710/0x710 [ 756.641273] binder: undelivered TRANSACTION_ERROR: 29189 [ 756.642943] __should_failslab+0x124/0x180 [ 756.642963] should_failslab+0x9/0x14 [ 756.642981] kmem_cache_alloc_trace+0x2cb/0x780 [ 756.642995] ? __kmalloc_node+0x33/0x70 [ 756.643009] ? __kmalloc_node+0x33/0x70 [ 756.643025] ? rcu_read_lock_sched_held+0x108/0x120 [ 756.643043] __memcg_init_list_lru_node+0x17d/0x2c0 [ 756.679075] ? kvfree_rcu+0x20/0x20 [ 756.682702] ? __kmalloc_node+0x47/0x70 [ 756.686678] __list_lru_init+0x456/0x790 [ 756.690743] ? list_lru_destroy+0x4c0/0x4c0 [ 756.695067] ? mark_held_locks+0xc9/0x160 [ 756.699211] ? __raw_spin_lock_init+0x1c/0x100 [ 756.703796] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 756.708809] ? __lockdep_init_map+0x105/0x590 [ 756.713294] ? lockdep_init_map+0x9/0x10 [ 756.717347] sget_userns+0x73a/0xf00 [ 756.721049] ? get_anon_bdev+0x2f0/0x2f0 [ 756.725101] ? destroy_unused_super.part.11+0x110/0x110 [ 756.730460] ? __alloc_pages_nodemask+0xacf/0xd70 [ 756.735311] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 756.740337] ? kasan_check_read+0x11/0x20 [ 756.744491] ? cap_capable+0x1f9/0x260 [ 756.748394] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 756.753917] ? security_capable+0x99/0xc0 [ 756.758056] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 756.763599] ? ns_capable_common+0x13f/0x170 [ 756.768003] ? get_anon_bdev+0x2f0/0x2f0 [ 756.772060] sget+0x10b/0x150 [ 756.775159] ? fuse_get_root_inode+0x190/0x190 [ 756.779756] mount_nodev+0x33/0x110 [ 756.783377] fuse_mount+0x2c/0x40 [ 756.786822] mount_fs+0xae/0x328 [ 756.790180] vfs_kern_mount.part.34+0xd4/0x4d0 [ 756.794753] ? may_umount+0xb0/0xb0 [ 756.798367] ? _raw_read_unlock+0x22/0x30 [ 756.802507] ? __get_fs_type+0x97/0xc0 [ 756.806384] do_mount+0x564/0x3070 [ 756.809914] ? copy_mount_string+0x40/0x40 [ 756.814136] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 756.819142] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 756.823888] ? retint_kernel+0x10/0x10 [ 756.827790] ? copy_mount_options+0x1f0/0x380 [ 756.832271] ? copy_mount_options+0x1fa/0x380 [ 756.836757] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 756.842281] ? copy_mount_options+0x285/0x380 [ 756.846766] ksys_mount+0x12d/0x140 [ 756.850382] __x64_sys_mount+0xbe/0x150 [ 756.854341] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 756.859350] do_syscall_64+0x1b1/0x800 [ 756.863226] ? finish_task_switch+0x1ca/0x810 [ 756.867711] ? syscall_return_slowpath+0x5c0/0x5c0 [ 756.872627] ? syscall_return_slowpath+0x30f/0x5c0 [ 756.877551] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 756.882907] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 756.887751] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 756.892926] RIP: 0033:0x455979 [ 756.896099] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 756.903794] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 756.911047] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 756.918300] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 756.925567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 756.932823] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:05 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40086310}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x74) 2018/05/04 10:56:05 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = epoll_create1(0x0) epoll_wait(r1, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000cd8ff4)) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000007000)) epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:05 executing program 2 (fault-call:3 fault-nth:22): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:05 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x4000]}]}) 2018/05/04 10:56:05 executing program 5: io_setup(0x100, &(0x7f0000000040)=0x0) io_getevents(r0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x103400, 0x0) getpeername(r1, &(0x7f00000000c0)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @dev}}}, &(0x7f0000000140)=0x80) clock_gettime(0x7, &(0x7f0000000000)) io_destroy(r0) 2018/05/04 10:56:05 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:05 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:05 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x140], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 757.099577] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 757.108461] binder: 7216:7218 transaction failed 29189/-22, size 0-0 line 2856 [ 757.136615] binder: 7210:7224 BC_DEAD_BINDER_DONE 0000000000000000 not found [ 757.144446] binder: 7210:7224 unknown command 0 [ 757.150053] binder: undelivered TRANSACTION_ERROR: 29189 [ 757.162849] FAULT_INJECTION: forcing a failure. [ 757.162849] name failslab, interval 1, probability 0, space 0, times 0 [ 757.163305] binder: 7210:7224 ioctl c0306201 20000040 returned -22 [ 757.174217] CPU: 1 PID: 7221 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 757.174229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 757.174239] Call Trace: 2018/05/04 10:56:05 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:05 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486312}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 757.184775] binder: 7216:7218 transaction failed 29189/-22, size 0-0 line 2856 [ 757.187762] dump_stack+0x1b9/0x294 [ 757.187783] ? dump_stack_print_info.cold.2+0x52/0x52 [ 757.187806] ? __save_stack_trace+0x7e/0xd0 [ 757.220234] should_fail.cold.4+0xa/0x1a [ 757.224327] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 757.229448] ? save_stack+0x43/0xd0 [ 757.233089] ? kasan_kmalloc+0xc4/0xe0 [ 757.236998] ? kmem_cache_alloc_trace+0x152/0x780 [ 757.238359] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 757.241853] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 757.241867] ? __list_lru_init+0x456/0x790 [ 757.241882] ? sget_userns+0x73a/0xf00 [ 757.241899] ? graph_lock+0x170/0x170 [ 757.241914] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 757.241926] ? do_mount+0x564/0x3070 [ 757.241938] ? ksys_mount+0x12d/0x140 [ 757.241949] ? __x64_sys_mount+0xbe/0x150 [ 757.241969] ? do_syscall_64+0x1b1/0x800 [ 757.278693] binder: 7229:7230 got reply transaction with no transaction stack [ 757.279860] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe 2018/05/04 10:56:05 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 757.279882] ? find_held_lock+0x36/0x1c0 [ 757.279901] ? __lock_is_held+0xb5/0x140 [ 757.279929] ? check_same_owner+0x320/0x320 [ 757.279964] ? rcu_note_context_switch+0x710/0x710 [ 757.279983] __should_failslab+0x124/0x180 [ 757.284211] binder: 7229:7230 transaction failed 29201/-71, size 0-0 line 2763 [ 757.288180] should_failslab+0x9/0x14 [ 757.288199] kmem_cache_alloc_trace+0x2cb/0x780 [ 757.288217] ? __kmalloc_node+0x33/0x70 [ 757.342184] ? __kmalloc_node+0x33/0x70 [ 757.346178] ? rcu_read_lock_sched_held+0x108/0x120 2018/05/04 10:56:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0xfdfdffff00000000) 2018/05/04 10:56:05 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x4048630f}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 757.349902] binder: undelivered TRANSACTION_ERROR: 29189 [ 757.351218] __memcg_init_list_lru_node+0x17d/0x2c0 [ 757.351235] ? kvfree_rcu+0x20/0x20 [ 757.351253] ? __kmalloc_node+0x47/0x70 [ 757.351273] __list_lru_init+0x456/0x790 [ 757.351291] ? list_lru_destroy+0x4c0/0x4c0 [ 757.351307] ? mark_held_locks+0xc9/0x160 [ 757.351326] ? __raw_spin_lock_init+0x1c/0x100 [ 757.351341] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 757.351354] ? __lockdep_init_map+0x105/0x590 [ 757.351370] ? lockdep_init_map+0x9/0x10 [ 757.375498] binder: undelivered TRANSACTION_ERROR: 29201 [ 757.377765] sget_userns+0x73a/0xf00 [ 757.377779] ? get_anon_bdev+0x2f0/0x2f0 [ 757.377802] ? destroy_unused_super.part.11+0x110/0x110 [ 757.377819] ? __alloc_pages_nodemask+0xacf/0xd70 [ 757.377839] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 757.377859] ? kasan_check_read+0x11/0x20 [ 757.377878] ? cap_capable+0x1f9/0x260 [ 757.377899] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 757.377913] ? security_capable+0x99/0xc0 [ 757.377931] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 757.401418] binder: 7233:7234 transaction failed 29189/-22, size 0-0 line 2856 [ 757.405672] ? ns_capable_common+0x13f/0x170 [ 757.405692] ? get_anon_bdev+0x2f0/0x2f0 [ 757.405704] sget+0x10b/0x150 [ 757.405723] ? fuse_get_root_inode+0x190/0x190 [ 757.405737] mount_nodev+0x33/0x110 [ 757.405751] fuse_mount+0x2c/0x40 [ 757.405765] mount_fs+0xae/0x328 [ 757.405783] vfs_kern_mount.part.34+0xd4/0x4d0 [ 757.405797] ? may_umount+0xb0/0xb0 [ 757.405813] ? _raw_read_unlock+0x22/0x30 2018/05/04 10:56:05 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:05 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800e0000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:05 executing program 2 (fault-call:3 fault-nth:23): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) [ 757.405830] ? __get_fs_type+0x97/0xc0 [ 757.424208] binder: undelivered TRANSACTION_ERROR: 29189 [ 757.428813] do_mount+0x564/0x3070 [ 757.428832] ? interrupt_entry+0xb1/0xf0 [ 757.428848] ? copy_mount_string+0x40/0x40 [ 757.428865] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 757.428883] ? retint_kernel+0x10/0x10 [ 757.428902] ? copy_mount_options+0x213/0x380 [ 757.428919] ? write_comp_data+0x11/0x70 [ 757.428937] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 757.428949] ? copy_mount_options+0x285/0x380 [ 757.428965] ksys_mount+0x12d/0x140 [ 757.428983] __x64_sys_mount+0xbe/0x150 [ 757.437236] binder: 7235:7236 unknown command 1078485775 [ 757.442556] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 757.442577] do_syscall_64+0x1b1/0x800 [ 757.442592] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 757.442606] ? syscall_return_slowpath+0x5c0/0x5c0 [ 757.442619] ? syscall_return_slowpath+0x30f/0x5c0 [ 757.442637] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 757.442656] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 757.442675] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 757.442685] RIP: 0033:0x455979 [ 757.442693] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 757.442708] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 757.442715] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 757.442723] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 757.442731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 757.442738] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 757.452703] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 757.460751] binder: 7235:7236 ioctl c0306201 20000040 returned -22 [ 757.528907] binder: 7233:7234 transaction failed 29189/-22, size 0-0 line 2856 [ 757.563686] FAULT_INJECTION: forcing a failure. [ 757.563686] name failslab, interval 1, probability 0, space 0, times 0 [ 757.577441] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 757.580602] CPU: 0 PID: 7243 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 757.580616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 757.658598] binder: undelivered TRANSACTION_ERROR: 29189 [ 757.663119] Call Trace: [ 757.663147] dump_stack+0x1b9/0x294 [ 757.663167] ? dump_stack_print_info.cold.2+0x52/0x52 [ 757.663186] ? __save_stack_trace+0x7e/0xd0 [ 757.663208] should_fail.cold.4+0xa/0x1a [ 757.731947] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 757.737066] ? save_stack+0x43/0xd0 [ 757.740698] ? kasan_kmalloc+0xc4/0xe0 [ 757.744581] ? kmem_cache_alloc_trace+0x152/0x780 [ 757.749432] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 757.754624] ? __list_lru_init+0x456/0x790 [ 757.758860] ? sget_userns+0x73a/0xf00 [ 757.762740] ? graph_lock+0x170/0x170 [ 757.766536] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 757.771291] ? do_mount+0x564/0x3070 [ 757.774999] ? ksys_mount+0x12d/0x140 [ 757.778794] ? __x64_sys_mount+0xbe/0x150 [ 757.782930] ? do_syscall_64+0x1b1/0x800 [ 757.786980] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 757.792345] ? find_held_lock+0x36/0x1c0 [ 757.796398] ? __lock_is_held+0xb5/0x140 [ 757.800453] ? check_same_owner+0x320/0x320 [ 757.804778] ? rcu_note_context_switch+0x710/0x710 [ 757.809880] __should_failslab+0x124/0x180 [ 757.814123] should_failslab+0x9/0x14 [ 757.817929] kmem_cache_alloc_trace+0x2cb/0x780 [ 757.822598] ? __kmalloc_node+0x33/0x70 [ 757.826561] ? __kmalloc_node+0x33/0x70 [ 757.830523] ? rcu_read_lock_sched_held+0x108/0x120 [ 757.835551] __memcg_init_list_lru_node+0x17d/0x2c0 [ 757.840558] ? kvfree_rcu+0x20/0x20 [ 757.844186] ? __kmalloc_node+0x47/0x70 [ 757.848161] __list_lru_init+0x456/0x790 [ 757.852223] ? list_lru_destroy+0x4c0/0x4c0 [ 757.856546] ? mark_held_locks+0xc9/0x160 [ 757.860696] ? __raw_spin_lock_init+0x1c/0x100 [ 757.865268] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 757.870289] ? __lockdep_init_map+0x105/0x590 [ 757.875215] ? lockdep_init_map+0x9/0x10 [ 757.879277] sget_userns+0x73a/0xf00 [ 757.882988] ? get_anon_bdev+0x2f0/0x2f0 [ 757.887065] ? destroy_unused_super.part.11+0x110/0x110 [ 757.892442] ? __alloc_pages_nodemask+0xacf/0xd70 [ 757.897301] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 757.902314] ? kasan_check_read+0x11/0x20 [ 757.906455] ? cap_capable+0x1f9/0x260 [ 757.910341] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 757.915890] ? security_capable+0x99/0xc0 [ 757.920047] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 757.925620] ? ns_capable_common+0x13f/0x170 [ 757.930060] ? get_anon_bdev+0x2f0/0x2f0 [ 757.934120] sget+0x10b/0x150 [ 757.937217] ? fuse_get_root_inode+0x190/0x190 [ 757.941793] mount_nodev+0x33/0x110 [ 757.945412] fuse_mount+0x2c/0x40 [ 757.948869] mount_fs+0xae/0x328 [ 757.952234] vfs_kern_mount.part.34+0xd4/0x4d0 [ 757.956809] ? may_umount+0xb0/0xb0 [ 757.960430] ? _raw_read_unlock+0x22/0x30 [ 757.964583] ? __get_fs_type+0x97/0xc0 [ 757.968463] do_mount+0x564/0x3070 [ 757.972007] ? copy_mount_string+0x40/0x40 [ 757.976241] ? rcu_pm_notify+0xc0/0xc0 [ 757.980132] ? copy_mount_options+0x5f/0x380 [ 757.984543] ? rcu_read_lock_sched_held+0x108/0x120 [ 757.989568] ? kmem_cache_alloc_trace+0x616/0x780 [ 757.994416] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 757.999950] ? _copy_from_user+0xdf/0x150 [ 758.004094] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 758.009635] ? copy_mount_options+0x285/0x380 [ 758.014161] ksys_mount+0x12d/0x140 [ 758.017779] __x64_sys_mount+0xbe/0x150 [ 758.021756] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 758.026775] do_syscall_64+0x1b1/0x800 [ 758.030701] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 758.035563] ? syscall_return_slowpath+0x5c0/0x5c0 [ 758.040508] ? syscall_return_slowpath+0x30f/0x5c0 [ 758.045462] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 758.050837] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 758.055695] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 758.060883] RIP: 0033:0x455979 [ 758.064060] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 758.071770] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 758.079029] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 758.086296] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 758.093551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 758.100810] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:06 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40046307}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:06 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800e], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:06 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x7400) 2018/05/04 10:56:06 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = epoll_create1(0x0) epoll_wait(r1, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000cd8ff4)) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000007000)) epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:06 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r0, 0x2, 0x8000000000001df, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) io_destroy(r0) 2018/05/04 10:56:06 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x1700000000000000]}]}) 2018/05/04 10:56:06 executing program 2 (fault-call:3 fault-nth:24): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:06 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000100], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 758.266725] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 758.281450] binder: 7263:7267 transaction failed 29189/-22, size 0-0 line 2856 [ 758.316693] binder: undelivered TRANSACTION_ERROR: 29189 [ 758.319012] binder: 7261:7264 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 758.329886] binder: 7261:7264 unknown command 0 [ 758.338705] FAULT_INJECTION: forcing a failure. [ 758.338705] name failslab, interval 1, probability 0, space 0, times 0 [ 758.344076] binder: 7263:7267 transaction failed 29189/-22, size 0-0 line 2856 [ 758.350112] CPU: 0 PID: 7271 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 758.364641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 758.366785] binder: 7261:7264 ioctl c0306201 20000040 returned -22 [ 758.374001] Call Trace: [ 758.374031] dump_stack+0x1b9/0x294 [ 758.374050] ? dump_stack_print_info.cold.2+0x52/0x52 [ 758.374068] ? __save_stack_trace+0x7e/0xd0 [ 758.374094] should_fail.cold.4+0xa/0x1a [ 758.400184] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 758.405312] ? save_stack+0x43/0xd0 [ 758.408957] ? kasan_kmalloc+0xc4/0xe0 [ 758.412338] binder: undelivered TRANSACTION_ERROR: 29189 [ 758.412851] ? kmem_cache_alloc_trace+0x152/0x780 [ 758.412871] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 758.428340] ? __list_lru_init+0x456/0x790 [ 758.432598] ? sget_userns+0x73a/0xf00 [ 758.436508] ? graph_lock+0x170/0x170 [ 758.440324] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 758.445094] ? do_mount+0x564/0x3070 [ 758.448823] ? ksys_mount+0x12d/0x140 [ 758.452656] ? __x64_sys_mount+0xbe/0x150 [ 758.456817] ? do_syscall_64+0x1b1/0x800 [ 758.460898] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 758.466286] ? find_held_lock+0x36/0x1c0 [ 758.470373] ? __lock_is_held+0xb5/0x140 [ 758.474468] ? check_same_owner+0x320/0x320 [ 758.478815] ? rcu_note_context_switch+0x710/0x710 [ 758.483769] __should_failslab+0x124/0x180 [ 758.488027] should_failslab+0x9/0x14 [ 758.491853] kmem_cache_alloc_trace+0x2cb/0x780 [ 758.496546] ? __kmalloc_node+0x33/0x70 [ 758.500549] ? __kmalloc_node+0x33/0x70 [ 758.504545] ? rcu_read_lock_sched_held+0x108/0x120 [ 758.509586] __memcg_init_list_lru_node+0x17d/0x2c0 [ 758.514639] ? kvfree_rcu+0x20/0x20 [ 758.518290] ? __kmalloc_node+0x47/0x70 [ 758.522388] __list_lru_init+0x456/0x790 [ 758.526475] ? list_lru_destroy+0x4c0/0x4c0 [ 758.530808] ? mark_held_locks+0xc9/0x160 [ 758.532612] binder: 7278:7281 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 758.534966] ? __raw_spin_lock_init+0x1c/0x100 [ 758.534983] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 758.534998] ? __lockdep_init_map+0x105/0x590 [ 758.535015] ? lockdep_init_map+0x9/0x10 [ 758.535035] sget_userns+0x73a/0xf00 2018/05/04 10:56:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x2) 2018/05/04 10:56:06 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:06 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x400c630e}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:06 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 758.535049] ? get_anon_bdev+0x2f0/0x2f0 [ 758.535071] ? destroy_unused_super.part.11+0x110/0x110 [ 758.535092] ? __alloc_pages_nodemask+0xacf/0xd70 [ 758.542057] binder: 7278:7281 unknown command 0 [ 758.546586] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 758.546609] ? kasan_check_read+0x11/0x20 [ 758.546628] ? cap_capable+0x1f9/0x260 [ 758.562667] binder: 7278:7281 ioctl c0306201 20000040 returned -22 [ 758.563880] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 758.563899] ? security_capable+0x99/0xc0 [ 758.563918] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 758.563934] ? ns_capable_common+0x13f/0x170 [ 758.563952] ? get_anon_bdev+0x2f0/0x2f0 [ 758.563966] sget+0x10b/0x150 [ 758.563984] ? fuse_get_root_inode+0x190/0x190 [ 758.564001] mount_nodev+0x33/0x110 [ 758.619346] binder: 7276:7283 transaction failed 29189/-22, size 0-0 line 2856 [ 758.621916] fuse_mount+0x2c/0x40 [ 758.621931] mount_fs+0xae/0x328 [ 758.621951] vfs_kern_mount.part.34+0xd4/0x4d0 [ 758.626559] binder: undelivered TRANSACTION_ERROR: 29189 [ 758.629098] ? may_umount+0xb0/0xb0 [ 758.629116] ? _raw_read_unlock+0x22/0x30 [ 758.629130] ? __get_fs_type+0x97/0xc0 [ 758.629149] do_mount+0x564/0x3070 [ 758.629166] ? do_raw_spin_unlock+0x9e/0x2e0 [ 758.629185] ? copy_mount_string+0x40/0x40 [ 758.629201] ? rcu_pm_notify+0xc0/0xc0 [ 758.629221] ? copy_mount_options+0x5f/0x380 [ 758.635691] binder: 7276:7283 transaction failed 29189/-22, size 0-0 line 2856 [ 758.637408] ? rcu_read_lock_sched_held+0x108/0x120 [ 758.637428] ? kmem_cache_alloc_trace+0x616/0x780 [ 758.637451] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 758.637472] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 758.637484] ? copy_mount_options+0x285/0x380 [ 758.637502] ksys_mount+0x12d/0x140 [ 758.663351] binder: undelivered TRANSACTION_ERROR: 29189 [ 758.665790] __x64_sys_mount+0xbe/0x150 [ 758.665808] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 758.665828] do_syscall_64+0x1b1/0x800 [ 758.665843] ? finish_task_switch+0x1ca/0x810 [ 758.665861] ? syscall_return_slowpath+0x5c0/0x5c0 [ 758.665877] ? syscall_return_slowpath+0x30f/0x5c0 [ 758.665894] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 758.665912] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 758.773249] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 758.778431] RIP: 0033:0x455979 [ 758.781620] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 758.789331] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 758.796607] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 758.803885] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 758.811159] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 758.818423] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:07 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000f2f], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:07 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x400c630f}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x3000000) 2018/05/04 10:56:07 executing program 2 (fault-call:3 fault-nth:25): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:07 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r0, 0x1, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000000000)={0x0, 0xfffffffffffff000}) io_destroy(r0) 2018/05/04 10:56:07 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:07 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = epoll_create1(0x0) epoll_wait(r1, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000cd8ff4)) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000007000)) epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:07 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x17000000]}]}) [ 759.382137] binder: 7301:7302 transaction failed 29189/-22, size 0-0 line 2856 [ 759.408284] binder: 7299:7308 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 759.410615] FAULT_INJECTION: forcing a failure. [ 759.410615] name failslab, interval 1, probability 0, space 0, times 0 [ 759.415208] binder: 7299:7308 unknown command 0 [ 759.426469] CPU: 0 PID: 7293 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 759.438309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 759.440008] binder: undelivered TRANSACTION_ERROR: 29189 [ 759.448479] Call Trace: [ 759.448513] dump_stack+0x1b9/0x294 [ 759.448547] ? dump_stack_print_info.cold.2+0x52/0x52 [ 759.448566] ? mutex_trylock+0x2a0/0x2a0 [ 759.448584] should_fail.cold.4+0xa/0x1a [ 759.448600] ? fault_create_debugfs_attr+0x1f0/0x1f0 2018/05/04 10:56:07 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:07 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 759.448622] ? print_usage_bug+0xc0/0xc0 [ 759.466265] binder: 7301:7302 transaction failed 29189/-22, size 0-0 line 2856 [ 759.469622] ? graph_lock+0x170/0x170 [ 759.469636] ? lock_downgrade+0x8e0/0x8e0 [ 759.469655] ? find_held_lock+0x36/0x1c0 [ 759.469673] ? __lock_is_held+0xb5/0x140 [ 759.469704] ? check_same_owner+0x320/0x320 [ 759.475168] binder: 7299:7308 ioctl c0306201 20000040 returned -22 [ 759.478851] ? __might_sleep+0x95/0x190 [ 759.478870] ? rcu_note_context_switch+0x710/0x710 2018/05/04 10:56:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x5000000) 2018/05/04 10:56:07 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x630c}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 759.478890] __should_failslab+0x124/0x180 [ 759.478908] should_failslab+0x9/0x14 [ 759.478921] __kmalloc+0x2c8/0x760 [ 759.478938] ? __kmalloc_node+0x47/0x70 [ 759.544232] binder: undelivered TRANSACTION_ERROR: 29189 [ 759.544952] ? __list_lru_init+0xdd/0x790 [ 759.554623] __list_lru_init+0xdd/0x790 [ 759.558616] ? list_lru_destroy+0x4c0/0x4c0 [ 759.562955] ? mark_held_locks+0xc9/0x160 [ 759.567124] ? __raw_spin_lock_init+0x1c/0x100 [ 759.571816] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 759.576855] ? lockdep_init_map+0x9/0x10 2018/05/04 10:56:07 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001000000000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 759.580934] sget_userns+0x767/0xf00 [ 759.584655] ? get_anon_bdev+0x2f0/0x2f0 [ 759.588739] ? destroy_unused_super.part.11+0x110/0x110 [ 759.594123] ? __alloc_pages_nodemask+0xacf/0xd70 [ 759.595767] binder: 7313:7314 transaction failed 29189/-22, size 0-0 line 2856 [ 759.598984] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 759.599006] ? kasan_check_read+0x11/0x20 [ 759.599024] ? cap_capable+0x1f9/0x260 [ 759.599048] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 759.599062] ? security_capable+0x99/0xc0 2018/05/04 10:56:07 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd1e1ff7f00000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 759.599082] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 759.629399] binder: 7315:7317 unknown command 0 [ 759.634659] ? ns_capable_common+0x13f/0x170 [ 759.634679] ? get_anon_bdev+0x2f0/0x2f0 [ 759.634691] sget+0x10b/0x150 [ 759.634708] ? fuse_get_root_inode+0x190/0x190 [ 759.634724] mount_nodev+0x33/0x110 [ 759.646620] binder: undelivered TRANSACTION_ERROR: 29189 [ 759.647846] fuse_mount+0x2c/0x40 [ 759.647865] mount_fs+0xae/0x328 [ 759.647885] vfs_kern_mount.part.34+0xd4/0x4d0 [ 759.647899] ? may_umount+0xb0/0xb0 [ 759.647919] ? _raw_read_unlock+0x22/0x30 [ 759.655910] binder: 7313:7314 transaction failed 29189/-22, size 0-0 line 2856 [ 759.659194] ? __get_fs_type+0x97/0xc0 [ 759.659214] do_mount+0x564/0x3070 [ 759.659234] ? copy_mount_string+0x40/0x40 [ 759.659249] ? rcu_pm_notify+0xc0/0xc0 [ 759.659270] ? copy_mount_options+0x5f/0x380 [ 759.659287] ? rcu_read_lock_sched_held+0x108/0x120 [ 759.669051] binder: 7315:7317 ioctl c0306201 20000040 returned -22 [ 759.671527] ? kmem_cache_alloc_trace+0x616/0x780 [ 759.671550] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 2018/05/04 10:56:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x60000000) 2018/05/04 10:56:07 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x4008630a}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:07 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 759.671568] ? _copy_from_user+0xdf/0x150 [ 759.671585] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 759.671604] ? copy_mount_options+0x285/0x380 [ 759.730709] binder: undelivered TRANSACTION_ERROR: 29189 [ 759.732917] ksys_mount+0x12d/0x140 [ 759.732936] __x64_sys_mount+0xbe/0x150 [ 759.732952] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 759.732972] do_syscall_64+0x1b1/0x800 [ 759.732987] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 759.733004] ? syscall_return_slowpath+0x5c0/0x5c0 [ 759.733020] ? syscall_return_slowpath+0x30f/0x5c0 [ 759.733041] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 759.733057] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 759.733074] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 759.795928] binder: 7324:7325 transaction failed 29189/-22, size 0-0 line 2856 [ 759.799195] RIP: 0033:0x455979 [ 759.799205] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 759.799218] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 759.799227] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 2018/05/04 10:56:07 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:07 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffe1d1], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 759.799234] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 759.799243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 759.799252] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 759.816522] binder: BC_ATTEMPT_ACQUIRE not supported [ 759.862737] binder: 7323:7327 ioctl c0306201 20000040 returned -22 [ 759.867875] binder: undelivered TRANSACTION_ERROR: 29189 [ 759.885808] binder: 7324:7325 transaction failed 29189/-22, size 0-0 line 2856 [ 759.947451] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:56:08 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x630b}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:08 executing program 2 (fault-call:3 fault-nth:26): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:08 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:08 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe80], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:08 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x4800) 2018/05/04 10:56:08 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x3f000000]}]}) 2018/05/04 10:56:08 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x200, 0x0) accept$packet(r1, &(0x7f0000000080), &(0x7f00000000c0)=0x14) io_getevents(r0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) r2 = socket$inet6(0xa, 0x8080e, 0x4) signalfd(r2, &(0x7f0000000000)={0xfff}, 0x8) io_destroy(r0) 2018/05/04 10:56:08 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) [ 760.479834] nla_parse: 5 callbacks suppressed [ 760.479844] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 760.495650] binder: 7347:7352 transaction failed 29189/-22, size 0-0 line 2856 [ 760.497248] binder: 7350:7356 ERROR: BC_REGISTER_LOOPER called without request [ 760.510578] binder: 7350:7356 unknown command 0 2018/05/04 10:56:08 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x140], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:08 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 760.536267] FAULT_INJECTION: forcing a failure. [ 760.536267] name failslab, interval 1, probability 0, space 0, times 0 [ 760.536364] binder: 7350:7356 ioctl c0306201 20000040 returned -22 [ 760.547787] CPU: 1 PID: 7354 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 760.561275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 760.570641] Call Trace: [ 760.573266] dump_stack+0x1b9/0x294 [ 760.576915] ? dump_stack_print_info.cold.2+0x52/0x52 [ 760.582137] ? mutex_trylock+0x2a0/0x2a0 2018/05/04 10:56:08 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000100], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 760.586232] should_fail.cold.4+0xa/0x1a [ 760.590333] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 760.595468] ? print_usage_bug+0xc0/0xc0 [ 760.599555] ? graph_lock+0x170/0x170 [ 760.603377] ? lock_downgrade+0x8e0/0x8e0 [ 760.607558] ? find_held_lock+0x36/0x1c0 [ 760.609099] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 760.611635] ? __lock_is_held+0xb5/0x140 [ 760.611667] ? check_same_owner+0x320/0x320 [ 760.611684] ? __might_sleep+0x95/0x190 2018/05/04 10:56:08 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 760.611706] ? rcu_note_context_switch+0x710/0x710 [ 760.637539] __should_failslab+0x124/0x180 [ 760.641800] should_failslab+0x9/0x14 [ 760.645624] __kmalloc+0x2c8/0x760 [ 760.649181] ? __kmalloc_node+0x47/0x70 [ 760.653163] ? __list_lru_init+0xdd/0x790 [ 760.657345] __list_lru_init+0xdd/0x790 [ 760.661341] ? list_lru_destroy+0x4c0/0x4c0 [ 760.665679] ? mark_held_locks+0xc9/0x160 [ 760.669846] ? __raw_spin_lock_init+0x1c/0x100 [ 760.674457] ? trace_hardirqs_on_caller+0x421/0x5c0 2018/05/04 10:56:08 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800e000000000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:08 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 760.676204] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 760.679491] ? lockdep_init_map+0x9/0x10 [ 760.679512] sget_userns+0x767/0xf00 [ 760.679525] ? get_anon_bdev+0x2f0/0x2f0 [ 760.679544] ? destroy_unused_super.part.11+0x110/0x110 [ 760.679563] ? __alloc_pages_nodemask+0xacf/0xd70 [ 760.710312] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 760.715378] ? print_usage_bug+0xc0/0xc0 [ 760.719462] ? kasan_check_read+0x11/0x20 [ 760.723635] ? cap_capable+0x1f9/0x260 [ 760.727547] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 760.733118] ? security_capable+0x99/0xc0 [ 760.737292] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 760.739986] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 760.742854] ? ns_capable_common+0x13f/0x170 [ 760.742874] ? get_anon_bdev+0x2f0/0x2f0 [ 760.742888] sget+0x10b/0x150 [ 760.742905] ? fuse_get_root_inode+0x190/0x190 [ 760.742929] mount_nodev+0x33/0x110 [ 760.771229] fuse_mount+0x2c/0x40 [ 760.774703] mount_fs+0xae/0x328 [ 760.778094] vfs_kern_mount.part.34+0xd4/0x4d0 [ 760.779646] binder: undelivered TRANSACTION_ERROR: 29189 [ 760.782683] ? may_umount+0xb0/0xb0 [ 760.782700] ? _raw_read_unlock+0x22/0x30 [ 760.782716] ? __get_fs_type+0x97/0xc0 [ 760.799804] do_mount+0x564/0x3070 [ 760.800941] binder: 7347:7352 transaction failed 29189/-22, size 0-0 line 2856 [ 760.803358] ? do_raw_spin_unlock+0x9e/0x2e0 [ 760.803380] ? copy_mount_string+0x40/0x40 [ 760.803395] ? rcu_pm_notify+0xc0/0xc0 [ 760.803416] ? copy_mount_options+0x5f/0x380 [ 760.803429] ? rcu_read_lock_sched_held+0x108/0x120 [ 760.803449] ? kmem_cache_alloc_trace+0x616/0x780 [ 760.833123] binder: undelivered TRANSACTION_ERROR: 29189 [ 760.837521] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 760.837544] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 760.837559] ? copy_mount_options+0x285/0x380 [ 760.837578] ksys_mount+0x12d/0x140 [ 760.837595] __x64_sys_mount+0xbe/0x150 [ 760.837608] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 760.837628] do_syscall_64+0x1b1/0x800 [ 760.875042] ? finish_task_switch+0x1ca/0x810 [ 760.879551] ? syscall_return_slowpath+0x5c0/0x5c0 [ 760.884475] ? syscall_return_slowpath+0x30f/0x5c0 [ 760.889394] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 760.894757] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 760.899601] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 760.904779] RIP: 0033:0x455979 [ 760.907957] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 760.915669] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 760.922925] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 760.930187] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 760.937454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 760.944720] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:09 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ff7f], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:09 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40046302}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:09 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:09 executing program 2 (fault-call:3 fault-nth:27): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:09 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x40000000]}]}) 2018/05/04 10:56:09 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x4c00) 2018/05/04 10:56:09 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:09 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x2e0, 0x0) recvmsg$netrom(r0, &(0x7f0000001300)={&(0x7f0000000040)=@full={{0x3, {"a5937baa89d813"}, 0xfffffffffffffff7}, [{"2d349e9b0a8a12"}, {"fc68bc4481b1b5"}, {"22d17eb9c79298"}, {"0d7ce13f03d04f"}, {"9fa42fe21f2b04"}, {"c47c74aef467e2"}, {"dcf7b64668edf2"}, {"b2eb5429982d3e"}]}, 0x48, &(0x7f00000012c0)=[{&(0x7f00000000c0)="fef9e3b243368821907558680277699d393bcdf3cb7abb90dfe16d74418ebff331b73013b62414dd2e56122ecd91104539c0838e2904ea6946c7d058ddee6fd729c9a33f654c9654a0c940f56c45e045", 0x50}, {&(0x7f0000000140)="276651083f739589a451c50646546d26a7ecad0b4b46e7a022aff745e9f0e8373594c82c85dcbccfdee1e633b1d852d7e66f87b873fb4f4e8dac6e840b379a2889ee2cef8dd1cb7e7b6587f215cd41a96eaa5a9bcccdd6fc672a7cb603870313263663c41cc7b3f9afc6be73faf90b92149944ac4b9a27946c216ae512e000cb3fe2cabf9e1643bfe0fac1b01d25a87389a5990290da0fc18f58d119481c14925f95fe2da321232f9e206f91e40846e61a8dbb0a5ecb2c93fd8646b196a610940e3d100242f7eb4d745709f43840edb1d4ff035c7920a1a5ad21b0d8882df8166f2e511378341f67417e1b4481b7435c571156daff66a1236838a0cd2ed786e1b8b15c771ffb5b44389f79500117eca39a51a72eb50ead59e987c842748b5ec00e9b4558a48041e283e52e342e9313361156c77e7336677380e9b3f71594cbc33348c519d737c674f5407218796206e726c36fbb91f105feb1c562619fa29a2017d8a749a1c34b2e54b095803ef7f8098bf20a8074f153bee423921d369c48a215850e0e7c6f123dcb3eabe3993c1873eb59035c560e65137bb5e304dc03c9cfa77b8533812d722b808feef8b8eeaf8f3ce86d129d21ecbb57c91da5cb123ce4822518ced4563128fcbacbc7624c37b308310f8fbb098a8466cf821671197ff1812306f19819c5d087cd4db5e39a70bd93e4dd457b5a8190ec1e76d18ae9a53604acca09c6548f3951a790171e2cd06994fce8e598b071b4ac3a16e3ee3a52b99665cc63bf95ef1bcd2a158835a6438fd4c4c05a35d3d6531051763e79685396c53b5ab1e7bafe37cc5dd822ce3f5d6e0399945c6e770007696185535e47152e4e77ccaf2f267baa4f77cba9b60cc8410dc4e3f28f88646dde4bf67e70272e2d9d531f8f5d31c031a0ca5743f688732e119d3d810accbd9fe939c3b61a3465a1621849902d228ce07902a7f8d11eac387a01165100572ad955fd45f280bc02d6c6a0ad89d9501b9c82163d179fd6a5507dc6d16469fbea9e4a67a0dda763177696d3f0aea5ffc96b7e287f9f3c198d09961a2597cca8da542858e796d1f82cd052921180669f8a1fb15baf5bd9d0d0bfc4c0b629d4f2e88dc0975927bd2ec0dfa7a4fe2add84fde50cb62e4f23dcec26b99ac14684603a9d3d7e039eb52ebdb2bd25d8388e553a18d22b95f8f6bdc4aba71c155a1889de67706d2b06fa5520161f6010b457c9bc38a6e3b2876a4aeaaf80f5a681bddd7f653118b9403415cdd6dc521c8873d06be7530c7f2411835d408365d292c6c4a5401b53c26cd8c14ca777d7b714b8d040b2df5c523c19211b8b64d2d4da8233213ea6dc63479a6c3fc310224ab8154c857e8aea7d84e979c58dc9d021227a2d0fffc0143373b4e778bad68bd44ed37b39b5dcf54a391abfd703cf992f47bd0a134420622c5ca305e934841b4da7c43ed35be316519f85818769b9bfa4afa2535ae1e9ce017b6d16b552e4dc8f8b7f051be4478b5fbb74f5e1c910b633ba34670864b48ecd9f69a3cd6d4abf8b5a5f4930c26b8a33e73926ec50969a6a549310e6263648fd20e29bf4c9587225dcaea7c22f0e00844932cbbeb5120745a864c97d6872bdc6a1c1bd0481154d596517adf84d8f47a1efe678a4a19b9dac525c49247c39ca4bf98c651a237bde17b94dc4fb719ef37691ab363050400b33258bb9d7aa1465afb0842e4f690231810401fddd71b57185195363ad4c88f414da4179ba63ca8068eeab18a663e1e8607e533a5eb0ca17582afc27158a58130dde1a901a23efa0ac656d7f60391c182a5d6a4aeb8c46c85afe7b503e63369a6d4effee1828582909d25b87574e0a66497d00bdefddf726e6a05112673218b540f88769a3654be868061f8b6b789c0165d9bafdd2868c342e09b9f6ac6488705658023a9d591b522004df66f63fe2a81ad1f31e2f9782e6a3d6f1b25ab8890f9bf9cf973582c768284178f3ab66591132232c62af891ea10cea7dade3bd1bd693ddc5514b35cb93e5561da32a62c674d63ba89662f7a7cfc242b65111c13f91392f432c2b6cdec9f971e6cc4c50b050c08bee47f17e8dc7ec19fb6fdecf5fa9b23fe181620f896eb2ba2f20398a9fa47d88abac610d7049a57a7209582ac8b37b2642f97b7a048d8330ec48cf8c610f27c6af5b43fa7f41dcc586890ac50cf0f3ac918b889268aa0ff56aba144e858153839b846da213d6aef24b2115211f2b88c3aa0fbdb0f22b9a9a87cacd3dbeed041373c01f805a952183c6f68f3b11cc4922e4cd42f3e9b891d10fa22b3080d6171b97d695816f6df1a68567cfb0ff8757bd254e001966836111eca6053f94189a1affea7b7d0d26239c375abcbc1c8dcc668a34c66318eb41758d4b1b2e7da731f326f614b6c0fe7a1f7d0af4c1fd31c86a4b8fbd9840a5f0a4ddaa1a6933656de7d7055c3a6d62132c3ca5815f58f6f925546cb0643b5368add600f0f31db80ec9ecdacef2562a5d9932d3c2d5284cf7d9d1d0289bd7bc4332e08c2dd409df6dc9eb3e6a196d7b1e2f671c980f989534b37f8705585f2ef261f4d6f30df78df5f4aa6ffc3e04edc4635818069c429a5b94fd55e837237cc4590bf284f7097fa9dcfe09c087c74a5597c29d542650cccc1ea48ee30e2007fb8f02272fab543c29b36ccf5988bb43b60c224d0662cbed251609affeedaa793f4d2dddb5da164805577a152bf7404c24b32453d91ef5d4112184a34fc665762d4228a2d259bd826686645dbb539846f5fa6c39afa39ed4ff332dc44f3008e1035a857449d76a1803bc887b26407fe47be1573863a478cf5e3c7f0c8823a295a48b1fe70bdb718a19268703f6cf05473ee65bbabe0bcab095d41b38109a863c817b3d5d368849fe88a07034c7d06a99fef983f14e6c65420fb0f517aa49e367ec05fbb36d4960592023fb7105931f4b47edd0d2a652b6a9cdd6750d7e86adb6a7f38492a2a541bf2207405e625981c9f63663631d4cab84a6ecd57984c5154b7b41df9129b63577937b79e7896250fdcc82190ded3c9c47e9ba3ff562c233cb3921c6369b8ce41e71c09b775212c4596c8b6e43fed4059f0cb06737c51d23dae6ab7ef291970bf9e885e2a324aa5c87faf339b7dee42507a44a53a651a40b2a17059c986a2f79b5ef9609c346bf9dfa8789c15524495ec2d5280a88958cc3e0f568885c77f7bc13ea5e26fa89964ac631dbe6dba328683df1a45b4e670ebb46bdcb3176e83bb3fba4bccb30eed099015bfe86311f33ba1168d42f2dcc07755b3edba49e5a82d1d22ae7b6515217acf79328aa7c13c63f5a7e758fabd540e788f91eeec0c6c30bc573bab04400d5b00b50dac64668caf23998f4d769fa3915c4fbd7c39037262c184d922a4093f140337be25e78a1c24b6a2a12037f40e890425ec0580c1be4ca913b932a3b3366aff72e9239cdd3dd263fb26e1584ae758e88b2777df23b0854af7c0aba28bf8d687871a949d318e164d7178c14c5b145b15816fd1a686332204fba101aad2f0de8c2363952a3fb351d9ecbf94608b0f138dd48b566762f3b9164194f3e3680d5d9e7941abc617a6ccccd346e0276c1ee0d7709597eb83461aacfc4550216a10054b1402a05e11a860fb22fd2811a60f7b29c5be173cf09894bbdcef150556d4cecf13c95140742d351300fa9f33e75f5ad5182b310b657845159800679867bdb88256e55d8accc9174a1998ff2c0de861132878d37fdcfb1c97ad908289e3965d314be7fc911fd9d693cc943a9d58a77592c387696cbc2021b6c8d268408126034d8302f93fe5fd18d9768b1a1a8c2e11d57eab224dc73149d4947f3cd77dd2f3f85bf16db9a3fe68cfb9b52843eedd4d8e3ba513a72894e59f75390749d2802427dda300a07a5ff7a090af9067d6f62d822e4fd70ee2fdf548e5e6770981a754aa468b6f9654b34db9e1481870354a3b0c093120c4df98665b453161126201e76076b42115c9d5a684f1a17fc53bbad2a6cb6ddc26f10933cfe493995c8d9fef239251c369719684b20e6d879e5e2312ce259c4f18cffffe63b8f36a47dd4bfbbdf2c698eb4dfc0c242fddb55e194372245f0a0cbc1e77f8d185e64c0e19178876d310dbf563089c3314e0836f5a6afc011ef631d2394ce7093237f94fced366eed55e3f3a991025c9ae11dd15a49f9e82ef61ef05ac26a96015118f5a17d72ec6d31b1f98da6654d353e1e5cc7b0f3f33a5c83a613c16bfeda8dc69218302e0853c618cadc35d5b8840a5610b486b844a13e323c25eb6f91b69d343539e31f5a06b41dca43cc561f06fd73eb1f0ea8fefd1ce6a9346da0e457a8ceaa4690bc1c2269dce6252f5e5e7d4167dcc36bd2768d0485ab748fbda9226034c52b60a47061a60981bda42e3208f8904246b912dc3aee8c9365d3abcc6570240ff9babc19c1fc16266cf8cbcd1baa91ac656ce137c538ab21c315898f869800f2f7e1e9e86370f581e548f732bceadf7f20d84314e24ea4ddc8df7c4791229e5ea44192a0fca6046a60f7e5ff7f3d16bd0af19a87f1a0669a4b2ee25bdda05aa34d35d11f5783cfcabceb360b309143d9d4278fa573fa69aec83e6fdf273e66bd962c8407b2b92595a3b02aa7c71d379c1d90895a40ca5ce48cdf504145aa8e5f2214ba9174d1d1319bf77906f9673edcf71a007744b9d9f93d58699f66facaebc84f4d2dbe13f781e81afa9b80a92d0c971b69a0d674a44f70738855b20eb50404c5ae4f50bd0f8c507409c7b41c66b1358e38c6545e16f8b09df8bc916f68285cbb03b745f1e7f2de9aae49e1e7f727639d6b7cadd4096320f35e802032bcb8cd83e2e9a2084a08be1e7dd9a99e9453aea50c559f403364927984f67cf57fa7591fcb7c3afe853cf6312b9c2d6a9c8341d66e75fac198906a5fdd218fb5e19492caad79b45a2f1a790bf02559b9f63c388457170ff74f90b23c794f699551246a4caefdd681babfdf5202a12d2f755b6345ec95f715d749297220becb47b2338954ff76b024bd05768f3cea23627ce8a81cfde98792c12bf4068d7b57115de05a6a076ea8f6b366a0a3a59fdd8457919cbb42878a41b90b425418d429463c463cc523bd66ef3e8184452b0c5f081e6a8abd0a508e83fa3478bf05bf65e8529f9554e83f7a72295ac406bcffb9055a873605b900d32b9a1b5f7e7e06f2af913eb820ba8de58aba2f937e51dbc1870e7f249ff96fed28b3be987cc7a039de63c0b452156dfba8c1f109c0ac8cee0c38c5616bfb056bc791ea0fa2fe910d5279963efdf02f7110e80589362cf8cb21614600740172b2607cf22f039b76bd59abed1d216dba87057835d8aa6f3539491572fdad61914c7a5e829f5b9994c4cc8e1a9df6e5e83bfb8037400f72a0fbe105bc2424dbf01716be093359ea198b7d06c91e7a3b546c575c7e172a11be0c9bea3207ea0f7b6911a47ba51082ccde4441eebd20c3f541afd65dbb6dfce0f260e259d6c6206487c3d4cb60d58671b6ee68407e454e7e215fb4962cf1c5fe27a3c54aba96cb2df9546c67b22ea522fa84f022d684337714cbac83365a1affaf20bc295921c091018ada2aa21bd303e9778b1345d2ef4a2cfcb50432a1437bbd9f90984fed196acc12a0728e027c3dfb57359481642341f753ba7085beebdf78057add33a97a9d037b7408f8e7b64d2a87d92ecae25da47afc683b10addc451452ac5a922a760cfbbb6a0aae5da0ec2bb9f16e92c92a9c90d1b755b4cbf7c7fe6050d0f00b6ce0aad48bea971e30", 0x1000}, {&(0x7f0000001140)="dc769786d19d904b46303815247f43d281b93e4e76924a4bbbe70fbb90797b545ec0557fb6e7e6fc23d183cea7b2b0fc54a0a533a9b5ba0a19f900cfdc2bc727a4936cadd53dd08845c94a5a9cc0a9ff0700005c7b", 0x55}, {&(0x7f00000011c0)="11e28ba89cb96c1d1084831fb5c2047423acba0d0a58ce83a651158cde190cbeb9cdd6efd74f2f4345ec66f8ee7cde2780400b5f70ce27330c08e116d04f227dcd26312dc33861a964103f26ed372d94ddf66d65784a01364255df6c9a3a65f66c916f1aef03c4de8e094332fdee376028beaa07874ac378d43907fdcec3524bcc2ebb00b7d84e1523781361ada89872b4bdac73cb5ae98ff8637f52da8dcf956421bcc6f7b25c051978f78ecde03adef092d91420c417fc22b723760c884450f0c739603bb09a3c9c7e6ed75fbb311a50c4f0c0b92a", 0xd6}], 0x4, 0x0, 0x0, 0x40080}, 0x40) io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r1, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000001380)={0x0, 0x989680}) io_destroy(r1) [ 761.595436] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 761.610166] binder: 7388:7391 transaction failed 29189/-22, size 0-0 line 2856 [ 761.624506] binder: BC_ACQUIRE_RESULT not supported [ 761.633810] FAULT_INJECTION: forcing a failure. [ 761.633810] name failslab, interval 1, probability 0, space 0, times 0 2018/05/04 10:56:09 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:09 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) r1 = add_key(&(0x7f0000000000)='blacklist\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a, 0x1}, &(0x7f0000000080)="66eb540c6b34f73fdd2174485f5c1fce44dc82bc5d1f8936894d295afabcb86426e8495e1f931e6cfcbb3278b5f0ceb27ac21915a574090274fe4a329d54be7f39ea02e84d225a4dadef604c4dd0bd0d7e488232eea2fb540cb5b410624ec6126484552f3a754898e5e62df800b7fdcec6e91e924185e291d40a94552b38477e3e59649bd1fcd7114183fce6ed596a2cbe4d59024a0e17f5af8f49d90101d6c72cd5bacf9f1d5916f26db5d762872c7dd80518b05a3cd72f3ad7cd5b5f4808f93dc54174e8583f43d1041fc4e78a2e1a119b177f6321238888cde1184a6b1de31b", 0xe1, 0xfffffffffffffffe) r2 = add_key(&(0x7f0000000180)='user\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$unlink(0x9, r1, r2) io_destroy(r0) [ 761.645199] CPU: 1 PID: 7382 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 761.652407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 761.661775] Call Trace: [ 761.664389] dump_stack+0x1b9/0x294 [ 761.668040] ? dump_stack_print_info.cold.2+0x52/0x52 [ 761.673257] ? kernel_text_address+0x79/0xf0 [ 761.677688] ? __unwind_start+0x166/0x330 [ 761.681871] should_fail.cold.4+0xa/0x1a [ 761.685960] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 761.691124] ? graph_lock+0x170/0x170 2018/05/04 10:56:09 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40010000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 761.691817] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 761.694947] ? save_stack+0x43/0xd0 [ 761.694964] ? kasan_kmalloc+0xc4/0xe0 [ 761.694979] ? __kmalloc+0x14e/0x760 [ 761.694995] ? __list_lru_init+0xdd/0x790 [ 761.695013] ? find_held_lock+0x36/0x1c0 [ 761.695032] ? __lock_is_held+0xb5/0x140 [ 761.695058] ? check_same_owner+0x320/0x320 [ 761.695078] ? rcu_note_context_switch+0x710/0x710 [ 761.706194] binder: 7389:7395 ioctl c0306201 20000040 returned -22 [ 761.707276] __should_failslab+0x124/0x180 [ 761.707295] should_failslab+0x9/0x14 [ 761.707315] kmem_cache_alloc_node_trace+0x26f/0x770 [ 761.711424] binder: undelivered TRANSACTION_ERROR: 29189 [ 761.714896] ? mark_held_locks+0xc9/0x160 [ 761.714915] ? __raw_spin_lock_init+0x1c/0x100 [ 761.714936] __kmalloc_node+0x33/0x70 [ 761.714956] kvmalloc_node+0x6b/0x100 [ 761.736409] binder: 7388:7391 transaction failed 29189/-22, size 0-0 line 2856 [ 761.785066] __list_lru_init+0x559/0x790 [ 761.789149] ? list_lru_destroy+0x4c0/0x4c0 2018/05/04 10:56:09 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x500) 2018/05/04 10:56:09 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40046304}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:09 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800e], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 761.791747] binder: undelivered TRANSACTION_ERROR: 29189 [ 761.793477] ? mark_held_locks+0xc9/0x160 [ 761.793496] ? __raw_spin_lock_init+0x1c/0x100 [ 761.793513] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 761.793532] ? lockdep_init_map+0x9/0x10 [ 761.793552] sget_userns+0x767/0xf00 [ 761.793564] ? get_anon_bdev+0x2f0/0x2f0 [ 761.793585] ? destroy_unused_super.part.11+0x110/0x110 [ 761.829899] ? __alloc_pages_nodemask+0xacf/0xd70 [ 761.834763] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 761.839798] ? kasan_check_read+0x11/0x20 2018/05/04 10:56:09 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 761.843983] ? cap_capable+0x1f9/0x260 [ 761.847890] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 761.853440] ? security_capable+0x99/0xc0 [ 761.857610] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 761.863166] ? ns_capable_common+0x13f/0x170 [ 761.865447] binder: 7406:7407 transaction failed 29189/-22, size 0-0 line 2856 [ 761.867582] ? get_anon_bdev+0x2f0/0x2f0 [ 761.867598] sget+0x10b/0x150 [ 761.867617] ? fuse_get_root_inode+0x190/0x190 [ 761.867632] mount_nodev+0x33/0x110 [ 761.867646] fuse_mount+0x2c/0x40 [ 761.867661] mount_fs+0xae/0x328 [ 761.867680] vfs_kern_mount.part.34+0xd4/0x4d0 [ 761.901927] ? may_umount+0xb0/0xb0 [ 761.905574] ? _raw_read_unlock+0x22/0x30 [ 761.909737] ? __get_fs_type+0x97/0xc0 [ 761.913644] do_mount+0x564/0x3070 [ 761.917202] ? do_raw_spin_unlock+0x9e/0x2e0 [ 761.919888] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 761.921627] ? copy_mount_string+0x40/0x40 [ 761.921644] ? rcu_pm_notify+0xc0/0xc0 [ 761.921667] ? copy_mount_options+0x5f/0x380 2018/05/04 10:56:10 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe80], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 761.921682] ? rcu_read_lock_sched_held+0x108/0x120 [ 761.921700] ? kmem_cache_alloc_trace+0x616/0x780 [ 761.921721] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 761.921741] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 761.934654] binder: undelivered TRANSACTION_ERROR: 29189 [ 761.938403] ? copy_mount_options+0x285/0x380 [ 761.938422] ksys_mount+0x12d/0x140 [ 761.938441] __x64_sys_mount+0xbe/0x150 [ 761.938457] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 761.938477] do_syscall_64+0x1b1/0x800 [ 761.938491] ? finish_task_switch+0x1ca/0x810 2018/05/04 10:56:10 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000f2f], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 761.938506] ? syscall_return_slowpath+0x5c0/0x5c0 [ 761.938520] ? syscall_return_slowpath+0x30f/0x5c0 [ 761.938540] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 761.951653] binder: 7408:7413 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 761.952794] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 761.952822] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 761.952834] RIP: 0033:0x455979 [ 761.952842] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 761.952858] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 2018/05/04 10:56:10 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffff000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 761.952866] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 761.952879] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 761.958455] binder: 7408:7413 unknown command 0 [ 761.963922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 761.963930] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 761.985794] binder: 7406:7407 transaction failed 29189/-22, size 0-0 line 2856 [ 762.050971] binder: 7408:7413 ioctl c0306201 20000040 returned -22 [ 762.111243] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:56:10 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:10 executing program 2 (fault-call:3 fault-nth:28): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:10 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x1000000]}]}) 2018/05/04 10:56:10 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x60) 2018/05/04 10:56:10 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffe1d1], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:10 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:10 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40106308}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:10 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000fa5ff0)={0x0, 0xfffffffffffff000}) io_destroy(r0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/conn_reuse_mode\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000040), &(0x7f0000000080)=0x4) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00') sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x18a7f2f45f681019}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xc4, r2, 0x300, 0x70bd27, 0x25dfdbfd, {0xf}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xfff}, @IPVS_CMD_ATTR_DEST={0x50, 0x2, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x2}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14, 0x19}}}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e23}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x1}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x9}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x81}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}, @IPVS_CMD_ATTR_DAEMON={0x48, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x6}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x3}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0xffffffffffffff78}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'gretap0\x00'}]}]}, 0xc4}, 0x1, 0x0, 0x0, 0x4040000}, 0x80) 2018/05/04 10:56:10 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) [ 762.690065] binder: 7429:7432 transaction failed 29189/-22, size 0-0 line 2856 [ 762.711190] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 762.723501] binder: 7435:7440 BC_INCREFS_DONE u0000000000000000 no match [ 762.737415] binder: undelivered TRANSACTION_ERROR: 29189 [ 762.755576] FAULT_INJECTION: forcing a failure. [ 762.755576] name failslab, interval 1, probability 0, space 0, times 0 [ 762.760453] binder: 7429:7432 transaction failed 29189/-22, size 0-0 line 2856 [ 762.766943] CPU: 0 PID: 7441 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 762.781504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 762.790955] Call Trace: [ 762.793568] dump_stack+0x1b9/0x294 [ 762.797230] ? dump_stack_print_info.cold.2+0x52/0x52 [ 762.802463] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 762.807679] should_fail.cold.4+0xa/0x1a [ 762.811764] ? is_bpf_text_address+0xd7/0x170 [ 762.816285] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 762.821404] ? unwind_get_return_address+0x61/0xa0 [ 762.826355] ? __save_stack_trace+0x7e/0xd0 [ 762.830691] ? graph_lock+0x170/0x170 [ 762.834523] ? find_held_lock+0x36/0x1c0 [ 762.838614] ? __lock_is_held+0xb5/0x140 [ 762.840271] binder: undelivered TRANSACTION_ERROR: 29189 [ 762.842702] ? check_same_owner+0x320/0x320 [ 762.842725] ? rcu_note_context_switch+0x710/0x710 [ 762.842747] __should_failslab+0x124/0x180 [ 762.842770] should_failslab+0x9/0x14 [ 762.865473] kmem_cache_alloc_trace+0x2cb/0x780 [ 762.870166] ? __kmalloc_node+0x33/0x70 [ 762.874162] ? __kmalloc_node+0x33/0x70 [ 762.878155] ? rcu_read_lock_sched_held+0x108/0x120 [ 762.883196] __memcg_init_list_lru_node+0x17d/0x2c0 [ 762.888241] ? kvfree_rcu+0x20/0x20 [ 762.891890] ? __kmalloc_node+0x47/0x70 [ 762.893614] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 762.895887] __list_lru_init+0x456/0x790 [ 762.895906] ? list_lru_destroy+0x4c0/0x4c0 [ 762.895923] ? mark_held_locks+0xc9/0x160 [ 762.895941] ? __raw_spin_lock_init+0x1c/0x100 [ 762.895956] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 762.895976] ? lockdep_init_map+0x9/0x10 [ 762.895992] sget_userns+0x767/0xf00 [ 762.896010] ? get_anon_bdev+0x2f0/0x2f0 2018/05/04 10:56:10 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x6800000000000000) 2018/05/04 10:56:10 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:10 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486352}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:10 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f0f002000000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:11 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 762.914756] binder: 7453:7454 transaction failed 29189/-22, size 0-0 line 2856 [ 762.917193] ? destroy_unused_super.part.11+0x110/0x110 [ 762.917210] ? __alloc_pages_nodemask+0xacf/0xd70 [ 762.917235] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 762.917257] ? kasan_check_read+0x11/0x20 [ 762.917275] ? cap_capable+0x1f9/0x260 [ 762.917294] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 762.917313] ? security_capable+0x99/0xc0 [ 762.923495] binder: undelivered TRANSACTION_ERROR: 29189 [ 762.926900] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 2018/05/04 10:56:11 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x6000) [ 762.926917] ? ns_capable_common+0x13f/0x170 [ 762.926934] ? get_anon_bdev+0x2f0/0x2f0 [ 762.926948] sget+0x10b/0x150 [ 762.926968] ? fuse_get_root_inode+0x190/0x190 [ 762.926983] mount_nodev+0x33/0x110 [ 762.926999] fuse_mount+0x2c/0x40 [ 762.927016] mount_fs+0xae/0x328 [ 762.927035] vfs_kern_mount.part.34+0xd4/0x4d0 [ 762.927052] ? may_umount+0xb0/0xb0 [ 762.944915] binder: 7453:7454 transaction failed 29189/-22, size 0-0 line 2856 [ 762.946222] ? _raw_read_unlock+0x22/0x30 [ 762.946243] ? __get_fs_type+0x97/0xc0 [ 762.946263] do_mount+0x564/0x3070 [ 762.946281] ? do_raw_spin_unlock+0x9e/0x2e0 [ 762.946300] ? copy_mount_string+0x40/0x40 [ 762.946315] ? rcu_pm_notify+0xc0/0xc0 [ 762.946336] ? copy_mount_options+0x5f/0x380 [ 762.982903] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 762.984765] ? rcu_read_lock_sched_held+0x108/0x120 [ 762.984784] ? kmem_cache_alloc_trace+0x616/0x780 [ 762.984805] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 762.984827] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 762.984843] ? copy_mount_options+0x285/0x380 [ 762.984863] ksys_mount+0x12d/0x140 [ 762.984878] __x64_sys_mount+0xbe/0x150 [ 762.984897] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 762.998805] binder: undelivered TRANSACTION_ERROR: 29189 [ 762.998880] do_syscall_64+0x1b1/0x800 [ 763.031321] binder: 7458:7459 transaction failed 29189/-22, size 0-0 line 2856 [ 763.032476] ? finish_task_switch+0x1ca/0x810 [ 763.032496] ? syscall_return_slowpath+0x5c0/0x5c0 [ 763.032514] ? syscall_return_slowpath+0x30f/0x5c0 [ 763.032535] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 763.032555] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 763.032572] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 763.032587] RIP: 0033:0x455979 [ 763.042223] binder: undelivered TRANSACTION_ERROR: 29189 [ 763.044134] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 763.044152] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 763.044161] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 763.044170] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 763.044179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 763.044187] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 763.077279] binder: 7450:7461 unknown command 1078485842 [ 763.103392] binder: 7458:7459 transaction failed 29189/-22, size 0-0 line 2856 [ 763.103757] binder: 7450:7461 ioctl c0306201 20000040 returned -22 [ 763.141718] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:56:11 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:11 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0xfdfdffff00000000]}]}) 2018/05/04 10:56:11 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:11 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x630d}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:11 executing program 2 (fault-call:3 fault-nth:29): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:11 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x7a) 2018/05/04 10:56:11 executing program 4: mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:11 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x2e0, 0x0) recvmsg$netrom(r0, &(0x7f0000001300)={&(0x7f0000000040)=@full={{0x3, {"a5937baa89d813"}, 0xfffffffffffffff7}, [{"2d349e9b0a8a12"}, {"fc68bc4481b1b5"}, {"22d17eb9c79298"}, {"0d7ce13f03d04f"}, {"9fa42fe21f2b04"}, {"c47c74aef467e2"}, {"dcf7b64668edf2"}, {"b2eb5429982d3e"}]}, 0x48, &(0x7f00000012c0)=[{&(0x7f00000000c0)="fef9e3b243368821907558680277699d393bcdf3cb7abb90dfe16d74418ebff331b73013b62414dd2e56122ecd91104539c0838e2904ea6946c7d058ddee6fd729c9a33f654c9654a0c940f56c45e045", 0x50}, {&(0x7f0000000140)="276651083f739589a451c50646546d26a7ecad0b4b46e7a022aff745e9f0e8373594c82c85dcbccfdee1e633b1d852d7e66f87b873fb4f4e8dac6e840b379a2889ee2cef8dd1cb7e7b6587f215cd41a96eaa5a9bcccdd6fc672a7cb603870313263663c41cc7b3f9afc6be73faf90b92149944ac4b9a27946c216ae512e000cb3fe2cabf9e1643bfe0fac1b01d25a87389a5990290da0fc18f58d119481c14925f95fe2da321232f9e206f91e40846e61a8dbb0a5ecb2c93fd8646b196a610940e3d100242f7eb4d745709f43840edb1d4ff035c7920a1a5ad21b0d8882df8166f2e511378341f67417e1b4481b7435c571156daff66a1236838a0cd2ed786e1b8b15c771ffb5b44389f79500117eca39a51a72eb50ead59e987c842748b5ec00e9b4558a48041e283e52e342e9313361156c77e7336677380e9b3f71594cbc33348c519d737c674f5407218796206e726c36fbb91f105feb1c562619fa29a2017d8a749a1c34b2e54b095803ef7f8098bf20a8074f153bee423921d369c48a215850e0e7c6f123dcb3eabe3993c1873eb59035c560e65137bb5e304dc03c9cfa77b8533812d722b808feef8b8eeaf8f3ce86d129d21ecbb57c91da5cb123ce4822518ced4563128fcbacbc7624c37b308310f8fbb098a8466cf821671197ff1812306f19819c5d087cd4db5e39a70bd93e4dd457b5a8190ec1e76d18ae9a53604acca09c6548f3951a790171e2cd06994fce8e598b071b4ac3a16e3ee3a52b99665cc63bf95ef1bcd2a158835a6438fd4c4c05a35d3d6531051763e79685396c53b5ab1e7bafe37cc5dd822ce3f5d6e0399945c6e770007696185535e47152e4e77ccaf2f267baa4f77cba9b60cc8410dc4e3f28f88646dde4bf67e70272e2d9d531f8f5d31c031a0ca5743f688732e119d3d810accbd9fe939c3b61a3465a1621849902d228ce07902a7f8d11eac387a01165100572ad955fd45f280bc02d6c6a0ad89d9501b9c82163d179fd6a5507dc6d16469fbea9e4a67a0dda763177696d3f0aea5ffc96b7e287f9f3c198d09961a2597cca8da542858e796d1f82cd052921180669f8a1fb15baf5bd9d0d0bfc4c0b629d4f2e88dc0975927bd2ec0dfa7a4fe2add84fde50cb62e4f23dcec26b99ac14684603a9d3d7e039eb52ebdb2bd25d8388e553a18d22b95f8f6bdc4aba71c155a1889de67706d2b06fa5520161f6010b457c9bc38a6e3b2876a4aeaaf80f5a681bddd7f653118b9403415cdd6dc521c8873d06be7530c7f2411835d408365d292c6c4a5401b53c26cd8c14ca777d7b714b8d040b2df5c523c19211b8b64d2d4da8233213ea6dc63479a6c3fc310224ab8154c857e8aea7d84e979c58dc9d021227a2d0fffc0143373b4e778bad68bd44ed37b39b5dcf54a391abfd703cf992f47bd0a134420622c5ca305e934841b4da7c43ed35be316519f85818769b9bfa4afa2535ae1e9ce017b6d16b552e4dc8f8b7f051be4478b5fbb74f5e1c910b633ba34670864b48ecd9f69a3cd6d4abf8b5a5f4930c26b8a33e73926ec50969a6a549310e6263648fd20e29bf4c9587225dcaea7c22f0e00844932cbbeb5120745a864c97d6872bdc6a1c1bd0481154d596517adf84d8f47a1efe678a4a19b9dac525c49247c39ca4bf98c651a237bde17b94dc4fb719ef37691ab363050400b33258bb9d7aa1465afb0842e4f690231810401fddd71b57185195363ad4c88f414da4179ba63ca8068eeab18a663e1e8607e533a5eb0ca17582afc27158a58130dde1a901a23efa0ac656d7f60391c182a5d6a4aeb8c46c85afe7b503e63369a6d4effee1828582909d25b87574e0a66497d00bdefddf726e6a05112673218b540f88769a3654be868061f8b6b789c0165d9bafdd2868c342e09b9f6ac6488705658023a9d591b522004df66f63fe2a81ad1f31e2f9782e6a3d6f1b25ab8890f9bf9cf973582c768284178f3ab66591132232c62af891ea10cea7dade3bd1bd693ddc5514b35cb93e5561da32a62c674d63ba89662f7a7cfc242b65111c13f91392f432c2b6cdec9f971e6cc4c50b050c08bee47f17e8dc7ec19fb6fdecf5fa9b23fe181620f896eb2ba2f20398a9fa47d88abac610d7049a57a7209582ac8b37b2642f97b7a048d8330ec48cf8c610f27c6af5b43fa7f41dcc586890ac50cf0f3ac918b889268aa0ff56aba144e858153839b846da213d6aef24b2115211f2b88c3aa0fbdb0f22b9a9a87cacd3dbeed041373c01f805a952183c6f68f3b11cc4922e4cd42f3e9b891d10fa22b3080d6171b97d695816f6df1a68567cfb0ff8757bd254e001966836111eca6053f94189a1affea7b7d0d26239c375abcbc1c8dcc668a34c66318eb41758d4b1b2e7da731f326f614b6c0fe7a1f7d0af4c1fd31c86a4b8fbd9840a5f0a4ddaa1a6933656de7d7055c3a6d62132c3ca5815f58f6f925546cb0643b5368add600f0f31db80ec9ecdacef2562a5d9932d3c2d5284cf7d9d1d0289bd7bc4332e08c2dd409df6dc9eb3e6a196d7b1e2f671c980f989534b37f8705585f2ef261f4d6f30df78df5f4aa6ffc3e04edc4635818069c429a5b94fd55e837237cc4590bf284f7097fa9dcfe09c087c74a5597c29d542650cccc1ea48ee30e2007fb8f02272fab543c29b36ccf5988bb43b60c224d0662cbed251609affeedaa793f4d2dddb5da164805577a152bf7404c24b32453d91ef5d4112184a34fc665762d4228a2d259bd826686645dbb539846f5fa6c39afa39ed4ff332dc44f3008e1035a857449d76a1803bc887b26407fe47be1573863a478cf5e3c7f0c8823a295a48b1fe70bdb718a19268703f6cf05473ee65bbabe0bcab095d41b38109a863c817b3d5d368849fe88a07034c7d06a99fef983f14e6c65420fb0f517aa49e367ec05fbb36d4960592023fb7105931f4b47edd0d2a652b6a9cdd6750d7e86adb6a7f38492a2a541bf2207405e625981c9f63663631d4cab84a6ecd57984c5154b7b41df9129b63577937b79e7896250fdcc82190ded3c9c47e9ba3ff562c233cb3921c6369b8ce41e71c09b775212c4596c8b6e43fed4059f0cb06737c51d23dae6ab7ef291970bf9e885e2a324aa5c87faf339b7dee42507a44a53a651a40b2a17059c986a2f79b5ef9609c346bf9dfa8789c15524495ec2d5280a88958cc3e0f568885c77f7bc13ea5e26fa89964ac631dbe6dba328683df1a45b4e670ebb46bdcb3176e83bb3fba4bccb30eed099015bfe86311f33ba1168d42f2dcc07755b3edba49e5a82d1d22ae7b6515217acf79328aa7c13c63f5a7e758fabd540e788f91eeec0c6c30bc573bab04400d5b00b50dac64668caf23998f4d769fa3915c4fbd7c39037262c184d922a4093f140337be25e78a1c24b6a2a12037f40e890425ec0580c1be4ca913b932a3b3366aff72e9239cdd3dd263fb26e1584ae758e88b2777df23b0854af7c0aba28bf8d687871a949d318e164d7178c14c5b145b15816fd1a686332204fba101aad2f0de8c2363952a3fb351d9ecbf94608b0f138dd48b566762f3b9164194f3e3680d5d9e7941abc617a6ccccd346e0276c1ee0d7709597eb83461aacfc4550216a10054b1402a05e11a860fb22fd2811a60f7b29c5be173cf09894bbdcef150556d4cecf13c95140742d351300fa9f33e75f5ad5182b310b657845159800679867bdb88256e55d8accc9174a1998ff2c0de861132878d37fdcfb1c97ad908289e3965d314be7fc911fd9d693cc943a9d58a77592c387696cbc2021b6c8d268408126034d8302f93fe5fd18d9768b1a1a8c2e11d57eab224dc73149d4947f3cd77dd2f3f85bf16db9a3fe68cfb9b52843eedd4d8e3ba513a72894e59f75390749d2802427dda300a07a5ff7a090af9067d6f62d822e4fd70ee2fdf548e5e6770981a754aa468b6f9654b34db9e1481870354a3b0c093120c4df98665b453161126201e76076b42115c9d5a684f1a17fc53bbad2a6cb6ddc26f10933cfe493995c8d9fef239251c369719684b20e6d879e5e2312ce259c4f18cffffe63b8f36a47dd4bfbbdf2c698eb4dfc0c242fddb55e194372245f0a0cbc1e77f8d185e64c0e19178876d310dbf563089c3314e0836f5a6afc011ef631d2394ce7093237f94fced366eed55e3f3a991025c9ae11dd15a49f9e82ef61ef05ac26a96015118f5a17d72ec6d31b1f98da6654d353e1e5cc7b0f3f33a5c83a613c16bfeda8dc69218302e0853c618cadc35d5b8840a5610b486b844a13e323c25eb6f91b69d343539e31f5a06b41dca43cc561f06fd73eb1f0ea8fefd1ce6a9346da0e457a8ceaa4690bc1c2269dce6252f5e5e7d4167dcc36bd2768d0485ab748fbda9226034c52b60a47061a60981bda42e3208f8904246b912dc3aee8c9365d3abcc6570240ff9babc19c1fc16266cf8cbcd1baa91ac656ce137c538ab21c315898f869800f2f7e1e9e86370f581e548f732bceadf7f20d84314e24ea4ddc8df7c4791229e5ea44192a0fca6046a60f7e5ff7f3d16bd0af19a87f1a0669a4b2ee25bdda05aa34d35d11f5783cfcabceb360b309143d9d4278fa573fa69aec83e6fdf273e66bd962c8407b2b92595a3b02aa7c71d379c1d90895a40ca5ce48cdf504145aa8e5f2214ba9174d1d1319bf77906f9673edcf71a007744b9d9f93d58699f66facaebc84f4d2dbe13f781e81afa9b80a92d0c971b69a0d674a44f70738855b20eb50404c5ae4f50bd0f8c507409c7b41c66b1358e38c6545e16f8b09df8bc916f68285cbb03b745f1e7f2de9aae49e1e7f727639d6b7cadd4096320f35e802032bcb8cd83e2e9a2084a08be1e7dd9a99e9453aea50c559f403364927984f67cf57fa7591fcb7c3afe853cf6312b9c2d6a9c8341d66e75fac198906a5fdd218fb5e19492caad79b45a2f1a790bf02559b9f63c388457170ff74f90b23c794f699551246a4caefdd681babfdf5202a12d2f755b6345ec95f715d749297220becb47b2338954ff76b024bd05768f3cea23627ce8a81cfde98792c12bf4068d7b57115de05a6a076ea8f6b366a0a3a59fdd8457919cbb42878a41b90b425418d429463c463cc523bd66ef3e8184452b0c5f081e6a8abd0a508e83fa3478bf05bf65e8529f9554e83f7a72295ac406bcffb9055a873605b900d32b9a1b5f7e7e06f2af913eb820ba8de58aba2f937e51dbc1870e7f249ff96fed28b3be987cc7a039de63c0b452156dfba8c1f109c0ac8cee0c38c5616bfb056bc791ea0fa2fe910d5279963efdf02f7110e80589362cf8cb21614600740172b2607cf22f039b76bd59abed1d216dba87057835d8aa6f3539491572fdad61914c7a5e829f5b9994c4cc8e1a9df6e5e83bfb8037400f72a0fbe105bc2424dbf01716be093359ea198b7d06c91e7a3b546c575c7e172a11be0c9bea3207ea0f7b6911a47ba51082ccde4441eebd20c3f541afd65dbb6dfce0f260e259d6c6206487c3d4cb60d58671b6ee68407e454e7e215fb4962cf1c5fe27a3c54aba96cb2df9546c67b22ea522fa84f022d684337714cbac83365a1affaf20bc295921c091018ada2aa21bd303e9778b1345d2ef4a2cfcb50432a1437bbd9f90984fed196acc12a0728e027c3dfb57359481642341f753ba7085beebdf78057add33a97a9d037b7408f8e7b64d2a87d92ecae25da47afc683b10addc451452ac5a922a760cfbbb6a0aae5da0ec2bb9f16e92c92a9c90d1b755b4cbf7c7fe6050d0f00b6ce0aad48bea971e30", 0x1000}, {&(0x7f0000001140)="dc769786d19d904b46303815247f43d281b93e4e76924a4bbbe70fbb90797b545ec0557fb6e7e6fc23d183cea7b2b0fc54a0a533a9b5ba0a19f900cfdc2bc727a4936cadd53dd08845c94a5a9cc0a9ff0700005c7b", 0x55}, {&(0x7f00000011c0)="11e28ba89cb96c1d1084831fb5c2047423acba0d0a58ce83a651158cde190cbeb9cdd6efd74f2f4345ec66f8ee7cde2780400b5f70ce27330c08e116d04f227dcd26312dc33861a964103f26ed372d94ddf66d65784a01364255df6c9a3a65f66c916f1aef03c4de8e094332fdee376028beaa07874ac378d43907fdcec3524bcc2ebb00b7d84e1523781361ada89872b4bdac73cb5ae98ff8637f52da8dcf956421bcc6f7b25c051978f78ecde03adef092d91420c417fc22b723760c884450f0c739603bb09a3c9c7e6ed75fbb311a50c4f0c0b92a", 0xd6}], 0x4, 0x0, 0x0, 0x40080}, 0x40) io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r1, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000001380)={0x0, 0x989680}) io_destroy(r1) 2018/05/04 10:56:11 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001000000000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:11 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x2e0, 0x0) recvmsg$netrom(r0, &(0x7f0000001300)={&(0x7f0000000040)=@full={{0x3, {"a5937baa89d813"}, 0xfffffffffffffff7}, [{"2d349e9b0a8a12"}, {"fc68bc4481b1b5"}, {"22d17eb9c79298"}, {"0d7ce13f03d04f"}, {"9fa42fe21f2b04"}, {"c47c74aef467e2"}, {"dcf7b64668edf2"}, {"b2eb5429982d3e"}]}, 0x48, &(0x7f00000012c0)=[{&(0x7f00000000c0)="fef9e3b243368821907558680277699d393bcdf3cb7abb90dfe16d74418ebff331b73013b62414dd2e56122ecd91104539c0838e2904ea6946c7d058ddee6fd729c9a33f654c9654a0c940f56c45e045", 0x50}, {&(0x7f0000000140)="276651083f739589a451c50646546d26a7ecad0b4b46e7a022aff745e9f0e8373594c82c85dcbccfdee1e633b1d852d7e66f87b873fb4f4e8dac6e840b379a2889ee2cef8dd1cb7e7b6587f215cd41a96eaa5a9bcccdd6fc672a7cb603870313263663c41cc7b3f9afc6be73faf90b92149944ac4b9a27946c216ae512e000cb3fe2cabf9e1643bfe0fac1b01d25a87389a5990290da0fc18f58d119481c14925f95fe2da321232f9e206f91e40846e61a8dbb0a5ecb2c93fd8646b196a610940e3d100242f7eb4d745709f43840edb1d4ff035c7920a1a5ad21b0d8882df8166f2e511378341f67417e1b4481b7435c571156daff66a1236838a0cd2ed786e1b8b15c771ffb5b44389f79500117eca39a51a72eb50ead59e987c842748b5ec00e9b4558a48041e283e52e342e9313361156c77e7336677380e9b3f71594cbc33348c519d737c674f5407218796206e726c36fbb91f105feb1c562619fa29a2017d8a749a1c34b2e54b095803ef7f8098bf20a8074f153bee423921d369c48a215850e0e7c6f123dcb3eabe3993c1873eb59035c560e65137bb5e304dc03c9cfa77b8533812d722b808feef8b8eeaf8f3ce86d129d21ecbb57c91da5cb123ce4822518ced4563128fcbacbc7624c37b308310f8fbb098a8466cf821671197ff1812306f19819c5d087cd4db5e39a70bd93e4dd457b5a8190ec1e76d18ae9a53604acca09c6548f3951a790171e2cd06994fce8e598b071b4ac3a16e3ee3a52b99665cc63bf95ef1bcd2a158835a6438fd4c4c05a35d3d6531051763e79685396c53b5ab1e7bafe37cc5dd822ce3f5d6e0399945c6e770007696185535e47152e4e77ccaf2f267baa4f77cba9b60cc8410dc4e3f28f88646dde4bf67e70272e2d9d531f8f5d31c031a0ca5743f688732e119d3d810accbd9fe939c3b61a3465a1621849902d228ce07902a7f8d11eac387a01165100572ad955fd45f280bc02d6c6a0ad89d9501b9c82163d179fd6a5507dc6d16469fbea9e4a67a0dda763177696d3f0aea5ffc96b7e287f9f3c198d09961a2597cca8da542858e796d1f82cd052921180669f8a1fb15baf5bd9d0d0bfc4c0b629d4f2e88dc0975927bd2ec0dfa7a4fe2add84fde50cb62e4f23dcec26b99ac14684603a9d3d7e039eb52ebdb2bd25d8388e553a18d22b95f8f6bdc4aba71c155a1889de67706d2b06fa5520161f6010b457c9bc38a6e3b2876a4aeaaf80f5a681bddd7f653118b9403415cdd6dc521c8873d06be7530c7f2411835d408365d292c6c4a5401b53c26cd8c14ca777d7b714b8d040b2df5c523c19211b8b64d2d4da8233213ea6dc63479a6c3fc310224ab8154c857e8aea7d84e979c58dc9d021227a2d0fffc0143373b4e778bad68bd44ed37b39b5dcf54a391abfd703cf992f47bd0a134420622c5ca305e934841b4da7c43ed35be316519f85818769b9bfa4afa2535ae1e9ce017b6d16b552e4dc8f8b7f051be4478b5fbb74f5e1c910b633ba34670864b48ecd9f69a3cd6d4abf8b5a5f4930c26b8a33e73926ec50969a6a549310e6263648fd20e29bf4c9587225dcaea7c22f0e00844932cbbeb5120745a864c97d6872bdc6a1c1bd0481154d596517adf84d8f47a1efe678a4a19b9dac525c49247c39ca4bf98c651a237bde17b94dc4fb719ef37691ab363050400b33258bb9d7aa1465afb0842e4f690231810401fddd71b57185195363ad4c88f414da4179ba63ca8068eeab18a663e1e8607e533a5eb0ca17582afc27158a58130dde1a901a23efa0ac656d7f60391c182a5d6a4aeb8c46c85afe7b503e63369a6d4effee1828582909d25b87574e0a66497d00bdefddf726e6a05112673218b540f88769a3654be868061f8b6b789c0165d9bafdd2868c342e09b9f6ac6488705658023a9d591b522004df66f63fe2a81ad1f31e2f9782e6a3d6f1b25ab8890f9bf9cf973582c768284178f3ab66591132232c62af891ea10cea7dade3bd1bd693ddc5514b35cb93e5561da32a62c674d63ba89662f7a7cfc242b65111c13f91392f432c2b6cdec9f971e6cc4c50b050c08bee47f17e8dc7ec19fb6fdecf5fa9b23fe181620f896eb2ba2f20398a9fa47d88abac610d7049a57a7209582ac8b37b2642f97b7a048d8330ec48cf8c610f27c6af5b43fa7f41dcc586890ac50cf0f3ac918b889268aa0ff56aba144e858153839b846da213d6aef24b2115211f2b88c3aa0fbdb0f22b9a9a87cacd3dbeed041373c01f805a952183c6f68f3b11cc4922e4cd42f3e9b891d10fa22b3080d6171b97d695816f6df1a68567cfb0ff8757bd254e001966836111eca6053f94189a1affea7b7d0d26239c375abcbc1c8dcc668a34c66318eb41758d4b1b2e7da731f326f614b6c0fe7a1f7d0af4c1fd31c86a4b8fbd9840a5f0a4ddaa1a6933656de7d7055c3a6d62132c3ca5815f58f6f925546cb0643b5368add600f0f31db80ec9ecdacef2562a5d9932d3c2d5284cf7d9d1d0289bd7bc4332e08c2dd409df6dc9eb3e6a196d7b1e2f671c980f989534b37f8705585f2ef261f4d6f30df78df5f4aa6ffc3e04edc4635818069c429a5b94fd55e837237cc4590bf284f7097fa9dcfe09c087c74a5597c29d542650cccc1ea48ee30e2007fb8f02272fab543c29b36ccf5988bb43b60c224d0662cbed251609affeedaa793f4d2dddb5da164805577a152bf7404c24b32453d91ef5d4112184a34fc665762d4228a2d259bd826686645dbb539846f5fa6c39afa39ed4ff332dc44f3008e1035a857449d76a1803bc887b26407fe47be1573863a478cf5e3c7f0c8823a295a48b1fe70bdb718a19268703f6cf05473ee65bbabe0bcab095d41b38109a863c817b3d5d368849fe88a07034c7d06a99fef983f14e6c65420fb0f517aa49e367ec05fbb36d4960592023fb7105931f4b47edd0d2a652b6a9cdd6750d7e86adb6a7f38492a2a541bf2207405e625981c9f63663631d4cab84a6ecd57984c5154b7b41df9129b63577937b79e7896250fdcc82190ded3c9c47e9ba3ff562c233cb3921c6369b8ce41e71c09b775212c4596c8b6e43fed4059f0cb06737c51d23dae6ab7ef291970bf9e885e2a324aa5c87faf339b7dee42507a44a53a651a40b2a17059c986a2f79b5ef9609c346bf9dfa8789c15524495ec2d5280a88958cc3e0f568885c77f7bc13ea5e26fa89964ac631dbe6dba328683df1a45b4e670ebb46bdcb3176e83bb3fba4bccb30eed099015bfe86311f33ba1168d42f2dcc07755b3edba49e5a82d1d22ae7b6515217acf79328aa7c13c63f5a7e758fabd540e788f91eeec0c6c30bc573bab04400d5b00b50dac64668caf23998f4d769fa3915c4fbd7c39037262c184d922a4093f140337be25e78a1c24b6a2a12037f40e890425ec0580c1be4ca913b932a3b3366aff72e9239cdd3dd263fb26e1584ae758e88b2777df23b0854af7c0aba28bf8d687871a949d318e164d7178c14c5b145b15816fd1a686332204fba101aad2f0de8c2363952a3fb351d9ecbf94608b0f138dd48b566762f3b9164194f3e3680d5d9e7941abc617a6ccccd346e0276c1ee0d7709597eb83461aacfc4550216a10054b1402a05e11a860fb22fd2811a60f7b29c5be173cf09894bbdcef150556d4cecf13c95140742d351300fa9f33e75f5ad5182b310b657845159800679867bdb88256e55d8accc9174a1998ff2c0de861132878d37fdcfb1c97ad908289e3965d314be7fc911fd9d693cc943a9d58a77592c387696cbc2021b6c8d268408126034d8302f93fe5fd18d9768b1a1a8c2e11d57eab224dc73149d4947f3cd77dd2f3f85bf16db9a3fe68cfb9b52843eedd4d8e3ba513a72894e59f75390749d2802427dda300a07a5ff7a090af9067d6f62d822e4fd70ee2fdf548e5e6770981a754aa468b6f9654b34db9e1481870354a3b0c093120c4df98665b453161126201e76076b42115c9d5a684f1a17fc53bbad2a6cb6ddc26f10933cfe493995c8d9fef239251c369719684b20e6d879e5e2312ce259c4f18cffffe63b8f36a47dd4bfbbdf2c698eb4dfc0c242fddb55e194372245f0a0cbc1e77f8d185e64c0e19178876d310dbf563089c3314e0836f5a6afc011ef631d2394ce7093237f94fced366eed55e3f3a991025c9ae11dd15a49f9e82ef61ef05ac26a96015118f5a17d72ec6d31b1f98da6654d353e1e5cc7b0f3f33a5c83a613c16bfeda8dc69218302e0853c618cadc35d5b8840a5610b486b844a13e323c25eb6f91b69d343539e31f5a06b41dca43cc561f06fd73eb1f0ea8fefd1ce6a9346da0e457a8ceaa4690bc1c2269dce6252f5e5e7d4167dcc36bd2768d0485ab748fbda9226034c52b60a47061a60981bda42e3208f8904246b912dc3aee8c9365d3abcc6570240ff9babc19c1fc16266cf8cbcd1baa91ac656ce137c538ab21c315898f869800f2f7e1e9e86370f581e548f732bceadf7f20d84314e24ea4ddc8df7c4791229e5ea44192a0fca6046a60f7e5ff7f3d16bd0af19a87f1a0669a4b2ee25bdda05aa34d35d11f5783cfcabceb360b309143d9d4278fa573fa69aec83e6fdf273e66bd962c8407b2b92595a3b02aa7c71d379c1d90895a40ca5ce48cdf504145aa8e5f2214ba9174d1d1319bf77906f9673edcf71a007744b9d9f93d58699f66facaebc84f4d2dbe13f781e81afa9b80a92d0c971b69a0d674a44f70738855b20eb50404c5ae4f50bd0f8c507409c7b41c66b1358e38c6545e16f8b09df8bc916f68285cbb03b745f1e7f2de9aae49e1e7f727639d6b7cadd4096320f35e802032bcb8cd83e2e9a2084a08be1e7dd9a99e9453aea50c559f403364927984f67cf57fa7591fcb7c3afe853cf6312b9c2d6a9c8341d66e75fac198906a5fdd218fb5e19492caad79b45a2f1a790bf02559b9f63c388457170ff74f90b23c794f699551246a4caefdd681babfdf5202a12d2f755b6345ec95f715d749297220becb47b2338954ff76b024bd05768f3cea23627ce8a81cfde98792c12bf4068d7b57115de05a6a076ea8f6b366a0a3a59fdd8457919cbb42878a41b90b425418d429463c463cc523bd66ef3e8184452b0c5f081e6a8abd0a508e83fa3478bf05bf65e8529f9554e83f7a72295ac406bcffb9055a873605b900d32b9a1b5f7e7e06f2af913eb820ba8de58aba2f937e51dbc1870e7f249ff96fed28b3be987cc7a039de63c0b452156dfba8c1f109c0ac8cee0c38c5616bfb056bc791ea0fa2fe910d5279963efdf02f7110e80589362cf8cb21614600740172b2607cf22f039b76bd59abed1d216dba87057835d8aa6f3539491572fdad61914c7a5e829f5b9994c4cc8e1a9df6e5e83bfb8037400f72a0fbe105bc2424dbf01716be093359ea198b7d06c91e7a3b546c575c7e172a11be0c9bea3207ea0f7b6911a47ba51082ccde4441eebd20c3f541afd65dbb6dfce0f260e259d6c6206487c3d4cb60d58671b6ee68407e454e7e215fb4962cf1c5fe27a3c54aba96cb2df9546c67b22ea522fa84f022d684337714cbac83365a1affaf20bc295921c091018ada2aa21bd303e9778b1345d2ef4a2cfcb50432a1437bbd9f90984fed196acc12a0728e027c3dfb57359481642341f753ba7085beebdf78057add33a97a9d037b7408f8e7b64d2a87d92ecae25da47afc683b10addc451452ac5a922a760cfbbb6a0aae5da0ec2bb9f16e92c92a9c90d1b755b4cbf7c7fe6050d0f00b6ce0aad48bea971e30", 0x1000}, {&(0x7f0000001140)="dc769786d19d904b46303815247f43d281b93e4e76924a4bbbe70fbb90797b545ec0557fb6e7e6fc23d183cea7b2b0fc54a0a533a9b5ba0a19f900cfdc2bc727a4936cadd53dd08845c94a5a9cc0a9ff0700005c7b", 0x55}, {&(0x7f00000011c0)="11e28ba89cb96c1d1084831fb5c2047423acba0d0a58ce83a651158cde190cbeb9cdd6efd74f2f4345ec66f8ee7cde2780400b5f70ce27330c08e116d04f227dcd26312dc33861a964103f26ed372d94ddf66d65784a01364255df6c9a3a65f66c916f1aef03c4de8e094332fdee376028beaa07874ac378d43907fdcec3524bcc2ebb00b7d84e1523781361ada89872b4bdac73cb5ae98ff8637f52da8dcf956421bcc6f7b25c051978f78ecde03adef092d91420c417fc22b723760c884450f0c739603bb09a3c9c7e6ed75fbb311a50c4f0c0b92a", 0xd6}], 0x4, 0x0, 0x0, 0x40080}, 0x40) io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r1, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000001380)={0x0, 0x989680}) io_destroy(r1) 2018/05/04 10:56:11 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 763.826974] binder: 7473:7476 transaction failed 29189/-22, size 0-0 line 2856 [ 763.842609] binder: undelivered TRANSACTION_ERROR: 29189 [ 763.848525] binder: 7475:7482 unknown command 0 [ 763.855373] binder: 7473:7476 transaction failed 29189/-22, size 0-0 line 2856 [ 763.866524] binder: 7475:7482 ioctl c0306201 20000040 returned -22 2018/05/04 10:56:11 executing program 1: pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000200)={'vlan0\x00', {0x2, 0x4e24, @local={0xac, 0x14, 0x14, 0xaa}}}) r1 = syz_open_dev$binder(&(0x7f0000000180)='/dev/binder#\x00', 0xffffffffffffffff, 0xfffffffffffffffc) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x80000, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffff9c, 0x8933, &(0x7f00000000c0)={'veth0_to_bond\x00', 0x0}) setsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000100)={r3, @loopback=0x7f000001, @rand_addr=0x6}, 0xc) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rfkill\x00', 0x0, 0x0) ioctl$BINDER_THREAD_EXIT(r4, 0x40046208, 0x0) [ 763.926480] binder: undelivered TRANSACTION_ERROR: 29189 [ 763.956883] FAULT_INJECTION: forcing a failure. [ 763.956883] name failslab, interval 1, probability 0, space 0, times 0 [ 763.968218] CPU: 0 PID: 7492 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 763.975421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 763.984784] Call Trace: [ 763.987395] dump_stack+0x1b9/0x294 [ 763.991048] ? dump_stack_print_info.cold.2+0x52/0x52 [ 763.996262] ? __save_stack_trace+0x7e/0xd0 [ 764.000612] should_fail.cold.4+0xa/0x1a [ 764.005221] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 764.010354] ? save_stack+0x43/0xd0 [ 764.014013] ? kasan_kmalloc+0xc4/0xe0 [ 764.017920] ? kmem_cache_alloc_trace+0x152/0x780 2018/05/04 10:56:12 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd1e1ff7f00000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:12 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40086303}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:12 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x2e0, 0x0) recvmsg$netrom(r0, &(0x7f0000001300)={&(0x7f0000000040)=@full={{0x3, {"a5937baa89d813"}, 0xfffffffffffffff7}, [{"2d349e9b0a8a12"}, {"fc68bc4481b1b5"}, {"22d17eb9c79298"}, {"0d7ce13f03d04f"}, {"9fa42fe21f2b04"}, {"c47c74aef467e2"}, {"dcf7b64668edf2"}, {"b2eb5429982d3e"}]}, 0x48, &(0x7f00000012c0)=[{&(0x7f00000000c0)="fef9e3b243368821907558680277699d393bcdf3cb7abb90dfe16d74418ebff331b73013b62414dd2e56122ecd91104539c0838e2904ea6946c7d058ddee6fd729c9a33f654c9654a0c940f56c45e045", 0x50}, {&(0x7f0000000140)="276651083f739589a451c50646546d26a7ecad0b4b46e7a022aff745e9f0e8373594c82c85dcbccfdee1e633b1d852d7e66f87b873fb4f4e8dac6e840b379a2889ee2cef8dd1cb7e7b6587f215cd41a96eaa5a9bcccdd6fc672a7cb603870313263663c41cc7b3f9afc6be73faf90b92149944ac4b9a27946c216ae512e000cb3fe2cabf9e1643bfe0fac1b01d25a87389a5990290da0fc18f58d119481c14925f95fe2da321232f9e206f91e40846e61a8dbb0a5ecb2c93fd8646b196a610940e3d100242f7eb4d745709f43840edb1d4ff035c7920a1a5ad21b0d8882df8166f2e511378341f67417e1b4481b7435c571156daff66a1236838a0cd2ed786e1b8b15c771ffb5b44389f79500117eca39a51a72eb50ead59e987c842748b5ec00e9b4558a48041e283e52e342e9313361156c77e7336677380e9b3f71594cbc33348c519d737c674f5407218796206e726c36fbb91f105feb1c562619fa29a2017d8a749a1c34b2e54b095803ef7f8098bf20a8074f153bee423921d369c48a215850e0e7c6f123dcb3eabe3993c1873eb59035c560e65137bb5e304dc03c9cfa77b8533812d722b808feef8b8eeaf8f3ce86d129d21ecbb57c91da5cb123ce4822518ced4563128fcbacbc7624c37b308310f8fbb098a8466cf821671197ff1812306f19819c5d087cd4db5e39a70bd93e4dd457b5a8190ec1e76d18ae9a53604acca09c6548f3951a790171e2cd06994fce8e598b071b4ac3a16e3ee3a52b99665cc63bf95ef1bcd2a158835a6438fd4c4c05a35d3d6531051763e79685396c53b5ab1e7bafe37cc5dd822ce3f5d6e0399945c6e770007696185535e47152e4e77ccaf2f267baa4f77cba9b60cc8410dc4e3f28f88646dde4bf67e70272e2d9d531f8f5d31c031a0ca5743f688732e119d3d810accbd9fe939c3b61a3465a1621849902d228ce07902a7f8d11eac387a01165100572ad955fd45f280bc02d6c6a0ad89d9501b9c82163d179fd6a5507dc6d16469fbea9e4a67a0dda763177696d3f0aea5ffc96b7e287f9f3c198d09961a2597cca8da542858e796d1f82cd052921180669f8a1fb15baf5bd9d0d0bfc4c0b629d4f2e88dc0975927bd2ec0dfa7a4fe2add84fde50cb62e4f23dcec26b99ac14684603a9d3d7e039eb52ebdb2bd25d8388e553a18d22b95f8f6bdc4aba71c155a1889de67706d2b06fa5520161f6010b457c9bc38a6e3b2876a4aeaaf80f5a681bddd7f653118b9403415cdd6dc521c8873d06be7530c7f2411835d408365d292c6c4a5401b53c26cd8c14ca777d7b714b8d040b2df5c523c19211b8b64d2d4da8233213ea6dc63479a6c3fc310224ab8154c857e8aea7d84e979c58dc9d021227a2d0fffc0143373b4e778bad68bd44ed37b39b5dcf54a391abfd703cf992f47bd0a134420622c5ca305e934841b4da7c43ed35be316519f85818769b9bfa4afa2535ae1e9ce017b6d16b552e4dc8f8b7f051be4478b5fbb74f5e1c910b633ba34670864b48ecd9f69a3cd6d4abf8b5a5f4930c26b8a33e73926ec50969a6a549310e6263648fd20e29bf4c9587225dcaea7c22f0e00844932cbbeb5120745a864c97d6872bdc6a1c1bd0481154d596517adf84d8f47a1efe678a4a19b9dac525c49247c39ca4bf98c651a237bde17b94dc4fb719ef37691ab363050400b33258bb9d7aa1465afb0842e4f690231810401fddd71b57185195363ad4c88f414da4179ba63ca8068eeab18a663e1e8607e533a5eb0ca17582afc27158a58130dde1a901a23efa0ac656d7f60391c182a5d6a4aeb8c46c85afe7b503e63369a6d4effee1828582909d25b87574e0a66497d00bdefddf726e6a05112673218b540f88769a3654be868061f8b6b789c0165d9bafdd2868c342e09b9f6ac6488705658023a9d591b522004df66f63fe2a81ad1f31e2f9782e6a3d6f1b25ab8890f9bf9cf973582c768284178f3ab66591132232c62af891ea10cea7dade3bd1bd693ddc5514b35cb93e5561da32a62c674d63ba89662f7a7cfc242b65111c13f91392f432c2b6cdec9f971e6cc4c50b050c08bee47f17e8dc7ec19fb6fdecf5fa9b23fe181620f896eb2ba2f20398a9fa47d88abac610d7049a57a7209582ac8b37b2642f97b7a048d8330ec48cf8c610f27c6af5b43fa7f41dcc586890ac50cf0f3ac918b889268aa0ff56aba144e858153839b846da213d6aef24b2115211f2b88c3aa0fbdb0f22b9a9a87cacd3dbeed041373c01f805a952183c6f68f3b11cc4922e4cd42f3e9b891d10fa22b3080d6171b97d695816f6df1a68567cfb0ff8757bd254e001966836111eca6053f94189a1affea7b7d0d26239c375abcbc1c8dcc668a34c66318eb41758d4b1b2e7da731f326f614b6c0fe7a1f7d0af4c1fd31c86a4b8fbd9840a5f0a4ddaa1a6933656de7d7055c3a6d62132c3ca5815f58f6f925546cb0643b5368add600f0f31db80ec9ecdacef2562a5d9932d3c2d5284cf7d9d1d0289bd7bc4332e08c2dd409df6dc9eb3e6a196d7b1e2f671c980f989534b37f8705585f2ef261f4d6f30df78df5f4aa6ffc3e04edc4635818069c429a5b94fd55e837237cc4590bf284f7097fa9dcfe09c087c74a5597c29d542650cccc1ea48ee30e2007fb8f02272fab543c29b36ccf5988bb43b60c224d0662cbed251609affeedaa793f4d2dddb5da164805577a152bf7404c24b32453d91ef5d4112184a34fc665762d4228a2d259bd826686645dbb539846f5fa6c39afa39ed4ff332dc44f3008e1035a857449d76a1803bc887b26407fe47be1573863a478cf5e3c7f0c8823a295a48b1fe70bdb718a19268703f6cf05473ee65bbabe0bcab095d41b38109a863c817b3d5d368849fe88a07034c7d06a99fef983f14e6c65420fb0f517aa49e367ec05fbb36d4960592023fb7105931f4b47edd0d2a652b6a9cdd6750d7e86adb6a7f38492a2a541bf2207405e625981c9f63663631d4cab84a6ecd57984c5154b7b41df9129b63577937b79e7896250fdcc82190ded3c9c47e9ba3ff562c233cb3921c6369b8ce41e71c09b775212c4596c8b6e43fed4059f0cb06737c51d23dae6ab7ef291970bf9e885e2a324aa5c87faf339b7dee42507a44a53a651a40b2a17059c986a2f79b5ef9609c346bf9dfa8789c15524495ec2d5280a88958cc3e0f568885c77f7bc13ea5e26fa89964ac631dbe6dba328683df1a45b4e670ebb46bdcb3176e83bb3fba4bccb30eed099015bfe86311f33ba1168d42f2dcc07755b3edba49e5a82d1d22ae7b6515217acf79328aa7c13c63f5a7e758fabd540e788f91eeec0c6c30bc573bab04400d5b00b50dac64668caf23998f4d769fa3915c4fbd7c39037262c184d922a4093f140337be25e78a1c24b6a2a12037f40e890425ec0580c1be4ca913b932a3b3366aff72e9239cdd3dd263fb26e1584ae758e88b2777df23b0854af7c0aba28bf8d687871a949d318e164d7178c14c5b145b15816fd1a686332204fba101aad2f0de8c2363952a3fb351d9ecbf94608b0f138dd48b566762f3b9164194f3e3680d5d9e7941abc617a6ccccd346e0276c1ee0d7709597eb83461aacfc4550216a10054b1402a05e11a860fb22fd2811a60f7b29c5be173cf09894bbdcef150556d4cecf13c95140742d351300fa9f33e75f5ad5182b310b657845159800679867bdb88256e55d8accc9174a1998ff2c0de861132878d37fdcfb1c97ad908289e3965d314be7fc911fd9d693cc943a9d58a77592c387696cbc2021b6c8d268408126034d8302f93fe5fd18d9768b1a1a8c2e11d57eab224dc73149d4947f3cd77dd2f3f85bf16db9a3fe68cfb9b52843eedd4d8e3ba513a72894e59f75390749d2802427dda300a07a5ff7a090af9067d6f62d822e4fd70ee2fdf548e5e6770981a754aa468b6f9654b34db9e1481870354a3b0c093120c4df98665b453161126201e76076b42115c9d5a684f1a17fc53bbad2a6cb6ddc26f10933cfe493995c8d9fef239251c369719684b20e6d879e5e2312ce259c4f18cffffe63b8f36a47dd4bfbbdf2c698eb4dfc0c242fddb55e194372245f0a0cbc1e77f8d185e64c0e19178876d310dbf563089c3314e0836f5a6afc011ef631d2394ce7093237f94fced366eed55e3f3a991025c9ae11dd15a49f9e82ef61ef05ac26a96015118f5a17d72ec6d31b1f98da6654d353e1e5cc7b0f3f33a5c83a613c16bfeda8dc69218302e0853c618cadc35d5b8840a5610b486b844a13e323c25eb6f91b69d343539e31f5a06b41dca43cc561f06fd73eb1f0ea8fefd1ce6a9346da0e457a8ceaa4690bc1c2269dce6252f5e5e7d4167dcc36bd2768d0485ab748fbda9226034c52b60a47061a60981bda42e3208f8904246b912dc3aee8c9365d3abcc6570240ff9babc19c1fc16266cf8cbcd1baa91ac656ce137c538ab21c315898f869800f2f7e1e9e86370f581e548f732bceadf7f20d84314e24ea4ddc8df7c4791229e5ea44192a0fca6046a60f7e5ff7f3d16bd0af19a87f1a0669a4b2ee25bdda05aa34d35d11f5783cfcabceb360b309143d9d4278fa573fa69aec83e6fdf273e66bd962c8407b2b92595a3b02aa7c71d379c1d90895a40ca5ce48cdf504145aa8e5f2214ba9174d1d1319bf77906f9673edcf71a007744b9d9f93d58699f66facaebc84f4d2dbe13f781e81afa9b80a92d0c971b69a0d674a44f70738855b20eb50404c5ae4f50bd0f8c507409c7b41c66b1358e38c6545e16f8b09df8bc916f68285cbb03b745f1e7f2de9aae49e1e7f727639d6b7cadd4096320f35e802032bcb8cd83e2e9a2084a08be1e7dd9a99e9453aea50c559f403364927984f67cf57fa7591fcb7c3afe853cf6312b9c2d6a9c8341d66e75fac198906a5fdd218fb5e19492caad79b45a2f1a790bf02559b9f63c388457170ff74f90b23c794f699551246a4caefdd681babfdf5202a12d2f755b6345ec95f715d749297220becb47b2338954ff76b024bd05768f3cea23627ce8a81cfde98792c12bf4068d7b57115de05a6a076ea8f6b366a0a3a59fdd8457919cbb42878a41b90b425418d429463c463cc523bd66ef3e8184452b0c5f081e6a8abd0a508e83fa3478bf05bf65e8529f9554e83f7a72295ac406bcffb9055a873605b900d32b9a1b5f7e7e06f2af913eb820ba8de58aba2f937e51dbc1870e7f249ff96fed28b3be987cc7a039de63c0b452156dfba8c1f109c0ac8cee0c38c5616bfb056bc791ea0fa2fe910d5279963efdf02f7110e80589362cf8cb21614600740172b2607cf22f039b76bd59abed1d216dba87057835d8aa6f3539491572fdad61914c7a5e829f5b9994c4cc8e1a9df6e5e83bfb8037400f72a0fbe105bc2424dbf01716be093359ea198b7d06c91e7a3b546c575c7e172a11be0c9bea3207ea0f7b6911a47ba51082ccde4441eebd20c3f541afd65dbb6dfce0f260e259d6c6206487c3d4cb60d58671b6ee68407e454e7e215fb4962cf1c5fe27a3c54aba96cb2df9546c67b22ea522fa84f022d684337714cbac83365a1affaf20bc295921c091018ada2aa21bd303e9778b1345d2ef4a2cfcb50432a1437bbd9f90984fed196acc12a0728e027c3dfb57359481642341f753ba7085beebdf78057add33a97a9d037b7408f8e7b64d2a87d92ecae25da47afc683b10addc451452ac5a922a760cfbbb6a0aae5da0ec2bb9f16e92c92a9c90d1b755b4cbf7c7fe6050d0f00b6ce0aad48bea971e30", 0x1000}, {&(0x7f0000001140)="dc769786d19d904b46303815247f43d281b93e4e76924a4bbbe70fbb90797b545ec0557fb6e7e6fc23d183cea7b2b0fc54a0a533a9b5ba0a19f900cfdc2bc727a4936cadd53dd08845c94a5a9cc0a9ff0700005c7b", 0x55}, {&(0x7f00000011c0)="11e28ba89cb96c1d1084831fb5c2047423acba0d0a58ce83a651158cde190cbeb9cdd6efd74f2f4345ec66f8ee7cde2780400b5f70ce27330c08e116d04f227dcd26312dc33861a964103f26ed372d94ddf66d65784a01364255df6c9a3a65f66c916f1aef03c4de8e094332fdee376028beaa07874ac378d43907fdcec3524bcc2ebb00b7d84e1523781361ada89872b4bdac73cb5ae98ff8637f52da8dcf956421bcc6f7b25c051978f78ecde03adef092d91420c417fc22b723760c884450f0c739603bb09a3c9c7e6ed75fbb311a50c4f0c0b92a", 0xd6}], 0x4, 0x0, 0x0, 0x40080}, 0x40) io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r1, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000001380)={0x0, 0x989680}) io_destroy(r1) [ 764.022813] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 764.028022] ? __list_lru_init+0x456/0x790 [ 764.032274] ? sget_userns+0x767/0xf00 [ 764.036230] ? graph_lock+0x170/0x170 [ 764.040063] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 764.044836] ? do_mount+0x564/0x3070 [ 764.048564] ? ksys_mount+0x12d/0x140 [ 764.052378] ? __x64_sys_mount+0xbe/0x150 [ 764.056546] ? do_syscall_64+0x1b1/0x800 [ 764.060627] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 764.066018] ? find_held_lock+0x36/0x1c0 [ 764.070107] ? __lock_is_held+0xb5/0x140 2018/05/04 10:56:12 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:12 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 764.073069] binder: 7496:7503 BC_FREE_BUFFER u0000000000000000 no match [ 764.074199] ? check_same_owner+0x320/0x320 [ 764.074222] ? rcu_note_context_switch+0x710/0x710 [ 764.074244] __should_failslab+0x124/0x180 [ 764.074262] should_failslab+0x9/0x14 [ 764.074278] kmem_cache_alloc_trace+0x2cb/0x780 [ 764.074295] ? __kmalloc_node+0x33/0x70 [ 764.081212] binder: 7496:7503 unknown command 0 [ 764.085464] ? __kmalloc_node+0x33/0x70 [ 764.085481] ? rcu_read_lock_sched_held+0x108/0x120 [ 764.085500] __memcg_init_list_lru_node+0x17d/0x2c0 [ 764.085516] ? kvfree_rcu+0x20/0x20 [ 764.129360] ? __kmalloc_node+0x47/0x70 [ 764.133359] __list_lru_init+0x456/0x790 [ 764.137444] ? list_lru_destroy+0x4c0/0x4c0 [ 764.141319] binder: 7496:7503 ioctl c0306201 20000040 returned -22 [ 764.141794] ? mark_held_locks+0xc9/0x160 [ 764.152259] ? __raw_spin_lock_init+0x1c/0x100 [ 764.156860] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 764.161891] ? lockdep_init_map+0x9/0x10 [ 764.165968] sget_userns+0x767/0xf00 [ 764.169694] ? get_anon_bdev+0x2f0/0x2f0 [ 764.173779] ? destroy_unused_super.part.11+0x110/0x110 [ 764.179194] ? __alloc_pages_nodemask+0xacf/0xd70 [ 764.184056] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 764.189738] ? kasan_check_read+0x11/0x20 [ 764.189759] ? cap_capable+0x1f9/0x260 [ 764.189782] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 764.189798] ? security_capable+0x99/0xc0 [ 764.189816] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 764.189832] ? ns_capable_common+0x13f/0x170 [ 764.189849] ? get_anon_bdev+0x2f0/0x2f0 [ 764.189862] sget+0x10b/0x150 [ 764.189882] ? fuse_get_root_inode+0x190/0x190 [ 764.189896] mount_nodev+0x33/0x110 [ 764.189912] fuse_mount+0x2c/0x40 [ 764.189929] mount_fs+0xae/0x328 [ 764.189948] vfs_kern_mount.part.34+0xd4/0x4d0 [ 764.189964] ? may_umount+0xb0/0xb0 [ 764.189983] ? _raw_read_unlock+0x22/0x30 [ 764.189995] ? __get_fs_type+0x97/0xc0 [ 764.190014] do_mount+0x564/0x3070 [ 764.190031] ? do_raw_spin_unlock+0x9e/0x2e0 [ 764.190050] ? copy_mount_string+0x40/0x40 [ 764.190065] ? rcu_pm_notify+0xc0/0xc0 [ 764.190085] ? copy_mount_options+0x5f/0x380 [ 764.190099] ? rcu_read_lock_sched_held+0x108/0x120 [ 764.190114] ? kmem_cache_alloc_trace+0x616/0x780 [ 764.190147] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 764.190167] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 764.297471] ? copy_mount_options+0x285/0x380 [ 764.297489] ksys_mount+0x12d/0x140 [ 764.305610] __x64_sys_mount+0xbe/0x150 [ 764.309595] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 764.314625] do_syscall_64+0x1b1/0x800 [ 764.318533] ? finish_task_switch+0x1ca/0x810 [ 764.323057] ? syscall_return_slowpath+0x5c0/0x5c0 [ 764.328021] ? syscall_return_slowpath+0x30f/0x5c0 [ 764.332960] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 764.338323] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 764.343173] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 764.348354] RIP: 0033:0x455979 [ 764.351527] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 764.359237] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 764.366495] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 764.373756] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 764.381046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 764.388325] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:12 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40406300}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:12 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10020], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:12 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x4000000000000000]}]}) 2018/05/04 10:56:12 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:12 executing program 2 (fault-call:3 fault-nth:30): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:12 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000080)='/dev/snd/midiC#D#\x00', 0x0, 0x6c2) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffff9c, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e21, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x7f, 0x1, 0xe2, 0x9, 0x20}, &(0x7f0000000180)=0x98) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f00000001c0)={0x716, 0x1, 0xe379, 0xce4, r2}, &(0x7f0000000200)=0x10) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:12 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x2e0, 0x0) recvmsg$netrom(r0, &(0x7f0000001300)={&(0x7f0000000040)=@full={{0x3, {"a5937baa89d813"}, 0xfffffffffffffff7}, [{"2d349e9b0a8a12"}, {"fc68bc4481b1b5"}, {"22d17eb9c79298"}, {"0d7ce13f03d04f"}, {"9fa42fe21f2b04"}, {"c47c74aef467e2"}, {"dcf7b64668edf2"}, {"b2eb5429982d3e"}]}, 0x48, &(0x7f00000012c0)=[{&(0x7f00000000c0)="fef9e3b243368821907558680277699d393bcdf3cb7abb90dfe16d74418ebff331b73013b62414dd2e56122ecd91104539c0838e2904ea6946c7d058ddee6fd729c9a33f654c9654a0c940f56c45e045", 0x50}, {&(0x7f0000000140)="276651083f739589a451c50646546d26a7ecad0b4b46e7a022aff745e9f0e8373594c82c85dcbccfdee1e633b1d852d7e66f87b873fb4f4e8dac6e840b379a2889ee2cef8dd1cb7e7b6587f215cd41a96eaa5a9bcccdd6fc672a7cb603870313263663c41cc7b3f9afc6be73faf90b92149944ac4b9a27946c216ae512e000cb3fe2cabf9e1643bfe0fac1b01d25a87389a5990290da0fc18f58d119481c14925f95fe2da321232f9e206f91e40846e61a8dbb0a5ecb2c93fd8646b196a610940e3d100242f7eb4d745709f43840edb1d4ff035c7920a1a5ad21b0d8882df8166f2e511378341f67417e1b4481b7435c571156daff66a1236838a0cd2ed786e1b8b15c771ffb5b44389f79500117eca39a51a72eb50ead59e987c842748b5ec00e9b4558a48041e283e52e342e9313361156c77e7336677380e9b3f71594cbc33348c519d737c674f5407218796206e726c36fbb91f105feb1c562619fa29a2017d8a749a1c34b2e54b095803ef7f8098bf20a8074f153bee423921d369c48a215850e0e7c6f123dcb3eabe3993c1873eb59035c560e65137bb5e304dc03c9cfa77b8533812d722b808feef8b8eeaf8f3ce86d129d21ecbb57c91da5cb123ce4822518ced4563128fcbacbc7624c37b308310f8fbb098a8466cf821671197ff1812306f19819c5d087cd4db5e39a70bd93e4dd457b5a8190ec1e76d18ae9a53604acca09c6548f3951a790171e2cd06994fce8e598b071b4ac3a16e3ee3a52b99665cc63bf95ef1bcd2a158835a6438fd4c4c05a35d3d6531051763e79685396c53b5ab1e7bafe37cc5dd822ce3f5d6e0399945c6e770007696185535e47152e4e77ccaf2f267baa4f77cba9b60cc8410dc4e3f28f88646dde4bf67e70272e2d9d531f8f5d31c031a0ca5743f688732e119d3d810accbd9fe939c3b61a3465a1621849902d228ce07902a7f8d11eac387a01165100572ad955fd45f280bc02d6c6a0ad89d9501b9c82163d179fd6a5507dc6d16469fbea9e4a67a0dda763177696d3f0aea5ffc96b7e287f9f3c198d09961a2597cca8da542858e796d1f82cd052921180669f8a1fb15baf5bd9d0d0bfc4c0b629d4f2e88dc0975927bd2ec0dfa7a4fe2add84fde50cb62e4f23dcec26b99ac14684603a9d3d7e039eb52ebdb2bd25d8388e553a18d22b95f8f6bdc4aba71c155a1889de67706d2b06fa5520161f6010b457c9bc38a6e3b2876a4aeaaf80f5a681bddd7f653118b9403415cdd6dc521c8873d06be7530c7f2411835d408365d292c6c4a5401b53c26cd8c14ca777d7b714b8d040b2df5c523c19211b8b64d2d4da8233213ea6dc63479a6c3fc310224ab8154c857e8aea7d84e979c58dc9d021227a2d0fffc0143373b4e778bad68bd44ed37b39b5dcf54a391abfd703cf992f47bd0a134420622c5ca305e934841b4da7c43ed35be316519f85818769b9bfa4afa2535ae1e9ce017b6d16b552e4dc8f8b7f051be4478b5fbb74f5e1c910b633ba34670864b48ecd9f69a3cd6d4abf8b5a5f4930c26b8a33e73926ec50969a6a549310e6263648fd20e29bf4c9587225dcaea7c22f0e00844932cbbeb5120745a864c97d6872bdc6a1c1bd0481154d596517adf84d8f47a1efe678a4a19b9dac525c49247c39ca4bf98c651a237bde17b94dc4fb719ef37691ab363050400b33258bb9d7aa1465afb0842e4f690231810401fddd71b57185195363ad4c88f414da4179ba63ca8068eeab18a663e1e8607e533a5eb0ca17582afc27158a58130dde1a901a23efa0ac656d7f60391c182a5d6a4aeb8c46c85afe7b503e63369a6d4effee1828582909d25b87574e0a66497d00bdefddf726e6a05112673218b540f88769a3654be868061f8b6b789c0165d9bafdd2868c342e09b9f6ac6488705658023a9d591b522004df66f63fe2a81ad1f31e2f9782e6a3d6f1b25ab8890f9bf9cf973582c768284178f3ab66591132232c62af891ea10cea7dade3bd1bd693ddc5514b35cb93e5561da32a62c674d63ba89662f7a7cfc242b65111c13f91392f432c2b6cdec9f971e6cc4c50b050c08bee47f17e8dc7ec19fb6fdecf5fa9b23fe181620f896eb2ba2f20398a9fa47d88abac610d7049a57a7209582ac8b37b2642f97b7a048d8330ec48cf8c610f27c6af5b43fa7f41dcc586890ac50cf0f3ac918b889268aa0ff56aba144e858153839b846da213d6aef24b2115211f2b88c3aa0fbdb0f22b9a9a87cacd3dbeed041373c01f805a952183c6f68f3b11cc4922e4cd42f3e9b891d10fa22b3080d6171b97d695816f6df1a68567cfb0ff8757bd254e001966836111eca6053f94189a1affea7b7d0d26239c375abcbc1c8dcc668a34c66318eb41758d4b1b2e7da731f326f614b6c0fe7a1f7d0af4c1fd31c86a4b8fbd9840a5f0a4ddaa1a6933656de7d7055c3a6d62132c3ca5815f58f6f925546cb0643b5368add600f0f31db80ec9ecdacef2562a5d9932d3c2d5284cf7d9d1d0289bd7bc4332e08c2dd409df6dc9eb3e6a196d7b1e2f671c980f989534b37f8705585f2ef261f4d6f30df78df5f4aa6ffc3e04edc4635818069c429a5b94fd55e837237cc4590bf284f7097fa9dcfe09c087c74a5597c29d542650cccc1ea48ee30e2007fb8f02272fab543c29b36ccf5988bb43b60c224d0662cbed251609affeedaa793f4d2dddb5da164805577a152bf7404c24b32453d91ef5d4112184a34fc665762d4228a2d259bd826686645dbb539846f5fa6c39afa39ed4ff332dc44f3008e1035a857449d76a1803bc887b26407fe47be1573863a478cf5e3c7f0c8823a295a48b1fe70bdb718a19268703f6cf05473ee65bbabe0bcab095d41b38109a863c817b3d5d368849fe88a07034c7d06a99fef983f14e6c65420fb0f517aa49e367ec05fbb36d4960592023fb7105931f4b47edd0d2a652b6a9cdd6750d7e86adb6a7f38492a2a541bf2207405e625981c9f63663631d4cab84a6ecd57984c5154b7b41df9129b63577937b79e7896250fdcc82190ded3c9c47e9ba3ff562c233cb3921c6369b8ce41e71c09b775212c4596c8b6e43fed4059f0cb06737c51d23dae6ab7ef291970bf9e885e2a324aa5c87faf339b7dee42507a44a53a651a40b2a17059c986a2f79b5ef9609c346bf9dfa8789c15524495ec2d5280a88958cc3e0f568885c77f7bc13ea5e26fa89964ac631dbe6dba328683df1a45b4e670ebb46bdcb3176e83bb3fba4bccb30eed099015bfe86311f33ba1168d42f2dcc07755b3edba49e5a82d1d22ae7b6515217acf79328aa7c13c63f5a7e758fabd540e788f91eeec0c6c30bc573bab04400d5b00b50dac64668caf23998f4d769fa3915c4fbd7c39037262c184d922a4093f140337be25e78a1c24b6a2a12037f40e890425ec0580c1be4ca913b932a3b3366aff72e9239cdd3dd263fb26e1584ae758e88b2777df23b0854af7c0aba28bf8d687871a949d318e164d7178c14c5b145b15816fd1a686332204fba101aad2f0de8c2363952a3fb351d9ecbf94608b0f138dd48b566762f3b9164194f3e3680d5d9e7941abc617a6ccccd346e0276c1ee0d7709597eb83461aacfc4550216a10054b1402a05e11a860fb22fd2811a60f7b29c5be173cf09894bbdcef150556d4cecf13c95140742d351300fa9f33e75f5ad5182b310b657845159800679867bdb88256e55d8accc9174a1998ff2c0de861132878d37fdcfb1c97ad908289e3965d314be7fc911fd9d693cc943a9d58a77592c387696cbc2021b6c8d268408126034d8302f93fe5fd18d9768b1a1a8c2e11d57eab224dc73149d4947f3cd77dd2f3f85bf16db9a3fe68cfb9b52843eedd4d8e3ba513a72894e59f75390749d2802427dda300a07a5ff7a090af9067d6f62d822e4fd70ee2fdf548e5e6770981a754aa468b6f9654b34db9e1481870354a3b0c093120c4df98665b453161126201e76076b42115c9d5a684f1a17fc53bbad2a6cb6ddc26f10933cfe493995c8d9fef239251c369719684b20e6d879e5e2312ce259c4f18cffffe63b8f36a47dd4bfbbdf2c698eb4dfc0c242fddb55e194372245f0a0cbc1e77f8d185e64c0e19178876d310dbf563089c3314e0836f5a6afc011ef631d2394ce7093237f94fced366eed55e3f3a991025c9ae11dd15a49f9e82ef61ef05ac26a96015118f5a17d72ec6d31b1f98da6654d353e1e5cc7b0f3f33a5c83a613c16bfeda8dc69218302e0853c618cadc35d5b8840a5610b486b844a13e323c25eb6f91b69d343539e31f5a06b41dca43cc561f06fd73eb1f0ea8fefd1ce6a9346da0e457a8ceaa4690bc1c2269dce6252f5e5e7d4167dcc36bd2768d0485ab748fbda9226034c52b60a47061a60981bda42e3208f8904246b912dc3aee8c9365d3abcc6570240ff9babc19c1fc16266cf8cbcd1baa91ac656ce137c538ab21c315898f869800f2f7e1e9e86370f581e548f732bceadf7f20d84314e24ea4ddc8df7c4791229e5ea44192a0fca6046a60f7e5ff7f3d16bd0af19a87f1a0669a4b2ee25bdda05aa34d35d11f5783cfcabceb360b309143d9d4278fa573fa69aec83e6fdf273e66bd962c8407b2b92595a3b02aa7c71d379c1d90895a40ca5ce48cdf504145aa8e5f2214ba9174d1d1319bf77906f9673edcf71a007744b9d9f93d58699f66facaebc84f4d2dbe13f781e81afa9b80a92d0c971b69a0d674a44f70738855b20eb50404c5ae4f50bd0f8c507409c7b41c66b1358e38c6545e16f8b09df8bc916f68285cbb03b745f1e7f2de9aae49e1e7f727639d6b7cadd4096320f35e802032bcb8cd83e2e9a2084a08be1e7dd9a99e9453aea50c559f403364927984f67cf57fa7591fcb7c3afe853cf6312b9c2d6a9c8341d66e75fac198906a5fdd218fb5e19492caad79b45a2f1a790bf02559b9f63c388457170ff74f90b23c794f699551246a4caefdd681babfdf5202a12d2f755b6345ec95f715d749297220becb47b2338954ff76b024bd05768f3cea23627ce8a81cfde98792c12bf4068d7b57115de05a6a076ea8f6b366a0a3a59fdd8457919cbb42878a41b90b425418d429463c463cc523bd66ef3e8184452b0c5f081e6a8abd0a508e83fa3478bf05bf65e8529f9554e83f7a72295ac406bcffb9055a873605b900d32b9a1b5f7e7e06f2af913eb820ba8de58aba2f937e51dbc1870e7f249ff96fed28b3be987cc7a039de63c0b452156dfba8c1f109c0ac8cee0c38c5616bfb056bc791ea0fa2fe910d5279963efdf02f7110e80589362cf8cb21614600740172b2607cf22f039b76bd59abed1d216dba87057835d8aa6f3539491572fdad61914c7a5e829f5b9994c4cc8e1a9df6e5e83bfb8037400f72a0fbe105bc2424dbf01716be093359ea198b7d06c91e7a3b546c575c7e172a11be0c9bea3207ea0f7b6911a47ba51082ccde4441eebd20c3f541afd65dbb6dfce0f260e259d6c6206487c3d4cb60d58671b6ee68407e454e7e215fb4962cf1c5fe27a3c54aba96cb2df9546c67b22ea522fa84f022d684337714cbac83365a1affaf20bc295921c091018ada2aa21bd303e9778b1345d2ef4a2cfcb50432a1437bbd9f90984fed196acc12a0728e027c3dfb57359481642341f753ba7085beebdf78057add33a97a9d037b7408f8e7b64d2a87d92ecae25da47afc683b10addc451452ac5a922a760cfbbb6a0aae5da0ec2bb9f16e92c92a9c90d1b755b4cbf7c7fe6050d0f00b6ce0aad48bea971e30", 0x1000}, {&(0x7f0000001140)="dc769786d19d904b46303815247f43d281b93e4e76924a4bbbe70fbb90797b545ec0557fb6e7e6fc23d183cea7b2b0fc54a0a533a9b5ba0a19f900cfdc2bc727a4936cadd53dd08845c94a5a9cc0a9ff0700005c7b", 0x55}, {&(0x7f00000011c0)="11e28ba89cb96c1d1084831fb5c2047423acba0d0a58ce83a651158cde190cbeb9cdd6efd74f2f4345ec66f8ee7cde2780400b5f70ce27330c08e116d04f227dcd26312dc33861a964103f26ed372d94ddf66d65784a01364255df6c9a3a65f66c916f1aef03c4de8e094332fdee376028beaa07874ac378d43907fdcec3524bcc2ebb00b7d84e1523781361ada89872b4bdac73cb5ae98ff8637f52da8dcf956421bcc6f7b25c051978f78ecde03adef092d91420c417fc22b723760c884450f0c739603bb09a3c9c7e6ed75fbb311a50c4f0c0b92a", 0xd6}], 0x4, 0x0, 0x0, 0x40080}, 0x40) io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r1, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000001380)={0x0, 0x989680}) 2018/05/04 10:56:12 executing program 4: mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:13 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd1e1ff7f], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:13 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 764.966604] binder: 7525:7528 transaction failed 29189/-22, size 0-0 line 2856 [ 764.980886] binder: 7522:7530 transaction failed 29189/-22, size 0-0 line 2856 [ 764.988707] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:56:13 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x2e0, 0x0) recvmsg$netrom(r0, &(0x7f0000001300)={&(0x7f0000000040)=@full={{0x3, {"a5937baa89d813"}, 0xfffffffffffffff7}, [{"2d349e9b0a8a12"}, {"fc68bc4481b1b5"}, {"22d17eb9c79298"}, {"0d7ce13f03d04f"}, {"9fa42fe21f2b04"}, {"c47c74aef467e2"}, {"dcf7b64668edf2"}, {"b2eb5429982d3e"}]}, 0x48, &(0x7f00000012c0)=[{&(0x7f00000000c0)="fef9e3b243368821907558680277699d393bcdf3cb7abb90dfe16d74418ebff331b73013b62414dd2e56122ecd91104539c0838e2904ea6946c7d058ddee6fd729c9a33f654c9654a0c940f56c45e045", 0x50}, {&(0x7f0000000140)="276651083f739589a451c50646546d26a7ecad0b4b46e7a022aff745e9f0e8373594c82c85dcbccfdee1e633b1d852d7e66f87b873fb4f4e8dac6e840b379a2889ee2cef8dd1cb7e7b6587f215cd41a96eaa5a9bcccdd6fc672a7cb603870313263663c41cc7b3f9afc6be73faf90b92149944ac4b9a27946c216ae512e000cb3fe2cabf9e1643bfe0fac1b01d25a87389a5990290da0fc18f58d119481c14925f95fe2da321232f9e206f91e40846e61a8dbb0a5ecb2c93fd8646b196a610940e3d100242f7eb4d745709f43840edb1d4ff035c7920a1a5ad21b0d8882df8166f2e511378341f67417e1b4481b7435c571156daff66a1236838a0cd2ed786e1b8b15c771ffb5b44389f79500117eca39a51a72eb50ead59e987c842748b5ec00e9b4558a48041e283e52e342e9313361156c77e7336677380e9b3f71594cbc33348c519d737c674f5407218796206e726c36fbb91f105feb1c562619fa29a2017d8a749a1c34b2e54b095803ef7f8098bf20a8074f153bee423921d369c48a215850e0e7c6f123dcb3eabe3993c1873eb59035c560e65137bb5e304dc03c9cfa77b8533812d722b808feef8b8eeaf8f3ce86d129d21ecbb57c91da5cb123ce4822518ced4563128fcbacbc7624c37b308310f8fbb098a8466cf821671197ff1812306f19819c5d087cd4db5e39a70bd93e4dd457b5a8190ec1e76d18ae9a53604acca09c6548f3951a790171e2cd06994fce8e598b071b4ac3a16e3ee3a52b99665cc63bf95ef1bcd2a158835a6438fd4c4c05a35d3d6531051763e79685396c53b5ab1e7bafe37cc5dd822ce3f5d6e0399945c6e770007696185535e47152e4e77ccaf2f267baa4f77cba9b60cc8410dc4e3f28f88646dde4bf67e70272e2d9d531f8f5d31c031a0ca5743f688732e119d3d810accbd9fe939c3b61a3465a1621849902d228ce07902a7f8d11eac387a01165100572ad955fd45f280bc02d6c6a0ad89d9501b9c82163d179fd6a5507dc6d16469fbea9e4a67a0dda763177696d3f0aea5ffc96b7e287f9f3c198d09961a2597cca8da542858e796d1f82cd052921180669f8a1fb15baf5bd9d0d0bfc4c0b629d4f2e88dc0975927bd2ec0dfa7a4fe2add84fde50cb62e4f23dcec26b99ac14684603a9d3d7e039eb52ebdb2bd25d8388e553a18d22b95f8f6bdc4aba71c155a1889de67706d2b06fa5520161f6010b457c9bc38a6e3b2876a4aeaaf80f5a681bddd7f653118b9403415cdd6dc521c8873d06be7530c7f2411835d408365d292c6c4a5401b53c26cd8c14ca777d7b714b8d040b2df5c523c19211b8b64d2d4da8233213ea6dc63479a6c3fc310224ab8154c857e8aea7d84e979c58dc9d021227a2d0fffc0143373b4e778bad68bd44ed37b39b5dcf54a391abfd703cf992f47bd0a134420622c5ca305e934841b4da7c43ed35be316519f85818769b9bfa4afa2535ae1e9ce017b6d16b552e4dc8f8b7f051be4478b5fbb74f5e1c910b633ba34670864b48ecd9f69a3cd6d4abf8b5a5f4930c26b8a33e73926ec50969a6a549310e6263648fd20e29bf4c9587225dcaea7c22f0e00844932cbbeb5120745a864c97d6872bdc6a1c1bd0481154d596517adf84d8f47a1efe678a4a19b9dac525c49247c39ca4bf98c651a237bde17b94dc4fb719ef37691ab363050400b33258bb9d7aa1465afb0842e4f690231810401fddd71b57185195363ad4c88f414da4179ba63ca8068eeab18a663e1e8607e533a5eb0ca17582afc27158a58130dde1a901a23efa0ac656d7f60391c182a5d6a4aeb8c46c85afe7b503e63369a6d4effee1828582909d25b87574e0a66497d00bdefddf726e6a05112673218b540f88769a3654be868061f8b6b789c0165d9bafdd2868c342e09b9f6ac6488705658023a9d591b522004df66f63fe2a81ad1f31e2f9782e6a3d6f1b25ab8890f9bf9cf973582c768284178f3ab66591132232c62af891ea10cea7dade3bd1bd693ddc5514b35cb93e5561da32a62c674d63ba89662f7a7cfc242b65111c13f91392f432c2b6cdec9f971e6cc4c50b050c08bee47f17e8dc7ec19fb6fdecf5fa9b23fe181620f896eb2ba2f20398a9fa47d88abac610d7049a57a7209582ac8b37b2642f97b7a048d8330ec48cf8c610f27c6af5b43fa7f41dcc586890ac50cf0f3ac918b889268aa0ff56aba144e858153839b846da213d6aef24b2115211f2b88c3aa0fbdb0f22b9a9a87cacd3dbeed041373c01f805a952183c6f68f3b11cc4922e4cd42f3e9b891d10fa22b3080d6171b97d695816f6df1a68567cfb0ff8757bd254e001966836111eca6053f94189a1affea7b7d0d26239c375abcbc1c8dcc668a34c66318eb41758d4b1b2e7da731f326f614b6c0fe7a1f7d0af4c1fd31c86a4b8fbd9840a5f0a4ddaa1a6933656de7d7055c3a6d62132c3ca5815f58f6f925546cb0643b5368add600f0f31db80ec9ecdacef2562a5d9932d3c2d5284cf7d9d1d0289bd7bc4332e08c2dd409df6dc9eb3e6a196d7b1e2f671c980f989534b37f8705585f2ef261f4d6f30df78df5f4aa6ffc3e04edc4635818069c429a5b94fd55e837237cc4590bf284f7097fa9dcfe09c087c74a5597c29d542650cccc1ea48ee30e2007fb8f02272fab543c29b36ccf5988bb43b60c224d0662cbed251609affeedaa793f4d2dddb5da164805577a152bf7404c24b32453d91ef5d4112184a34fc665762d4228a2d259bd826686645dbb539846f5fa6c39afa39ed4ff332dc44f3008e1035a857449d76a1803bc887b26407fe47be1573863a478cf5e3c7f0c8823a295a48b1fe70bdb718a19268703f6cf05473ee65bbabe0bcab095d41b38109a863c817b3d5d368849fe88a07034c7d06a99fef983f14e6c65420fb0f517aa49e367ec05fbb36d4960592023fb7105931f4b47edd0d2a652b6a9cdd6750d7e86adb6a7f38492a2a541bf2207405e625981c9f63663631d4cab84a6ecd57984c5154b7b41df9129b63577937b79e7896250fdcc82190ded3c9c47e9ba3ff562c233cb3921c6369b8ce41e71c09b775212c4596c8b6e43fed4059f0cb06737c51d23dae6ab7ef291970bf9e885e2a324aa5c87faf339b7dee42507a44a53a651a40b2a17059c986a2f79b5ef9609c346bf9dfa8789c15524495ec2d5280a88958cc3e0f568885c77f7bc13ea5e26fa89964ac631dbe6dba328683df1a45b4e670ebb46bdcb3176e83bb3fba4bccb30eed099015bfe86311f33ba1168d42f2dcc07755b3edba49e5a82d1d22ae7b6515217acf79328aa7c13c63f5a7e758fabd540e788f91eeec0c6c30bc573bab04400d5b00b50dac64668caf23998f4d769fa3915c4fbd7c39037262c184d922a4093f140337be25e78a1c24b6a2a12037f40e890425ec0580c1be4ca913b932a3b3366aff72e9239cdd3dd263fb26e1584ae758e88b2777df23b0854af7c0aba28bf8d687871a949d318e164d7178c14c5b145b15816fd1a686332204fba101aad2f0de8c2363952a3fb351d9ecbf94608b0f138dd48b566762f3b9164194f3e3680d5d9e7941abc617a6ccccd346e0276c1ee0d7709597eb83461aacfc4550216a10054b1402a05e11a860fb22fd2811a60f7b29c5be173cf09894bbdcef150556d4cecf13c95140742d351300fa9f33e75f5ad5182b310b657845159800679867bdb88256e55d8accc9174a1998ff2c0de861132878d37fdcfb1c97ad908289e3965d314be7fc911fd9d693cc943a9d58a77592c387696cbc2021b6c8d268408126034d8302f93fe5fd18d9768b1a1a8c2e11d57eab224dc73149d4947f3cd77dd2f3f85bf16db9a3fe68cfb9b52843eedd4d8e3ba513a72894e59f75390749d2802427dda300a07a5ff7a090af9067d6f62d822e4fd70ee2fdf548e5e6770981a754aa468b6f9654b34db9e1481870354a3b0c093120c4df98665b453161126201e76076b42115c9d5a684f1a17fc53bbad2a6cb6ddc26f10933cfe493995c8d9fef239251c369719684b20e6d879e5e2312ce259c4f18cffffe63b8f36a47dd4bfbbdf2c698eb4dfc0c242fddb55e194372245f0a0cbc1e77f8d185e64c0e19178876d310dbf563089c3314e0836f5a6afc011ef631d2394ce7093237f94fced366eed55e3f3a991025c9ae11dd15a49f9e82ef61ef05ac26a96015118f5a17d72ec6d31b1f98da6654d353e1e5cc7b0f3f33a5c83a613c16bfeda8dc69218302e0853c618cadc35d5b8840a5610b486b844a13e323c25eb6f91b69d343539e31f5a06b41dca43cc561f06fd73eb1f0ea8fefd1ce6a9346da0e457a8ceaa4690bc1c2269dce6252f5e5e7d4167dcc36bd2768d0485ab748fbda9226034c52b60a47061a60981bda42e3208f8904246b912dc3aee8c9365d3abcc6570240ff9babc19c1fc16266cf8cbcd1baa91ac656ce137c538ab21c315898f869800f2f7e1e9e86370f581e548f732bceadf7f20d84314e24ea4ddc8df7c4791229e5ea44192a0fca6046a60f7e5ff7f3d16bd0af19a87f1a0669a4b2ee25bdda05aa34d35d11f5783cfcabceb360b309143d9d4278fa573fa69aec83e6fdf273e66bd962c8407b2b92595a3b02aa7c71d379c1d90895a40ca5ce48cdf504145aa8e5f2214ba9174d1d1319bf77906f9673edcf71a007744b9d9f93d58699f66facaebc84f4d2dbe13f781e81afa9b80a92d0c971b69a0d674a44f70738855b20eb50404c5ae4f50bd0f8c507409c7b41c66b1358e38c6545e16f8b09df8bc916f68285cbb03b745f1e7f2de9aae49e1e7f727639d6b7cadd4096320f35e802032bcb8cd83e2e9a2084a08be1e7dd9a99e9453aea50c559f403364927984f67cf57fa7591fcb7c3afe853cf6312b9c2d6a9c8341d66e75fac198906a5fdd218fb5e19492caad79b45a2f1a790bf02559b9f63c388457170ff74f90b23c794f699551246a4caefdd681babfdf5202a12d2f755b6345ec95f715d749297220becb47b2338954ff76b024bd05768f3cea23627ce8a81cfde98792c12bf4068d7b57115de05a6a076ea8f6b366a0a3a59fdd8457919cbb42878a41b90b425418d429463c463cc523bd66ef3e8184452b0c5f081e6a8abd0a508e83fa3478bf05bf65e8529f9554e83f7a72295ac406bcffb9055a873605b900d32b9a1b5f7e7e06f2af913eb820ba8de58aba2f937e51dbc1870e7f249ff96fed28b3be987cc7a039de63c0b452156dfba8c1f109c0ac8cee0c38c5616bfb056bc791ea0fa2fe910d5279963efdf02f7110e80589362cf8cb21614600740172b2607cf22f039b76bd59abed1d216dba87057835d8aa6f3539491572fdad61914c7a5e829f5b9994c4cc8e1a9df6e5e83bfb8037400f72a0fbe105bc2424dbf01716be093359ea198b7d06c91e7a3b546c575c7e172a11be0c9bea3207ea0f7b6911a47ba51082ccde4441eebd20c3f541afd65dbb6dfce0f260e259d6c6206487c3d4cb60d58671b6ee68407e454e7e215fb4962cf1c5fe27a3c54aba96cb2df9546c67b22ea522fa84f022d684337714cbac83365a1affaf20bc295921c091018ada2aa21bd303e9778b1345d2ef4a2cfcb50432a1437bbd9f90984fed196acc12a0728e027c3dfb57359481642341f753ba7085beebdf78057add33a97a9d037b7408f8e7b64d2a87d92ecae25da47afc683b10addc451452ac5a922a760cfbbb6a0aae5da0ec2bb9f16e92c92a9c90d1b755b4cbf7c7fe6050d0f00b6ce0aad48bea971e30", 0x1000}, {&(0x7f0000001140)="dc769786d19d904b46303815247f43d281b93e4e76924a4bbbe70fbb90797b545ec0557fb6e7e6fc23d183cea7b2b0fc54a0a533a9b5ba0a19f900cfdc2bc727a4936cadd53dd08845c94a5a9cc0a9ff0700005c7b", 0x55}, {&(0x7f00000011c0)="11e28ba89cb96c1d1084831fb5c2047423acba0d0a58ce83a651158cde190cbeb9cdd6efd74f2f4345ec66f8ee7cde2780400b5f70ce27330c08e116d04f227dcd26312dc33861a964103f26ed372d94ddf66d65784a01364255df6c9a3a65f66c916f1aef03c4de8e094332fdee376028beaa07874ac378d43907fdcec3524bcc2ebb00b7d84e1523781361ada89872b4bdac73cb5ae98ff8637f52da8dcf956421bcc6f7b25c051978f78ecde03adef092d91420c417fc22b723760c884450f0c739603bb09a3c9c7e6ed75fbb311a50c4f0c0b92a", 0xd6}], 0x4, 0x0, 0x0, 0x40080}, 0x40) io_getevents(0x0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000001380)={0x0, 0x989680}) [ 765.026615] binder: 7525:7533 transaction failed 29189/-22, size 0-0 line 2856 [ 765.035367] FAULT_INJECTION: forcing a failure. [ 765.035367] name failslab, interval 1, probability 0, space 0, times 0 [ 765.039882] binder: undelivered TRANSACTION_ERROR: 29189 [ 765.046703] CPU: 0 PID: 7531 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 765.059330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 765.068693] Call Trace: [ 765.071300] dump_stack+0x1b9/0x294 2018/05/04 10:56:13 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40106309}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:13 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:13 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 765.074955] ? dump_stack_print_info.cold.2+0x52/0x52 [ 765.080166] ? __save_stack_trace+0x7e/0xd0 [ 765.084513] should_fail.cold.4+0xa/0x1a [ 765.088590] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 765.093708] ? save_stack+0x43/0xd0 [ 765.097433] ? kasan_kmalloc+0xc4/0xe0 [ 765.101335] ? kmem_cache_alloc_trace+0x152/0x780 [ 765.106285] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 765.111488] ? __list_lru_init+0x456/0x790 [ 765.115733] ? sget_userns+0x767/0xf00 [ 765.119636] ? graph_lock+0x170/0x170 2018/05/04 10:56:13 executing program 1: timer_create(0x7, &(0x7f0000000200)={0x0, 0x13, 0x4, @thr={&(0x7f0000000080)="02e85b221dc4ff70eb1e4d6ae9a8da20825e2c15ecb6c03072b34bc43219960645d7d2d79a4e05971cd1beee4e99616aa84c1805a4643ff57d9b8396698650b30970919982d10d485d5a7be7992d8174504a29f796a8763af3401ff7c66935778eb2f37d58e82abce161ba8fb2391c7253afc3733b0395190959a4104e3374c9ef292ec27b058f081af45d67cf33f97168d3b6c845041242701a5870853f5a6eb0976c7d2f23dc1e947373962f1e9db4d8bce5101d0f88e8", &(0x7f0000000140)="e8a989da35155d3f6144f49b708adf6bcac627cdf55d43201d1917e671f31a8831741fa7513c67a8d7233bfebfc072be46c8d25c1693ef38d1740a6155bb445244f70b421088473ff8079d75512bf7bc435898ae4881cad102c880816b8527f29d632a57cdc43be970cf8389c616e3f6e119e29dc7c3953c98e971bdc02bf4ec5c80ea080f1bdac1b1f40be1f12e4cc38c02c8baa7bc70e0"}}, &(0x7f0000000240)=0x0) timer_delete(r0) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mixer\x00', 0x400200, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000001840)={0x0, 0x80000, 0xffffffffffffff9c}) r3 = socket$key(0xf, 0x3, 0x2) r4 = eventfd2(0xfe, 0x1) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x0, 0x4, 0x8c00000000000) r7 = socket$bt_cmtp(0x1f, 0x3, 0x5) r8 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r9 = gettid() getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000001880)={{{@in6=@loopback, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@loopback}}, &(0x7f0000001980)=0xe8) getgroups(0x2, &(0x7f00000019c0)=[0xffffffffffffffff, 0xffffffffffffffff]) socketpair$inet6(0xa, 0x3, 0x10001, &(0x7f0000001a00)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$packet(0x11, 0x3, 0x300, &(0x7f0000001a40)={0xffffffffffffffff}) r14 = socket$can_raw(0x1d, 0x3, 0x1) r15 = openat$rtc(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/rtc0\x00', 0x400000, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000001ac0)={0xffffffffffffffff}) r17 = socket$inet6_dccp(0xa, 0x6, 0x0) r18 = syz_open_dev$midi(&(0x7f0000001b00)='/dev/midi#\x00', 0x800, 0x2) r19 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000001b40)='/dev/vga_arbiter\x00', 0x200000, 0x0) r20 = openat$vnet(0xffffffffffffff9c, &(0x7f0000001b80)='/dev/vhost-net\x00', 0x2, 0x0) socketpair$inet6_sctp(0xa, 0x1, 0x84, &(0x7f0000001bc0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$inet6_dccp(0xa, 0x6, 0x0, &(0x7f0000001c00)={0xffffffffffffffff}) r23 = socket$bt_bnep(0x1f, 0x3, 0x4) r24 = openat$vsock(0xffffffffffffff9c, &(0x7f0000001c40)='/dev/vsock\x00', 0x30000, 0x0) r25 = accept$inet(0xffffffffffffffff, &(0x7f0000001c80)={0x0, 0x0, @dev}, &(0x7f0000001cc0)=0x10) r26 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000001d00)='/proc/self/net/pfkey\x00', 0x101000, 0x0) r27 = accept4$ax25(0xffffffffffffff9c, &(0x7f0000001d40), &(0x7f0000001d80)=0x10, 0x80800) r28 = ioctl$KVM_CREATE_VM(0xffffffffffffff9c, 0xae01, 0x0) r29 = perf_event_open$cgroup(&(0x7f0000001e00)={0x3, 0x70, 0xfff, 0x80, 0x8, 0x4, 0x0, 0x1f, 0x100, 0xf, 0xfd, 0x2ec0, 0x9, 0x3, 0xaa, 0x80000001, 0x6, 0x20, 0x6, 0x6, 0x9, 0xffffffff, 0x100, 0x3, 0x3f, 0x0, 0x20, 0x7, 0x8000, 0x10000, 0x8001, 0xfff, 0xa28, 0xc4, 0x7, 0x5cc2, 0x3f, 0x5, 0x0, 0x7, 0x1, @perf_bp={&(0x7f0000001dc0), 0x4}, 0x44, 0x81, 0x7ff, 0x7, 0xf8, 0x1, 0x7fff}, 0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, 0x8) r30 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001e80)='/dev/ppp\x00', 0x94bab7e646b5542e, 0x0) r31 = socket$inet_tcp(0x2, 0x1, 0x0) r32 = accept$alg(0xffffffffffffffff, 0x0, 0x0) r33 = accept4$unix(0xffffffffffffffff, 0x0, &(0x7f0000001ec0), 0x80800) r34 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r35 = syz_open_dev$sndpcmp(&(0x7f0000001f00)='/dev/snd/pcmC#D#p\x00', 0x2, 0x8800) r36 = accept4$packet(0xffffffffffffff9c, &(0x7f0000001f40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000001f80)=0x14, 0x800) r37 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) r38 = syz_open_dev$audion(&(0x7f0000004540)='/dev/audio#\x00', 0x80000001, 0x100) r39 = gettid() r40 = getuid() getgroups(0x2, &(0x7f0000004580)=[0xffffffffffffffff, 0xffffffffffffffff]) ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f0000004900)=0x0) fstat(0xffffffffffffff9c, &(0x7f0000004940)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f00000049c0)='./file0\x00', &(0x7f0000004a00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r45 = openat$autofs(0xffffffffffffff9c, &(0x7f0000004a80)='/dev/autofs\x00', 0x200000, 0x0) r46 = accept(0xffffffffffffff9c, &(0x7f0000004ac0)=@vsock={0x0, 0x0, 0x0, @reserved}, &(0x7f0000004b40)=0x80) r47 = perf_event_open$cgroup(&(0x7f0000004b80)={0x2, 0x70, 0x9, 0x2, 0x1, 0x3, 0x0, 0x27b, 0x10, 0x4, 0x9, 0x3, 0xfff, 0x6f, 0x2, 0x3ff, 0x2, 0x4, 0x2, 0x5, 0x2, 0x6, 0x200, 0x9, 0x4, 0x2, 0x6, 0xfffffffffffffffb, 0x40, 0x7f, 0xa9, 0x8, 0x7, 0xc1, 0x0, 0x1, 0x5, 0x2, 0x0, 0x98d, 0x1, @perf_config_ext={0x5, 0x7}, 0x10, 0x5, 0x7d, 0x6, 0x3, 0x0, 0x2}, 0xffffffffffffffff, 0x8, 0xffffffffffffff9c, 0x8) r48 = syz_open_dev$dmmidi(&(0x7f0000004c00)='/dev/dmmidi#\x00', 0xe4e, 0x80) r49 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000004c80)={0xffffffffffffffff, 0x3, 0x1, 0x8001, &(0x7f0000004c40)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6}, 0x20) r50 = getpgrp(0xffffffffffffffff) fstat(0xffffffffffffff9c, &(0x7f0000004cc0)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(0xffffffffffffff9c, &(0x7f0000004d40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r53 = accept4$packet(0xffffffffffffff9c, &(0x7f0000004dc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000004e00)=0x14, 0x80000) r54 = syz_open_dev$sndctrl(&(0x7f0000004e40)='/dev/snd/controlC#\x00', 0x2, 0x4081) r55 = accept$inet6(0xffffffffffffff9c, &(0x7f0000004e80)={0x0, 0x0, 0x0, @remote}, &(0x7f0000004ec0)=0x1c) r56 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000004f00)='/dev/qat_adf_ctl\x00', 0x101100, 0x0) r57 = openat$ion(0xffffffffffffff9c, &(0x7f0000004f40)='/dev/ion\x00', 0x200080, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000004f80)={0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000004fc0)={0xffffffffffffffff}) r60 = signalfd4(0xffffffffffffff9c, &(0x7f0000005000)={0xffffffffffffff68}, 0x8, 0x800) r61 = socket$unix(0x1, 0x2, 0x0) r62 = perf_event_open(&(0x7f0000005080)={0x72c1a336bb21d955, 0x70, 0x2, 0x776, 0x80, 0x40, 0x0, 0x3c42, 0x400, 0x4, 0x0, 0xc64, 0x41, 0x3, 0x3b, 0x0, 0xffffffffffff6503, 0x3, 0x3f, 0x2, 0xfffffffffffff800, 0x4, 0x3fd, 0x7fffffff, 0x10001, 0xcd3, 0x200, 0x9f11, 0x8, 0xfffffffffffff001, 0x5, 0x296a, 0xffffffffffffffe0, 0x200, 0x3f, 0xba, 0x9, 0xfff, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000005040), 0x1}, 0x10, 0x5, 0x2, 0x0, 0x0, 0x401, 0x7}, 0x0, 0x7, 0xffffffffffffffff, 0x0) socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000005100)={0xffffffffffffffff}) r64 = socket$inet_sctp(0x2, 0x5, 0x84) ioctl$KVM_CREATE_DEVICE(0xffffffffffffff9c, 0xc00caee0, &(0x7f0000005140)={0x7, 0xffffffffffffff9c, 0x1}) r66 = syz_open_dev$admmidi(&(0x7f0000005180)='/dev/admmidi#\x00', 0xfffffffffffffbc2, 0x8000) r67 = syz_fuseblk_mount(&(0x7f00000051c0)='./file0\x00', &(0x7f0000005200)='./file0\x00', 0x7000, 0x0, 0xffffffffffffffff, 0x8, 0x401, 0x0) r68 = socket$netlink(0x10, 0x3, 0xc) r69 = syz_open_dev$sndpcmc(&(0x7f0000005240)='/dev/snd/pcmC#D#c\x00', 0x1, 0x40000) r70 = ioctl$KVM_CREATE_VCPU(0xffffffffffffff9c, 0xae41, 0x1) r71 = syz_open_procfs(0x0, &(0x7f0000005280)='schedstat\x00') r72 = socket$inet_smc(0x2b, 0x1, 0x0) r73 = socket$inet_icmp(0x2, 0x2, 0x1) r74 = openat$cgroup_int(0xffffffffffffffff, &(0x7f00000052c0)='hugetlb.2MB.failcnt\x00', 0x2, 0x0) r75 = openat$zero(0xffffffffffffff9c, &(0x7f0000005300)='/dev/zero\x00', 0x4001, 0x0) r76 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000005340)='/dev/qat_adf_ctl\x00', 0x20000, 0x0) socketpair$inet6_icmp(0xa, 0x2, 0x3a, &(0x7f0000005380)={0xffffffffffffffff}) socketpair$inet6_sctp(0xa, 0x5, 0x84, &(0x7f00000053c0)={0xffffffffffffffff, 0xffffffffffffffff}) r79 = openat$vnet(0xffffffffffffff9c, &(0x7f0000005400)='/dev/vhost-net\x00', 0x2, 0x0) r80 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000005440)='cpuacct.usage_percpu\x00', 0x0, 0x0) r81 = socket$can_bcm(0x1d, 0x2, 0x2) r82 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) sendmmsg$unix(r1, &(0x7f00000055c0)=[{&(0x7f0000000440)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f00000017c0)=[{&(0x7f00000004c0)="5fac1ab31242854bc041d30117e50074baf4dc2c0273984e855b3b0b1b0bc25550148f57d071ef98ef7cafec2c785a15e7723a59623f27781bc111ea66677a987f3f9297fe06bbb7df60f67f296f664fcf54cebf83897b5fbd35b381089ca84af6b5a4f0b289cfda6bc2ad676b5e6cc7c17c9231c126c4dd113dd5be0c0f9c81f3c12ff6c975d8ea26da1def6c44c3cdfaaa3fb0b0f4789b4716bec0ace62a744603949aa0722a6325771eb279f5e9ab6110d98bebe604e270dea04f4440f0699713f9621b995cd072aaa5cb02b747247993d9712e7e259064f3207bd9c397528dc955faef77a073f5babc8161ba1d75cc0cc752946f4947fcb00a04e42c53af007fac31b8562145d54b63a73e0edd5825bd07969bac7007bf108bfcf8ae8d77afad34fb23c8dccec6140d2f8973f4ed1232754ae682aa0c0a422c725f677bf02ff0cbde6ab1729b410aeb40ade16d0aa19933effece39b4294833ac486e7479913f6e263009c8d5cd6dcd1fff38bf84698a291886e1a76d8e437e9377896ef5afa8157bda4b00faf26e7d370301aa0c0bd32df9bcf042cd476afa3a09832a35c114337125cf9ccad7aebf96e3e8e5ea35b9c1da6372cf40f714aff02683563e66a5621e82f629156bb71d9857e1b642948fcf3cbbb348a4513c7ba7948339b3a9a08577d459d6f3549fdc904a5c4d5e6971bf3714d21568378bf7556bd277dda1c1f923d37e785963d771bcf9ef0d44dd4c4339338110c802462cfd2b6316841449819c1351f0e0c80ed462de8a0ae5195ed9798301b751b4759d2dfef9a8e3e2a7d896facd14b2caf620b360cf727d00dc13b87960d4b48e58b0774bf8becdb7bb4d45328319f9f5fd494b9149e32e6d6e6c709ac9584e310978e82bc18e1098f8e2f98a767a97e93e2fab0bd19f5667e90277ba01c31bbc0359e39f7d99294b9e6a2b0077a8212d3dea24aa70d2f9898fd3b6fba02e59008b2fc7328b32dba0d9a97463324d3a03a57b1b4f934b18bbf9d7244447d33a5340752aa8f362aa03c38599b1939e6e7e6e2ce7eb5851335ee951366c4df51d091360887775d09461fe0b60aa3e363adf563d704b547dd9ee7b4de40ad861e8370326b5fdea59a557d6ae5ed28f518272a7122fb572878f18eebab01b38e154d3e889ad2676dd97ae6f59c9f12375ad0c70f7ffe71b6f74f0a9fa6c0543141062d5fb04dfb37e72fdad0dcb0e9aa6aa00f2ffee862851e38abe52e9f1a28bd80a81f942f91fc193dba269903876971e633f38015b1faea0420e43c97b348385d915b08f1386c1ce4733c76d292c9d0426a74307c50c883bc37e8e69f93a2cd16960ea33931ee96439f8b603c0c476fcc6cdaa2efff1109b66c9f22f550b9fdb7e8238f3a4be88fac0d074b26f4541c6a9d078782b52ff6e7d31bd4289f460e5d978a9356b168d1247915b76060817cdcbc8a944715d5f054d22d86ed3797f2d4f8e4664f4a192e47f5199d0db33eecca0559b7e97b32ced3427136a121a34a3bfee4ea7b2ee2630309e668e0af12b36f4af79d30974d446086ea66d9b078bac3803c662d15ff91136e9cdcdeb7d9c77e7d491f5f4edf75bbe40e6414c1e63a8f02cf02a519cad662c0b5a653ae18253e6dee3d8cc0404daf1b41ced91f0c84b93016c37fb030391481aa53d968fe74d7cfac9105e8504c2ab5aeb41cefee12b5dd61f8f0084d93ff711c4c0ec123422ceb2ac7c7d774d57d2a56950cc1813a7053eb5d6f08e01a99448c37ca6d0a28919ae2d44c54415efe4c3482eb33260fec903b417f6c57c4b0ce75cbdb932158e23c49d54a63e0f17a21b48561634611758fb90dbd0a33800dff6963ca120b482d2cbaa96f73fba4edd5675dd17af6d410d157f4371fa5e30b0bac0c5fdb089b212ebd639ff0321841a81d4d3dbff0f35495538f149da08354414ce50acd1416b02767411b64f39e78c83ced7a64c66d47a0e898fdf4d934f326d9eb9d19ea1d650035ca59dd82cc654e7bb769d1c36563c708b094eaa9cb3494a7e0e11069ed5bc8a0054526b78f43b4287aa81aaa04a2277ffa9c4dcf80170b926fadc74a8e11e5cc4a5b8516863fe49fab56377eb3ea3c8f4a59c3e0a28f93c36a2c7643676e73e4011f59f2f44b7d7113eb129557c9fca3d40ca86125c22ab30715b513787a50d0a7a237f0140c99a5056f7e5037fef0ef730738fa3490f581f091b8c3127e5022990cde03f9ec9d126ec4741fc32050bbe4f557f397b1e5208e52359751612858eab967168db616dfc4ab95e96632bbc2142508c16691675f7dadbf3ccdafef399a94ea9df55581d83a2ca2bff91fa49da68b34933b8382553a90a94190629168c20430b3bc87645d7b1d3054261c59faa0f93c3095d64bb75c667c9522b05b643957e23f0a521f0b819159db3d7d983edd1b44b7caede081072281d22881eb46cf497bc38b74156fa7218401d990e0e87164166b8946f59ae3597e6cbd21d87a0c1aaa018fcdd1629c79290b0ca7754753c15f930775f5c14a7ce9877d17769da9cc6ce49beb70dedfe703c7c945dc49c0bfefdbff8518e5b3d692b08d2329b8b74a7c0e675ef78a8ec212e3437669bd91a1ecf89d3e68c4dcdbdeacb16e0324f83936a6e1d3e6680bc1884573e19c69c857013bc74c3be2bb67cceecb927c810c7815fa3b8855ecb0e0f3d0b25d68ece694d86a9bf4cef5924c27eaed15da4e0d1a86d97110fae036a5878d6261ca95afe1aa13beb82370bd5615db7554c9cd9aa13b54823de388e51c576ff9c803ea78d6f865935b9f04164eb5708b64d4e94a420ed330831acdfb6bf8ff29d96a8444b422a0b6a24e00fcc11ba176e9c6ab325ef6e2c0d7b2bcf4c51ce3c0842a991ef6b465362475b243bce31656d5577a8c8a88ded6cbae60795526ee39a4976129f78bed0b977dd07c973181d9af1226a545c6660bd414c43bfb5556aab9a264127b2b2e9e0b2251b705058a41c75a6acceb94d1341aaf8cbfef712676ae01e73190aa6c790c96fd8dc0e500bfd4b2440bf047153860f1414239c7f4edcc81ef8845624a9b311a467e79b4064f028001f9c498c25739072dca166beb1b3dc1bf33550e2e9b663189426c4cd8ee8abaa54f16f837d9d597f81c433f7c0e3116dde2936291f5e99d5126a449251fd8f19e8f5364fdcb1533c920c90eae8020027b648ed54a56c2e8555ea4bd8951bb423c987577df282b0fc91e3d1531bdc0d467a47e8f9cb90c8f1f13715a4f942be863e0f125ceb7553ff753ad881083ff042485c14243bcb74ca5930b374f6024fb56baa5bb17512107250200990b12ca97939acba15fbd016ef81dba6812787323be8ebc8cbaec6f7dcedae0001221c70eae3c1c8eac5729ebf9f99976ee4ded3bbba39e854647e9eb76e48188ae568c2e82f3fbcc469a4146b527e4fa45280785393a0443d9a992cba918915cf77cb8b011a3d6bd35f0c00de40998c31d492e62c9f869fbfff271ce4d5acaa1c0ca8af4730c4042bf8405b8535fd9320b1e7ab22345f89dae2a4bd65e422a74fb7288c5e82357ce00e28a0ad61558a3ebc45a7e0f95fb68565b51a32f0ad6222feb2c40e21e429936975b9bbd1f34089a86878e6f08dfc311daac85642b7ae154079816513ae956b92a46694636191e037568d85e6694a472d6d78548118c0a6128daa9301add4661c9af2203e62db21fe4d965c9e281ae62277fbe63bd3a9e2896a31c42a54311c2ef5221c17bbdf666e789318b28b4fb6567f59a655f2077a092d54e65a33f8b90edc5ca680e1603625d78b2c3c8ca51d81abf1572b08d4b950eca7b97a46522d1e4cbf472ae2e2baebed7238d0d38b7e150a04cbdd37abf39cb5b15946aa2d664fc997f5c0e3fdb51958cdef07353657b1085570a8d17de1fc7906a4a68b83328df349254c7f630c40df28abfaccc2a2539f9b7d4ec7143cf299619b1549419f3bc9cdae58b47bf10aaa5d18009067a630c3f53a8004ea006cbad5570f27b71c90b680dbc18649ff13d093695b4afd711de5e1f8a0f44c7ae3377e44cdd4bdf0b35cf2cd3ecdf155c1c6b0741b592bc7e8cd96840310b5f6fd0b9411a38721e676ea68ed1d5177a22547f16fd33db01d9181f49756ef3de8a55fbadc75c7b08a82cb49b2d60966fe7d58e3bf90b5e56dcb1e4fadc68a721262ce50c4d8f6a1a1ee989b7233d189fb4183278fa5431200f41628adf52ae305d65cd855fa98be50f1b4c9a46474a58fd170706b932ffe91e5ee80053ed96ee21edb40fd2fc3f9a0fcc573a8eef876cf6174cc9944ebc91dccbaaddaae614fdbd7cbe142e965a021ae537ddb16dbf9e8cfd9c50122b50841c758ada25b03d0879ab9f18ddd04bb5fe78b492a3813259be818dc0ab6980299c04d1b64fe68d601289f2e159fd82a0c9abe92434d2b3208c08a1877a3845923a5ce8ee27ba1eff00886d4d25844ec943ca189687844995e5f76f1859ea0b83f903f41aba4cb66b81ca6ad041e68a843c2f71658f8e7d0753f33e4a146c00eddf8fa1fcbcb96af788b28ece46d651c0107be3f8e0fa2ab715ff92beeecf3ddc418ea7fd745dcb31366724751e3d75f40f616324069d491527d6a748be1494f14cf4a5a1f966cefaebd2656cb9f8ce80d6e429401e69e1093b9a9087c89d4e17b4bed1d9fb0c2b2c6bc082e47e09718e86a8c01d7bc901c3bc84904b11675e4b62cb31e5a12c2ce959e80330cab4f1c580a5e4e6e8658b9eae067a9f8c3145c6d673cfbf1fcb6f42114eebd83963acb908c0a7267e3617516e1504b28e2617b7dab353be10a616825a221252ec1e42395ec737de797f793f99a659fd563c0eb1c5831dc096c6244061835cd01ad55bc49f5101a0232eecb7988af10094f1cdac629a3f0b74d4561b3adbd77b27504b0c239ebc85e98bcec713e3c9c073d982c05ce9e43429ec598a97df40acf760ed954ae81d79c28bd7fd95a57e21a8f94f4f0c2ebae882fa6bd36b13847ea5291d4d1df19fd3128fd6a6c07a0e6e78084f9b32cbdef5b8c59b17362096de0732b75cf14e760507039bef349e397d38af2980dfe9339f602a096f297a09ffe4ad4c5d66af65883cfb8529f050eecc63baae001468b638c48f43ad8c62064d8bcbdb45932dbe5eaea73865696e188026e6058974a39e521c9323c4ce2c292358e828329d1291151bc044a37fe682347e3ca25eaee9a16d9eb687f2db38cf37dd91e20d2a7a15c151c92fe2d1ff53f8499afee7d961075196b08eff319b7c5b0e179287584bce73ee27f4d213ec5351b36cf275691c8cd430087adf5f7130ef54c292d69a75706bb863823f8206e79a96f2f4d6a93f02c7c688f759b7f085c008338d7b6e8d844a76fff1cfc6a96d98daa606fcccbffe4c8c8d776f695f484534c9d8601726b4cfffd38ca116c8ef85ad451ef8eba93bea52c244c256690357babe9338e2330d3a2cb93f2135d0c2c804799e99521c415eef0be670fc65cda8b5323b74f44da8c4a2b5888f481ce9deead9e3800464f7a95ad9c39435ec52868998748c2234b11a1b2e56e0596e674a9aa7239b0ddf08324148b99e9b83174ce97ff2330483d099c31a4525f955c85b691368c880fa39359cb11b3131bdc78d6be643f7b870977597ae01fd14465dfa7125cf7d4aabf9df2a04ba5f04364f3f700596514c90faf653a9380485a97e972b63746859b8361731ecb3f3c2dee6f26fe2c78437baef35e6a3408fe4b9011ab1d5dfe015ad88f91ecd1b3c9bae1484f925b23a9b894", 0x1000}, {&(0x7f00000014c0)="85b549b53231fbc2ec79a255a0b5adeac496e24705775d6f69ada59e0f9130e663abfda77c49abc4109fdaf579d2b8034989caa44ba4f67e111c6ac9af1ef63eec5a2b6fafac435a104cd6e30d333518a3dcccebfeefaf111a236e4ce7a7a0ebcf6c908326f699b25b319447555d42134248d705a636e5be7e7048a3", 0x7c}, {&(0x7f0000001540)="7352dc662b9ff8a4f8af7978016abbacc951906c7c1880fa354173468fbe64f48e7dcc52674af5a4dee63716fb89b56c2b408bb72d", 0x35}, {&(0x7f0000001580)="d79a6e2a9686c8fdbc115af6ea83a35866acd7c2264454afe0e89acdb9c033d44d15c291d60aee26f8997d051df85e316c7209d6eda90e53f0c75e665a2822b51040f22546d283bd411672113af3f28eeffd7f1ebab2b47186d85e0333aa41c9412748ec19e34aada6703423e78e02b67f20cc9eb718388e3b0d9976d8477dafd94a2efde855c2cebd7928036585343a2432a1df", 0x94}, {&(0x7f0000001640)="36c993e7be166250c063340090f8964e484f593233516eed3979f64a836209b128e0a54dcc0f1c91f6145c72449c8fc0b77829ff0ea7355c3511d2b62d5868056968bb2463114475f1fbd2304bd231c7464548f7f5aa1961fee71de8e2dfac46d60edf893b190695c60f1d0d776d80d91fd5c60ede25f9bcc3e8088045e0634664b881e025e58fd43bd5cc3543d6e5568d91b87c1a3f1f1955905904a6f91d5f1991ba51658fb930143aa943316d15693118cb49423e862b6c8795b8524f1d1a7d425a33b6beb62a365782e6fdd984ce7bc421eb13f1847b04d8b2b3dd80339f7ece0e1a8f006224bb", 0xe9}, {&(0x7f0000001740)="a61ff916fa93e7819978cd7fd7920dc085678cfbe9b09b5e4f66f9b62e3f168374c4fd0229a1", 0x26}, {&(0x7f0000001780)="106c735f1783f25ff7ec0a9bebeffefd44f7c933b5f3b0d665b43107a8c0b9108cb0780dc30d40", 0x27}], 0x7, &(0x7f0000001fc0)=[@rights={0x30, 0x1, 0x1, [r2, r3, r4, r5, r6, r7, r8]}, @cred={0x20, 0x1, 0x2, r9, r10, r11}, @rights={0x28, 0x1, 0x1, [r12, r13, r14, r15, r16]}, @rights={0x28, 0x1, 0x1, [r17, r18, r19, r20, r21, r22]}, @rights={0x28, 0x1, 0x1, [r23, r24, r25, r26, r27, r28]}, @rights={0x20, 0x1, 0x1, [r29, r30, r31]}, @rights={0x28, 0x1, 0x1, [r32, r33, r34, r35, r36, r37]}], 0x110, 0x1}, {&(0x7f0000002100)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000004340)=[{&(0x7f0000002180)="b8e53badc81d62dc986df102faae097abc132e3affc251058bc0fe482fce17293e8fc31d0e4e1bd3cb6ed906ace8425dfccb820309de8ce4c441e64eb7117f580f44ce81f73dd7b2d2b7e68412dc03c5148ee6dc053195728225a3e98a0ebea64c253f89d8ade11716b74e0ad0704dc10498bf33f8efcc872878cb832a516a756708bcacb2386be21b33d0ab2a8a583a8ac095ff3f41b561d69896126e23ecf6e5e816a0d998fbdb85", 0xa9}, {&(0x7f0000002240)="0a408f998bd199d35056ea0efa67a96d7cae106c57091d3490c8a65c6c6093d982ce1b292433f8c05a96d8ec74f6946303b471ad2d6c4b591d0a1bcf9c46c9b472d99b73f718c2b5c277db94b88beab3415e1fcb803e39f12a98eb598645be6fd5e1dca99ee3d37749653ef736a71447673b9b4c22a9a98026a4b802a981b14284cb62df4cda3aae2ad9a1bec3915b54db08af12e06e151a62862773e71514f60d3672323691b7bff3b556277a4a2e080bd1cff0468aa58ce1fe8ea57b20a357739fba7f866bb40987b7124c7c33905208804d9f9d944bc84eada358035fef74a369339b14cbfb771dc056ebebabe74ea988378657a51e5d2776147fcf2fc7b71d11d14d0e5286ebde69b75afd00ee11bed46490d9a1e274ea9d8266cb0d1e210697d18affce00454b35345a031d5ec4a385e042bb3d2495dbc17400a40a360ce6630809e1995ec57371f3ef81e3b01d9a4f36590a38ea6ae8354ba0b811677a23ccf00e41d1c914b2ed6edcbbf8e8355594933dfd5ad1200ffedd6de19721082ea0817ca95c5b7a62a248fb722f466e36e4f66ef8d1537f90c449bd8b6660aa76902f4f7cacc1c61357dec084a4e23523387e1cea1ccd6587111733c0e73b3003b9db4aad5ab9e08ba44f93313b1eec8741b7e3bd162ed117d6d2e617ea0c97fff0c2aa9c69174fd22d3a871c44463d2cb5e88baa589a7d6e5b9709bea2926c61868cfc9be58cfb63580c8601f4d3b1422cd0789933920fc48c4bce70b44ef8e12e2225947161166dd969098e44d8a14c580246f1088bacf784a0177536ed09ef2edd1acc7cd224d51c76d5d63da1497a0a50ffefcab0ff9f0c6dcf74048aba5d2ae8c12aa30b3ac0d3444608617fe429343847175e065adc5849db3c4ed26b0371beb870f61b2bb6e8ea516476fa25bda04eafe8f5b678847e72e5423ce3b848d258ed87ba8715f66c5902497619a208955caf8eb69deb5efeb165054214b816ffe11dffbd9316cac6084ddad42ea36b9e06fdf357dadf8544a6f915e37da3b7e92103bdf7c459abb9949678723ee79fae03a319b18479d5f9a1229d313b53739ee71f1c61188d33c5821153ecab9e3d3077d38741726ef9f1fe87a6a54c4650fcab56e44d3d19c7d7d8c702010756792ecec0bae03aafc410316d697eb87c0a7ff31611ed80a96d4e6f8cc25d84979226b534c0ebdaf99be99c45059ef5bf5b4c575e5175b58f6856666acf6215488fc2bac1630d18f5d8423910532683857bfabe381617a3528f10b34cf99a1376f0e4b479f5958bf7ed2be98f5c9b82e189c5a9304947ba29ea786df4c8f2597e077e2b632571246f4b420d1114b0f03c6ef8a39d8158ca4fd8cdda6c5dee77694caa3ddf77d0dea314a733eae4fcdd5c43ed1bb05a4ed13d82ce3f18285b51b488ae5819d51076541df4761ffcd91cb578cefe7f4fdb7897d1b4ba25c67f675e8bf2bbd23ce9c6a09e4bf843f88f1dae58197b242d4021fd12488530c3c591d48807e0696c121f54ef99bdf0b10e9806473bd96a29d12f0cdcfe984eb1afbbe431f30a9e6fac6bef0404572e2f55c9e51e1e23501a4de63d52a7709d3ad84f37ec2bc5f192e485791cb325d71e1e5bf777b2e84f33c42385cf424cc8552cc8d0de7e40af40a1c49bd630272882e7a402a5cdff81f6c8ba60136300c0cdfee5fdebd9c499fafa465a355747e1f853adb7a8f03f560731ace5429088157293941a70a740bafc87b2a7a822a916ba30597bdb0a62aed592fc958cfef99860df219afd919c04a510c756bbf4b382550b149986e09bdfd45d266dc176f6bf95157b244ad47e8c35edc6d7958319c067db387d5e6d10ba90cf009066a798d2172732894d5e166e7b0820a741b8419a13406949bda90b9e61316ccb0e832f3662f0f638b44adef31cad4b04067e20357fed022f8319122700873a9eb48716ab1adaf3071695f1aa928cbbdf2f502f1742871e9f349781a93fcffe4c50f57a27d82575d4264572a22f6e74e79600afb5460da8d24fd294529cc14b32ea46bdea86077e37285a02c06cd0c1554ab0a9065ec2be40494337160faf89afb09cc217440d9c3c7a63b2a3631f2784287ca1dc3cf61910142fdf57d29fd942b75b6ea2b1cea64a608f8458446189e9c0758e5534e2c1aa60a7c1e64c5f3ab1cf28e97c74af8a1b17b244c151f9cc72afce880a708652ea1dee72ffe5003d9fa570f077aedf4584289b4c878b6e7314389a917dcef4847676690e71bd4d46a27581d16af564f4f1f716c3e1afd8858abf85a32c0f7fa56e06b2c92ece95441db9c1a3e7b5e64b8e223feb4e11c727d9e9acca0e3b38894b2091ba1febb38acd28b480f2dcd45ba6a71501eebc5e24eee60ee52c36712cbc1000b09b745e7b51e52e4f616402f2dac65a7004ff07b04f364174ec3f4fec9c554bab1c0d530e14fdba4de4deadfaaa6b0e34c9fb9429a562d673e135a00513ef62b2e66887a5f6c77444f60804c6f78e55de20f9973bb073df84f18956d04b175f117a20fec29d4dc0365b5319dfac842540bce092ba6f09170ae1cf2267330c57094bf2fedf0f0238e4fa9e05a1c3915ea96e8797a7e5c24e86aba7085b208f8b4a221a880300133132f25df08f8108136db38284a401972903267509fe7bd293f5973ed5454701b64539418ba4f043853fff1b956cdaa0d2810ac2ed64aafb32fa7b1e11578e80827fe1366ec1d7a9370036270b5bcc856a4e9433451e1950b3b3621f282932721645471d2ca9e007eff3cd48bf6382cf0663cf4e673176f3d882718c39a664d74ced8fc63257033246f63da9c8333d652cd1906cfc4d2f42edb77399f9e1799addfe4b07aa742b596104e254dc6e3bf6762a8b04b0d716c923a77be144c925f630c90af8088df9a61a1f7d4be2530c4df7c7941d115929efbb3c4f6b6a426b0bcb2e4eef6b5fe196befa6d6b1982078ba31420f1b716b5f270b57c0e60da5f4131f138794e52bbb013e38e84a471c375a18666d51e9bef28caf9ba13bc36732a80a578d50025152e165547900b47f51589c1b5c09375c1deb58524005835124a914930ea08728d4548b986ea9225902812004ed6bae53740b7a9bd836dadd14e56d444f82837152f1394633aa5b3e9b7154255c7c39ab093d11dc2638ddd1d4372ee19b69af653b6df279338b3128f11a15b29c8507d7894ec66e1f134965bf2e61fad64c7a3f44443db73d2bde7c788800a34bd3367852b0afc7941d02d546946d78f8df68b9d703a27a783919300676b1c085ae5a5e24551372dd159f750c69bdca54118bcc438248537e49410a5417fac64eef47e4e4349a462f4100f497cd0991d25b7aea40bd191ae1349114d3ec6227b8e49996a1bc18d048c4642be84acfdda7fb4cb1f156886d94dcd2b3f8a3461749b3c33326d376248456f1a4a2ef9845fbb6157061f87240cbca73ef761d03cf138452801188f6bd40eed9239c15b045d3e653bed4bae6b2b42276f44fa527d4a4ef7a309a925aad23980ecb4a0fc4f84e06bb3dd35d2d03858d0677eefc57db1061a44f285b05a46a49041931290839298892727af94228ded4c011bc6417a52f382e1f3a7f8a6fb9cfcf059ddcdc8276066136e741fd84538a552fd5bcd1526f7bf6d7e76f3abb3e029f66b4d54fbe33bb1e8d7293b8ee1f504965c7d982c48a28e47feb1ef981f31c60eab823fcbb30f631fd8af482bf93f624c06c0a65c9ecefdcd78c7b34c73f2dd6f077e07d11b831c433f843b3fd9e7e05390b64b401aecd8debbdb51b8f2438f38370bb88350dffa1ec9f168a4cd62c877a6ee431a7516d1174977d503336c96067f285209b53f8a01d914fc1eef787fb108db48c1d97cda5563b844687ee7789b9ac49fca524a730dd120fe6c3bde8176023e61b21018562d9293baf7d0918ee2b10f39f568b979a78a3a3f3644d8ca206aa512df594c7dc167de5852a6fb9b1d4f729a85727a2a9810063c5be1a14fe6a76f20228feafa16a73f92e23bd316c2966f49e6cbc0ed12235d9e86e467f2b9070ca97ec333b8297cc48f1d80158b6088429d46911045838b428d636adc188d962b8d7388e776e94be2acc16dc96db7b64c9836ea94599a3eb3ef5ad00586ded6739a102b0028fe8891bb681132de311a2b92f08232a99d16df61899d8753347ab7b81c72445e48611295cb99de7212f47688603f2dc576221a0983177d7de344464bcd98ffd9f41c9ba200aa36bb3e35b4d823418e48f96acc3e1eb54c13b725ce2614658f7da67a098247b2abf9cba5fbc2c16e726f5c4d1ab8c6b378cf8543824b2b2dade27ac01aa61344326a04e1c5aa701dbf876b0c164a8494ce6bdf18a1f0e5d36a1e344235b10f94628e0486a4bfa402fb9ed84c7a10cb3a0b3b94b25bedfbede605df98d4b8e42b74a986cb98903b164c5bdfd911e71d0acc17a726c9bcf03914f1382b84e8880067cc726b64f3b4d4eefbe55d6abaf2fa121c6a128462bf2da902d811315fa33afafbf12c2b6f7e4cdde80028c41f9d5e15c93aaeb257da92117aa74e067780ba6395feb7b9826b2bd56437f8aa3e8f0afb2b78d39bd3262f3cfb3e3dd5677c75f5ec85614c176651b442187957db7be78b8a4bf481f4f20f1a6d03d4bc84316244854bc3de5176f460ae4797e2ae4fa97a239fbae81538d83f8ab8d4221deb33497e4fae968c016ab8afbc8ebc38968cc4e372df2a8684ecf715eb23507ec96b0c6905a4b76c42304777f05441a2eded15d89043e857d0bc5928306c0671e15cc8edeca3ec5055b4668e8f1ad70bfdbdf694132bde77ea88930ec2be32648d19a5ea671ac14f2f6b64ac023f67dfc92a4f4d74e18b86829fcf05a225f04cf5c510d4b2da5c6a2e801abb2635afb8430a2db403fed6a932b2050765c5b8e1a0b2ea75527c4cf9e9ebd89405e9db6ae25cd2f02c2a442d0a53a2bfaf19a56cab5977b3e1c56bd1bdbb88d739f12d2f3881fcd4c2f9fc5d43667ab2caa935c0ecadc6bca57687727625b8b783e3354522b8b679ff027bfbc3bb53a9105a2dad472e1b8d1716424955659db5acd3dda53569b12dc395f964240043adcc5831bde3cc47031927b74dc81335f180b7626f34167fc48fd4cbccd2d2adeef1f9d6885598e6e17e8c06a9c5422bb6754b24cd255a2c4e316fef177e0397e14ea9c0eb4f3028fa76d8d64e95a90fff1ad809b6f85c858502090aa623998998ef37f076742bb854d319a12f897d3da8511c36bb870100a4870ec757581485fa53fbee94e4b7b4b3809b8e12c07f0de4e077acd5ec6dca919c1b383c33fddc11c08ad1646a4929455c901df802f94e881d19d49766be75e2c565282afe66be60e86b51d06a327ced00ed687ba9204f7adb8fc9d21e0277006b57ce620587a060068a5bb5ff854eb530b985e727991f8aa1ba99bcb842599460b2e968789261dbf3823b5a1b2b55378f10ad60b5d8425c262333aca56e5792f89a1baa5de38038c53c3b93d1799bcb876e2541c03280f585d4a72632cfbc859b66a23e8105cce48a986810006ed97bfcc7fbf08137b253700be1577714139bd9a05f5a3b8dbffa226a57d22205c68a2aba754dd76b107aed30dade638a044997bc7071ebe2a66e14578e18184feeed48735e1d0bbfa314152b06ec51da4cc7df5e12789a548dd0a312db3aef925731ac5d6b68a797aade50276a9b8fba979d27e717a098d1fef0ad0d66ca5c769327bc21d056aa1922e496972494db97e67febd7979b2dae27b44093", 0x1000}, {&(0x7f0000003240)="850877c97db751b84ddd1ca549e1f43e12d2767adf75e78f3aca58cea34626441530f63a59cb83a62301699acd20b273db17ff18318b6ef0c72f8b0d065be4205a6b2bfc097f0c92d0169a031cfb815e4b87f29ace026ae9fc13dc904fb281ef544d5dd39cdeb0f7a4", 0x69}, {&(0x7f00000032c0)="79b7683e9e79b29c9c11f62b20f0c5e47faba1c8c523bf172cc291ee286e707e3fb284d98ce8a2ca555ef587482084590174c3b92f774a6c82d69d6536b316981cba3825b372449e1f5d378add20a3a1f1bed516561c79d5c2a0b6aca822a953a8a9adc9d49674185a3ab7048f0131309916419ddec6470e6bb6c816a11ed6794f0de4c9edcb5d1b1a358478296b301476e0852b084c8f4b661b79e9571b3a93082bec695dd64f9a14e5b6f384b529eedc301b465e883b17d20bfc6de989885275e778dd8d038a12bba082f6820de16251061ef11ca6580500069906181016aa669cd02e0222d16c9654d8e1111a7076a18e78b180e39a3c235453e992831b9e7d4be86e3a31ade1bd858546298905fbaefbf2c259cacfe92badbf57e1f833210aa2df4e6e337b510fc6dd3b4b0beea9447bee18ab05846d52c48437477ba17aded51ceaebff33cf08e978dce73b80fa23b4224926214bc09be759270c14d3f611fda02c8e6a2f14af630010e735e1a47512007febd95cfe4315b004dbfa11ab1ecaf11f0169cb91a62727390183c4458da79bfce13db94a638d94a284e90e4429a1e6717de298572ac42df283aca90a371b062758ef2e814672501e9b1c5f083f039ab6d5181fd93eb9239c06ba877800834d423a0496b2cfdd70d8a19c2fc6f9e92ab3ccb48cd7f0d79e3534c638cbeafa0d3ab30a9a9be94ea5902eee3616c08382b6c3535a141b983be2245cdcea42c4722d846a28e73b89092c6a2bf2a0c8cfae669e71c9e71ab71baf1e118340286687ffa9d95e775b8fd36f0b61a6f2c53ffd4c6432f81f3b542f6e345b5732c991570b3e385c066be69a6f8107f6f9b28bf3c1c2d8bee8d292137917d2f952a2b2c665504d825cd64051287f58b32056faec8c688da4b25d389cf82560541320e18321964bd54d67448c5ded181ce1ffc6cd4e6e26dbd9a89b1872c2278a0003ffb73d8df6b85bf8e071d6142dff51b3e4e4dabdcc0889bbfd77df1fcc4cf91e80a1797d1d278a9007d0c4bbdc34d785e44c3b0d981fb0e854569a43d1b0a5a67e1532ff5cfff3f36ac1f5516e5a40f6d7636a1103a4ae809f42294658dd1346dbc9e03eff6a2d201806246cacaf52d2baa2ff300f7de387bd7f8c394c8d44a6e7c1cb0cf676caeeb4bd33c035bbeaddf89589217b45f5cb3470e4897bd847803df17e30fe6f1b738e3ec1f250fad57eb200923deb1a1a8cf12cc3f98602a5f5a54e4d8b91c2e99591e9f4714af403f581003499cb9f9223b47c9d346d01f89c44129792ecfbf677e26fe473c6da33e93ccb6f21c91bdd37df2174996e133f96220ff36fbae677c101c22587961e9bfda32c45a7bd0b67bff8f1590bf5d27464b464d0b41acb4b9e6b0253da31786ac310a0a2e248afceb2b741d1487f21c27f20e02e78c7e2833e7df6db835116d9478df0921598b32ab8205d44a2fa79925cfdffbc5a3f84ea20d0bddd45a5601c17e0929ff95dd9a8e744b50cdff325afd51ffcdd03c6c24dc1f89621286913862ed19a8d7f99ce67a28ceaf1faf800a6e4eb324893bb162f4370c49fd3c09198ca02f4b5d18a138ab4af71621ecf3a3c99f0df84fc65d355a3961e97eeec27cb75a40bedbe5579dda0b1410805f48b1c6a7c81a90df843fa21f62487ffdb5fc738999176ca8a0b364ba651a340cbf9a4c440470aa87ed087c4d14fa27b8f68c5cb89e3d2cc2ea2b909d47ad9f780e9c04dc3087c932a1ae1a8112170b1bf16286f5141cc5e58cd29843a6428b32e44984c473137eeb89616123f152eea646020884c6e4f5454a18b1e56f0b9020d5219d8feca7e89cef4ab0a29f77171a14c2d7640d8bc8963c940e897b0ddaa929e7f9cb85910bc21e869afb70870e913cbaa94225a0a752377aba11892d9f2d80fba05430499ea7e8cc1d263813b605539f77e4855444c376996ce859a0af7b0d3d77494e332b43bb833a3bad3dd0fcd210cf63cef10947a495b13222258e47c30cdb2366f17e3352067915ee5013ec1df6915ff06a32453ed0e2f91daae03d722e0052917c17439a67fc5896743f43aa07756c4d285f5c2985c78f09448287d355d6a1ad66f648e17384bf3c9ec24eb84df424ef8a24832bc3d9624ae55deb2b7b26d81e9d4b9594e440cf41fd8ef8e612ed418b652010996cef633b3ae9dfda4f643983fde093bcb628ce17b775021a84fbd0444723b9435b4a4fc8202674316b1e2db118cd755ae67acebea8a0f22fd628f3d5b3c596bef9a21f08950f00ad54acb7550d3d158a7b52897f3152b09b15647f5d51a329da845e22fa82336dae795f47d05b083d0228a678c63e0b058cceab80733dd908ee49f7759c7b3d1347df72cf319f3d756c80a53a9444ac1f7035f9f4cc4eeb0b29dc3f37c50e0fa3f68c3544848995e3a83317ff331ae6e9470ede3f9dee84c87c45a2e37ec85122e7639673649cfeac9183bf2968883344f49ab01760795c4dd6bb8e98cfbcfe1b008ef5cc4f8059a8b2ddd33baabae303e79ef4cfff8b35ec59099ea5d975fa3e833256e1c225ed0d1905a9f45d62f3e05c36f80266a0c0dabf4d43707bb73f839e2f613c581d79c5576ddc5c56c33c17e6c850224a76fe5a47e32a210139eb954ba49aac1744af4f08202d9361f73b4512b5e963ac4a52772e3c60b1851f5237d238a5511745fe82649b36ed9a119c583085ed6cd3a8e144c100b21176a0d724fd869a31117effe79f7945680c9b0c79cdf111a87fd8e174e016922e6833623d1b108a2a4e6af6d3d73702675b8b1353436e60caa8c94d1c8d151b61afe285e426ce581c62b932304bb67150214fb53343a6d765747de4a33242b5e15ee6cff651dfbe2708eebcae545fd16cf8e3a90c0191dee62671c59879a5c6f0e68ae85531e7f1963c06dec0545562352a18c99445f8aea41a11821682e094b348efead73622e8a5695ce9a24e43fc800f3df5f7c1924440b68c90959930c02741b4be67931da07ebf861c933e98b26c1e9032d1a828f62601375538abe78368de4bc7159486ef7d619cde0f3d56fa78790a117cccde08e9984aff31edaeeaff1db095ddb34ea39e75912e4c2b4bcf60ca2792f6fb268a6ff4e715bee141885dfd0babb9de6aa866a5acee6bf032a0116fcaf40d527f9fe78be194c168255a0cf99ef8b1dc92b64115a1065f35338de1afaaf812a2d25ecb5a4bc2108a333c0ddb6e530d02c66608f4b1e35123e77d5a25fb06402c4bd48a65f3f9d68a8387967af8879f8846d6537fcc557dcb81a50a0bdd743f5410178f74c0cf5b060738d10d8b3ba107ec7c034118be139a421a0d3b8c24ef61e64a492eb5aac06ddceccc3d0d48f676b76e83c1102553737c7c7ad224c8960697dd9009e56275acdd3e8be208deb6040f1ab85bfe447e4e45ebe0cbc22c134c8c89561e22679d5c70d7663fb88dbf9c2e0a60f7021056afca0b41c259d87ca61360ee1573eb763f556cd0aab5ccdeab95c291a494261ddf1ee4fa453850be7fb7de54b0f8241ca850f43530c1f2d635f7c0b72d7a73f96c9f12f41e95e72937ca0f89fa06f5d76fe745049276cfe5993d03704a4a335199cf9b38a8e7d820fe246ed5d1e626c377c615e59d98381160b66612e55cc7c10d8cfae3118e5bcb0df9017f1cccd8e292e6f344fc91b19b0dac2c8a48b7011b0187676a20c2be8f47df41f08125bbf056502368f40b8276cf100d5327db640f103f49d5afe6094a8845ad94f596b89f093a6d62f5ca8a0a8df82e19a6d8b5c6cb0f126894abad14beb2b324d9ee04d75ee2f934c0b69962462531e2b307d4b5d148f0e6a425a04f41d07ec0ed97a7a9976fe14cf670b17b8a4682106432172a0ee1c18b70dd87750791bbd3d909ccc2055287b3461c4de5356f353fe19f07517392d96d3f423ebfa43ee168f22cac51a8479e20b4b463aa77eb58852b184321133f581f3c257dcb1c13acf85750092493221d984444a1a68b969b0482c04216f617e775a081958a90f0adf1f47a2e2ff66789e4720a40386db44a2720231c0e1610d892efe4a4646d5c7776c60ad78b4e4d9532c883cfc145bdd836a26486efe7d3ba5963fa5bbec293aa735711a1ee82a7c5b4de277591915ea91d515b147420be4479306a09de1a9587a2da7623bbce03e01fe3d05ca4f13ac6044d97f1af1968e034b0e5a5fb58906e50a86dc83282be053de3ed2c1706b0644fd102fb2b1603dac371cf16c80367e68c05d6a7b4074d6db3944f939b74125a17c21d781b17e1335385723f8a71bec54362593c53d24b090925bcf1caedbeafd86b02834c1bb399508a9d3109bdd8d97df9168e7276800ff2c4f9041950dea5418c7d6dd833781c62c09503216e69fb5c0ca6dcea77fa4d18379357db7251a7db6c68739acf096ba87a693377f27d4e342e15fa7bf56b256b19bfda3da170dcb1c0f96c614ae9763e2a90a4bdf5a493aa1cd927fea60db947e19c1bbc6538b68fd01ee2bf6b7d8ae74339f2739a92ddc5da2a3da76b23f3310ae205178a472fd059db813543256e00e2925fa474432b472a098857ff3cd1d440336c651b65f3962c0c6ce861dc93b513fd37b46ca44569e689a204658366d09dfbd994c021718d54bb9d62c319a6026f3164424e374723f5d6e4c6fe1116041a1ed485afa3a1785b370f0dacc321ad3ec60c43ab5c7f8d7012bc2abc0d008fd14c08bb503ff93da010408d64480b70d05c6e0bab0ca27e5b594f633acb3b527f0e8a388093a9dceb03f8408d51678c5a66530c1a53baaa0818ca2be25d3a105cee03ab635af2695c71370dab4d7a5180877ae6514e792411ca1e0f836871ba82cc47305490b9266a6ef02e069d7369c98716acad132abb0a0e4ed926f5620ce183626037e4b9fde8f62853c833b6e325bf56727401cde5eb3166df72d8682694a263a5525c79cdaba0e9703ba99635de9be23f08b5e94ab7ddeaef90378161dc998ec91305c196b4fb0dc2b2a9fca74aa7d9e43a47d44bf388775b66b33989d2bbe6658d043b84bbf775fe3fde55d6e9b01a3d161e0449e6236991cbb201159a6add12f40fac40807b4dd22e96c0725ef8040c2346cc0f1447d447cac20b9fc063e7e22df514749bc36467547e1eb0c4be98fbf755e70c361757da9b965a8d495c3130baba3c25ac9b64e5df7bbdb4ad8df7c1743cd8fb7feaf3bd8dbb404f5a9490cbc5069005a17fa251779fcb425f85eda59a4fecb5cd4759681853a5bafd2162990e54fe87238da91de2829ddc76150b64dd7618e803d3622dbeed9ed0930ffcf7f340b39eef4792a1b8e90682c739605949f60696a6d39f9f7df4e187c1ea485767bf45c959aa8d566d2b1ec4abdf1d296be0dbabb0f2a268e6b5eb07994fbf643b5a183e2784bdba80d4c41c1c32606aa8a85b658e444f653b01b2961a562535a319b42056430bdb6e6f672502d21f39c7497982ca328fa35595776e7e288cc43d94c420bab1ba975170c46ad124b6361965191a4b809a62887a7228dfa94448afa8ce32433525049dcd43994355afdc9d2a37bc4868b610e2e00b9ef0b64957f17d7a790bc07857f5893c209bc8a04bd86784eb5ee0e2dd2cb2f24a40d9ce7e49342cd7c9c597e6b97fe00021502d7cecc8fef69fedb98b7b1ca2faca89b06ecfcfef75693ad11d6b394f2f581de64e366c64d5590d47161a3aa3994f1e69c4ea031c61059701a62cf15ebb0ee896f57a827a5fc7a883a44bcf3800580e3f450e25deb491e9566a9cad9910b6efc22365f94", 0x1000}, {&(0x7f00000042c0)="f8e542082e90b58ce8fd7b2b72275f71677b48b1ec13781320c852deb8c546c0e4132ac02ffd143ce819b324f98d03e8dd7f5325d523", 0x36}, {&(0x7f0000004300)="6481cc71c11e0c7a9221d115a8afaa726b78a434a54f9d501b17eca30de515be", 0x20}], 0x6, 0x0, 0x0, 0x4000010}, {&(0x7f00000043c0)=@abs={0x1, 0x0, 0x4e22}, 0x6e, &(0x7f0000004500)=[{&(0x7f0000004440)="4b7b3526a8704c26c9ecd7c9ec0d008431a0128fc9473aade30fcdc10bec358474b3b63b708e9d5c5c4304052ef2190237d13fd295c5280e82728fe9b9204c3890728d15078b24b34ab98bb6f505ce86ed8bb78a9c3e8d9ab44d6621644fb6eceb5e58d032f3cc40414d6b8e9b85f0f1a09d2bc5bec6171a54a69199ddd70b66636e9abae2553630cbb270de298040715583b7e3c10b3d7b57429883f4b02301d19996bc2822ed921b8bdb91cdab", 0xae}], 0x1, &(0x7f00000045c0)=[@rights={0x18, 0x1, 0x1, [r38]}, @cred={0x20, 0x1, 0x2, r39, r40, r41}], 0x38, 0x40004}, {&(0x7f0000004600)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f00000048c0)=[{&(0x7f0000004680)="8194126b9cbe3746bb20e1f79741ad438f7618835501dd3d5b0135a3fed55bc44fab739907a2f11c08313d9000162ee37407b7759b3ee7bfa115ab9c4335a0727914925d0b1bd6433604d22756e9262839814263de0c0bd408efc3f1e126ee547044825a67902c7c206c20a4cb22601c72fc8a4edf804dc14626424b212c9c1c0f737d88b71b82fdddcfdbb0d3831ae82bf4045b899e9d2ddac19ee6e7e396fb97b870c2172d9d46", 0xa8}, {&(0x7f0000004740)="5b232dcaa9c671d7921724e975ad649f6f21e11e8fee14c92284a57cd32bae0fbf3c324d52eceb3dc5c3423decb57f2027fde7f57811d569a3fe36eff221c8b4220b92cf1dfd67a879add99814920b5c3e912416137bf86b0977f76f1676596b149d945619cc0ffdddc358b0374a678373c0b05c886d27a3a0d9b3531519", 0x7e}, {&(0x7f00000047c0)="b55a9c8bd844a1cffe986f2b6e11818afdae511e22a97695d8cc1e4ae9592b1ab9df4193d3f08e9100366af13195d2d46a789295156c8306f04dcecb3aeb150f7a01b478d271cdd3f2cdd69cb7d4ed6c92e991a2eb4c297280bceff110160981d3265aefeea70845f8f13c6e57f28b7b2b37f3d7", 0x74}, {&(0x7f0000004840)="da44f73c2dc97133f303cf205977cd4f1be4f10035a542a5d28831a6dcb8809ecc405d7fa2dc7311ecf13a246f483ff43ecab50de2fe4c051e7a4f008a9edbee72db2f66606e03aa7c", 0x49}], 0x4, &(0x7f0000005480)=[@cred={0x20, 0x1, 0x2, r42, r43, r44}, @rights={0x28, 0x1, 0x1, [r45, r46, r47, r48, r49]}, @cred={0x20, 0x1, 0x2, r50, r51, r52}, @rights={0x18, 0x1, 0x1, [r53, r54]}, @rights={0x28, 0x1, 0x1, [r55, r56, r57, r58, r59, r60]}, @rights={0x30, 0x1, 0x1, [r61, r62, r63, r64, r65, r66, r67]}, @rights={0x30, 0x1, 0x1, [r68, r69, r70, r71, r72, r73, r74, r75]}, @rights={0x30, 0x1, 0x1, [r76, r77, r78, r79, r80, r81, r82]}], 0x138, 0x20000000}], 0x4, 0x40) r83 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r83, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r83, 0x40046208, 0x0) r84 = openat$null(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/null\x00', 0x100, 0x0) mq_timedreceive(r84, &(0x7f0000000300)=""/137, 0x89, 0x0, &(0x7f00000003c0)={0x0, 0x989680}) clock_gettime(0x4, &(0x7f0000000280)) [ 765.123539] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 765.128313] ? do_mount+0x564/0x3070 [ 765.132040] ? ksys_mount+0x12d/0x140 [ 765.135862] ? __x64_sys_mount+0xbe/0x150 [ 765.139370] binder: undelivered TRANSACTION_ERROR: 29189 [ 765.140019] ? do_syscall_64+0x1b1/0x800 [ 765.140038] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 765.140063] ? find_held_lock+0x36/0x1c0 [ 765.140084] ? __lock_is_held+0xb5/0x140 [ 765.140114] ? check_same_owner+0x320/0x320 [ 765.140133] ? rcu_note_context_switch+0x710/0x710 [ 765.172332] __should_failslab+0x124/0x180 [ 765.176587] should_failslab+0x9/0x14 [ 765.180406] kmem_cache_alloc_trace+0x2cb/0x780 [ 765.185091] ? __kmalloc_node+0x33/0x70 [ 765.189090] ? __kmalloc_node+0x33/0x70 [ 765.193090] ? rcu_read_lock_sched_held+0x108/0x120 [ 765.198127] __memcg_init_list_lru_node+0x17d/0x2c0 [ 765.203166] ? kvfree_rcu+0x20/0x20 [ 765.206814] ? __kmalloc_node+0x47/0x70 [ 765.210981] __list_lru_init+0x456/0x790 [ 765.215072] ? list_lru_destroy+0x4c0/0x4c0 [ 765.219413] ? mark_held_locks+0xc9/0x160 [ 765.223580] ? __raw_spin_lock_init+0x1c/0x100 [ 765.228260] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 765.233300] ? lockdep_init_map+0x9/0x10 [ 765.237384] sget_userns+0x767/0xf00 [ 765.241117] ? get_anon_bdev+0x2f0/0x2f0 [ 765.245199] ? destroy_unused_super.part.11+0x110/0x110 [ 765.250578] ? __alloc_pages_nodemask+0xacf/0xd70 [ 765.255444] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 765.260485] ? kasan_check_read+0x11/0x20 [ 765.264660] ? cap_capable+0x1f9/0x260 [ 765.268583] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 765.271700] binder: 7538:7549 BC_ACQUIRE_DONE u0000000000000000 no match [ 765.274136] ? security_capable+0x99/0xc0 [ 765.274159] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 765.274175] ? ns_capable_common+0x13f/0x170 [ 765.274194] ? get_anon_bdev+0x2f0/0x2f0 [ 765.274208] sget+0x10b/0x150 [ 765.274227] ? fuse_get_root_inode+0x190/0x190 [ 765.274240] mount_nodev+0x33/0x110 [ 765.274257] fuse_mount+0x2c/0x40 [ 765.313927] mount_fs+0xae/0x328 [ 765.317316] vfs_kern_mount.part.34+0xd4/0x4d0 [ 765.321923] ? may_umount+0xb0/0xb0 [ 765.325569] ? _raw_read_unlock+0x22/0x30 [ 765.329735] ? __get_fs_type+0x97/0xc0 [ 765.333643] do_mount+0x564/0x3070 [ 765.337230] ? copy_mount_string+0x40/0x40 [ 765.341483] ? rcu_pm_notify+0xc0/0xc0 [ 765.345396] ? copy_mount_options+0x5f/0x380 [ 765.349814] ? rcu_read_lock_sched_held+0x108/0x120 [ 765.354841] ? kmem_cache_alloc_trace+0x616/0x780 [ 765.359689] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 765.365404] ? copy_mount_options+0x285/0x380 [ 765.369916] ksys_mount+0x12d/0x140 [ 765.373554] __x64_sys_mount+0xbe/0x150 [ 765.377539] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 765.382563] do_syscall_64+0x1b1/0x800 [ 765.386443] ? finish_task_switch+0x1ca/0x810 [ 765.390929] ? syscall_return_slowpath+0x5c0/0x5c0 [ 765.395862] ? syscall_return_slowpath+0x30f/0x5c0 [ 765.400795] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 765.406169] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 765.411012] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 765.416200] RIP: 0033:0x455979 [ 765.419392] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 765.427102] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 765.434357] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 765.442309] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 765.449575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 765.456839] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 765.488377] binder: 7542:7544 transaction failed 29189/-22, size 0-0 line 2856 [ 765.496472] binder: undelivered TRANSACTION_ERROR: 29189 [ 765.567611] binder: 7542:7551 transaction failed 29189/-22, size 0-0 line 2856 [ 765.607315] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:56:14 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1002000000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:14 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:14 executing program 5: syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x2e0, 0x0) io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000001380)={0x0, 0x989680}) 2018/05/04 10:56:14 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x5000000}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:14 executing program 2 (fault-call:3 fault-nth:31): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="11634840", @ANYRES64=0x0, @ANYBLOB="857b7c5c000000ff043f9372bf039dbeeba1b7ac28f74a8e1fc34d0602e5abe9317426f87473ee162e0624dae8b3815f48161924896a090882e2b2812c6462c0abfec45734e554a44c3b778172cceec30e4b6ea80fc28399f23355a415be69fe6a7bd7111f800fdce41165f868cda69f64ccb5fcde1a58ceff2c7de1df74c93d4a4e32195ea4a8905fa2aa91c0601a1d317747ec9a3c1eff33ef8a7accf3b9ead47ba8d2880f589ccf6bf5eb507dd628f3ddbac6fbc9a92b966abb03edc4aefeb8c9bf025ef06665bd2da73799e31db4b566f02d9781a2f38621a84df48a652a9fec76a28efe95d3d2b60690397bd6acdbf925743cff3db0f7769c94ff460ba27eddf30dc3c7658bbd7a226139046b04db10"], 0x0, 0x0, &(0x7f0000011f9d)}) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ppp\x00', 0x2400, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000080)={0xffffffffffffffff}) getsockopt$inet_mreq(r2, 0x0, 0x27, &(0x7f00000000c0)={@broadcast}, &(0x7f0000000100)=0x8) r3 = creat(&(0x7f0000000140)='./file0\x00', 0xb8) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000000)={0x4, 0x20, 0x1, r3}) ioctl$SIOCGIFHWADDR(r3, 0x8927, &(0x7f0000000200)) ioctl$ION_IOC_ALLOC(r3, 0xc0184900, &(0x7f00000001c0)={0xed, 0x10, 0x1, r4}) signalfd(r2, &(0x7f0000000180), 0x8) ioctl$int_out(r3, 0x2, &(0x7f0000000240)) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:14 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x80ffff00000000]}]}) 2018/05/04 10:56:14 executing program 4: mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:14 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:14 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000001380)={0x0, 0x989680}) [ 766.075073] binder: 7569:7570 transaction failed 29189/-22, size -1608940644996365537-1652385059508220977 line 2856 [ 766.085944] nla_parse: 6 callbacks suppressed [ 766.085954] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 766.093011] binder: 7563:7571 transaction failed 29189/-22, size 0-0 line 2856 [ 766.135836] FAULT_INJECTION: forcing a failure. [ 766.135836] name failslab, interval 1, probability 0, space 0, times 0 [ 766.136933] binder: undelivered TRANSACTION_ERROR: 29189 [ 766.147275] CPU: 1 PID: 7574 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 766.159912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 766.169305] Call Trace: [ 766.171912] dump_stack+0x1b9/0x294 [ 766.175556] ? dump_stack_print_info.cold.2+0x52/0x52 [ 766.178874] binder: 7569:7570 transaction failed 29189/-22, size -1608940644996365537-1652385059508220977 line 2856 [ 766.180758] ? __save_stack_trace+0x7e/0xd0 [ 766.180785] should_fail.cold.4+0xa/0x1a [ 766.180803] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 766.180826] ? save_stack+0x43/0xd0 [ 766.208747] ? kasan_kmalloc+0xc4/0xe0 [ 766.212651] ? kmem_cache_alloc_trace+0x152/0x780 [ 766.217506] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 766.222710] ? __list_lru_init+0x456/0x790 [ 766.226818] binder: undelivered TRANSACTION_ERROR: 29189 [ 766.226955] ? sget_userns+0x767/0xf00 [ 766.236277] ? graph_lock+0x170/0x170 [ 766.240091] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 766.244857] ? do_mount+0x564/0x3070 [ 766.245273] binder: undelivered TRANSACTION_ERROR: 29189 [ 766.248576] ? ksys_mount+0x12d/0x140 [ 766.248591] ? __x64_sys_mount+0xbe/0x150 [ 766.248607] ? do_syscall_64+0x1b1/0x800 [ 766.248623] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 766.248642] ? find_held_lock+0x36/0x1c0 [ 766.248664] ? __lock_is_held+0xb5/0x140 [ 766.279304] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 766.280409] ? check_same_owner+0x320/0x320 [ 766.280431] ? rcu_note_context_switch+0x710/0x710 [ 766.280471] __should_failslab+0x124/0x180 [ 766.280491] should_failslab+0x9/0x14 [ 766.305220] binder: 7583:7584 transaction failed 29189/-22, size 0-0 line 2856 [ 766.306317] kmem_cache_alloc_trace+0x2cb/0x780 [ 766.306333] ? __kmalloc_node+0x33/0x70 [ 766.306347] ? __kmalloc_node+0x33/0x70 [ 766.306364] ? rcu_read_lock_sched_held+0x108/0x120 [ 766.306384] __memcg_init_list_lru_node+0x17d/0x2c0 [ 766.306400] ? kvfree_rcu+0x20/0x20 [ 766.306417] ? __kmalloc_node+0x47/0x70 [ 766.314849] binder: undelivered TRANSACTION_ERROR: 29189 [ 766.318452] __list_lru_init+0x456/0x790 [ 766.318472] ? list_lru_destroy+0x4c0/0x4c0 [ 766.318488] ? mark_held_locks+0xc9/0x160 [ 766.318505] ? __raw_spin_lock_init+0x1c/0x100 [ 766.318522] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 766.318539] ? lockdep_init_map+0x9/0x10 [ 766.318557] sget_userns+0x767/0xf00 [ 766.318569] ? get_anon_bdev+0x2f0/0x2f0 [ 766.318589] ? destroy_unused_super.part.11+0x110/0x110 [ 766.338212] binder: 7583:7584 transaction failed 29189/-22, size 0-0 line 2856 [ 766.340161] ? __alloc_pages_nodemask+0xacf/0xd70 [ 766.340182] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 766.340202] ? kasan_check_read+0x11/0x20 [ 766.340220] ? cap_capable+0x1f9/0x260 [ 766.340243] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 766.340257] ? security_capable+0x99/0xc0 [ 766.340275] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 2018/05/04 10:56:14 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x6000000}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:14 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:14 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="11634840", @ANYRES64=0x0, @ANYBLOB="56a02549fcbcecf24efa2f8cba7df76f7b448bb94c761d71b315fabc2b3365db11e8f7c581d9a333a896d00277f8a79541bc579a66536be7363db2120a09369b81f8cf845a452d8afa9fa7103e09fc85f6f32cd1edc423e326968e52bc2ffc46d21a187b8918367c11c176d9b787774020d148bf029c8f53cc2ff1ea90f10a918492e66815ad0a3290ff4884f6a2ae32f141b8a10d2db654de024671813e3239dde0963855ce1d0c2c70aa838b07945c0402a0501736eba21e939e81b32bb81f8aec819e0373248ad8aa8bd8a51ffce5234cf5c8bb51636414be666c3cd66edd8030a241969a35a60ee8e9035d54fd5b25cc3c4c64faac0000000000"], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000080)={{{@in=@dev}}, {{@in=@remote}, 0x0, @in=@loopback}}, &(0x7f0000000180)=0xe8) [ 766.370072] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 766.371744] ? ns_capable_common+0x13f/0x170 [ 766.371765] ? get_anon_bdev+0x2f0/0x2f0 [ 766.371780] sget+0x10b/0x150 [ 766.371799] ? fuse_get_root_inode+0x190/0x190 [ 766.371815] mount_nodev+0x33/0x110 [ 766.371830] fuse_mount+0x2c/0x40 [ 766.371850] mount_fs+0xae/0x328 [ 766.385779] binder: undelivered TRANSACTION_ERROR: 29189 [ 766.389108] vfs_kern_mount.part.34+0xd4/0x4d0 [ 766.389125] ? may_umount+0xb0/0xb0 [ 766.389144] ? _raw_read_unlock+0x22/0x30 [ 766.389157] ? __get_fs_type+0x97/0xc0 [ 766.389177] do_mount+0x564/0x3070 [ 766.389198] ? copy_mount_string+0x40/0x40 [ 766.389214] ? rcu_pm_notify+0xc0/0xc0 [ 766.389233] ? copy_mount_options+0x5f/0x380 [ 766.389250] ? rcu_read_lock_sched_held+0x108/0x120 [ 766.430822] binder: 7588:7589 transaction failed 29189/-22, size -2637645743808440909-3721056868533528593 line 2856 [ 766.438254] ? kmem_cache_alloc_trace+0x616/0x780 [ 766.438274] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 766.438290] ? _copy_from_user+0xdf/0x150 [ 766.438309] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 766.438324] ? copy_mount_options+0x285/0x380 [ 766.438342] ksys_mount+0x12d/0x140 [ 766.438358] __x64_sys_mount+0xbe/0x150 [ 766.438373] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 766.438397] do_syscall_64+0x1b1/0x800 [ 766.448233] binder: undelivered TRANSACTION_ERROR: 29189 [ 766.449954] ? finish_task_switch+0x1ca/0x810 [ 766.449974] ? syscall_return_slowpath+0x5c0/0x5c0 [ 766.449991] ? syscall_return_slowpath+0x30f/0x5c0 [ 766.450013] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 766.450032] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 766.450050] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 766.450064] RIP: 0033:0x455979 [ 766.456447] binder: 7588:7589 transaction failed 29189/-22, size -2637645743808440909-3721056868533528593 line 2856 [ 766.458241] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 766.458258] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 766.458267] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 766.458276] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 766.458284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 766.458293] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 766.472337] binder: 7581:7593 transaction failed 29189/-22, size 0-0 line 2856 [ 766.555879] binder: undelivered TRANSACTION_ERROR: 29189 [ 766.668457] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:56:15 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:15 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ff7f00000000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:15 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x5}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:15 executing program 2 (fault-call:3 fault-nth:32): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:15 executing program 5: io_setup(0x0, &(0x7f0000fa5000)=0x0) io_getevents(r0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000001380)={0x0, 0x989680}) 2018/05/04 10:56:15 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="11634840", @ANYRES64=0x0, @ANYBLOB="00000000000000001b25ee629ca7014bda881727a41da068ff5ebc388dd6a17fc807eb51f450f8fc013c25a15337286e26b906b4e79a5b28a084ec3107911f7462d2d80141e35a8518cc8823b531a795c04e12278e18e12d6bc408054e6814ae0386fe66387f6399aced7db5b98f3d"], 0x0, 0x0, &(0x7f0000011f9d)}) r1 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x8, 0x200040) ioctl$KVM_SET_ONE_REG(r1, 0x4010aeac, &(0x7f0000000100)={0x100000000, 0xfffffffffffff801}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:15 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x18000000]}]}) 2018/05/04 10:56:15 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) [ 767.189088] binder: 7600:7602 transaction failed 29189/-22, size 9196867816097865471--218335571650869304 line 2856 [ 767.205213] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. 2018/05/04 10:56:15 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(0x0, 0x2, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000001380)={0x0, 0x989680}) 2018/05/04 10:56:15 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800e0000], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:15 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 767.239901] binder: 7609:7614 transaction failed 29189/-22, size 0-0 line 2856 [ 767.259136] binder: undelivered TRANSACTION_ERROR: 29189 [ 767.276694] binder: 7600:7602 transaction failed 29189/-22, size 9196867816097865471--218335571650869304 line 2856 2018/05/04 10:56:15 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x6000000000000000}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:15 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f0f0020], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:15 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r0, 0x0, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000001380)={0x0, 0x989680}) [ 767.314320] binder: undelivered TRANSACTION_ERROR: 29189 [ 767.351453] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 767.390564] binder: 7627:7633 transaction failed 29189/-22, size 0-0 line 2856 [ 767.398459] binder: undelivered TRANSACTION_ERROR: 29189 [ 767.406265] FAULT_INJECTION: forcing a failure. [ 767.406265] name failslab, interval 1, probability 0, space 0, times 0 [ 767.417631] CPU: 0 PID: 7628 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 767.424829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 767.434210] Call Trace: [ 767.436824] dump_stack+0x1b9/0x294 [ 767.441329] ? dump_stack_print_info.cold.2+0x52/0x52 [ 767.447586] ? __save_stack_trace+0x7e/0xd0 [ 767.451937] should_fail.cold.4+0xa/0x1a [ 767.456029] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 767.461159] ? save_stack+0x43/0xd0 [ 767.464803] ? kasan_kmalloc+0xc4/0xe0 [ 767.468711] ? kmem_cache_alloc_trace+0x152/0x780 [ 767.473582] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 767.478797] ? __list_lru_init+0x456/0x790 [ 767.483056] ? sget_userns+0x767/0xf00 [ 767.486966] ? graph_lock+0x170/0x170 [ 767.490786] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 767.495561] ? do_mount+0x564/0x3070 [ 767.499289] ? ksys_mount+0x12d/0x140 [ 767.503109] ? __x64_sys_mount+0xbe/0x150 [ 767.506666] binder: undelivered TRANSACTION_ERROR: 29189 [ 767.507298] ? do_syscall_64+0x1b1/0x800 [ 767.507316] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 767.507337] ? find_held_lock+0x36/0x1c0 [ 767.507360] ? __lock_is_held+0xb5/0x140 [ 767.530355] ? check_same_owner+0x320/0x320 [ 767.534703] ? rcu_note_context_switch+0x710/0x710 [ 767.539661] __should_failslab+0x124/0x180 [ 767.539841] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 767.543914] should_failslab+0x9/0x14 [ 767.543933] kmem_cache_alloc_trace+0x2cb/0x780 [ 767.543945] ? __kmalloc_node+0x33/0x70 [ 767.543958] ? __kmalloc_node+0x33/0x70 [ 767.543975] ? rcu_read_lock_sched_held+0x108/0x120 [ 767.543995] __memcg_init_list_lru_node+0x17d/0x2c0 [ 767.544011] ? kvfree_rcu+0x20/0x20 [ 767.544026] ? __kmalloc_node+0x47/0x70 [ 767.544045] __list_lru_init+0x456/0x790 [ 767.544065] ? list_lru_destroy+0x4c0/0x4c0 [ 767.581799] binder: 7642:7643 transaction failed 29189/-22, size 0-0 line 2856 [ 767.582695] ? mark_held_locks+0xc9/0x160 [ 767.582715] ? __raw_spin_lock_init+0x1c/0x100 [ 767.582732] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 767.582752] ? lockdep_init_map+0x9/0x10 [ 767.582772] sget_userns+0x767/0xf00 [ 767.582784] ? get_anon_bdev+0x2f0/0x2f0 [ 767.582803] ? destroy_unused_super.part.11+0x110/0x110 [ 767.624926] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:56:15 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r0, 0x0, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000001380)={0x0, 0x989680}) 2018/05/04 10:56:15 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x100, 0x0) ioctl$DRM_IOCTL_AGP_ACQUIRE(r1, 0x6430) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:15 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x4}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:15 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:15 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x4000000}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 767.628061] ? __alloc_pages_nodemask+0xacf/0xd70 [ 767.628082] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 767.628103] ? kasan_check_read+0x11/0x20 [ 767.628122] ? cap_capable+0x1f9/0x260 [ 767.628146] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 767.628161] ? security_capable+0x99/0xc0 [ 767.628178] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 767.628196] ? ns_capable_common+0x13f/0x170 [ 767.676461] ? get_anon_bdev+0x2f0/0x2f0 [ 767.680540] sget+0x10b/0x150 [ 767.683665] ? fuse_get_root_inode+0x190/0x190 [ 767.688259] mount_nodev+0x33/0x110 [ 767.691897] fuse_mount+0x2c/0x40 [ 767.692778] binder: 7635:7645 transaction failed 29189/-22, size 0-0 line 2856 [ 767.695360] mount_fs+0xae/0x328 [ 767.695382] vfs_kern_mount.part.34+0xd4/0x4d0 [ 767.695399] ? may_umount+0xb0/0xb0 [ 767.695413] ? _raw_read_unlock+0x22/0x30 [ 767.695429] ? __get_fs_type+0x97/0xc0 [ 767.709104] binder: undelivered TRANSACTION_ERROR: 29189 [ 767.710742] do_mount+0x564/0x3070 [ 767.710765] ? copy_mount_string+0x40/0x40 [ 767.710781] ? rcu_pm_notify+0xc0/0xc0 [ 767.710803] ? copy_mount_options+0x5f/0x380 [ 767.710822] ? rcu_read_lock_sched_held+0x108/0x120 [ 767.715988] binder: 7635:7645 transaction failed 29189/-22, size 0-0 line 2856 [ 767.718583] ? kmem_cache_alloc_trace+0x616/0x780 [ 767.718612] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 767.718628] ? copy_mount_options+0x285/0x380 [ 767.718647] ksys_mount+0x12d/0x140 [ 767.718661] __x64_sys_mount+0xbe/0x150 [ 767.718681] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 767.783977] do_syscall_64+0x1b1/0x800 [ 767.787876] ? finish_task_switch+0x1ca/0x810 [ 767.792380] ? syscall_return_slowpath+0x5c0/0x5c0 [ 767.797301] ? syscall_return_slowpath+0x30f/0x5c0 [ 767.802223] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 767.807597] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 767.812446] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 767.817637] RIP: 0033:0x455979 [ 767.820828] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 767.828525] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 2018/05/04 10:56:15 executing program 2 (fault-call:3 fault-nth:33): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:15 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:15 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x4c00}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 767.835793] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 767.843072] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 767.850366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 767.857633] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 767.879276] binder: undelivered TRANSACTION_ERROR: 29189 [ 767.914335] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 767.923223] binder: 7651:7653 transaction failed 29189/-22, size 0-0 line 2856 [ 767.933544] FAULT_INJECTION: forcing a failure. [ 767.933544] name failslab, interval 1, probability 0, space 0, times 0 [ 767.944897] CPU: 0 PID: 7654 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 767.952095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 767.961457] Call Trace: [ 767.963561] binder: undelivered TRANSACTION_ERROR: 29189 [ 767.964061] dump_stack+0x1b9/0x294 [ 767.964078] ? dump_stack_print_info.cold.2+0x52/0x52 [ 767.964100] ? __save_stack_trace+0x7e/0xd0 [ 767.982683] should_fail.cold.4+0xa/0x1a [ 767.987381] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 767.992533] ? save_stack+0x43/0xd0 [ 767.996177] ? kasan_kmalloc+0xc4/0xe0 [ 768.000084] ? kmem_cache_alloc_trace+0x152/0x780 [ 768.004939] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 768.010169] ? __list_lru_init+0x456/0x790 [ 768.014413] ? sget_userns+0x767/0xf00 [ 768.018288] ? graph_lock+0x170/0x170 [ 768.022078] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 768.026819] ? do_mount+0x564/0x3070 [ 768.030515] ? ksys_mount+0x12d/0x140 [ 768.034298] ? __x64_sys_mount+0xbe/0x150 [ 768.038437] ? do_syscall_64+0x1b1/0x800 [ 768.042482] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 768.047831] ? find_held_lock+0x36/0x1c0 [ 768.051882] ? __lock_is_held+0xb5/0x140 [ 768.055950] ? check_same_owner+0x320/0x320 [ 768.060258] ? rcu_note_context_switch+0x710/0x710 [ 768.065180] __should_failslab+0x124/0x180 [ 768.069398] should_failslab+0x9/0x14 [ 768.073181] kmem_cache_alloc_trace+0x2cb/0x780 [ 768.077841] ? __kmalloc_node+0x33/0x70 [ 768.081800] ? __kmalloc_node+0x33/0x70 [ 768.085760] __memcg_init_list_lru_node+0x17d/0x2c0 [ 768.090759] ? kvfree_rcu+0x20/0x20 [ 768.094370] ? __kmalloc_node+0x47/0x70 [ 768.098327] __list_lru_init+0x456/0x790 [ 768.102378] ? list_lru_destroy+0x4c0/0x4c0 [ 768.106683] ? mark_held_locks+0xc9/0x160 [ 768.110818] ? __raw_spin_lock_init+0x1c/0x100 [ 768.115380] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 768.120387] ? lockdep_init_map+0x9/0x10 [ 768.124432] sget_userns+0x767/0xf00 [ 768.128126] ? get_anon_bdev+0x2f0/0x2f0 [ 768.132172] ? destroy_unused_super.part.11+0x110/0x110 [ 768.137518] ? __alloc_pages_nodemask+0xacf/0xd70 [ 768.142350] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 768.147358] ? kasan_check_read+0x11/0x20 [ 768.151488] ? cap_capable+0x1f9/0x260 [ 768.155371] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 768.160917] ? security_capable+0x99/0xc0 [ 768.165086] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 768.170641] ? ns_capable_common+0x13f/0x170 [ 768.175061] ? get_anon_bdev+0x2f0/0x2f0 [ 768.179119] sget+0x10b/0x150 [ 768.182218] ? fuse_get_root_inode+0x190/0x190 [ 768.186794] mount_nodev+0x33/0x110 [ 768.190415] fuse_mount+0x2c/0x40 [ 768.193857] mount_fs+0xae/0x328 [ 768.197227] vfs_kern_mount.part.34+0xd4/0x4d0 [ 768.201810] ? may_umount+0xb0/0xb0 [ 768.205429] ? _raw_read_unlock+0x22/0x30 [ 768.209565] ? __get_fs_type+0x97/0xc0 [ 768.213442] do_mount+0x564/0x3070 [ 768.216970] ? copy_mount_string+0x40/0x40 [ 768.221194] ? rcu_pm_notify+0xc0/0xc0 [ 768.225082] ? copy_mount_options+0x5f/0x380 [ 768.229476] ? rcu_read_lock_sched_held+0x108/0x120 [ 768.234482] ? kmem_cache_alloc_trace+0x616/0x780 [ 768.239316] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 768.244843] ? _copy_from_user+0xdf/0x150 [ 768.248992] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 768.254521] ? copy_mount_options+0x285/0x380 [ 768.259006] ksys_mount+0x12d/0x140 [ 768.262629] __x64_sys_mount+0xbe/0x150 [ 768.266592] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 768.271607] do_syscall_64+0x1b1/0x800 [ 768.275500] ? finish_task_switch+0x1ca/0x810 [ 768.280000] ? syscall_return_slowpath+0x5c0/0x5c0 [ 768.284923] ? syscall_return_slowpath+0x30f/0x5c0 [ 768.289854] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 768.295208] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 768.300041] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 768.305217] RIP: 0033:0x455979 [ 768.308407] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 768.316102] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 768.323357] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 768.330614] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 768.337877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 768.345136] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:16 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r0, 0x0, 0x2, &(0x7f0000af2fc0)=[{}, {}], &(0x7f0000001380)={0x0, 0x989680}) 2018/05/04 10:56:16 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x0, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:16 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x600}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:16 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:16 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0xf00]}]}) 2018/05/04 10:56:16 executing program 2 (fault-call:3 fault-nth:34): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:16 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x2}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) getxattr(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=@known='trusted.syz\x00', &(0x7f0000000100)=""/247, 0xf7) [ 768.532154] binder: 7662:7665 transaction failed 29189/-22, size 0-0 line 2856 [ 768.543423] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 768.577891] FAULT_INJECTION: forcing a failure. [ 768.577891] name failslab, interval 1, probability 0, space 0, times 0 [ 768.589219] CPU: 0 PID: 7674 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 768.596415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 768.605779] Call Trace: [ 768.608374] dump_stack+0x1b9/0x294 [ 768.612002] ? dump_stack_print_info.cold.2+0x52/0x52 [ 768.617194] ? __save_stack_trace+0x7e/0xd0 [ 768.621511] should_fail.cold.4+0xa/0x1a [ 768.625563] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 768.630656] ? save_stack+0x43/0xd0 [ 768.634268] ? kasan_kmalloc+0xc4/0xe0 [ 768.638144] ? kmem_cache_alloc_trace+0x152/0x780 [ 768.642980] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 768.648170] ? __list_lru_init+0x456/0x790 [ 768.652397] ? sget_userns+0x767/0xf00 [ 768.656277] ? graph_lock+0x170/0x170 [ 768.660064] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 768.664804] ? do_mount+0x564/0x3070 [ 768.668502] ? ksys_mount+0x12d/0x140 [ 768.672290] ? __x64_sys_mount+0xbe/0x150 [ 768.676429] ? do_syscall_64+0x1b1/0x800 [ 768.680480] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 768.685846] ? find_held_lock+0x36/0x1c0 [ 768.689899] ? __lock_is_held+0xb5/0x140 [ 768.693959] ? check_same_owner+0x320/0x320 [ 768.698275] ? rcu_note_context_switch+0x710/0x710 [ 768.703202] __should_failslab+0x124/0x180 [ 768.707426] should_failslab+0x9/0x14 [ 768.711217] kmem_cache_alloc_trace+0x2cb/0x780 [ 768.715882] ? __kmalloc_node+0x33/0x70 [ 768.719938] ? __kmalloc_node+0x33/0x70 [ 768.723899] ? rcu_read_lock_sched_held+0x108/0x120 [ 768.728907] __memcg_init_list_lru_node+0x17d/0x2c0 [ 768.733915] ? kvfree_rcu+0x20/0x20 [ 768.737541] ? __kmalloc_node+0x47/0x70 [ 768.741506] __list_lru_init+0x456/0x790 [ 768.745560] ? list_lru_destroy+0x4c0/0x4c0 [ 768.749873] ? mark_held_locks+0xc9/0x160 [ 768.754014] ? __raw_spin_lock_init+0x1c/0x100 [ 768.758590] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 768.763604] ? lockdep_init_map+0x9/0x10 [ 768.767656] sget_userns+0x767/0xf00 [ 768.771357] ? get_anon_bdev+0x2f0/0x2f0 [ 768.775409] ? destroy_unused_super.part.11+0x110/0x110 [ 768.780762] ? __alloc_pages_nodemask+0xacf/0xd70 [ 768.785595] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 768.790603] ? kasan_check_read+0x11/0x20 [ 768.794743] ? cap_capable+0x1f9/0x260 [ 768.798625] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 768.804150] ? security_capable+0x99/0xc0 [ 768.808285] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 768.813807] ? ns_capable_common+0x13f/0x170 [ 768.818203] ? get_anon_bdev+0x2f0/0x2f0 [ 768.822251] sget+0x10b/0x150 [ 768.825347] ? fuse_get_root_inode+0x190/0x190 [ 768.829925] mount_nodev+0x33/0x110 [ 768.833538] fuse_mount+0x2c/0x40 [ 768.836980] mount_fs+0xae/0x328 [ 768.840335] vfs_kern_mount.part.34+0xd4/0x4d0 [ 768.844903] ? may_umount+0xb0/0xb0 [ 768.848527] ? _raw_read_unlock+0x22/0x30 [ 768.852660] ? __get_fs_type+0x97/0xc0 [ 768.856536] do_mount+0x564/0x3070 [ 768.860067] ? copy_mount_string+0x40/0x40 [ 768.864291] ? rcu_pm_notify+0xc0/0xc0 [ 768.868169] ? copy_mount_options+0x5f/0x380 [ 768.872567] ? rcu_read_lock_sched_held+0x108/0x120 [ 768.877572] ? kmem_cache_alloc_trace+0x616/0x780 [ 768.882405] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 768.887935] ? _copy_from_user+0xdf/0x150 [ 768.892076] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 768.897600] ? copy_mount_options+0x285/0x380 [ 768.902099] ksys_mount+0x12d/0x140 [ 768.905713] __x64_sys_mount+0xbe/0x150 [ 768.909677] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 768.914686] do_syscall_64+0x1b1/0x800 [ 768.918560] ? finish_task_switch+0x1ca/0x810 [ 768.923046] ? syscall_return_slowpath+0x5c0/0x5c0 [ 768.927964] ? syscall_return_slowpath+0x30f/0x5c0 [ 768.932883] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 768.938248] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 768.943081] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 768.948255] RIP: 0033:0x455979 [ 768.951430] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 768.959127] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 768.966380] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 2018/05/04 10:56:17 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x3}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:17 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r0, 0x2, 0x1, &(0x7f0000af2fc0)=[{}], &(0x7f0000001380)={0x0, 0x989680}) 2018/05/04 10:56:17 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 768.973645] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 768.980897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 768.988151] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 769.003639] binder: undelivered TRANSACTION_ERROR: 29189 [ 769.003771] binder: 7670:7676 transaction failed 29189/-22, size 0-0 line 2856 [ 769.012509] binder: 7662:7665 transaction failed 29189/-22, size 0-0 line 2856 [ 769.050346] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 769.077886] binder: undelivered TRANSACTION_ERROR: 29189 [ 769.120142] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:56:17 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0xfc00}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:17 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$sndmidi(&(0x7f0000000240)='/dev/snd/midiC#D#\x00', 0x8, 0x105000) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000280)={0xffffffffffffff9c}) r2 = accept4$bt_l2cap(r1, &(0x7f00000002c0), &(0x7f00000001c0)=0xfffffff1, 0x0) setsockopt$bt_BT_SECURITY(r2, 0x112, 0x4, &(0x7f0000000100)={0xffffffffffffff24, 0x8001}, 0x2) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:17 executing program 2 (fault-call:3 fault-nth:35): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:17 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:17 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x0, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:17 executing program 5: io_setup(0x401, &(0x7f0000fa5000)=0x0) io_getevents(r0, 0x2, 0x1, &(0x7f0000af2fc0)=[{}], &(0x7f0000001380)={0x0, 0x989680}) 2018/05/04 10:56:17 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0xf00000000000000]}]}) 2018/05/04 10:56:17 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x6c}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 769.649741] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 769.666624] binder: 7701:7702 transaction failed 29189/-22, size 0-0 line 2856 [ 769.697354] binder: 7692:7707 transaction failed 29189/-22, size 0-0 line 2856 [ 769.710106] FAULT_INJECTION: forcing a failure. [ 769.710106] name failslab, interval 1, probability 0, space 0, times 0 [ 769.721908] CPU: 1 PID: 7704 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 769.729104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 769.735906] binder: undelivered TRANSACTION_ERROR: 29189 [ 769.738457] Call Trace: [ 769.738496] dump_stack+0x1b9/0x294 [ 769.738514] ? dump_stack_print_info.cold.2+0x52/0x52 [ 769.738538] ? debug_check_no_locks_freed+0x310/0x310 [ 769.760547] should_fail.cold.4+0xa/0x1a [ 769.764609] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 769.769709] ? graph_lock+0x170/0x170 [ 769.773503] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 769.779029] ? graph_lock+0x170/0x170 [ 769.782827] ? graph_lock+0x170/0x170 [ 769.786628] ? ida_get_new_above+0x490/0xa10 [ 769.791030] ? save_stack+0x43/0xd0 [ 769.794649] ? find_held_lock+0x36/0x1c0 [ 769.798700] ? __lock_is_held+0xb5/0x140 [ 769.802761] ? check_same_owner+0x320/0x320 [ 769.807172] ? rcu_note_context_switch+0x710/0x710 [ 769.812094] __should_failslab+0x124/0x180 [ 769.816340] should_failslab+0x9/0x14 [ 769.820130] __kmalloc+0x2c8/0x760 [ 769.823662] ? up_read+0x110/0x110 [ 769.827192] ? down_read+0x1b0/0x1b0 [ 769.830903] ? match_number.isra.0+0xb6/0x260 [ 769.835389] match_number.isra.0+0xb6/0x260 [ 769.839710] ? match_strdup+0xa0/0xa0 [ 769.843497] ? match_wildcard+0x3c0/0x3c0 [ 769.847637] match_int+0x23/0x30 [ 769.850993] fuse_fill_super+0x812/0x1e20 [ 769.855153] ? fuse_get_root_inode+0x190/0x190 [ 769.859734] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 769.864737] ? kasan_check_read+0x11/0x20 [ 769.868875] ? cap_capable+0x1f9/0x260 [ 769.872760] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 769.878284] ? security_capable+0x99/0xc0 [ 769.882420] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 769.891678] ? ns_capable_common+0x13f/0x170 [ 769.896076] ? get_anon_bdev+0x2f0/0x2f0 [ 769.900124] ? sget+0x113/0x150 [ 769.903399] ? fuse_get_root_inode+0x190/0x190 [ 769.907976] mount_nodev+0x6b/0x110 [ 769.911594] fuse_mount+0x2c/0x40 [ 769.915036] mount_fs+0xae/0x328 [ 769.918394] vfs_kern_mount.part.34+0xd4/0x4d0 [ 769.922972] ? may_umount+0xb0/0xb0 [ 769.926588] ? _raw_read_unlock+0x22/0x30 [ 769.930724] ? __get_fs_type+0x97/0xc0 [ 769.934599] do_mount+0x564/0x3070 [ 769.938129] ? copy_mount_string+0x40/0x40 [ 769.942362] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 769.947106] ? retint_kernel+0x10/0x10 [ 769.950988] ? copy_mount_options+0x1a1/0x380 [ 769.955482] ? __sanitizer_cov_trace_pc+0x38/0x50 [ 769.960313] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 769.965838] ? copy_mount_options+0x285/0x380 [ 769.970322] ksys_mount+0x12d/0x140 [ 769.973937] __x64_sys_mount+0xbe/0x150 [ 769.977900] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 769.982902] do_syscall_64+0x1b1/0x800 [ 769.986793] ? finish_task_switch+0x1ca/0x810 [ 769.991283] ? syscall_return_slowpath+0x5c0/0x5c0 [ 769.996202] ? syscall_return_slowpath+0x30f/0x5c0 [ 770.001121] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 770.006480] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 770.011312] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 770.016486] RIP: 0033:0x455979 [ 770.019660] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 770.027365] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 770.034620] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 2018/05/04 10:56:18 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:18 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0xe80, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:18 executing program 5: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x20000000) 2018/05/04 10:56:18 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x2}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 770.041876] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 770.049137] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 770.056397] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 770.067442] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:56:18 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0xf0ff7f00000000, 0x4, [0x0, 0xe2f]}) [ 770.093848] binder: 7710:7711 transaction failed 29189/-22, size 0-0 line 2856 [ 770.114016] binder: 7701:7702 transaction failed 29189/-22, size 0-0 line 2856 [ 770.131370] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:56:18 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:18 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:18 executing program 2 (fault-call:3 fault-nth:36): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:18 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000180)=0x0) move_pages(r1, 0x3, &(0x7f00000001c0)=[&(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil], &(0x7f0000000200)=[0x0, 0x3, 0x9, 0x4, 0x5], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000011f9d)}) clock_gettime(0x1, &(0x7f0000000300)) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) ppoll(&(0x7f0000000080)=[{r0, 0x150}], 0x1, &(0x7f0000000100)={r2, r3+10000000}, &(0x7f0000000140)={0x80}, 0x8) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) [ 770.159576] binder: 7718:7719 transaction failed 29189/-22, size 0-0 line 2856 [ 770.181951] binder: undelivered TRANSACTION_ERROR: 29189 [ 770.250143] binder: undelivered TRANSACTION_ERROR: 29189 [ 770.261987] FAULT_INJECTION: forcing a failure. [ 770.261987] name failslab, interval 1, probability 0, space 0, times 0 [ 770.273404] CPU: 0 PID: 7729 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 770.280603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 770.289974] Call Trace: [ 770.292574] dump_stack+0x1b9/0x294 [ 770.296212] ? dump_stack_print_info.cold.2+0x52/0x52 [ 770.301406] ? lock_downgrade+0x8e0/0x8e0 [ 770.305568] ? graph_lock+0x170/0x170 [ 770.309385] should_fail.cold.4+0xa/0x1a [ 770.313446] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 770.318545] ? print_usage_bug+0xc0/0xc0 [ 770.322625] ? print_usage_bug+0xc0/0xc0 [ 770.326690] ? graph_lock+0x170/0x170 [ 770.330493] ? find_held_lock+0x36/0x1c0 [ 770.334554] ? __lock_is_held+0xb5/0x140 [ 770.338632] ? check_same_owner+0x320/0x320 [ 770.344884] ? lockdep_init_map+0x9/0x10 [ 770.348956] ? rcu_note_context_switch+0x710/0x710 [ 770.353882] ? kasan_check_write+0x14/0x20 [ 770.358131] ? __init_rwsem+0x1c4/0x290 [ 770.362108] __should_failslab+0x124/0x180 [ 770.366347] should_failslab+0x9/0x14 [ 770.370162] __kmalloc+0x2c8/0x760 [ 770.373702] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 770.378717] ? prealloc_shrinker+0xcf/0x130 [ 770.383043] prealloc_shrinker+0xcf/0x130 [ 770.387206] sget_userns+0x9b2/0xf00 [ 770.390914] ? get_anon_bdev+0x2f0/0x2f0 [ 770.394970] ? destroy_unused_super.part.11+0x110/0x110 [ 770.400339] ? __alloc_pages_nodemask+0xacf/0xd70 [ 770.405200] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 770.410214] ? kasan_check_read+0x11/0x20 [ 770.414366] ? cap_capable+0x1f9/0x260 [ 770.418264] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 770.423815] ? security_capable+0x99/0xc0 [ 770.427976] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 770.433523] ? ns_capable_common+0x13f/0x170 [ 770.437941] ? get_anon_bdev+0x2f0/0x2f0 [ 770.442001] sget+0x10b/0x150 [ 770.445114] ? fuse_get_root_inode+0x190/0x190 [ 770.449703] mount_nodev+0x33/0x110 [ 770.453341] fuse_mount+0x2c/0x40 [ 770.456805] mount_fs+0xae/0x328 [ 770.460191] vfs_kern_mount.part.34+0xd4/0x4d0 [ 770.464782] ? may_umount+0xb0/0xb0 [ 770.468414] ? _raw_read_unlock+0x22/0x30 [ 770.472570] ? __get_fs_type+0x97/0xc0 [ 770.476469] do_mount+0x564/0x3070 [ 770.480004] ? copy_mount_string+0x40/0x40 [ 770.484234] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 770.488982] ? retint_kernel+0x10/0x10 [ 770.492875] ? copy_mount_options+0x213/0x380 [ 770.497379] ? write_comp_data+0x70/0x70 [ 770.501437] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 770.506983] ? copy_mount_options+0x285/0x380 [ 770.511488] ksys_mount+0x12d/0x140 [ 770.515117] __x64_sys_mount+0xbe/0x150 [ 770.519091] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 770.524103] do_syscall_64+0x1b1/0x800 [ 770.527983] ? finish_task_switch+0x1ca/0x810 [ 770.532484] ? syscall_return_slowpath+0x5c0/0x5c0 [ 770.537413] ? syscall_return_slowpath+0x30f/0x5c0 [ 770.542350] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 770.547710] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 770.552559] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 770.557741] RIP: 0033:0x455979 [ 770.560928] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 770.568623] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 770.575890] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 770.583154] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 770.590416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 770.597681] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:19 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:19 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x0, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:19 executing program 2 (fault-call:3 fault-nth:37): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:19 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0xfdfdffff]}]}) 2018/05/04 10:56:19 executing program 1: r0 = syz_open_dev$usbmon(&(0x7f0000000340)='/dev/usbmon#\x00', 0xb87, 0x2) r1 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='limits\x00') ioctl$BLKRRPART(r2, 0x125f, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x7ff, 0x1) ioctl$SG_GET_NUM_WAITING(r3, 0x227d, &(0x7f0000000100)) ioctl$DRM_IOCTL_RES_CTX(r2, 0xc0106426, &(0x7f00000001c0)={0x9, &(0x7f0000000140)=[{}, {}, {}, {}, {}, {0x0}, {}, {}, {}]}) ioctl$TUNSETFILTEREBPF(r2, 0x800454e1, &(0x7f0000000380)=r0) ioctl$DRM_IOCTL_DMA(r3, 0xc0406429, &(0x7f0000000300)={r4, 0x5, &(0x7f0000000200)=[0x1000, 0x9, 0x65c, 0x56, 0x10000], &(0x7f0000000240)=[0x9, 0x5dc, 0x5e5, 0x3f, 0x8, 0x5, 0x3, 0x6, 0x6], 0x10, 0xa, 0x100, &(0x7f0000000280)=[0x6, 0x6, 0x3c19, 0x2, 0x7fff, 0x80000001, 0x4, 0x5, 0x5225, 0x4], &(0x7f00000002c0)=[0x0, 0xff, 0x97, 0xf8a, 0x100000001, 0x3, 0x7f, 0x3, 0x52ad4c96]}) ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0) 2018/05/04 10:56:19 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:19 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x10020, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:19 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x3}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 771.230369] nla_parse: 2 callbacks suppressed [ 771.230379] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 771.240150] binder: 7752:7755 transaction failed 29189/-22, size 0-0 line 2856 [ 771.264891] binder: 7757:7758 transaction failed 29189/-22, size 0-0 line 2856 [ 771.267901] FAULT_INJECTION: forcing a failure. [ 771.267901] name failslab, interval 1, probability 0, space 0, times 0 [ 771.283679] CPU: 0 PID: 7748 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 771.290411] binder: undelivered TRANSACTION_ERROR: 29189 [ 771.290869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 771.290876] Call Trace: [ 771.290902] dump_stack+0x1b9/0x294 [ 771.290927] ? dump_stack_print_info.cold.2+0x52/0x52 [ 771.315561] binder: 7757:7760 transaction failed 29189/-22, size 0-0 line 2856 [ 771.317096] ? __save_stack_trace+0x7e/0xd0 [ 771.317124] should_fail.cold.4+0xa/0x1a [ 771.317142] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 771.317163] ? save_stack+0x43/0xd0 [ 771.336870] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 771.337981] ? kasan_kmalloc+0xc4/0xe0 [ 771.337997] ? kmem_cache_alloc_trace+0x152/0x780 [ 771.338012] ? __memcg_init_list_lru_node+0x17d/0x2c0 [ 771.338024] ? __list_lru_init+0x456/0x790 [ 771.338039] ? sget_userns+0x767/0xf00 [ 771.338057] ? graph_lock+0x170/0x170 [ 771.338069] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 771.338086] ? do_mount+0x564/0x3070 [ 771.349980] binder: undelivered TRANSACTION_ERROR: 29189 [ 771.350277] ? ksys_mount+0x12d/0x140 [ 771.350292] ? __x64_sys_mount+0xbe/0x150 [ 771.350308] ? do_syscall_64+0x1b1/0x800 [ 771.350324] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 771.350340] ? find_held_lock+0x36/0x1c0 [ 771.350357] ? __lock_is_held+0xb5/0x140 [ 771.415556] ? check_same_owner+0x320/0x320 [ 771.419896] ? rcu_note_context_switch+0x710/0x710 [ 771.421237] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:56:19 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x2f0f0020, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:19 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:19 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0xf0ff7f, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:19 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:19 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x7a00000000000000}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:19 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x104, 0x0, &(0x7f0000000300)=ANY=[@ANYRES16, @ANYPTR64=&(0x7f0000000000)=ANY=[@ANYPTR, @ANYRES64=r0, @ANYRES64=r0, @ANYRES16=r0, @ANYRES32=r0], @ANYRES32=r0, @ANYBLOB="392ee70d61ad171579d173df7c7213fc04b5b25e0820dbbb2e0f780c5b16047bfe17e9ebb3c6886b82ea793623bc390237860b187aea6fb03f9d94571f9f5342a8856b5cceb1d8ead064a7a421b07d17a098d7db5bb6aabe0faf8aced5b3e4c6ec314fb8ff8da764872d2bdf7b45566af28ba106aca4e5d51cc806531209384e394ef8db6c5304c37042055345b0875e0a9bd3cd1ae46bcf0da7e670e76a70b28aee06c2464035a2483c3bd9f5c8613ac4c7eaea1bbaddc2ea5425649cf14fbaa865721f407c45a533ad638e4c9f6cfd3a9854c545d72fa8a3a4ab27c69a2db00ad7", @ANYRES64=r0, @ANYRES32=r0, @ANYRES64], 0x150, 0x0, &(0x7f0000000180)="2699a4cca6096672f5d4ef01eb34ecccb206c3d61e14e9e5788b6b01097320e55d3b313d90556aba368fe82c24e54d8d6be1e7e195b98d596b014c3706bf622aa3214f8c2ffd36663ee333af67ff9f3c2954a40178214bde081909a22f5574cd68718cbf5936dc20dafc1d938e29687c29f96d7394420f5d64902f9bb1b6649a0aaac4deba50a3cc3fcdacdf603c60470ec3aa0a16e6b509181a6845580a618e44c39bee26ea046726d7267d14ebecc02cdf4f1521930b8852d345940efea6fb5bfdce1c193f20d1d70b1fca2173b7c9d98f5ffd9fa76ad23b276e61af1c2a4b500701ed440dd33907455e7afd4acbdd16fdae358e227461847ab4af2ebec24738e63410b01b872dfc597ca56a7d4115edbf9bfa1ed57792ad78e014ca02a013626e6b603e55fd5c9001bca0d63a9aa93a681854884373585f72aba6c509637909ef22e6a2b5012cf660095571c91643"}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) [ 771.424836] __should_failslab+0x124/0x180 [ 771.424856] should_failslab+0x9/0x14 [ 771.424873] kmem_cache_alloc_trace+0x2cb/0x780 [ 771.424887] ? __kmalloc_node+0x33/0x70 [ 771.424899] ? __kmalloc_node+0x33/0x70 [ 771.424916] ? rcu_read_lock_sched_held+0x108/0x120 [ 771.424934] __memcg_init_list_lru_node+0x17d/0x2c0 [ 771.424949] ? kvfree_rcu+0x20/0x20 [ 771.465573] ? __kmalloc_node+0x47/0x70 [ 771.468588] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. 2018/05/04 10:56:19 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0xffffffffffffffff, 0x4, [0x0, 0xe2f]}) [ 771.469558] __list_lru_init+0x456/0x790 [ 771.469577] ? list_lru_destroy+0x4c0/0x4c0 [ 771.469593] ? mark_held_locks+0xc9/0x160 [ 771.469611] ? __raw_spin_lock_init+0x1c/0x100 [ 771.469628] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 771.469647] ? lockdep_init_map+0x9/0x10 [ 771.469663] sget_userns+0x767/0xf00 [ 771.469680] ? get_anon_bdev+0x2f0/0x2f0 [ 771.512404] ? destroy_unused_super.part.11+0x110/0x110 [ 771.516914] binder: 7769:7770 unknown command 65535 [ 771.517785] ? __alloc_pages_nodemask+0xacf/0xd70 [ 771.517808] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 771.517829] ? kasan_check_read+0x11/0x20 [ 771.517848] ? cap_capable+0x1f9/0x260 [ 771.517872] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 771.517886] ? security_capable+0x99/0xc0 [ 771.517904] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 771.532301] binder: 7769:7770 ioctl c0306201 20000040 returned -22 [ 771.532756] ? ns_capable_common+0x13f/0x170 [ 771.537654] binder: 7768:7772 transaction failed 29189/-22, size 0-0 line 2856 [ 771.540803] ? get_anon_bdev+0x2f0/0x2f0 [ 771.540817] sget+0x10b/0x150 2018/05/04 10:56:19 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 771.540835] ? fuse_get_root_inode+0x190/0x190 [ 771.540850] mount_nodev+0x33/0x110 [ 771.540866] fuse_mount+0x2c/0x40 [ 771.540883] mount_fs+0xae/0x328 [ 771.540903] vfs_kern_mount.part.34+0xd4/0x4d0 [ 771.540920] ? may_umount+0xb0/0xb0 [ 771.557820] binder: 7769:7770 unknown command 65535 [ 771.562425] ? _raw_read_unlock+0x22/0x30 [ 771.562442] ? __get_fs_type+0x97/0xc0 [ 771.562459] do_mount+0x564/0x3070 [ 771.562477] ? do_raw_spin_unlock+0x9e/0x2e0 [ 771.562495] ? copy_mount_string+0x40/0x40 [ 771.562520] ? rcu_pm_notify+0xc0/0xc0 [ 771.562541] ? copy_mount_options+0x5f/0x380 [ 771.562553] ? rcu_read_lock_sched_held+0x108/0x120 [ 771.562574] ? kmem_cache_alloc_trace+0x616/0x780 [ 771.608293] binder: 7769:7770 ioctl c0306201 20000040 returned -22 [ 771.609760] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 771.609783] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 771.609799] ? copy_mount_options+0x285/0x380 [ 771.609818] ksys_mount+0x12d/0x140 [ 771.609836] __x64_sys_mount+0xbe/0x150 [ 771.609849] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 771.609869] do_syscall_64+0x1b1/0x800 [ 771.620598] binder: undelivered TRANSACTION_ERROR: 29189 [ 771.621414] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 771.621432] ? syscall_return_slowpath+0x5c0/0x5c0 [ 771.621449] ? syscall_return_slowpath+0x30f/0x5c0 [ 771.621469] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 771.621490] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 771.621512] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 771.621530] RIP: 0033:0x455979 [ 771.642128] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 771.643427] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 771.643445] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 771.643454] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 771.643463] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 771.643472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 771.643480] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:20 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x7400000000000000}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:20 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x20000100, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:20 executing program 2 (fault-call:3 fault-nth:38): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:20 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) r1 = dup3(r0, r0, 0x80000) personality(0x404000a) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DAEMON(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8410000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x44, r2, 0x0, 0x70bd28, 0x25dfdbff, {0xa}, [@IPVS_CMD_ATTR_DAEMON={0x20, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote={0xfe, 0x80, [], 0xbb}}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x604}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3f}]}, 0x44}, 0x1, 0x0, 0x0, 0x4005}, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x8, 0x0, &(0x7f0000000200)=[@increfs={0x40046304, 0x3}], 0xd3, 0x0, &(0x7f0000000240)="67d2006ee9bc6fa317337c55f6f3c7ddd222f9c108883332611e59e144d74aaeb2e813c2173e605114cca09e2b6dabd83aae8d43c470bf0047670f5af5c142e9b5a2e4be7adce45f006e6064cbc9d72e288d16ca2fb3a061e7bc2cd1a614d8691db2d4c8a80ee808004f9abcfddf8dac79e8e0c42bd1a780423f972d4cedf1a3bc3a900de522cf9bafeee42d4559d7776ad6c606a36085d89bfe92b9da2d78961b602b507526e13cb3e22501ff409042319488d4d608f2770bcd70d3e9876c628f7475982b9762e56e90740b2ebe0078ecee4c"}) 2018/05/04 10:56:20 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:20 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x80ffff]}]}) 2018/05/04 10:56:20 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:20 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) [ 772.270340] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 772.302479] binder: 7795:7797 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:56:20 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x7fffe1d1, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:20 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 772.323450] binder: undelivered TRANSACTION_ERROR: 29189 [ 772.346999] binder: 7795:7797 transaction failed 29189/-22, size 0-0 line 2856 [ 772.357932] FAULT_INJECTION: forcing a failure. [ 772.357932] name failslab, interval 1, probability 0, space 0, times 0 [ 772.369293] CPU: 1 PID: 7799 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 772.376502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 772.385867] Call Trace: [ 772.388480] dump_stack+0x1b9/0x294 [ 772.392131] ? dump_stack_print_info.cold.2+0x52/0x52 [ 772.397344] ? lock_downgrade+0x8e0/0x8e0 [ 772.397474] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 772.401502] ? graph_lock+0x170/0x170 [ 772.401526] should_fail.cold.4+0xa/0x1a [ 772.401545] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 772.401562] ? print_usage_bug+0xc0/0xc0 [ 772.401578] ? print_usage_bug+0xc0/0xc0 [ 772.401593] ? graph_lock+0x170/0x170 [ 772.401612] ? find_held_lock+0x36/0x1c0 [ 772.401630] ? __lock_is_held+0xb5/0x140 [ 772.401652] ? check_same_owner+0x320/0x320 [ 772.442920] binder: 7794:7804 transaction failed 29189/-22, size 0-0 line 2856 [ 772.443189] ? lockdep_init_map+0x9/0x10 [ 772.443216] ? rcu_note_context_switch+0x710/0x710 [ 772.463865] ? kasan_check_write+0x14/0x20 [ 772.468119] ? __init_rwsem+0x1c4/0x290 [ 772.472109] __should_failslab+0x124/0x180 [ 772.476366] should_failslab+0x9/0x14 [ 772.479010] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 772.480173] __kmalloc+0x2c8/0x760 [ 772.480194] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 772.480211] ? prealloc_shrinker+0xcf/0x130 [ 772.480229] prealloc_shrinker+0xcf/0x130 [ 772.480246] sget_userns+0x9b2/0xf00 [ 772.480260] ? get_anon_bdev+0x2f0/0x2f0 [ 772.480279] ? destroy_unused_super.part.11+0x110/0x110 [ 772.480296] ? __alloc_pages_nodemask+0xacf/0xd70 [ 772.494122] binder: undelivered TRANSACTION_ERROR: 29189 [ 772.497403] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 772.497425] ? kasan_check_read+0x11/0x20 [ 772.497444] ? cap_capable+0x1f9/0x260 [ 772.497467] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 772.497483] ? security_capable+0x99/0xc0 [ 772.497502] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 772.497517] ? ns_capable_common+0x13f/0x170 [ 772.497532] ? get_anon_bdev+0x2f0/0x2f0 [ 772.497547] sget+0x10b/0x150 2018/05/04 10:56:20 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x800e000000000000, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:20 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:20 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0xffffff7f}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:20 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 772.537305] binder: 7812:7813 transaction failed 29189/-22, size 0-0 line 2856 [ 772.538521] ? fuse_get_root_inode+0x190/0x190 [ 772.538540] mount_nodev+0x33/0x110 [ 772.538556] fuse_mount+0x2c/0x40 [ 772.538573] mount_fs+0xae/0x328 [ 772.538593] vfs_kern_mount.part.34+0xd4/0x4d0 [ 772.538608] ? may_umount+0xb0/0xb0 [ 772.538626] ? _raw_read_unlock+0x22/0x30 [ 772.538642] ? __get_fs_type+0x97/0xc0 [ 772.575287] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 772.576612] do_mount+0x564/0x3070 [ 772.576632] ? do_raw_spin_unlock+0x9e/0x2e0 [ 772.576652] ? copy_mount_string+0x40/0x40 [ 772.576668] ? rcu_pm_notify+0xc0/0xc0 [ 772.576690] ? copy_mount_options+0x5f/0x380 [ 772.576704] ? rcu_read_lock_sched_held+0x108/0x120 [ 772.576726] ? kmem_cache_alloc_trace+0x616/0x780 [ 772.604538] binder: undelivered TRANSACTION_ERROR: 29189 [ 772.607904] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 772.607932] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 772.607948] ? copy_mount_options+0x285/0x380 [ 772.607967] ksys_mount+0x12d/0x140 [ 772.607985] __x64_sys_mount+0xbe/0x150 [ 772.608000] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 772.608019] do_syscall_64+0x1b1/0x800 [ 772.608034] ? finish_task_switch+0x1ca/0x810 [ 772.608050] ? syscall_return_slowpath+0x5c0/0x5c0 [ 772.608069] ? syscall_return_slowpath+0x30f/0x5c0 [ 772.638436] binder: undelivered TRANSACTION_ERROR: 29189 [ 772.642081] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 772.642110] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 772.642130] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 772.642142] RIP: 0033:0x455979 [ 772.642151] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 772.642166] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 772.642176] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 772.642184] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 772.642192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 772.642199] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:21 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0xa}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) r1 = dup3(r0, r0, 0x80000) ioctl$TCFLSH(r1, 0x540b, 0x7ff) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:21 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:21 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x1002000000000, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:21 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x1800]}]}) 2018/05/04 10:56:21 executing program 2 (fault-call:3 fault-nth:39): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:21 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:21 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) 2018/05/04 10:56:21 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x1000000, 0x4, [0x0, 0xe2f]}) [ 773.429907] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 773.442102] binder: 7834:7838 transaction failed 29189/-22, size 0-0 line 2856 [ 773.459373] binder: 7833:7840 transaction failed 29189/-22, size 0-0 line 2856 [ 773.465767] binder: undelivered TRANSACTION_ERROR: 29189 [ 773.498167] FAULT_INJECTION: forcing a failure. [ 773.498167] name failslab, interval 1, probability 0, space 0, times 0 [ 773.509787] CPU: 0 PID: 7844 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 773.511401] binder: 7834:7838 transaction failed 29189/-22, size 0-0 line 2856 [ 773.516980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 773.516986] Call Trace: [ 773.517012] dump_stack+0x1b9/0x294 [ 773.517030] ? dump_stack_print_info.cold.2+0x52/0x52 2018/05/04 10:56:21 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0xa00000000000000}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:21 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 773.517049] ? is_bpf_text_address+0xd7/0x170 [ 773.517070] should_fail.cold.4+0xa/0x1a [ 773.517086] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 773.517110] ? graph_lock+0x170/0x170 [ 773.532563] binder: undelivered TRANSACTION_ERROR: 29189 [ 773.533844] ? save_stack+0xa9/0xd0 [ 773.533867] ? find_held_lock+0x36/0x1c0 [ 773.533890] ? __lock_is_held+0xb5/0x140 [ 773.533917] ? check_same_owner+0x320/0x320 [ 773.533934] ? trace_hardirqs_off+0xd/0x10 [ 773.588504] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 773.593632] ? rcu_note_context_switch+0x710/0x710 2018/05/04 10:56:21 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x20000f2f, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="f2624840", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) finit_module(r0, &(0x7f00000000c0)='(vmnet1\x00', 0x3) [ 773.598584] ? debug_check_no_obj_freed+0x2ff/0x584 [ 773.603625] __should_failslab+0x124/0x180 [ 773.607886] should_failslab+0x9/0x14 [ 773.611707] __kmalloc+0x2c8/0x760 [ 773.615267] ? match_strdup+0x5e/0xa0 [ 773.619086] match_strdup+0x5e/0xa0 [ 773.620207] binder: undelivered TRANSACTION_ERROR: 29189 [ 773.622725] fuse_match_uint+0x1a/0x60 [ 773.622742] fuse_fill_super+0x455/0x1e20 [ 773.622764] ? fuse_get_root_inode+0x190/0x190 [ 773.622785] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 773.622806] ? kasan_check_read+0x11/0x20 [ 773.622824] ? cap_capable+0x1f9/0x260 [ 773.622845] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 773.622863] ? security_capable+0x99/0xc0 [ 773.663653] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 773.669231] ? ns_capable_common+0x13f/0x170 [ 773.671437] binder: 7854:7856 unknown command 1078485746 [ 773.673674] ? get_anon_bdev+0x2f0/0x2f0 [ 773.673693] ? sget+0x113/0x150 [ 773.673712] ? fuse_get_root_inode+0x190/0x190 [ 773.673728] mount_nodev+0x6b/0x110 [ 773.673743] fuse_mount+0x2c/0x40 2018/05/04 10:56:21 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x7ffff000, 0x4, [0x0, 0xe2f]}) [ 773.673759] mount_fs+0xae/0x328 [ 773.673778] vfs_kern_mount.part.34+0xd4/0x4d0 [ 773.673793] ? may_umount+0xb0/0xb0 [ 773.673814] ? _raw_read_unlock+0x22/0x30 [ 773.691440] binder: 7854:7856 ioctl c0306201 20000040 returned -22 [ 773.694824] ? __get_fs_type+0x97/0xc0 [ 773.694843] do_mount+0x564/0x3070 [ 773.694865] ? copy_mount_string+0x40/0x40 [ 773.694882] ? rcu_pm_notify+0xc0/0xc0 [ 773.694904] ? copy_mount_options+0x5f/0x380 [ 773.694919] ? rcu_read_lock_sched_held+0x108/0x120 2018/05/04 10:56:21 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x2f0f002000000000, 0x4, [0x0, 0xe2f]}) [ 773.694936] ? kmem_cache_alloc_trace+0x616/0x780 [ 773.694953] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 773.694973] ? _copy_from_user+0xdf/0x150 [ 773.715572] binder: 7854:7856 unknown command 1078485746 [ 773.720448] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 773.720465] ? copy_mount_options+0x285/0x380 [ 773.720484] ksys_mount+0x12d/0x140 [ 773.720501] __x64_sys_mount+0xbe/0x150 [ 773.720517] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 773.720538] do_syscall_64+0x1b1/0x800 [ 773.720553] ? finish_task_switch+0x1ca/0x810 [ 773.720569] ? syscall_return_slowpath+0x5c0/0x5c0 [ 773.720588] ? syscall_return_slowpath+0x30f/0x5c0 [ 773.737806] binder: 7854:7856 ioctl c0306201 20000040 returned -22 [ 773.740558] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 773.740581] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 773.740602] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 773.740613] RIP: 0033:0x455979 [ 773.740621] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 773.740637] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 773.740646] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 773.740654] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 773.740662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 773.740671] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 773.760375] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 773.763565] binder: 7850:7852 transaction failed 29189/-22, size 0-0 line 2856 [ 773.908319] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:56:22 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0xd1e1ff7f00000000, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:22 executing program 2 (fault-call:3 fault-nth:40): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:22 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f00000000c0)=[@acquire_done={0x40486311}], 0x62, 0x0, &(0x7f0000000100)="bb6011cf2b6d397606c96183f9be3ccd934673e50d5348a9aec0cf91192a11ea5a5829b56b03000000757c13fea9dfd183c5a99a36f57bc981810000000116cefb5498905f5a358fcafa711749f588aa9cb91107fd762756a7f82bfa6df5dcf1f5ca"}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:22 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x500000000000000}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:22 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x1700]}]}) 2018/05/04 10:56:22 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:22 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) 2018/05/04 10:56:22 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) [ 774.574878] binder: 7879:7885 transaction failed 29189/-22, size 0-0 line 2856 [ 774.583374] binder: 7875:7886 transaction failed 29189/-22, size 0-0 line 2856 [ 774.600460] FAULT_INJECTION: forcing a failure. [ 774.600460] name failslab, interval 1, probability 0, space 0, times 0 [ 774.611796] CPU: 0 PID: 7887 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 2018/05/04 10:56:22 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:22 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x40010000, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:22 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x60000000}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 774.618994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 774.628361] Call Trace: [ 774.630967] dump_stack+0x1b9/0x294 [ 774.633843] binder: undelivered TRANSACTION_ERROR: 29189 [ 774.634609] ? dump_stack_print_info.cold.2+0x52/0x52 [ 774.634638] should_fail.cold.4+0xa/0x1a [ 774.634659] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 774.634677] ? kasan_slab_free+0xe/0x10 [ 774.634693] ? kfree+0xd9/0x260 [ 774.642428] binder: 7879:7885 transaction failed 29189/-22, size 0-0 line 2856 [ 774.645329] ? match_number.isra.0+0x192/0x260 2018/05/04 10:56:22 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 774.645344] ? match_int+0x23/0x30 [ 774.645367] ? fuse_fill_super+0x812/0x1e20 [ 774.681557] ? mount_nodev+0x6b/0x110 [ 774.685374] ? fuse_mount+0x2c/0x40 [ 774.689016] ? graph_lock+0x170/0x170 [ 774.692836] ? __x64_sys_mount+0xbe/0x150 [ 774.697007] ? do_syscall_64+0x1b1/0x800 [ 774.701085] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 774.704554] binder: 7892:7893 transaction failed 29189/-22, size 0-0 line 2856 [ 774.706463] ? do_raw_spin_unlock+0x9e/0x2e0 [ 774.706481] ? find_held_lock+0x36/0x1c0 2018/05/04 10:56:22 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:22 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x7a00}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 774.706500] ? __lock_is_held+0xb5/0x140 [ 774.706527] ? check_same_owner+0x320/0x320 [ 774.706540] ? mark_held_locks+0xc9/0x160 [ 774.706553] ? quarantine_put+0xeb/0x190 [ 774.706572] ? rcu_note_context_switch+0x710/0x710 [ 774.743862] ? kfree+0x111/0x260 [ 774.747244] __should_failslab+0x124/0x180 [ 774.751490] should_failslab+0x9/0x14 [ 774.755306] __kmalloc+0x2c8/0x760 [ 774.758867] ? match_strdup+0x5e/0xa0 [ 774.760295] binder: undelivered TRANSACTION_ERROR: 29189 [ 774.762679] match_strdup+0x5e/0xa0 [ 774.762699] fuse_match_uint+0x1a/0x60 [ 774.762714] fuse_fill_super+0x6e3/0x1e20 [ 774.762738] ? fuse_get_root_inode+0x190/0x190 [ 774.762758] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 774.762777] ? kasan_check_read+0x11/0x20 [ 774.762799] ? cap_capable+0x1f9/0x260 [ 774.797524] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 774.803084] ? security_capable+0x99/0xc0 [ 774.807264] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 774.812819] ? ns_capable_common+0x13f/0x170 [ 774.816816] binder: 7897:7899 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:56:22 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 774.817241] ? get_anon_bdev+0x2f0/0x2f0 [ 774.817253] ? sget+0x113/0x150 [ 774.817273] ? fuse_get_root_inode+0x190/0x190 [ 774.836515] mount_nodev+0x6b/0x110 [ 774.840176] fuse_mount+0x2c/0x40 [ 774.843646] mount_fs+0xae/0x328 [ 774.847029] vfs_kern_mount.part.34+0xd4/0x4d0 [ 774.851623] ? may_umount+0xb0/0xb0 [ 774.855271] ? _raw_read_unlock+0x22/0x30 [ 774.859428] ? __get_fs_type+0x97/0xc0 [ 774.863332] do_mount+0x564/0x3070 [ 774.866883] ? do_raw_spin_unlock+0x9e/0x2e0 2018/05/04 10:56:22 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x6c00}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:22 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 774.867685] binder: undelivered TRANSACTION_ERROR: 29189 [ 774.871307] ? interrupt_entry+0xb1/0xf0 [ 774.871326] ? copy_mount_string+0x40/0x40 [ 774.871344] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 774.871362] ? retint_kernel+0x10/0x10 [ 774.871383] ? copy_mount_options+0x1e3/0x380 [ 774.871402] ? write_comp_data+0x11/0x70 [ 774.871419] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 774.871434] ? copy_mount_options+0x285/0x380 [ 774.912421] ksys_mount+0x12d/0x140 [ 774.916066] __x64_sys_mount+0xbe/0x150 [ 774.920053] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 774.925090] do_syscall_64+0x1b1/0x800 [ 774.929028] ? finish_task_switch+0x1ca/0x810 [ 774.933564] ? syscall_return_slowpath+0x5c0/0x5c0 [ 774.938522] ? syscall_return_slowpath+0x30f/0x5c0 [ 774.940723] binder: 7902:7905 transaction failed 29189/-22, size 0-0 line 2856 [ 774.943462] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 774.943484] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 774.943503] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 774.943516] RIP: 0033:0x455979 2018/05/04 10:56:23 executing program 2 (fault-call:3 fault-nth:41): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:23 executing program 1: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x100, 0x0) ioctl$KDGKBENT(r0, 0x4b46, &(0x7f0000000100)={0x5, 0x400, 0x100000001}) r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0x0, 0xfffffffffffffffd) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="11634840", @ANYRES64=0x0, @ANYBLOB="00479f0794b09e8dafd1f78ef42e33118227a1918813cd5afd6f5d31c057dfcdae489e0dbfb2670000000008000000"], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$KVM_SET_DEVICE_ATTR(r0, 0x4018aee1, &(0x7f0000000200)={0x0, 0x8, 0x91c6, &(0x7f00000001c0)=0x1}) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x800) write$fuse(r0, &(0x7f0000000180)={0x18, 0x0, 0x9, @fuse_bmap_out}, 0x18) ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0) 2018/05/04 10:56:23 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 774.943524] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 774.943539] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 774.943548] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 774.943555] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 774.943564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 774.943572] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 775.047346] binder: undelivered TRANSACTION_ERROR: 29189 [ 775.091314] FAULT_INJECTION: forcing a failure. [ 775.091314] name failslab, interval 1, probability 0, space 0, times 0 [ 775.102664] CPU: 1 PID: 7916 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 775.109871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 775.119240] Call Trace: [ 775.121866] dump_stack+0x1b9/0x294 [ 775.125489] ? dump_stack_print_info.cold.2+0x52/0x52 [ 775.130683] should_fail.cold.4+0xa/0x1a [ 775.134742] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 775.139850] ? graph_lock+0x170/0x170 [ 775.143653] ? lock_downgrade+0x8e0/0x8e0 [ 775.147810] ? kasan_check_write+0x14/0x20 [ 775.152068] ? find_held_lock+0x36/0x1c0 [ 775.156137] ? __lock_is_held+0xb5/0x140 [ 775.160200] ? check_same_owner+0x320/0x320 [ 775.164532] ? rcu_note_context_switch+0x710/0x710 [ 775.169467] __should_failslab+0x124/0x180 [ 775.173707] should_failslab+0x9/0x14 [ 775.177510] kmem_cache_alloc_trace+0x2cb/0x780 [ 775.182182] ? match_wildcard+0x3c0/0x3c0 [ 775.186323] ? trace_hardirqs_on+0xd/0x10 [ 775.190473] fuse_fill_super+0xc92/0x1e20 [ 775.194632] ? fuse_get_root_inode+0x190/0x190 [ 775.199211] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 775.204241] ? kasan_check_read+0x11/0x20 [ 775.208407] ? cap_capable+0x1f9/0x260 [ 775.212319] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 775.217871] ? security_capable+0x99/0xc0 [ 775.222042] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 775.227586] ? ns_capable_common+0x13f/0x170 [ 775.231992] ? get_anon_bdev+0x2f0/0x2f0 [ 775.236061] ? sget+0x113/0x150 [ 775.239357] ? fuse_get_root_inode+0x190/0x190 [ 775.243941] mount_nodev+0x6b/0x110 [ 775.247570] fuse_mount+0x2c/0x40 [ 775.251025] mount_fs+0xae/0x328 [ 775.254394] vfs_kern_mount.part.34+0xd4/0x4d0 [ 775.258970] ? may_umount+0xb0/0xb0 [ 775.262596] ? _raw_read_unlock+0x22/0x30 [ 775.266734] ? __get_fs_type+0x97/0xc0 [ 775.270616] do_mount+0x564/0x3070 [ 775.274172] ? copy_mount_string+0x40/0x40 [ 775.278413] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 775.283428] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 775.288178] ? retint_kernel+0x10/0x10 [ 775.292072] ? copy_mount_options+0x1f0/0x380 [ 775.296565] ? copy_mount_options+0x1fa/0x380 [ 775.301062] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 775.306591] ? copy_mount_options+0x285/0x380 [ 775.311081] ksys_mount+0x12d/0x140 [ 775.314710] __x64_sys_mount+0xbe/0x150 [ 775.318701] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 775.323721] do_syscall_64+0x1b1/0x800 [ 775.327602] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 775.332452] ? syscall_return_slowpath+0x5c0/0x5c0 [ 775.337375] ? syscall_return_slowpath+0x30f/0x5c0 [ 775.342308] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 775.347703] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 775.352551] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 775.357734] RIP: 0033:0x455979 [ 775.360910] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 775.368612] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 775.375897] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 775.383158] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 775.390429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 775.397700] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:23 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x1000000}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:23 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:23 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:23 executing program 2 (fault-call:3 fault-nth:42): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:23 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) 2018/05/04 10:56:23 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0xf]}]}) 2018/05/04 10:56:23 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:23 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0xd1e1ff7f, 0x4, [0x0, 0xe2f]}) [ 775.630418] binder: 7932:7933 transaction failed 29189/-22, size 0-0 line 2856 [ 775.659879] binder: undelivered TRANSACTION_ERROR: 29189 [ 775.666084] binder: 7932:7933 transaction failed 29189/-22, size 0-0 line 2856 [ 775.676424] FAULT_INJECTION: forcing a failure. [ 775.676424] name failslab, interval 1, probability 0, space 0, times 0 [ 775.687905] CPU: 0 PID: 7938 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 775.695106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 775.704461] Call Trace: [ 775.707062] dump_stack+0x1b9/0x294 [ 775.710694] ? dump_stack_print_info.cold.2+0x52/0x52 [ 775.715960] ? rcu_is_watching+0x85/0x140 [ 775.720095] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 775.725277] should_fail.cold.4+0xa/0x1a [ 775.729327] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 775.734418] ? kernel_text_address+0x79/0xf0 [ 775.738816] ? __unwind_start+0x166/0x330 [ 775.742952] ? __kernel_text_address+0xd/0x40 [ 775.747436] ? graph_lock+0x170/0x170 [ 775.751222] ? __save_stack_trace+0x7e/0xd0 [ 775.755532] ? find_held_lock+0x36/0x1c0 [ 775.759581] ? __lock_is_held+0xb5/0x140 [ 775.763634] ? sctp_ulpevent_make_send_failed+0x4a0/0x9c0 [ 775.769168] ? check_same_owner+0x320/0x320 [ 775.773484] ? rcu_note_context_switch+0x710/0x710 [ 775.778416] __should_failslab+0x124/0x180 [ 775.782639] should_failslab+0x9/0x14 [ 775.786430] __kmalloc+0x2c8/0x760 [ 775.789968] ? match_number.isra.0+0xb6/0x260 [ 775.794461] match_number.isra.0+0xb6/0x260 [ 775.798769] ? match_strdup+0xa0/0xa0 [ 775.802563] ? match_wildcard+0x3c0/0x3c0 [ 775.806701] ? trace_hardirqs_on+0xd/0x10 [ 775.810843] match_octal+0x26/0x30 [ 775.814374] fuse_fill_super+0x615/0x1e20 [ 775.818516] ? fuse_get_root_inode+0x190/0x190 [ 775.823101] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 775.828107] ? kasan_check_read+0x11/0x20 [ 775.832243] ? cap_capable+0x1f9/0x260 [ 775.836123] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 775.841653] ? security_capable+0x99/0xc0 [ 775.845790] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 775.851316] ? ns_capable_common+0x13f/0x170 [ 775.855712] ? get_anon_bdev+0x2f0/0x2f0 [ 775.859757] ? sget+0x113/0x150 [ 775.863028] ? fuse_get_root_inode+0x190/0x190 [ 775.867594] mount_nodev+0x6b/0x110 [ 775.871209] fuse_mount+0x2c/0x40 [ 775.874650] mount_fs+0xae/0x328 [ 775.878009] vfs_kern_mount.part.34+0xd4/0x4d0 [ 775.882580] ? may_umount+0xb0/0xb0 [ 775.886207] ? _raw_read_unlock+0x22/0x30 [ 775.890342] ? __get_fs_type+0x97/0xc0 [ 775.894222] do_mount+0x564/0x3070 [ 775.897752] ? do_raw_spin_unlock+0x9e/0x2e0 [ 775.902159] ? copy_mount_string+0x40/0x40 [ 775.906381] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 775.911398] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 775.916154] ? retint_kernel+0x10/0x10 [ 775.920124] ? copy_mount_options+0x1f0/0x380 [ 775.924614] ? copy_mount_options+0x1f6/0x380 [ 775.929097] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 775.934619] ? copy_mount_options+0x285/0x380 [ 775.939105] ksys_mount+0x12d/0x140 [ 775.942731] __x64_sys_mount+0xbe/0x150 [ 775.946697] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 775.951703] do_syscall_64+0x1b1/0x800 [ 775.955580] ? finish_task_switch+0x1ca/0x810 [ 775.960064] ? syscall_return_slowpath+0x5c0/0x5c0 [ 775.965004] ? syscall_return_slowpath+0x30f/0x5c0 [ 775.969943] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 775.975384] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 775.980215] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 775.985407] RIP: 0033:0x455979 [ 775.988581] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 775.996276] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 776.003536] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 776.010792] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 776.018045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 2018/05/04 10:56:24 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:24 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x800e0000, 0x4, [0x0, 0xe2f]}) [ 776.025321] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:24 executing program 2 (fault-call:3 fault-nth:43): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:24 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x140, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:24 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:24 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='/cH@', @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x20002, 0x0) ioctl$EVIOCGKEYCODE_V2(r1, 0x80284504, &(0x7f00000000c0)=""/138) [ 776.065601] binder: 7924:7940 transaction failed 29189/-22, size 0-0 line 2856 [ 776.105449] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:56:24 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x700}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 776.133254] binder: undelivered TRANSACTION_ERROR: 29189 [ 776.148143] binder: 7949:7951 unknown command 1078485807 [ 776.170490] binder: 7949:7951 ioctl c0306201 20000040 returned -22 2018/05/04 10:56:24 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 776.179581] FAULT_INJECTION: forcing a failure. [ 776.179581] name failslab, interval 1, probability 0, space 0, times 0 [ 776.190930] CPU: 0 PID: 7948 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 776.198134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 776.205429] binder: 7949:7951 unknown command 1078485807 [ 776.207490] Call Trace: [ 776.207516] dump_stack+0x1b9/0x294 [ 776.207538] ? dump_stack_print_info.cold.2+0x52/0x52 [ 776.207562] should_fail.cold.4+0xa/0x1a [ 776.207580] ? fault_create_debugfs_attr+0x1f0/0x1f0 2018/05/04 10:56:24 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x6800}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 776.213278] binder: 7954:7956 transaction failed 29189/-22, size 0-0 line 2856 [ 776.215617] ? graph_lock+0x170/0x170 [ 776.215636] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 776.215656] ? find_held_lock+0x36/0x1c0 [ 776.215676] ? __lock_is_held+0xb5/0x140 [ 776.215707] ? check_same_owner+0x320/0x320 [ 776.229852] binder: 7949:7951 ioctl c0306201 20000040 returned -22 [ 776.233682] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 776.233705] ? rcu_note_context_switch+0x710/0x710 [ 776.233727] __should_failslab+0x124/0x180 2018/05/04 10:56:24 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x300}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 776.233745] should_failslab+0x9/0x14 [ 776.233764] kmem_cache_alloc_trace+0x2cb/0x780 [ 776.254409] binder: undelivered TRANSACTION_ERROR: 29189 [ 776.258149] ? __raw_spin_lock_init+0x1c/0x100 [ 776.258174] device_create_groups_vargs+0xa7/0x270 [ 776.258194] device_create_vargs+0x46/0x60 [ 776.286308] binder: 7959:7961 transaction failed 29189/-22, size 0-0 line 2856 [ 776.287282] bdi_register_va.part.10+0xbb/0x970 [ 776.287299] ? cgwb_kill+0x630/0x630 [ 776.287320] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 776.287333] ? bdi_init+0x416/0x510 [ 776.287346] ? wb_init+0x9e0/0x9e0 [ 776.287367] ? bdi_alloc_node+0x67/0xe0 [ 776.307321] binder: undelivered TRANSACTION_ERROR: 29189 [ 776.311197] ? bdi_alloc_node+0x67/0xe0 [ 776.311215] ? rcu_read_lock_sched_held+0x108/0x120 [ 776.311232] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 776.311255] ? _raw_spin_unlock+0x22/0x30 [ 776.311274] bdi_register_va+0x68/0x80 [ 776.311292] super_setup_bdi_name+0x123/0x220 [ 776.311309] ? kill_block_super+0x100/0x100 [ 776.371177] binder: 7963:7964 transaction failed 29189/-22, size 0-0 line 2856 [ 776.371355] ? kmem_cache_alloc_trace+0x616/0x780 [ 776.392268] binder: undelivered TRANSACTION_ERROR: 29189 [ 776.392332] ? match_wildcard+0x3c0/0x3c0 [ 776.401903] ? trace_hardirqs_on+0xd/0x10 [ 776.406074] fuse_fill_super+0xe6e/0x1e20 [ 776.410249] ? fuse_get_root_inode+0x190/0x190 [ 776.414850] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 776.419885] ? kasan_check_read+0x11/0x20 [ 776.424043] ? cap_capable+0x1f9/0x260 [ 776.427945] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 776.433493] ? security_capable+0x99/0xc0 [ 776.437675] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 776.443228] ? ns_capable_common+0x13f/0x170 [ 776.447646] ? get_anon_bdev+0x2f0/0x2f0 [ 776.451698] ? sget+0x113/0x150 [ 776.454971] ? fuse_get_root_inode+0x190/0x190 [ 776.459550] mount_nodev+0x6b/0x110 [ 776.463172] fuse_mount+0x2c/0x40 [ 776.466613] mount_fs+0xae/0x328 [ 776.469967] vfs_kern_mount.part.34+0xd4/0x4d0 [ 776.474550] ? may_umount+0xb0/0xb0 [ 776.478168] ? _raw_read_unlock+0x22/0x30 [ 776.482312] ? __get_fs_type+0x97/0xc0 [ 776.486239] do_mount+0x564/0x3070 [ 776.489819] ? copy_mount_string+0x40/0x40 [ 776.494061] ? rcu_pm_notify+0xc0/0xc0 [ 776.497973] ? copy_mount_options+0x5f/0x380 [ 776.502386] ? rcu_read_lock_sched_held+0x108/0x120 [ 776.507399] ? kmem_cache_alloc_trace+0x616/0x780 [ 776.512244] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 776.517792] ? copy_mount_options+0x285/0x380 [ 776.522280] ksys_mount+0x12d/0x140 [ 776.525894] __x64_sys_mount+0xbe/0x150 [ 776.529856] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 776.534864] do_syscall_64+0x1b1/0x800 [ 776.538740] ? finish_task_switch+0x1ca/0x810 [ 776.543222] ? syscall_return_slowpath+0x5c0/0x5c0 [ 776.548140] ? syscall_return_slowpath+0x30f/0x5c0 [ 776.553059] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 776.558416] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 776.563246] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 776.568419] RIP: 0033:0x455979 [ 776.571592] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 776.579286] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 776.586539] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 776.593884] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 776.601140] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 776.608394] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:24 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x100000000000000, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:24 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) flistxattr(r0, &(0x7f0000000140)=""/137, 0x89) syz_open_dev$admmidi(&(0x7f0000000200)='/dev/admmidi#\x00', 0x4009, 0x400000) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$KVM_GET_PIT2(0xffffffffffffffff, 0x8070ae9f, &(0x7f00000000c0)) r1 = pkey_alloc(0x0, 0x3) pkey_free(r1) 2018/05/04 10:56:24 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x300000000000000}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:24 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:24 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0xffff8000]}]}) 2018/05/04 10:56:24 executing program 2 (fault-call:3 fault-nth:44): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:24 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:24 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) [ 776.808220] nla_parse: 11 callbacks suppressed [ 776.808229] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 776.814112] binder: 7980:7986 transaction failed 29189/-22, size 0-0 line 2856 [ 776.843397] FAULT_INJECTION: forcing a failure. [ 776.843397] name failslab, interval 1, probability 0, space 0, times 0 2018/05/04 10:56:24 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x6c00000000000000}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:24 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0xffffffff00000000, 0x4, [0x0, 0xe2f]}) [ 776.848288] binder: 7981:7989 transaction failed 29189/-22, size 0-0 line 2856 [ 776.854736] CPU: 0 PID: 7975 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 776.854747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 776.854758] Call Trace: [ 776.877953] binder: undelivered TRANSACTION_ERROR: 29189 [ 776.878664] dump_stack+0x1b9/0x294 [ 776.878685] ? dump_stack_print_info.cold.2+0x52/0x52 [ 776.878706] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 776.886159] binder: undelivered TRANSACTION_ERROR: 29189 [ 776.886916] should_fail.cold.4+0xa/0x1a [ 776.886938] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 776.915432] ? memset+0x31/0x40 [ 776.918731] ? graph_lock+0x170/0x170 [ 776.922550] ? get_random_bytes+0x34/0x40 [ 776.925115] binder: 7980:7986 transaction failed 29189/-22, size 0-0 line 2856 [ 776.926707] ? crng_backtrack_protect+0x80/0x80 [ 776.926727] ? find_held_lock+0x36/0x1c0 [ 776.926746] ? __lock_is_held+0xb5/0x140 [ 776.926770] ? check_same_owner+0x320/0x320 [ 776.926788] ? fuse_conn_init+0x744/0x900 [ 776.949448] binder: 7991:7994 transaction failed 29189/-22, size 0-0 line 2856 [ 776.951210] ? rcu_note_context_switch+0x710/0x710 [ 776.951232] __should_failslab+0x124/0x180 [ 776.951251] should_failslab+0x9/0x14 [ 776.951268] kmem_cache_alloc_trace+0x2cb/0x780 [ 776.951291] fuse_dev_alloc+0xb5/0x4e0 [ 776.951309] ? __lock_is_held+0xb5/0x140 [ 776.988246] ? process_init_reply+0x1460/0x1460 [ 776.993517] ? rcu_read_lock_sched_held+0x108/0x120 [ 776.998519] ? kmem_cache_alloc_trace+0x616/0x780 [ 777.003350] ? match_wildcard+0x3c0/0x3c0 [ 777.007493] ? trace_hardirqs_on+0xd/0x10 [ 777.011632] fuse_fill_super+0xce0/0x1e20 [ 777.015773] ? fuse_get_root_inode+0x190/0x190 [ 777.020347] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 777.025352] ? kasan_check_read+0x11/0x20 [ 777.029486] ? cap_capable+0x1f9/0x260 [ 777.033366] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 777.038891] ? security_capable+0x99/0xc0 [ 777.043032] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 777.048562] ? ns_capable_common+0x13f/0x170 [ 777.052972] ? get_anon_bdev+0x2f0/0x2f0 [ 777.057028] ? sget+0x113/0x150 [ 777.060304] ? fuse_get_root_inode+0x190/0x190 [ 777.064875] mount_nodev+0x6b/0x110 [ 777.068501] fuse_mount+0x2c/0x40 [ 777.071946] mount_fs+0xae/0x328 [ 777.075304] vfs_kern_mount.part.34+0xd4/0x4d0 [ 777.079875] ? may_umount+0xb0/0xb0 [ 777.083493] ? _raw_read_unlock+0x22/0x30 [ 777.087633] ? __get_fs_type+0x97/0xc0 [ 777.091512] do_mount+0x564/0x3070 [ 777.095049] ? do_raw_spin_unlock+0x9e/0x2e0 [ 777.099460] ? copy_mount_string+0x40/0x40 [ 777.103682] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 777.108688] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 777.113435] ? retint_kernel+0x10/0x10 [ 777.117316] ? copy_mount_options+0x1f0/0x380 [ 777.121814] ? copy_mount_options+0x202/0x380 [ 777.126303] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 777.131829] ? copy_mount_options+0x285/0x380 [ 777.136314] ksys_mount+0x12d/0x140 [ 777.139937] __x64_sys_mount+0xbe/0x150 [ 777.143911] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 777.148918] do_syscall_64+0x1b1/0x800 [ 777.152796] ? finish_task_switch+0x1ca/0x810 [ 777.157281] ? syscall_return_slowpath+0x5c0/0x5c0 [ 777.162199] ? syscall_return_slowpath+0x30f/0x5c0 [ 777.167119] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 777.172476] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 777.177308] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 777.182485] RIP: 0033:0x455979 [ 777.185662] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 777.193360] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 777.200617] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 2018/05/04 10:56:25 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x4c000000}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:25 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 777.207887] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 777.215155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 777.222422] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 777.244256] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:56:25 executing program 2 (fault-call:3 fault-nth:45): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:25 executing program 1: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x32040, 0x0) sendto$llc(r0, &(0x7f0000000100)="5450eb6b729bc84ac9739475041b28cff0cf8d2fd26bc9c757383b359dd22a79fde49853884946da49ffb737700798c31d3368f949c268341e874021e701de90dfaa88e803550ce3d03e", 0x4a, 0x40000, &(0x7f0000000180)={0x1a, 0x205, 0x1, 0x6, 0x1, 0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x10) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="8204734f65a534000000005003f33f6d2a33f4ae520cc53395bda968ac8516bbc3eff42f82683fdefaf67c7033ad86d989c83421664d7ffbcaffa414130fd83ccb90d365dbf80fb6cfccf90cf5b540", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0) [ 777.286342] binder: undelivered TRANSACTION_ERROR: 29189 [ 777.313609] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 777.362989] binder: 7997:8005 transaction failed 29189/-22, size 0-0 line 2856 [ 777.363977] FAULT_INJECTION: forcing a failure. [ 777.363977] name failslab, interval 1, probability 0, space 0, times 0 [ 777.381782] CPU: 0 PID: 8004 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 777.385796] binder: undelivered TRANSACTION_ERROR: 29189 [ 777.388972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 777.388978] Call Trace: [ 777.389005] dump_stack+0x1b9/0x294 [ 777.389045] ? dump_stack_print_info.cold.2+0x52/0x52 [ 777.389072] should_fail.cold.4+0xa/0x1a [ 777.389089] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 777.389112] ? graph_lock+0x170/0x170 [ 777.428417] ? _raw_spin_unlock_irqrestore+0x74/0xc0 [ 777.433520] ? find_held_lock+0x36/0x1c0 [ 777.437576] ? __lock_is_held+0xb5/0x140 [ 777.442528] ? check_same_owner+0x320/0x320 [ 777.446848] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 777.452391] ? rcu_note_context_switch+0x710/0x710 [ 777.457329] __should_failslab+0x124/0x180 [ 777.461591] should_failslab+0x9/0x14 [ 777.465392] kmem_cache_alloc_trace+0x2cb/0x780 [ 777.470065] ? __raw_spin_lock_init+0x1c/0x100 [ 777.474644] device_create_groups_vargs+0xa7/0x270 [ 777.479577] device_create_vargs+0x46/0x60 [ 777.483813] bdi_register_va.part.10+0xbb/0x970 [ 777.488482] ? cgwb_kill+0x630/0x630 [ 777.492193] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 777.497730] ? bdi_init+0x416/0x510 [ 777.501466] ? wb_init+0x9e0/0x9e0 [ 777.505029] ? bdi_alloc_node+0x67/0xe0 [ 777.509037] ? bdi_alloc_node+0x67/0xe0 [ 777.513039] ? rcu_read_lock_sched_held+0x108/0x120 [ 777.518056] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 777.523352] ? _raw_spin_unlock+0x22/0x30 [ 777.527495] bdi_register_va+0x68/0x80 [ 777.531377] super_setup_bdi_name+0x123/0x220 [ 777.535873] ? kill_block_super+0x100/0x100 [ 777.540203] ? kmem_cache_alloc_trace+0x616/0x780 [ 777.545052] ? match_wildcard+0x3c0/0x3c0 [ 777.549195] ? trace_hardirqs_on+0xd/0x10 [ 777.553338] fuse_fill_super+0xe6e/0x1e20 [ 777.557494] ? fuse_get_root_inode+0x190/0x190 [ 777.562085] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 777.567113] ? kasan_check_read+0x11/0x20 [ 777.571268] ? cap_capable+0x1f9/0x260 [ 777.575165] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 777.580709] ? security_capable+0x99/0xc0 [ 777.584863] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 777.590408] ? ns_capable_common+0x13f/0x170 [ 777.594834] ? get_anon_bdev+0x2f0/0x2f0 [ 777.598898] ? sget+0x113/0x150 [ 777.602191] ? fuse_get_root_inode+0x190/0x190 [ 777.606794] mount_nodev+0x6b/0x110 [ 777.610427] fuse_mount+0x2c/0x40 [ 777.613898] mount_fs+0xae/0x328 [ 777.617281] vfs_kern_mount.part.34+0xd4/0x4d0 [ 777.621880] ? may_umount+0xb0/0xb0 [ 777.625518] ? _raw_read_unlock+0x22/0x30 [ 777.629673] ? __get_fs_type+0x97/0xc0 [ 777.633569] do_mount+0x564/0x3070 [ 777.637111] ? copy_mount_string+0x40/0x40 [ 777.641334] ? rcu_pm_notify+0xc0/0xc0 [ 777.645241] ? copy_mount_options+0x5f/0x380 [ 777.649648] ? rcu_read_lock_sched_held+0x108/0x120 [ 777.654677] ? kmem_cache_alloc_trace+0x616/0x780 [ 777.659558] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 777.665110] ? _copy_from_user+0xdf/0x150 [ 777.669290] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 777.674852] ? copy_mount_options+0x285/0x380 [ 777.679373] ksys_mount+0x12d/0x140 [ 777.683022] __x64_sys_mount+0xbe/0x150 [ 777.687020] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 777.692065] do_syscall_64+0x1b1/0x800 [ 777.695964] ? finish_task_switch+0x1ca/0x810 [ 777.700565] ? syscall_return_slowpath+0x5c0/0x5c0 [ 777.705500] ? syscall_return_slowpath+0x30f/0x5c0 [ 777.710438] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 777.715826] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 777.720676] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 777.725861] RIP: 0033:0x455979 [ 777.729042] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 777.736746] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 777.744007] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 777.751878] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 777.759133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 777.766561] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:25 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x4001000000000000, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:25 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:25 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:25 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:25 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x20000000}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:25 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x1800000000000000]}]}) 2018/05/04 10:56:25 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:25 executing program 2 (fault-call:3 fault-nth:46): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) [ 777.906752] binder: 8014:8015 transaction failed 29189/-22, size 0-0 line 2856 [ 777.922625] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 777.943998] binder: 8020:8026 transaction failed 29189/-22, size 0-0 line 2856 [ 777.955307] binder: undelivered TRANSACTION_ERROR: 29189 [ 777.977206] FAULT_INJECTION: forcing a failure. [ 777.977206] name failslab, interval 1, probability 0, space 0, times 0 [ 777.978848] binder: 8014:8015 transaction failed 29189/-22, size 0-0 line 2856 [ 777.988626] CPU: 1 PID: 8030 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 778.003320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 778.012683] Call Trace: [ 778.015293] dump_stack+0x1b9/0x294 [ 778.018941] ? dump_stack_print_info.cold.2+0x52/0x52 [ 778.024170] should_fail.cold.4+0xa/0x1a [ 778.028255] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 778.031522] binder: undelivered TRANSACTION_ERROR: 29189 [ 778.033389] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 778.033407] ? __lockdep_init_map+0x105/0x590 [ 778.033425] ? graph_lock+0x170/0x170 [ 778.033445] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 778.033485] ? put_dec_trunc8+0x273/0x300 [ 778.061876] ? find_held_lock+0x36/0x1c0 [ 778.063825] binder: undelivered TRANSACTION_ERROR: 29189 [ 778.066007] ? __lock_is_held+0xb5/0x140 [ 778.066036] ? check_same_owner+0x320/0x320 [ 778.066054] ? device_pm_sleep_init+0xe8/0x200 [ 778.066074] ? rcu_note_context_switch+0x710/0x710 [ 778.089390] __should_failslab+0x124/0x180 [ 778.093650] should_failslab+0x9/0x14 [ 778.097473] __kmalloc_track_caller+0x2c4/0x760 [ 778.102159] ? pointer+0xa20/0xa20 [ 778.105716] ? kvasprintf_const+0x67/0x190 [ 778.109967] kvasprintf+0xa9/0x130 [ 778.113515] ? bust_spinlocks+0xe0/0xe0 [ 778.117542] ? rcu_read_lock_sched_held+0x108/0x120 [ 778.122575] kvasprintf_const+0x67/0x190 [ 778.126345] binder: 8036:8037 transaction failed 29189/-22, size 0-0 line 2856 [ 778.126645] kobject_set_name_vargs+0x5b/0x150 [ 778.126665] device_create_groups_vargs+0x1ce/0x270 [ 778.126687] device_create_vargs+0x46/0x60 [ 778.140452] binder: 8035:8038 transaction failed 29189/-22, size 0-0 line 2856 [ 778.143636] bdi_register_va.part.10+0xbb/0x970 [ 778.143653] ? cgwb_kill+0x630/0x630 [ 778.143674] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 778.143686] ? bdi_init+0x416/0x510 [ 778.143700] ? wb_init+0x9e0/0x9e0 2018/05/04 10:56:26 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840", @ANYRES64=0x0, @ANYBLOB="4a9313fe9e1eabb1"], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) accept4$packet(0xffffffffffffff9c, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000000140)=0x14, 0x80800) sendto$packet(r0, &(0x7f0000000080)="0657d8e18d4aa22e74fab196adc6eb10b049235618f9fbb69db3c27b1a3b63120801feba37b5cdfa1450107e8ad7decf5df7fed95314d6f38e431f3afc3d2f48db47dd678a53af4627085528c444bfabf50f9681699b59c60bbb712701fddf2428830a013b3e94b4220c15c173070f64c9c1bb09f02f", 0x76, 0x80, &(0x7f0000000180)={0x11, 0x16, r1, 0x1, 0x8, 0x6, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}}, 0x14) 2018/05/04 10:56:26 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x48}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:26 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x800e, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:26 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:26 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x100000000000000}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 778.143715] ? bdi_alloc_node+0x67/0xe0 [ 778.143727] ? bdi_alloc_node+0x67/0xe0 [ 778.143748] ? rcu_read_lock_sched_held+0x108/0x120 [ 778.148633] binder: undelivered TRANSACTION_ERROR: 29189 [ 778.155333] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 778.155353] ? _raw_spin_unlock+0x22/0x30 [ 778.155372] bdi_register_va+0x68/0x80 [ 778.155391] super_setup_bdi_name+0x123/0x220 [ 778.155405] ? kill_block_super+0x100/0x100 [ 778.155421] ? kmem_cache_alloc_trace+0x616/0x780 [ 778.155438] ? match_wildcard+0x3c0/0x3c0 2018/05/04 10:56:26 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=ANY=[], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x80, 0x402000) ioctl$LOOP_SET_CAPACITY(r1, 0x4c07) [ 778.155457] ? trace_hardirqs_on+0xd/0x10 [ 778.155477] fuse_fill_super+0xe6e/0x1e20 [ 778.175144] binder: 8036:8037 transaction failed 29189/-22, size 0-0 line 2856 [ 778.176524] ? fuse_get_root_inode+0x190/0x190 [ 778.176546] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 778.176567] ? kasan_check_read+0x11/0x20 [ 778.176586] ? cap_capable+0x1f9/0x260 [ 778.176607] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 778.176625] ? security_capable+0x99/0xc0 [ 778.184562] binder: undelivered TRANSACTION_ERROR: 29189 [ 778.189572] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 778.189588] ? ns_capable_common+0x13f/0x170 [ 778.189607] ? get_anon_bdev+0x2f0/0x2f0 [ 778.189621] ? sget+0x113/0x150 [ 778.189640] ? fuse_get_root_inode+0x190/0x190 [ 778.189655] mount_nodev+0x6b/0x110 [ 778.189671] fuse_mount+0x2c/0x40 [ 778.189687] mount_fs+0xae/0x328 [ 778.189705] vfs_kern_mount.part.34+0xd4/0x4d0 [ 778.248912] binder: undelivered TRANSACTION_ERROR: 29189 [ 778.251510] ? may_umount+0xb0/0xb0 [ 778.251530] ? _raw_read_unlock+0x22/0x30 2018/05/04 10:56:26 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x6800000000000000}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 778.251544] ? __get_fs_type+0x97/0xc0 [ 778.251564] do_mount+0x564/0x3070 [ 778.251584] ? copy_mount_string+0x40/0x40 [ 778.251601] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 778.251620] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 778.251637] ? retint_kernel+0x10/0x10 [ 778.251656] ? copy_mount_options+0x1f0/0x380 [ 778.257542] binder: 8043:8044 transaction failed 29189/-22, size 0-0 line 2856 [ 778.259701] ? copy_mount_options+0x1fa/0x380 [ 778.259720] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 778.259734] ? copy_mount_options+0x285/0x380 [ 778.259753] ksys_mount+0x12d/0x140 [ 778.259770] __x64_sys_mount+0xbe/0x150 [ 778.259786] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 778.259805] do_syscall_64+0x1b1/0x800 [ 778.259821] ? finish_task_switch+0x1ca/0x810 [ 778.259834] ? syscall_return_slowpath+0x5c0/0x5c0 [ 778.259852] ? syscall_return_slowpath+0x30f/0x5c0 [ 778.314171] binder: undelivered TRANSACTION_ERROR: 29189 [ 778.318004] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 778.318028] ? trace_hardirqs_off_thunk+0x1a/0x1c 2018/05/04 10:56:26 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x4001, 0x4, [0x0, 0xe2f]}) 2018/05/04 10:56:26 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) r1 = add_key(&(0x7f0000000080)='encrypted\x00', &(0x7f00000000c0)={0x73, 0x79, 0x7a, 0x0}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$setperm(0x5, r1, 0x200000) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x8, 0x30, r0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000100)={r2}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:26 executing program 2 (fault-call:3 fault-nth:47): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) [ 778.318049] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 778.318061] RIP: 0033:0x455979 [ 778.318069] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 778.318085] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 778.318094] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 778.318103] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 778.318112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 778.318119] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 778.330472] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 778.358327] binder: 8048:8049 transaction failed 29189/-22, size 0-0 line 2856 [ 778.469352] binder: 8054:8055 transaction failed 29189/-22, size 0-0 line 2856 [ 778.515088] FAULT_INJECTION: forcing a failure. [ 778.515088] name failslab, interval 1, probability 0, space 0, times 0 [ 778.522392] binder: undelivered TRANSACTION_ERROR: 29189 [ 778.526946] CPU: 1 PID: 8056 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 778.534718] binder: undelivered TRANSACTION_ERROR: 29189 [ 778.539442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 778.539448] Call Trace: [ 778.539475] dump_stack+0x1b9/0x294 [ 778.539493] ? dump_stack_print_info.cold.2+0x52/0x52 [ 778.539517] should_fail.cold.4+0xa/0x1a [ 778.546655] binder: 8054:8055 transaction failed 29189/-22, size 0-0 line 2856 [ 778.554314] ? __kmalloc_track_caller+0x14a/0x760 [ 778.554337] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 778.554354] ? device_add+0x3a5/0x16d0 [ 778.554369] ? device_create_groups_vargs+0x1ff/0x270 [ 778.554382] ? device_create_vargs+0x46/0x60 [ 778.554398] ? bdi_register_va.part.10+0xbb/0x970 [ 778.554416] ? bdi_register_va+0x68/0x80 [ 778.554428] ? super_setup_bdi_name+0x123/0x220 [ 778.554450] ? fuse_fill_super+0xe6e/0x1e20 [ 778.588685] binder: undelivered TRANSACTION_ERROR: 29189 [ 778.591013] ? graph_lock+0x170/0x170 [ 778.591029] ? do_mount+0x564/0x3070 [ 778.591043] ? ksys_mount+0x12d/0x140 [ 778.591056] ? __x64_sys_mount+0xbe/0x150 [ 778.591072] ? do_syscall_64+0x1b1/0x800 [ 778.591088] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 778.591103] ? find_held_lock+0x36/0x1c0 [ 778.591120] ? __lock_is_held+0xb5/0x140 [ 778.657006] ? check_same_owner+0x320/0x320 [ 778.661328] ? rcu_note_context_switch+0x710/0x710 [ 778.666246] ? rcu_read_lock_sched_held+0x108/0x120 [ 778.671260] __should_failslab+0x124/0x180 [ 778.675486] should_failslab+0x9/0x14 [ 778.679274] kmem_cache_alloc+0x2af/0x760 [ 778.683422] ? memcpy+0x45/0x50 [ 778.686688] ? kstrdup+0x59/0x70 [ 778.690053] __kernfs_new_node+0xe7/0x580 [ 778.694206] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 778.698978] ? lock_downgrade+0x8e0/0x8e0 [ 778.703128] kernfs_new_node+0x80/0xf0 [ 778.707009] kernfs_create_dir_ns+0x3d/0x140 [ 778.711417] sysfs_create_dir_ns+0xbe/0x1d0 [ 778.715731] kobject_add_internal+0x354/0xac0 [ 778.720219] ? kobj_ns_type_registered+0x60/0x60 [ 778.724972] ? lock_downgrade+0x8e0/0x8e0 [ 778.729127] ? refcount_add_not_zero+0x320/0x320 [ 778.733889] ? kasan_check_read+0x11/0x20 [ 778.738041] kobject_add+0x13a/0x190 [ 778.741769] ? kset_create_and_add+0x190/0x190 [ 778.746352] ? mutex_unlock+0xd/0x10 [ 778.750063] device_add+0x3a5/0x16d0 [ 778.753784] ? device_private_init+0x230/0x230 [ 778.758380] ? kfree+0x1e9/0x260 [ 778.761763] ? kfree_const+0x5e/0x70 [ 778.765499] device_create_groups_vargs+0x1ff/0x270 [ 778.770532] device_create_vargs+0x46/0x60 [ 778.774784] bdi_register_va.part.10+0xbb/0x970 [ 778.779463] ? cgwb_kill+0x630/0x630 [ 778.783187] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 778.788733] ? bdi_init+0x416/0x510 [ 778.792373] ? wb_init+0x9e0/0x9e0 [ 778.795929] ? bdi_alloc_node+0x67/0xe0 [ 778.799919] ? bdi_alloc_node+0x67/0xe0 [ 778.803908] ? rcu_read_lock_sched_held+0x108/0x120 [ 778.808945] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 778.814234] ? _raw_spin_unlock+0x22/0x30 [ 778.818400] bdi_register_va+0x68/0x80 [ 778.822288] super_setup_bdi_name+0x123/0x220 [ 778.826772] ? kill_block_super+0x100/0x100 [ 778.831081] ? kmem_cache_alloc_trace+0x616/0x780 [ 778.835915] ? match_wildcard+0x3c0/0x3c0 [ 778.840054] ? trace_hardirqs_on+0xd/0x10 [ 778.844195] fuse_fill_super+0xe6e/0x1e20 [ 778.848337] ? fuse_get_root_inode+0x190/0x190 [ 778.852911] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 778.857929] ? kasan_check_read+0x11/0x20 [ 778.862069] ? cap_capable+0x1f9/0x260 [ 778.865966] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 778.871524] ? security_capable+0x99/0xc0 [ 778.875698] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 778.881238] ? ns_capable_common+0x13f/0x170 [ 778.885649] ? get_anon_bdev+0x2f0/0x2f0 [ 778.889708] ? sget+0x113/0x150 [ 778.892995] ? fuse_get_root_inode+0x190/0x190 [ 778.897570] mount_nodev+0x6b/0x110 [ 778.901190] fuse_mount+0x2c/0x40 [ 778.904634] mount_fs+0xae/0x328 [ 778.907993] vfs_kern_mount.part.34+0xd4/0x4d0 [ 778.912570] ? may_umount+0xb0/0xb0 [ 778.916189] ? _raw_read_unlock+0x22/0x30 [ 778.920325] ? __get_fs_type+0x97/0xc0 [ 778.924206] do_mount+0x564/0x3070 [ 778.927742] ? copy_mount_string+0x40/0x40 [ 778.931971] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 778.936719] ? retint_kernel+0x10/0x10 [ 778.940598] ? copy_mount_options+0x1f0/0x380 [ 778.945087] ? __sanitizer_cov_trace_pc+0x48/0x50 [ 778.949921] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 778.955445] ? copy_mount_options+0x285/0x380 [ 778.959943] ksys_mount+0x12d/0x140 [ 778.963561] __x64_sys_mount+0xbe/0x150 [ 778.967525] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 778.972553] do_syscall_64+0x1b1/0x800 [ 778.976431] ? finish_task_switch+0x1ca/0x810 [ 778.980915] ? syscall_return_slowpath+0x5c0/0x5c0 [ 778.985838] ? syscall_return_slowpath+0x30f/0x5c0 [ 778.990773] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 778.996141] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 779.000974] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 779.006151] RIP: 0033:0x455979 [ 779.009340] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 779.017044] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 779.024312] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 779.031570] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 779.038825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 779.046081] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 779.053617] kobject_add_internal failed for 0:44 (error: -12 parent: bdi) 2018/05/04 10:56:27 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:27 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x2, [0x0, 0xe2f]}) 2018/05/04 10:56:27 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x2000000}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:27 executing program 1: ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000080)={0xffffffffffffffff}) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='htcp\x00', 0x5) r1 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840", @ANYRES64=0x0, @ANYBLOB="0600000000000000"], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0) 2018/05/04 10:56:27 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:27 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:27 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x3f00]}]}) 2018/05/04 10:56:27 executing program 2 (fault-call:3 fault-nth:48): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:27 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x3, [0x0, 0xe2f]}) [ 779.209784] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 779.226150] binder: 8075:8077 transaction failed 29189/-22, size 0-0 line 2856 [ 779.244637] binder: 8074:8080 transaction failed 29189/-22, size 0-0 line 2856 [ 779.257940] FAULT_INJECTION: forcing a failure. [ 779.257940] name failslab, interval 1, probability 0, space 0, times 0 [ 779.269363] CPU: 0 PID: 8078 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 779.276561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 779.285929] Call Trace: [ 779.288543] dump_stack+0x1b9/0x294 [ 779.292189] ? dump_stack_print_info.cold.2+0x52/0x52 [ 779.297404] should_fail.cold.4+0xa/0x1a [ 779.301470] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 779.306575] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 779.311589] ? __lockdep_init_map+0x105/0x590 [ 779.316090] ? graph_lock+0x170/0x170 [ 779.319884] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 779.325415] ? put_dec_trunc8+0x273/0x300 [ 779.329552] ? find_held_lock+0x36/0x1c0 [ 779.333606] ? __lock_is_held+0xb5/0x140 [ 779.337848] ? check_same_owner+0x320/0x320 [ 779.342169] ? device_pm_sleep_init+0xe8/0x200 [ 779.346759] ? rcu_note_context_switch+0x710/0x710 [ 779.351684] __should_failslab+0x124/0x180 [ 779.355916] should_failslab+0x9/0x14 [ 779.359711] __kmalloc_track_caller+0x2c4/0x760 [ 779.364373] ? pointer+0xa20/0xa20 [ 779.367908] ? kvasprintf_const+0x67/0x190 [ 779.372142] kvasprintf+0xa9/0x130 [ 779.375686] ? bust_spinlocks+0xe0/0xe0 [ 779.379669] ? rcu_read_lock_sched_held+0x108/0x120 [ 779.384677] kvasprintf_const+0x67/0x190 [ 779.388749] kobject_set_name_vargs+0x5b/0x150 [ 779.393325] device_create_groups_vargs+0x1ce/0x270 [ 779.398347] device_create_vargs+0x46/0x60 [ 779.402580] bdi_register_va.part.10+0xbb/0x970 [ 779.407241] ? cgwb_kill+0x630/0x630 [ 779.410962] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 779.416496] ? bdi_init+0x416/0x510 [ 779.420123] ? wb_init+0x9e0/0x9e0 [ 779.423654] ? bdi_alloc_node+0x67/0xe0 [ 779.427616] ? bdi_alloc_node+0x67/0xe0 [ 779.431601] ? rcu_read_lock_sched_held+0x108/0x120 [ 779.436615] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 779.442739] ? _raw_spin_unlock+0x22/0x30 [ 779.446890] bdi_register_va+0x68/0x80 [ 779.450769] super_setup_bdi_name+0x123/0x220 [ 779.455251] ? kill_block_super+0x100/0x100 [ 779.459571] ? kmem_cache_alloc_trace+0x616/0x780 [ 779.464401] ? match_wildcard+0x3c0/0x3c0 [ 779.468538] ? trace_hardirqs_on+0xd/0x10 [ 779.472683] fuse_fill_super+0xe6e/0x1e20 [ 779.476843] ? fuse_get_root_inode+0x190/0x190 [ 779.481425] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 779.486434] ? kasan_check_read+0x11/0x20 [ 779.490570] ? cap_capable+0x1f9/0x260 [ 779.494454] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 779.499989] ? security_capable+0x99/0xc0 [ 779.504131] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 779.509672] ? ns_capable_common+0x13f/0x170 [ 779.514070] ? get_anon_bdev+0x2f0/0x2f0 [ 779.518121] ? sget+0x113/0x150 [ 779.521390] ? fuse_get_root_inode+0x190/0x190 [ 779.525960] mount_nodev+0x6b/0x110 [ 779.529579] fuse_mount+0x2c/0x40 [ 779.533035] mount_fs+0xae/0x328 [ 779.536397] vfs_kern_mount.part.34+0xd4/0x4d0 [ 779.540972] ? may_umount+0xb0/0xb0 [ 779.544592] ? _raw_read_unlock+0x22/0x30 [ 779.548726] ? __get_fs_type+0x97/0xc0 [ 779.552616] do_mount+0x564/0x3070 [ 779.556149] ? do_raw_spin_unlock+0x9e/0x2e0 [ 779.560559] ? copy_mount_string+0x40/0x40 [ 779.564784] ? rcu_pm_notify+0xc0/0xc0 [ 779.568664] ? copy_mount_options+0x5f/0x380 [ 779.573061] ? rcu_read_lock_sched_held+0x108/0x120 [ 779.578071] ? kmem_cache_alloc_trace+0x616/0x780 [ 779.582909] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 779.588453] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 779.593980] ? copy_mount_options+0x285/0x380 [ 779.598466] ksys_mount+0x12d/0x140 [ 779.602084] __x64_sys_mount+0xbe/0x150 [ 779.606050] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 779.611058] do_syscall_64+0x1b1/0x800 [ 779.614938] ? finish_task_switch+0x1ca/0x810 [ 779.619425] ? syscall_return_slowpath+0x5c0/0x5c0 [ 779.624429] ? syscall_return_slowpath+0x30f/0x5c0 [ 779.629354] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 779.634709] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 779.639544] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 779.644718] RIP: 0033:0x455979 [ 779.647893] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 2018/05/04 10:56:27 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:27 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x8, [0x0, 0xe2f]}) [ 779.655589] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 779.662847] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 779.670104] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 779.677360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 779.684615] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 779.692390] binder: undelivered TRANSACTION_ERROR: 29189 [ 779.702567] binder: 8075:8077 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:56:27 executing program 2 (fault-call:3 fault-nth:49): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:27 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x7400}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 779.716347] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 779.755801] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:56:27 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, &(0x7f0000011f9d)}) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x0, &(0x7f0000000080)=0x401, 0x4) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) userfaultfd(0x80800) [ 779.771263] binder: undelivered TRANSACTION_ERROR: 29189 [ 779.807533] binder: 8094:8095 unknown command 0 [ 779.817734] binder: 8094:8095 ioctl c0306201 20000040 returned -22 [ 779.819180] binder: 8092:8096 transaction failed 29189/-22, size 0-0 line 2856 [ 779.826436] binder: 8094:8095 unknown command 0 [ 779.835290] FAULT_INJECTION: forcing a failure. [ 779.835290] name failslab, interval 1, probability 0, space 0, times 0 [ 779.836863] binder: 8094:8095 ioctl c0306201 20000040 returned -22 [ 779.847688] CPU: 1 PID: 8093 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 779.847699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 779.847705] Call Trace: [ 779.847731] dump_stack+0x1b9/0x294 [ 779.847750] ? dump_stack_print_info.cold.2+0x52/0x52 [ 779.847773] should_fail.cold.4+0xa/0x1a [ 779.847788] ? __kmalloc_track_caller+0x14a/0x760 [ 779.847808] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 779.896026] ? device_add+0x3a5/0x16d0 [ 779.899929] ? device_create_groups_vargs+0x1ff/0x270 [ 779.905124] ? device_create_vargs+0x46/0x60 [ 779.909540] ? bdi_register_va.part.10+0xbb/0x970 [ 779.914378] ? bdi_register_va+0x68/0x80 [ 779.918439] ? super_setup_bdi_name+0x123/0x220 [ 779.923107] ? fuse_fill_super+0xe6e/0x1e20 [ 779.927425] ? graph_lock+0x170/0x170 [ 779.931228] ? do_mount+0x564/0x3070 [ 779.934948] ? ksys_mount+0x12d/0x140 [ 779.938738] ? __x64_sys_mount+0xbe/0x150 [ 779.942883] ? do_syscall_64+0x1b1/0x800 [ 779.946938] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 779.952314] ? find_held_lock+0x36/0x1c0 [ 779.956389] ? __lock_is_held+0xb5/0x140 [ 779.960455] ? check_same_owner+0x320/0x320 [ 779.964772] ? rcu_note_context_switch+0x710/0x710 [ 779.969694] ? rcu_read_lock_sched_held+0x108/0x120 [ 779.974713] __should_failslab+0x124/0x180 [ 779.978951] should_failslab+0x9/0x14 [ 779.982754] kmem_cache_alloc+0x2af/0x760 [ 779.986917] ? memcpy+0x45/0x50 [ 779.990203] ? kstrdup+0x59/0x70 [ 779.993574] __kernfs_new_node+0xe7/0x580 [ 779.997723] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 780.002576] ? lock_downgrade+0x8e0/0x8e0 [ 780.006728] kernfs_new_node+0x80/0xf0 [ 780.010627] kernfs_create_dir_ns+0x3d/0x140 [ 780.015056] sysfs_create_dir_ns+0xbe/0x1d0 [ 780.019395] kobject_add_internal+0x354/0xac0 [ 780.023905] ? kobj_ns_type_registered+0x60/0x60 [ 780.029195] ? lock_downgrade+0x8e0/0x8e0 [ 780.033354] ? refcount_add_not_zero+0x320/0x320 [ 780.038121] ? kasan_check_read+0x11/0x20 [ 780.040342] binder: undelivered TRANSACTION_ERROR: 29189 [ 780.042280] kobject_add+0x13a/0x190 [ 780.042300] ? kset_create_and_add+0x190/0x190 [ 780.042322] ? mutex_unlock+0xd/0x10 [ 780.042345] device_add+0x3a5/0x16d0 [ 780.063486] ? device_private_init+0x230/0x230 [ 780.068087] ? kfree+0x1e9/0x260 [ 780.071472] ? kfree_const+0x5e/0x70 [ 780.075213] device_create_groups_vargs+0x1ff/0x270 [ 780.080253] device_create_vargs+0x46/0x60 [ 780.084507] bdi_register_va.part.10+0xbb/0x970 [ 780.089193] ? cgwb_kill+0x630/0x630 [ 780.092926] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 780.098476] ? bdi_init+0x416/0x510 [ 780.102115] ? wb_init+0x9e0/0x9e0 [ 780.105676] ? bdi_alloc_node+0x67/0xe0 [ 780.109667] ? bdi_alloc_node+0x67/0xe0 [ 780.113659] ? rcu_read_lock_sched_held+0x108/0x120 [ 780.118695] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 780.123998] ? _raw_spin_unlock+0x22/0x30 [ 780.128158] bdi_register_va+0x68/0x80 [ 780.132051] super_setup_bdi_name+0x123/0x220 [ 780.136553] ? kill_block_super+0x100/0x100 [ 780.140876] ? kmem_cache_alloc_trace+0x616/0x780 [ 780.145717] ? match_wildcard+0x3c0/0x3c0 [ 780.149865] ? trace_hardirqs_on+0xd/0x10 [ 780.154017] fuse_fill_super+0xe6e/0x1e20 [ 780.158171] ? fuse_get_root_inode+0x190/0x190 [ 780.162758] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 780.167786] ? kasan_check_read+0x11/0x20 [ 780.171926] ? cap_capable+0x1f9/0x260 [ 780.175816] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 780.181361] ? security_capable+0x99/0xc0 [ 780.185502] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 780.191047] ? ns_capable_common+0x13f/0x170 [ 780.195482] ? get_anon_bdev+0x2f0/0x2f0 [ 780.199551] ? sget+0x113/0x150 [ 780.202829] ? fuse_get_root_inode+0x190/0x190 [ 780.207409] mount_nodev+0x6b/0x110 [ 780.211037] fuse_mount+0x2c/0x40 [ 780.214494] mount_fs+0xae/0x328 [ 780.217852] vfs_kern_mount.part.34+0xd4/0x4d0 [ 780.222425] ? may_umount+0xb0/0xb0 [ 780.226042] ? _raw_read_unlock+0x22/0x30 [ 780.230175] ? __get_fs_type+0x97/0xc0 [ 780.234138] do_mount+0x564/0x3070 [ 780.237668] ? copy_mount_string+0x40/0x40 [ 780.241891] ? rcu_pm_notify+0xc0/0xc0 [ 780.245771] ? copy_mount_options+0x5f/0x380 [ 780.250177] ? rcu_read_lock_sched_held+0x108/0x120 [ 780.255182] ? kmem_cache_alloc_trace+0x616/0x780 [ 780.260026] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 780.265566] ? _copy_from_user+0xdf/0x150 [ 780.269723] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 780.276097] ? copy_mount_options+0x285/0x380 [ 780.280587] ksys_mount+0x12d/0x140 [ 780.284202] __x64_sys_mount+0xbe/0x150 [ 780.288165] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 780.293171] do_syscall_64+0x1b1/0x800 [ 780.297048] ? finish_task_switch+0x1ca/0x810 [ 780.301531] ? syscall_return_slowpath+0x5c0/0x5c0 [ 780.306446] ? syscall_return_slowpath+0x30f/0x5c0 [ 780.311367] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 780.316721] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 780.321558] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 780.326775] RIP: 0033:0x455979 [ 780.329949] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 780.337646] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 780.344907] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 780.352163] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 780.359418] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 780.366687] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 780.374249] kobject_add_internal failed for 0:44 (error: -12 parent: bdi) 2018/05/04 10:56:28 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:28 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x12, [0x0, 0xe2f]}) 2018/05/04 10:56:28 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x4000]}]}) 2018/05/04 10:56:28 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x6c000000}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:28 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:28 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:28 executing program 2 (fault-call:3 fault-nth:50): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0x0, 0x802) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000280)=[@register_looper={0x630b}], 0x94, 0x0, &(0x7f00000002c0)="3d48e34777104e2370de2e51ecc3cba90e708d3e93deb102d7aed1a29492d8e1f3a23f6d5164a8984cd29dd352dfbe73fa2cbf8b7beacdfb3efb2417dbe5671841d2db6354956de5d5ce72b70dde75bed1128d234288dd6edbed673b8a70add26ec5a540da9baddb83d835538d39633a9b3c54e26b9616b4ef1df5d8d9a0ca812f1417920dcc9469e8a16e0a4372b6fd28f757f4"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, &(0x7f0000011f9d)}) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/ppp\x00', 0x200, 0x0) ioctl$PIO_FONTX(r1, 0x4b6c, &(0x7f0000000400)="cfa6c661f1444578c668621e5c23f0c21aa083903d6c58b841c1d2dedc714910545880254cb9c6ab2444fb1b4c6be598024fa4e375578704046f3bb93666cdc5cb7faa7a83c0de2e82abf7fa30767abd84851beb96537874c8dd5403d6bd7bf846eb11f96b765c47b9e5204fd3606c4a287c3e7428583d8290cc2b8854be4c122b88e91dbc48a3cd56d395796010c152698aecde55e2f268b49d18f59f7a159bb50f556d651e83d0ee53a86f3fd24103007ba7182b6349170c1c7c6725c53d28c58c10f757dba73b8817fb614b7d02f714f2c10dfe6b8bbcb7a0e0c2a71d47841b2cd1eb4db560cfa9e6d891154b5e9a9eef8644361069d95bda2f") ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) r2 = openat(r1, &(0x7f0000000500)='./file0\x00', 0x100, 0x2a) r3 = accept4(0xffffffffffffff9c, &(0x7f0000000080)=@vsock, &(0x7f0000000100)=0x80, 0x800) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') sendmsg$IPVS_CMD_DEL_SERVICE(r3, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x28, r4, 0xdbc92bc7794545c7, 0x70bd26, 0x1, {0x3}, [@IPVS_CMD_ATTR_DEST={0x14, 0x2, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x3f}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x8001}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004) ioctl(r2, 0x6, &(0x7f0000000540)="dcaa8091a1876b9f6ad921bc323e50d5bb8c702f67a6234d1f8adb2c8bfd891e707cb3739bbb957f89d43039946704eee5bec049b2db7dfc062980890bdc4b01cc3a5d65522a1ca929eb929e1e722679a09e176796c279b6d96642a77ef7d89073f72e9b6a6a3afe74cf93e530eed65b8ec463fddc977b02384081dd96fdfec735c29d5903b6d80ef724f166d9675f1dc6faa3b16182f12a5640e166d3dbe2") 2018/05/04 10:56:28 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x7fffe1d1, 0xe2f]}) [ 780.549295] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 780.570604] binder: 8116:8121 ERROR: BC_REGISTER_LOOPER called without request [ 780.590306] binder: 8116:8121 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:56:28 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 780.601954] binder: undelivered TRANSACTION_ERROR: 29189 [ 780.615166] binder: 8116:8121 ERROR: BC_REGISTER_LOOPER called without request [ 780.625271] binder: 8112:8122 transaction failed 29189/-22, size 0-0 line 2856 [ 780.638324] FAULT_INJECTION: forcing a failure. [ 780.638324] name failslab, interval 1, probability 0, space 0, times 0 [ 780.642303] binder: 8116:8126 transaction failed 29189/-22, size 0-0 line 2856 [ 780.650205] CPU: 1 PID: 8120 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 780.664819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 780.670136] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 780.674176] Call Trace: [ 780.674204] dump_stack+0x1b9/0x294 [ 780.674222] ? dump_stack_print_info.cold.2+0x52/0x52 [ 780.674252] should_fail.cold.4+0xa/0x1a [ 780.698273] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 780.703396] ? debug_check_no_locks_freed+0x310/0x310 [ 780.708780] ? graph_lock+0x170/0x170 [ 780.711231] binder: undelivered TRANSACTION_ERROR: 29189 [ 780.712587] ? print_usage_bug+0xc0/0xc0 [ 780.712602] ? check_noncircular+0x20/0x20 [ 780.712624] ? graph_lock+0x170/0x170 [ 780.712642] ? graph_lock+0x170/0x170 [ 780.712658] ? print_usage_bug+0xc0/0xc0 [ 780.738156] ? print_usage_bug+0xc0/0xc0 [ 780.742238] __should_failslab+0x124/0x180 [ 780.746495] should_failslab+0x9/0x14 [ 780.750315] kmem_cache_alloc+0x47/0x760 [ 780.754401] ? lock_downgrade+0x8e0/0x8e0 [ 780.755778] binder: 8132:8133 transaction failed 29189/-22, size 9093146653549626191-3053218095810612974 line 2856 [ 780.758566] radix_tree_node_alloc.constprop.19+0x1e6/0x310 [ 780.758586] idr_get_free+0x891/0x10a0 [ 780.758614] ? radix_tree_clear_tags+0xc0/0xc0 [ 780.758635] ? unwind_get_return_address+0x61/0xa0 [ 780.758652] ? __save_stack_trace+0x7e/0xd0 [ 780.758676] ? save_stack+0xa9/0xd0 2018/05/04 10:56:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="11634840", @ANYRES64=0x0, @ANYBLOB="0000000000000000bf05000000f9181de762bf212a9d27a14f835b2fb458317eee0e9676ae355f2a25fad9fee47870f7e8ad31c1c6f850d6cfb21a9613ea77ea0687365d07fa357f2672b98b9596"], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:28 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0xd1e1ff7f00000000, 0xe2f]}) 2018/05/04 10:56:28 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:28 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 780.776036] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 780.778791] ? save_stack+0x43/0xd0 [ 780.778807] ? kasan_kmalloc+0xc4/0xe0 [ 780.778821] ? kasan_slab_alloc+0x12/0x20 [ 780.778836] ? kmem_cache_alloc+0x12e/0x760 [ 780.778852] ? __kernfs_new_node+0xe7/0x580 [ 780.778865] ? kernfs_new_node+0x80/0xf0 [ 780.778879] ? kernfs_create_dir_ns+0x3d/0x140 [ 780.778890] ? sysfs_create_dir_ns+0xbe/0x1d0 [ 780.778910] ? kobject_add_internal+0x354/0xac0 [ 780.788579] binder: undelivered TRANSACTION_ERROR: 29189 [ 780.792889] ? kobject_add+0x13a/0x190 2018/05/04 10:56:28 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x68000000}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 780.792908] ? device_create_groups_vargs+0x1ff/0x270 [ 780.792921] ? device_create_vargs+0x46/0x60 [ 780.792937] ? bdi_register_va.part.10+0xbb/0x970 [ 780.792949] ? bdi_register_va+0x68/0x80 [ 780.792965] ? super_setup_bdi_name+0x123/0x220 [ 780.792980] ? fuse_fill_super+0xe6e/0x1e20 [ 780.792992] ? mount_nodev+0x6b/0x110 [ 780.793010] ? mount_fs+0xae/0x328 [ 780.809091] binder: 8132:8133 transaction failed 29189/-22, size 9093146653549626191-3053218095810612974 line 2856 [ 780.812811] ? vfs_kern_mount.part.34+0xd4/0x4d0 2018/05/04 10:56:28 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 780.812825] ? do_mount+0x564/0x3070 [ 780.812838] ? ksys_mount+0x12d/0x140 [ 780.812851] ? __x64_sys_mount+0xbe/0x150 [ 780.812867] ? do_syscall_64+0x1b1/0x800 [ 780.812882] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 780.812898] ? print_usage_bug+0xc0/0xc0 [ 780.812918] idr_alloc_u32+0x1f9/0x3d0 [ 780.812937] ? __fprop_inc_percpu_max+0x2c0/0x2c0 [ 780.848559] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 780.848914] ? lock_acquire+0x1dc/0x520 2018/05/04 10:56:29 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:29 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0xfdfdffff00000000}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 780.848932] ? __kernfs_new_node+0x10e/0x580 [ 780.848947] ? __lock_is_held+0xb5/0x140 [ 780.848971] idr_alloc_cyclic+0x167/0x340 [ 780.848991] ? idr_alloc+0x1a0/0x1a0 [ 780.849006] ? kasan_check_write+0x14/0x20 [ 780.849025] ? do_raw_spin_lock+0xc1/0x200 [ 780.857269] binder: undelivered TRANSACTION_ERROR: 29189 [ 780.858096] __kernfs_new_node+0x1a3/0x580 [ 780.858116] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 780.858143] ? lock_downgrade+0x8e0/0x8e0 [ 780.858166] kernfs_new_node+0x80/0xf0 [ 780.858184] kernfs_create_dir_ns+0x3d/0x140 [ 780.858204] sysfs_create_dir_ns+0xbe/0x1d0 [ 780.858225] kobject_add_internal+0x354/0xac0 [ 780.858242] ? kobj_ns_type_registered+0x60/0x60 [ 780.915246] binder: 8141:8142 transaction failed 29189/-22, size 0-0 line 2856 [ 780.918725] ? lock_downgrade+0x8e0/0x8e0 [ 780.918747] ? refcount_add_not_zero+0x320/0x320 [ 780.918769] ? kasan_check_read+0x11/0x20 [ 780.918788] kobject_add+0x13a/0x190 [ 780.918801] ? kset_create_and_add+0x190/0x190 [ 780.918823] ? mutex_unlock+0xd/0x10 [ 780.918843] device_add+0x3a5/0x16d0 [ 780.918861] ? device_private_init+0x230/0x230 [ 780.969971] binder: undelivered TRANSACTION_ERROR: 29189 [ 781.020649] binder: 8146:8148 transaction failed 29189/-22, size 0-0 line 2856 [ 781.022073] ? kfree+0x1e9/0x260 [ 781.022095] ? kfree_const+0x5e/0x70 [ 781.022117] device_create_groups_vargs+0x1ff/0x270 [ 781.022137] device_create_vargs+0x46/0x60 [ 781.022157] bdi_register_va.part.10+0xbb/0x970 [ 781.022170] ? cgwb_kill+0x630/0x630 [ 781.022192] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 781.055929] binder: undelivered TRANSACTION_ERROR: 29189 [ 781.060933] ? bdi_init+0x416/0x510 [ 781.060946] ? wb_init+0x9e0/0x9e0 [ 781.060962] ? bdi_alloc_node+0x67/0xe0 [ 781.060980] ? bdi_alloc_node+0x67/0xe0 [ 781.060997] ? rcu_read_lock_sched_held+0x108/0x120 [ 781.061015] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 781.061037] ? _raw_spin_unlock+0x22/0x30 [ 781.061056] bdi_register_va+0x68/0x80 [ 781.061072] super_setup_bdi_name+0x123/0x220 [ 781.061088] ? kill_block_super+0x100/0x100 [ 781.104305] binder: undelivered TRANSACTION_ERROR: 29189 [ 781.107711] ? kmem_cache_alloc_trace+0x616/0x780 [ 781.107729] ? match_wildcard+0x3c0/0x3c0 [ 781.107746] ? trace_hardirqs_on+0xd/0x10 [ 781.107769] fuse_fill_super+0xe6e/0x1e20 [ 781.107790] ? fuse_get_root_inode+0x190/0x190 [ 781.107809] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 781.107827] ? kasan_check_read+0x11/0x20 [ 781.182805] ? cap_capable+0x1f9/0x260 [ 781.186711] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 781.192255] ? security_capable+0x99/0xc0 [ 781.196424] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 781.201976] ? ns_capable_common+0x13f/0x170 [ 781.206404] ? get_anon_bdev+0x2f0/0x2f0 [ 781.210463] ? sget+0x113/0x150 [ 781.213733] ? fuse_get_root_inode+0x190/0x190 [ 781.218310] mount_nodev+0x6b/0x110 [ 781.221933] fuse_mount+0x2c/0x40 [ 781.225389] mount_fs+0xae/0x328 [ 781.228761] vfs_kern_mount.part.34+0xd4/0x4d0 [ 781.233334] ? may_umount+0xb0/0xb0 [ 781.236960] ? _raw_read_unlock+0x22/0x30 [ 781.241094] ? __get_fs_type+0x97/0xc0 [ 781.244983] do_mount+0x564/0x3070 [ 781.248534] ? copy_mount_string+0x40/0x40 [ 781.252762] ? rcu_pm_notify+0xc0/0xc0 [ 781.256652] ? copy_mount_options+0x5f/0x380 [ 781.261056] ? rcu_read_lock_sched_held+0x108/0x120 [ 781.266074] ? kmem_cache_alloc_trace+0x616/0x780 [ 781.270926] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 781.276475] ? copy_mount_options+0x285/0x380 [ 781.280964] ksys_mount+0x12d/0x140 [ 781.284599] __x64_sys_mount+0xbe/0x150 [ 781.288578] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 781.293598] do_syscall_64+0x1b1/0x800 [ 781.298201] ? finish_task_switch+0x1ca/0x810 [ 781.302705] ? syscall_return_slowpath+0x5c0/0x5c0 [ 781.307628] ? syscall_return_slowpath+0x30f/0x5c0 [ 781.312553] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 781.317932] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 781.322779] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 781.327983] RIP: 0033:0x455979 [ 781.331166] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 781.338908] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 781.346201] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 781.353480] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 781.360765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 781.368056] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:29 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0xffffffff00000000, 0xe2f]}) 2018/05/04 10:56:29 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:29 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x17]}]}) 2018/05/04 10:56:29 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x4c00000000000000}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:29 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:29 executing program 1: mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1) r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000000)=[@decrefs={0x40046307, 0x4}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:29 executing program 2 (fault-call:3 fault-nth:51): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:29 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = epoll_create1(0x0) epoll_wait(r1, &(0x7f0000000040)=[{}], 0x1, 0x8000) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000007000)) epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) [ 781.663981] binder: 8168:8169 DecRefs 0 refcount change on invalid ref 4 ret -22 [ 781.696245] binder: 8165:8172 transaction failed 29189/-22, size 0-0 line 2856 [ 781.704655] FAULT_INJECTION: forcing a failure. 2018/05/04 10:56:29 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x2f0f002000000000, 0xe2f]}) 2018/05/04 10:56:29 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 781.704655] name failslab, interval 1, probability 0, space 0, times 0 [ 781.716080] CPU: 1 PID: 8160 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 781.723282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 781.732744] Call Trace: [ 781.735359] dump_stack+0x1b9/0x294 [ 781.735729] binder: 8168:8173 DecRefs 0 refcount change on invalid ref 4 ret -22 [ 781.739004] ? dump_stack_print_info.cold.2+0x52/0x52 [ 781.739022] ? mutex_trylock+0x2a0/0x2a0 [ 781.739046] should_fail.cold.4+0xa/0x1a 2018/05/04 10:56:29 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x4800000000000000}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 781.739067] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 781.739090] ? graph_lock+0x170/0x170 [ 781.739104] ? find_held_lock+0x36/0x1c0 [ 781.739121] ? find_held_lock+0x36/0x1c0 [ 781.766828] binder: undelivered TRANSACTION_ERROR: 29189 [ 781.768885] ? __lock_is_held+0xb5/0x140 [ 781.768917] ? check_same_owner+0x320/0x320 [ 781.768932] ? graph_lock+0x170/0x170 [ 781.768952] ? rcu_note_context_switch+0x710/0x710 [ 781.768968] ? kasan_check_write+0x14/0x20 [ 781.768988] __should_failslab+0x124/0x180 [ 781.808175] should_failslab+0x9/0x14 [ 781.811997] kmem_cache_alloc+0x2af/0x760 [ 781.816180] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 781.821220] __kernfs_new_node+0xe7/0x580 [ 781.825395] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 781.830184] ? lock_downgrade+0x8e0/0x8e0 [ 781.834355] ? kasan_check_read+0x11/0x20 [ 781.838524] ? do_raw_spin_unlock+0x9e/0x2e0 [ 781.842960] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 781.847567] kernfs_new_node+0x80/0xf0 [ 781.851480] kernfs_create_link+0x33/0x180 [ 781.855154] binder: 8178:8179 transaction failed 29189/-22, size 0-0 line 2856 [ 781.855733] sysfs_do_create_link_sd.isra.2+0x90/0x130 [ 781.855753] sysfs_create_link+0x65/0xc0 [ 781.855771] device_add+0x481/0x16d0 [ 781.855789] ? device_private_init+0x230/0x230 [ 781.855807] ? kfree+0x1e9/0x260 [ 781.879679] binder: undelivered TRANSACTION_ERROR: 29189 [ 781.880758] ? kfree_const+0x5e/0x70 [ 781.880783] device_create_groups_vargs+0x1ff/0x270 [ 781.880802] device_create_vargs+0x46/0x60 [ 781.880822] bdi_register_va.part.10+0xbb/0x970 [ 781.880839] ? cgwb_kill+0x630/0x630 [ 781.880855] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 781.880870] ? bdi_init+0x416/0x510 [ 781.920105] ? wb_init+0x9e0/0x9e0 [ 781.923648] ? bdi_alloc_node+0x67/0xe0 [ 781.927617] ? bdi_alloc_node+0x67/0xe0 [ 781.931582] ? rcu_read_lock_sched_held+0x108/0x120 [ 781.936590] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 781.941866] ? _raw_spin_unlock+0x22/0x30 [ 781.946010] bdi_register_va+0x68/0x80 [ 781.949911] super_setup_bdi_name+0x123/0x220 [ 781.954398] ? kill_block_super+0x100/0x100 [ 781.958717] ? kmem_cache_alloc_trace+0x616/0x780 [ 781.963574] ? match_wildcard+0x3c0/0x3c0 [ 781.967830] ? trace_hardirqs_on+0xd/0x10 [ 781.971970] fuse_fill_super+0xe6e/0x1e20 [ 781.976229] ? fuse_get_root_inode+0x190/0x190 [ 781.980803] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 781.985816] ? kasan_check_read+0x11/0x20 [ 781.989965] ? cap_capable+0x1f9/0x260 [ 781.993878] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 781.999406] ? security_capable+0x99/0xc0 [ 782.003546] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 782.009073] ? ns_capable_common+0x13f/0x170 [ 782.013469] ? get_anon_bdev+0x2f0/0x2f0 [ 782.017524] ? sget+0x113/0x150 [ 782.020814] ? fuse_get_root_inode+0x190/0x190 [ 782.025395] mount_nodev+0x6b/0x110 [ 782.029022] fuse_mount+0x2c/0x40 [ 782.032478] mount_fs+0xae/0x328 [ 782.035844] vfs_kern_mount.part.34+0xd4/0x4d0 [ 782.040416] ? may_umount+0xb0/0xb0 [ 782.044046] ? _raw_read_unlock+0x22/0x30 [ 782.048187] ? __get_fs_type+0x97/0xc0 [ 782.052077] do_mount+0x564/0x3070 [ 782.055623] ? copy_mount_string+0x40/0x40 [ 782.059848] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 782.064604] ? retint_kernel+0x10/0x10 [ 782.068498] ? copy_mount_options+0x1a1/0x380 [ 782.072998] ? __sanitizer_cov_trace_pc+0x48/0x50 [ 782.077843] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 782.083369] ? copy_mount_options+0x285/0x380 [ 782.087858] ksys_mount+0x12d/0x140 [ 782.091495] __x64_sys_mount+0xbe/0x150 [ 782.095476] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 782.100495] do_syscall_64+0x1b1/0x800 [ 782.104375] ? finish_task_switch+0x1ca/0x810 [ 782.108867] ? syscall_return_slowpath+0x5c0/0x5c0 [ 782.113796] ? syscall_return_slowpath+0x30f/0x5c0 [ 782.118746] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 782.124120] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 782.128961] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 782.134147] RIP: 0033:0x455979 [ 782.137332] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 782.145036] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 782.152300] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 782.159562] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 782.166827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 782.174087] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:30 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:30 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x2f0f0020, 0xe2f]}) 2018/05/04 10:56:30 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0xffffff7f00000000}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:30 executing program 2 (fault-call:3 fault-nth:52): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:30 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x18]}]}) 2018/05/04 10:56:30 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(0xffffffffffffffff, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:30 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = epoll_create1(0x0) epoll_wait(r1, &(0x7f0000000040)=[{}], 0x1, 0x8000) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000007000)) epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) [ 782.727782] nla_parse: 4 callbacks suppressed [ 782.727793] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 782.744744] binder: 8194:8197 transaction failed 29189/-22, size 0-0 line 2856 [ 782.767259] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:56:30 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0xe80, 0xe2f]}) [ 782.774693] binder: 8195:8203 transaction failed 29189/-22, size 0-0 line 2856 [ 782.787634] binder: 8194:8197 transaction failed 29189/-22, size 0-0 line 2856 [ 782.795673] FAULT_INJECTION: forcing a failure. [ 782.795673] name failslab, interval 1, probability 0, space 0, times 0 [ 782.807498] CPU: 0 PID: 8200 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 782.814695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 782.824054] Call Trace: 2018/05/04 10:56:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) r1 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000080)='/dev/urandom\x00', 0x400, 0x0) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:30 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 782.826659] dump_stack+0x1b9/0x294 [ 782.830333] ? dump_stack_print_info.cold.2+0x52/0x52 [ 782.832739] binder: undelivered TRANSACTION_ERROR: 29189 [ 782.835543] should_fail.cold.4+0xa/0x1a [ 782.835570] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 782.835600] ? print_usage_bug+0xc0/0xc0 [ 782.835617] ? __isolate_free_page+0x7c0/0x7c0 [ 782.835636] ? graph_lock+0x170/0x170 [ 782.861486] binder: undelivered TRANSACTION_ERROR: 29189 [ 782.862830] ? graph_lock+0x170/0x170 [ 782.862846] ? print_usage_bug+0xc0/0xc0 2018/05/04 10:56:30 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x6000}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 782.862871] ? print_usage_bug+0xc0/0xc0 [ 782.862892] __should_failslab+0x124/0x180 [ 782.862908] should_failslab+0x9/0x14 [ 782.862924] kmem_cache_alloc+0x47/0x760 [ 782.892353] ? lock_downgrade+0x8e0/0x8e0 [ 782.893122] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 782.896513] radix_tree_node_alloc.constprop.19+0x1e6/0x310 [ 782.896533] idr_get_free+0x891/0x10a0 [ 782.896584] ? radix_tree_clear_tags+0xc0/0xc0 [ 782.896604] ? unwind_get_return_address+0x61/0xa0 [ 782.896625] ? __save_stack_trace+0x7e/0xd0 [ 782.928097] binder: 8210:8212 transaction failed 29189/-22, size 0-0 line 2856 [ 782.928599] ? save_stack+0xa9/0xd0 [ 782.928616] ? save_stack+0x43/0xd0 [ 782.928631] ? kasan_kmalloc+0xc4/0xe0 [ 782.928645] ? kasan_slab_alloc+0x12/0x20 [ 782.928656] ? kmem_cache_alloc+0x12e/0x760 [ 782.928677] ? __kernfs_new_node+0xe7/0x580 [ 782.947435] binder: 8211:8213 transaction failed 29189/-22, size 0-0 line 2856 [ 782.951279] ? kernfs_new_node+0x80/0xf0 [ 782.951294] ? kernfs_create_dir_ns+0x3d/0x140 2018/05/04 10:56:31 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 782.951309] ? sysfs_create_dir_ns+0xbe/0x1d0 [ 782.951324] ? kobject_add_internal+0x354/0xac0 [ 782.951335] ? kobject_add+0x13a/0x190 [ 782.951352] ? device_create_groups_vargs+0x1ff/0x270 [ 782.951365] ? device_create_vargs+0x46/0x60 [ 782.951382] ? bdi_register_va.part.10+0xbb/0x970 [ 782.965267] binder: undelivered TRANSACTION_ERROR: 29189 [ 782.967350] ? bdi_register_va+0x68/0x80 [ 782.967368] ? super_setup_bdi_name+0x123/0x220 [ 782.967383] ? fuse_fill_super+0xe6e/0x1e20 [ 782.967396] ? mount_nodev+0x6b/0x110 2018/05/04 10:56:31 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x3000000}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 782.967411] ? mount_fs+0xae/0x328 [ 782.967425] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 782.967437] ? do_mount+0x564/0x3070 [ 782.967453] ? ksys_mount+0x12d/0x140 [ 782.989543] binder: 8210:8212 transaction failed 29189/-22, size 0-0 line 2856 [ 782.994277] ? __x64_sys_mount+0xbe/0x150 [ 782.994294] ? do_syscall_64+0x1b1/0x800 [ 782.994311] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 782.994327] ? print_usage_bug+0xc0/0xc0 [ 782.994350] idr_alloc_u32+0x1f9/0x3d0 [ 782.994369] ? __fprop_inc_percpu_max+0x2c0/0x2c0 [ 782.994382] ? lock_acquire+0x1dc/0x520 2018/05/04 10:56:31 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:31 executing program 1: r0 = dup(0xffffffffffffff9c) ioctl$sock_bt_hci(r0, 0x400448cb, &(0x7f00000000c0)="de4ea2917f878e7533aeba3e621b19e95d883a1122e10adbe5b49fe9adc47859893c56ea6a47a240feb7ad2c8e50195697a2951c457beb2dbc0c500c43a5d05643855ab0ad649efdb60847b6c2724b0c") r1 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000080)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0) [ 782.994402] ? __kernfs_new_node+0x10e/0x580 [ 783.019725] binder: undelivered TRANSACTION_ERROR: 29189 [ 783.022109] ? __lock_is_held+0xb5/0x140 [ 783.022134] idr_alloc_cyclic+0x167/0x340 [ 783.022154] ? idr_alloc+0x1a0/0x1a0 [ 783.022173] ? kasan_check_write+0x14/0x20 [ 783.022189] ? do_raw_spin_lock+0xc1/0x200 [ 783.022207] __kernfs_new_node+0x1a3/0x580 [ 783.022225] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 783.026963] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. 2018/05/04 10:56:31 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x500}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 783.029554] ? lock_downgrade+0x8e0/0x8e0 [ 783.029579] kernfs_new_node+0x80/0xf0 [ 783.029597] kernfs_create_dir_ns+0x3d/0x140 [ 783.029616] sysfs_create_dir_ns+0xbe/0x1d0 [ 783.029634] kobject_add_internal+0x354/0xac0 [ 783.029652] ? kobj_ns_type_registered+0x60/0x60 [ 783.029664] ? lock_downgrade+0x8e0/0x8e0 [ 783.029685] ? refcount_add_not_zero+0x320/0x320 [ 783.081565] binder: 8217:8218 transaction failed 29189/-22, size 0-0 line 2856 [ 783.084045] ? kasan_check_read+0x11/0x20 [ 783.084065] kobject_add+0x13a/0x190 [ 783.084079] ? kset_create_and_add+0x190/0x190 [ 783.084101] ? mutex_unlock+0xd/0x10 [ 783.084122] device_add+0x3a5/0x16d0 [ 783.084142] ? device_private_init+0x230/0x230 [ 783.097812] binder: undelivered TRANSACTION_ERROR: 29189 [ 783.101469] ? kfree+0x1e9/0x260 [ 783.101489] ? kfree_const+0x5e/0x70 [ 783.101512] device_create_groups_vargs+0x1ff/0x270 [ 783.101536] device_create_vargs+0x46/0x60 [ 783.101556] bdi_register_va.part.10+0xbb/0x970 [ 783.101572] ? cgwb_kill+0x630/0x630 [ 783.101592] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 783.101603] ? bdi_init+0x416/0x510 [ 783.101617] ? wb_init+0x9e0/0x9e0 [ 783.139723] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 783.140026] ? bdi_alloc_node+0x67/0xe0 [ 783.140044] ? bdi_alloc_node+0x67/0xe0 [ 783.156992] binder: undelivered TRANSACTION_ERROR: 29189 [ 783.157757] ? rcu_read_lock_sched_held+0x108/0x120 [ 783.157779] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 783.157802] ? _raw_spin_unlock+0x22/0x30 [ 783.157823] bdi_register_va+0x68/0x80 [ 783.157843] super_setup_bdi_name+0x123/0x220 [ 783.157855] ? kill_block_super+0x100/0x100 [ 783.157872] ? kmem_cache_alloc_trace+0x616/0x780 [ 783.173290] binder: 8221:8222 transaction failed 29189/-22, size 0-0 line 2856 [ 783.174139] ? match_wildcard+0x3c0/0x3c0 [ 783.174158] ? trace_hardirqs_on+0xd/0x10 [ 783.174182] fuse_fill_super+0xe6e/0x1e20 [ 783.174205] ? fuse_get_root_inode+0x190/0x190 [ 783.174232] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 783.197179] binder: undelivered TRANSACTION_ERROR: 29189 [ 783.199920] ? kasan_check_read+0x11/0x20 [ 783.199940] ? cap_capable+0x1f9/0x260 [ 783.199965] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 783.199981] ? security_capable+0x99/0xc0 [ 783.199999] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 783.200015] ? ns_capable_common+0x13f/0x170 [ 783.200030] ? get_anon_bdev+0x2f0/0x2f0 [ 783.200046] ? sget+0x113/0x150 [ 783.219135] binder: 8223:8224 transaction failed 29189/-22, size 0-0 line 2856 [ 783.221002] ? fuse_get_root_inode+0x190/0x190 [ 783.221020] mount_nodev+0x6b/0x110 [ 783.221033] fuse_mount+0x2c/0x40 [ 783.221048] mount_fs+0xae/0x328 [ 783.221071] vfs_kern_mount.part.34+0xd4/0x4d0 [ 783.221087] ? may_umount+0xb0/0xb0 [ 783.221104] ? _raw_read_unlock+0x22/0x30 [ 783.221119] ? __get_fs_type+0x97/0xc0 [ 783.229156] binder: 8221:8222 transaction failed 29189/-22, size 0-0 line 2856 [ 783.230361] do_mount+0x564/0x3070 [ 783.230382] ? do_raw_spin_unlock+0x9e/0x2e0 [ 783.230401] ? copy_mount_string+0x40/0x40 [ 783.230417] ? rcu_pm_notify+0xc0/0xc0 [ 783.230443] ? copy_mount_options+0x5f/0x380 [ 783.258054] binder: undelivered TRANSACTION_ERROR: 29189 [ 783.259547] ? rcu_read_lock_sched_held+0x108/0x120 [ 783.259566] ? kmem_cache_alloc_trace+0x616/0x780 [ 783.259588] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 783.259607] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 783.259624] ? copy_mount_options+0x285/0x380 [ 783.277411] binder: undelivered TRANSACTION_ERROR: 29189 [ 783.277917] ksys_mount+0x12d/0x140 [ 783.277936] __x64_sys_mount+0xbe/0x150 [ 783.277953] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 783.277973] do_syscall_64+0x1b1/0x800 [ 783.277990] ? finish_task_switch+0x1ca/0x810 [ 783.278010] ? syscall_return_slowpath+0x5c0/0x5c0 [ 783.490371] ? syscall_return_slowpath+0x30f/0x5c0 [ 783.495316] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 783.500686] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 783.505549] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 783.510733] RIP: 0033:0x455979 [ 783.513929] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 783.521643] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 783.528922] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 783.536196] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 783.543466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 783.550765] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:31 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:31 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0xfffffdfd}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) open_by_handle_at(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="08100000090000008dc881122a787638735e50da5b4b936fc1b09adb390c81a90133d1fa5faa3c357ad4e8ac2b528631ad224a500d2dd1ce0033dfe72ad46cc19500f30da0a884101fabd4ff466ee9e2338a4b3b86c0cb359d11b367d3a75767e2434cafd83689cc69af28de20de72d7d833ec0c39b93e1bed35592fc8641431c0b59e7e0f9e98556dfd84949fb338c51bad1de524bbed8c3b3e8a33c67853bd5cd43e18f7a0a3ecade4fe7ca7405e2c2367e08d4ec53dff86807a60fc50f281fa19005e1aa78337472967d63e38e6deb3c03a81ce26cfde804ccd3ab6079024623f52164107b45dc3d766acc9e2fe0c2fb9b93ae12266e34e9c8851a27de655457f39bf68c5c8cf2faa034041a8ca8e28a5ebc8e088f7a4b22a3e30488aa39c334d5d3553cc437c1cda7260d489e250f173911ee5d69440bcb032f0a660d2ada466aee0e6f8ca681b5a2bd48bfc3730358027c0056c7eacb26e2e2f2efac61b612298e16f25d895f6e736748ae20a9bb2986ce6833355838550f98877420da4c9e739e8ded11568242566a478e0ab99ddbebaf6dd717a895c1fb7d194a038380fcffb1b4634501f04725c6330c76b7900c1f21b07fabf23e658cef8ded92c74af3b9aa9a331936adfadbd3803bed59e9a85f87748facdaa98090937f1bf8a27b2ee55f13de9da99db5298f11fa565186463770e8d5c491051dc763eac5e39c9455ef28929fb15d67d45c2757633cda8b948895e8d0173b1743ebb526b63f5bd5359938583d18394c1384f0d29b8726373f80dddba9be1fc1acf19658b61c04eb5bddebf185f27179052241ef0156315704632c5afe76a794df888f50b74338159a8a5323a79b2fdf42d03959a4690c36f800b8b0cce8492cc90c069cf576efd25dafe74bac714374616b09f169b040d9178e4a2251e60fcbd262c24f55344abdf4ba79c2967bcb60f1ceaec6ea653a00cb62762fe898100f73afb29cddfef499ade34caf33be7cb5ca096e9e613335c3c1450cc6a58cf127a7e4513a600426a3e4dbdbe92f617b3ce53f796733049beee2b41134e1127f2917cf6849e04a3e2bfa5c1a332f43dd60800000000000000c69650738443fb74f124c8fabc9f9aa4e6f22e68124d3bf4809b0d99d2b7302f735be9b8e7c32399d5c9ecadd1011e1f2c55f71a0c73551bde3c35fdb327e912f033a334049799e77f561bf34d9b18a4571811c1ed55d33359d5f02ca736b263cae34c416587d7e750c0707fb175b8f097f9635c7d7f5fa277a32500267f895ea386adab182176f41e3ee118bb70c7d8998db014d7a645200229a4d8d6648174dad912c2fe4c009d2535f580e356dcc82aeec1c21496f667832b8f7faf1ed977c1dcecd893db74d0aa2db5fe0d0c7ad7d41da46e3959754eb98e54ee83529a2028f8449a300d8074d285248b36ac69598eea4787489f312b65ede0264b0a7da4a3b1c0c99ef117232f2d0ff84ff1a088d56040f3a518aedb22af5dcbb8923e3429df697762dff7d3fe8ad3ff595ddfe31ec94c27a1c15dffec6dba0c5236198383a46485775683a7f8547be15becf12f70e3bdcd2f1a6e162c42cb91271b43d2ece1769ec26007487115275b909df306bd5e69cf12e91b9920a0cd9a3724d82ce9a5d61ef75f7c7a729108b061e6ce3f1b8245c50b40390647435dd12e1f86371ecb5260fc421f93198a1fb04d0ae6db1d7f0c4c3cb149f4cb28ca8fc6731a4b493679cd909928c3f743955fd61d1bfe52bf50a6a0a713bbe65acdcc9a12190b50b8bfc98d99553275e6ff07000000000000c38f91bd7293318a4c7510b54c4511c99f29666017ad063b531882d87cb40585bd73c4c516f60b834edd9c252daa4c742a285968c203ccfbfc7c82e79efb6e7a92c527f520462fa21ccd0f60dd9a39c8b4ee7ce2f25910f519d92845479779b42de2be12caf90e3486b7c5c15742112b8e5f3bf53c8831c1bf2ac41b4988ecfe5588e37faefa13c0cd6761a71650933682f1620d4d9f9c56440581e0c0e3914d7a5ab7a88ebbd84bf8be73bfb6495da428b95c6236aa6d47c3dd502f8d40b5cf75796809b7c7e7ff6eb0bf69c172d314999ab53ba87c047f64b144ac92f74df03ba0661d44bbdf607bbf84ff6b69c8169c31f9c773883d61eab29900cd9770d3ba575c19bf89afc33cd7547e9394ba028ae8c5863d55ea0d527763d27761db08312254f5dfc7cbdfb215f46fb10f8f795567a179c42402865b22fa40946603c2c2e4b6ae564555671b2574c681ce08eeee654b4c8057f398fcaab756e725396af419dc5d093e648e9abd8be90fe68891d85c0fce0a1a32aebc5b1805b5fc5abf06b10e98c1f51b6ff6e9092e92ab68e3d15312b67f0757f2a4eb31aeceb712f0366f5e1d19a0d6b5dac7a9e666373915f473ae328aeaa8ca7b69a2318de663cbbb55fb28f45dc5b019afbfc6ce50a0bd17e68e90654764da062b0e2839d45befaeb93b83d6dfa1dcab4e571bca8a56c96aae326ecda6a1ada09741c9c476aa011de3755799a2a7c399097eeb61c9d98f66d3e27bca0c94969e5a5760cad04504f75511901504c804599baedda008fa04cb2966ea55b6e4e7de04d4451651b6a2343cc16e465f361c91abdbba0a21ff59f437ca69f8970e53e187f60a3483bacb7e7f22bddfb2e2400e0d5f049bf9efd9945a7af30b0f79b7a61d95079d146b45059c2126c4169e808c588146b0027184e85f19d09c8df118eb79d0a7290126faa9f94933fdaeaa89c0b34b0e490780c6dfb35251772996ef8f020cf17ddfec66f8b2857973981f2e82412bfa739f11f22af64a38b1251f85dbdecb084fba4ef645fb663d8a7808314267d22579cc0bdee010c688227236e6e22d2f17fe5cd7d1232256c12aa6f29a6c1357f813211bd3ba7a46ac0106e96aa1e9390b2b17994e09cedd9942b10b02465ec318d39ee4de9eac91b90c1a842db69d4840d5edf936a53146aba5341660a6630340afde6853d42e0435f683c021ce2aaca8517af4b9b0515189f2a85b4a2a3605899eef8645b443066012cabf35b772dfd666760221fce9505abad7ef2ccd9a8c46162d8ec1ada616e64bc69cf9a3879916acb4c434689e0d7016f2f50d3e6040527532ef145ff545c98af047a71e78093334837275e0bb105b90dbb830ac1aec1cd70671c4c208819094a547dc8a9b47e0f6cd5f17a3398f0c2ecd95156ee40d5eb4b79e204a58b1e545e16bad1c7316a1018bbd414d3f2ee029f82810ad8b14954f3871cc44d254e1abd3716d040e44e5de76edd728b6a33b0ac7b7031a60b0075bccd4b135985e42e1a78c122e5587fced2e8d9298d92f6798aef72f7b0db813cb2bb764e5d7a0145147e1b6f8e82cc8b65ae086364a859dd79d46592a4d160d722a0a5b8d93cc1c95863ef9a48297d059e3f37d9ac5d31b65dbce18d1654f7fdf617acd4a62d3a5109fbece30a2e0a297cdd0c2fd6f145c4581e22ea57e41a338ab0db96c330706072445d794346a75d630fe6d9482b2257c6d3056b47d7ca52d245c06d05aaf1b6b0a925e4d41218a30424c7660e42e45a63226d3350ce1f7e368524777bd0a2c991fe6818f3f8c375fdab24719938baf94f0552b6168825fa95e529df59f90a50abfe7b713ba7d91753b9e6a7ec94cc87aca02f3af2f08b785ef6918ce73ef5560294d92e2e669ffc1aac31aad9bd6e8bbe9d8cf7a007b00c9f80c6ea35e6252d9cf94d95daa25b770a3fcdb863c98cbbb44e14eca50e040ead22d9b007df687a4c108e843645942240c7914296a2c0fcea1898558689a6a6f3ec2922a2c7ee036e90984b61aa6256dd89820ff910e78da2700643134e28f800020a5f101a40adf06a3b1595127931e2d65be0abebcfaaf626f700d9abe08645c75b3b19ae2c5ef3ba2e8c89454e31b2f4558ef20b56af25b3660f9d98738b7be04f91d76cb7a0c432bca5bce228daba79cbbe5842d211e8f2c24e1cf9102694eef113c5e5d169fdc9774a36b9bb7e21bd3325905fb2080c2f093d1ffd65498e60061720059e06dc1a68c8ef610ff85e4070c515d7f1d22f63fbc77ef441eb75fca0e725e811bca2697f54290a2588c873a59add13f8c4a02df4264713f74efe26f40adda1d449e2cb2e55c0e36bfb6d7a95651a4b8004f5bc42348f36bb50ff9bdaeac88ac0eb65bb3b7dbdf648898fdd15a6b5a93178f2d1984916f2d7250243c7df79fa560bfbcdef84c5efc99ea618657ef769f7ca82660cdff705f99bd2988f251d7da5281ed5c14f2a56b18ec57da107884b648a0bd54744e1814334496fc90bbc2c6c609b0296602d97b1f068881016831d211fcef72d0489c725a39b96009efed8b35466466c1584c44673368bc8393ef83d984d0324cf12010c8db3f22a38d0821662a13203dd5f3890797e45d6046a04500139495db986feef367d82c7eca5c8a193d0977cefb0426a4f869a7e3a1fe0d150c2051f85ec5f04bb6de242ff93d76494c31b9f2fde203b4b08ef7d25086a2970fa11f611565c6bbaf1fef77c941f9192a9ceea60ab2f22d5fd3136a4a837067f88f2a2db856e02e80a56b74b9ceac6de62406762fb7269e154cffc2b9906b60a4a00aa9492d9ee66b17fc87d5e6fe443db10ea33258b383a5373db15c7ee7a9f40a73b57d8d0fdb56aee9053cf765ec31a9420b8ef53d810bdcb6fb21c93ba0ee09155a9ae469fc20272d72030d3cb2179fa0cc22702f91879e776bc7ace73a97b5d4745c1755a9c4a81b6d1d76b4731526b8fae146042bf8219712c4427213c161731a175c2c41c69bdd7ad7111b52443f5ef0aabbfd999b04941103f77da8a86a2d599e8d078ff3e77ae442ff15adf2a494f563f97cd2678a107e35f45ef60b3cc58bf1d4369b9bb0efbeee64db1059b52dae5726654ca0b62c41d5495e1c0f695866954ed0aa8d29e186c9cc9f3b8e8f856cbe5aae6db6bbfe1845f85af66fc5666be86f2b1680858dad9dd7d40a8c568666b802aebb808aaacdb7b8db7fec55bd156d4d2b8ee64da001d557969d0dc37d63e6ea39098c9e04a8c14e95e115a8d82708555fd00ef5194a2ed47abc678da6485aae9bc629fa5ccc0261b9967d535da67f1de9a389e5d9776d9f3c8109edba0f90c842a2fe6828f4cac719c82f41009fb994f2d3bf55306a9a0713f57948c2f4b253d58b087cc4eac775f3927c32c9479d46acaa231741b610a78d1c153652fb0e83ff8e2dc40d0e2b86a5e3f43af8af6b0ed4c6d8997d24f0861573c25812892d9d86565b89092c799a7e7bdcce80f911365f3464eea5ef91c61e4519cd25cc34f79e5f629c258738546abcf3c913340d8385d7e2ab5cdf87e332aea5654bdaebf856bc41a62829b8644dec24dca4cd7398a7406ee3abacb89ccc7f3a9b75ad8c378e24a710ea8ea8df0989ca6d9691ce316daa71842d2ed679a47510964d449cc1240b3ef5191fc15e8ba15a7ddaa60a133e0627ce9b66764b8f577de86b592e5403e7e7c796e71b9ff8ef05af24f8c1ec46294bf3729ba9475428a386efeaa4f58b57bff0ff737529fc5077852579f0d31d102bf686da4562595d8f9c59f7b9a053e95c3bb6e2823317bdad9cd4ca66d52fe6c9c57ae183889dfb8cb9e3131c88858839eec0361fd2cc199fba79aa9cf2e0f96a1cea7c4691f7aabca2695e74e8487a86a92e04e03c811bdfb4d1b9de37ef1b080a0652e0d6e1714ce6b18e194f829a84d44ff0d5ebddae810def5c5920ecb5b24ce3edb4a9388387bf8c948b62fc8351c899d85a00"], 0x109200) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='cH\x00\x00', @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, &(0x7f0000011f9d)}) r1 = syz_open_dev$sndpcmp(&(0x7f00000000c0)='/dev/snd/pcmC#D#p\x00', 0x8, 0x200) setsockopt$l2tp_PPPOL2TP_SO_SENDSEQ(r1, 0x111, 0x3, 0x0, 0x4) syz_open_dev$sndpcmc(&(0x7f0000000100)='/dev/snd/pcmC#D#c\x00', 0x3, 0x40000) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:31 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x20000f2f, 0xe2f]}) 2018/05/04 10:56:31 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(0xffffffffffffffff, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:31 executing program 2 (fault-call:3 fault-nth:53): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:31 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0xf000000]}]}) 2018/05/04 10:56:31 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = epoll_create1(0x0) epoll_wait(r1, &(0x7f0000000040)=[{}], 0x1, 0x8000) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000007000)) epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) [ 783.854563] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 783.868546] binder: 8238:8244 unknown command 18531 [ 783.872244] binder: 8234:8246 transaction failed 29189/-22, size 0-0 line 2856 [ 783.881762] binder: 8238:8244 ioctl c0306201 20000040 returned -22 [ 783.886817] FAULT_INJECTION: forcing a failure. [ 783.886817] name failslab, interval 1, probability 0, space 0, times 0 [ 783.899423] CPU: 0 PID: 8233 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 783.906641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 783.916009] Call Trace: [ 783.918620] dump_stack+0x1b9/0x294 [ 783.922272] ? dump_stack_print_info.cold.2+0x52/0x52 [ 783.924204] binder: 8238:8250 unknown command 18531 [ 783.928089] ? mutex_trylock+0x2a0/0x2a0 [ 783.928115] should_fail.cold.4+0xa/0x1a [ 783.928134] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 783.928158] ? graph_lock+0x170/0x170 [ 783.928172] ? find_held_lock+0x36/0x1c0 [ 783.928189] ? find_held_lock+0x36/0x1c0 [ 783.928206] ? __lock_is_held+0xb5/0x140 [ 783.939729] binder: 8238:8250 ioctl c0306201 20000040 returned -22 [ 783.941465] ? check_same_owner+0x320/0x320 [ 783.941483] ? graph_lock+0x170/0x170 [ 783.941503] ? rcu_note_context_switch+0x710/0x710 [ 783.941522] ? kasan_check_write+0x14/0x20 [ 783.941539] __should_failslab+0x124/0x180 [ 783.941561] should_failslab+0x9/0x14 [ 783.994209] kmem_cache_alloc+0x2af/0x760 [ 783.998560] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 784.003595] __kernfs_new_node+0xe7/0x580 [ 784.007079] netlink: 785 bytes leftover after parsing attributes in process `syz-executor3'. [ 784.007760] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 784.007783] ? lock_downgrade+0x8e0/0x8e0 [ 784.007807] ? kasan_check_read+0x11/0x20 [ 784.007821] ? do_raw_spin_unlock+0x9e/0x2e0 [ 784.007839] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 784.038418] kernfs_new_node+0x80/0xf0 [ 784.042329] kernfs_create_link+0x33/0x180 [ 784.046625] sysfs_do_create_link_sd.isra.2+0x90/0x130 [ 784.052055] sysfs_create_link+0x65/0xc0 [ 784.055766] binder: 8255:8256 transaction failed 29189/-22, size 0-0 line 2856 [ 784.056155] device_add+0x481/0x16d0 [ 784.056176] ? device_private_init+0x230/0x230 [ 784.056191] ? kfree+0x1e9/0x260 [ 784.056209] ? kfree_const+0x5e/0x70 [ 784.056233] device_create_groups_vargs+0x1ff/0x270 [ 784.083959] device_create_vargs+0x46/0x60 [ 784.088195] bdi_register_va.part.10+0xbb/0x970 [ 784.092865] ? cgwb_kill+0x630/0x630 [ 784.096584] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 784.102114] ? bdi_init+0x416/0x510 [ 784.105730] ? wb_init+0x9e0/0x9e0 [ 784.109259] ? bdi_alloc_node+0x67/0xe0 [ 784.113232] ? bdi_alloc_node+0x67/0xe0 [ 784.117383] ? rcu_read_lock_sched_held+0x108/0x120 [ 784.122390] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 784.127663] ? _raw_spin_unlock+0x22/0x30 [ 784.131804] bdi_register_va+0x68/0x80 [ 784.135685] super_setup_bdi_name+0x123/0x220 [ 784.140169] ? kill_block_super+0x100/0x100 [ 784.144508] ? kmem_cache_alloc_trace+0x616/0x780 [ 784.149353] ? match_wildcard+0x3c0/0x3c0 [ 784.153597] ? trace_hardirqs_on+0xd/0x10 [ 784.157754] fuse_fill_super+0xe6e/0x1e20 [ 784.161902] ? fuse_get_root_inode+0x190/0x190 [ 784.166505] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 784.171518] ? kasan_check_read+0x11/0x20 [ 784.175664] ? cap_capable+0x1f9/0x260 [ 784.179546] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 784.185073] ? security_capable+0x99/0xc0 [ 784.189337] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 784.194866] ? ns_capable_common+0x13f/0x170 [ 784.199265] ? get_anon_bdev+0x2f0/0x2f0 [ 784.203313] ? sget+0x113/0x150 [ 784.206584] ? fuse_get_root_inode+0x190/0x190 [ 784.211156] mount_nodev+0x6b/0x110 [ 784.214775] fuse_mount+0x2c/0x40 [ 784.218216] mount_fs+0xae/0x328 [ 784.221583] vfs_kern_mount.part.34+0xd4/0x4d0 [ 784.226154] ? may_umount+0xb0/0xb0 [ 784.229769] ? _raw_read_unlock+0x22/0x30 [ 784.233906] ? __get_fs_type+0x97/0xc0 [ 784.237785] do_mount+0x564/0x3070 [ 784.241322] ? copy_mount_string+0x40/0x40 [ 784.245555] ? rcu_pm_notify+0xc0/0xc0 [ 784.249438] ? copy_mount_options+0x5f/0x380 [ 784.253836] ? rcu_read_lock_sched_held+0x108/0x120 [ 784.258840] ? kmem_cache_alloc_trace+0x616/0x780 [ 784.263684] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 784.269217] ? _copy_from_user+0xdf/0x150 [ 784.273375] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 784.278904] ? copy_mount_options+0x285/0x380 [ 784.283388] ksys_mount+0x12d/0x140 [ 784.287004] __x64_sys_mount+0xbe/0x150 [ 784.290983] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 784.295992] do_syscall_64+0x1b1/0x800 [ 784.299868] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 784.304712] ? syscall_return_slowpath+0x5c0/0x5c0 [ 784.309636] ? syscall_return_slowpath+0x30f/0x5c0 [ 784.314557] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 784.319912] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 784.324745] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 784.329920] RIP: 0033:0x455979 [ 784.333097] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 784.340798] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 784.348057] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 2018/05/04 10:56:31 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x20000100, 0xe2f]}) 2018/05/04 10:56:31 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x14, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:32 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x325, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:32 executing program 1: r0 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x8a, 0x14001) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00') sendmsg$IPVS_CMD_GET_INFO(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x58, r1, 0xc30, 0x70bd2d, 0x25dfdbfb, {0xf}, [@IPVS_CMD_ATTR_DEST={0x34, 0x2, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x2}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x1}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x3}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x4}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x10001}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004084) r2 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) syz_open_dev$loop(&(0x7f0000000240)='/dev/loop#\x00', 0x8001, 0x14000) ioctl$BINDER_THREAD_EXIT(r2, 0x40046208, 0x0) 2018/05/04 10:56:32 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0xf, 0x8000027, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 784.355312] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 784.362566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 784.369821] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 784.381641] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:56:32 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x200000000000000}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:32 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000063, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:32 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x1000000, 0xe2f]}) [ 784.409309] binder: undelivered TRANSACTION_ERROR: 29189 [ 784.419836] binder: 8255:8260 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:56:32 executing program 2 (fault-call:3 fault-nth:54): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) rt_sigreturn() ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) syz_open_dev$tun(&(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x40000) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:32 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x800000a, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:32 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x800e0000, 0xe2f]}) [ 784.456372] binder: 8261:8263 transaction failed 29189/-22, size 0-0 line 2856 [ 784.491230] binder: undelivered TRANSACTION_ERROR: 29189 [ 784.518895] binder: undelivered TRANSACTION_ERROR: 29189 [ 784.568485] FAULT_INJECTION: forcing a failure. [ 784.568485] name failslab, interval 1, probability 0, space 0, times 0 [ 784.579858] CPU: 0 PID: 8270 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 784.587058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 784.596429] Call Trace: [ 784.599043] dump_stack+0x1b9/0x294 [ 784.602683] ? dump_stack_print_info.cold.2+0x52/0x52 [ 784.607884] ? __might_sleep+0x95/0x190 [ 784.611866] should_fail.cold.4+0xa/0x1a [ 784.615927] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 784.621038] ? mutex_trylock+0x2a0/0x2a0 [ 784.625100] ? graph_lock+0x170/0x170 [ 784.628903] ? __mutex_lock+0x7d9/0x17f0 [ 784.632979] ? find_held_lock+0x36/0x1c0 [ 784.637047] ? __lock_is_held+0xb5/0x140 [ 784.641122] ? check_same_owner+0x320/0x320 [ 784.645451] ? rcu_note_context_switch+0x710/0x710 [ 784.650404] __should_failslab+0x124/0x180 [ 784.654646] should_failslab+0x9/0x14 [ 784.658452] __kmalloc_track_caller+0x2c4/0x760 [ 784.663134] ? graph_lock+0x170/0x170 [ 784.666943] ? graph_lock+0x170/0x170 [ 784.670756] ? kstrdup_const+0x66/0x80 [ 784.674664] kstrdup+0x39/0x70 [ 784.677876] kstrdup_const+0x66/0x80 [ 784.681592] __kernfs_new_node+0xa8/0x580 [ 784.685733] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 784.690483] ? lock_downgrade+0x8e0/0x8e0 [ 784.694624] ? kasan_check_read+0x11/0x20 [ 784.698761] ? do_raw_spin_unlock+0x9e/0x2e0 [ 784.703162] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 784.707735] kernfs_new_node+0x80/0xf0 [ 784.711616] kernfs_create_link+0x33/0x180 [ 784.715847] sysfs_do_create_link_sd.isra.2+0x90/0x130 [ 784.721126] sysfs_create_link+0x65/0xc0 [ 784.725205] device_add+0x7a0/0x16d0 [ 784.728912] ? device_private_init+0x230/0x230 [ 784.733495] ? kfree+0x1e9/0x260 [ 784.736855] ? kfree_const+0x5e/0x70 [ 784.740564] device_create_groups_vargs+0x1ff/0x270 [ 784.745587] device_create_vargs+0x46/0x60 [ 784.749824] bdi_register_va.part.10+0xbb/0x970 [ 784.754578] ? cgwb_kill+0x630/0x630 [ 784.758295] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 784.763826] ? bdi_init+0x416/0x510 [ 784.767457] ? wb_init+0x9e0/0x9e0 [ 784.771008] ? bdi_alloc_node+0x67/0xe0 [ 784.774989] ? bdi_alloc_node+0x67/0xe0 [ 784.778986] ? rcu_read_lock_sched_held+0x108/0x120 [ 784.784009] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 784.789314] ? _raw_spin_unlock+0x22/0x30 [ 784.793487] bdi_register_va+0x68/0x80 [ 784.797405] super_setup_bdi_name+0x123/0x220 [ 784.801918] ? kill_block_super+0x100/0x100 [ 784.806249] ? kmem_cache_alloc_trace+0x616/0x780 [ 784.811092] ? match_wildcard+0x3c0/0x3c0 [ 784.815248] ? trace_hardirqs_on+0xd/0x10 [ 784.819398] fuse_fill_super+0xe6e/0x1e20 [ 784.823545] ? fuse_get_root_inode+0x190/0x190 [ 784.828133] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 784.833146] ? kasan_check_read+0x11/0x20 [ 784.837295] ? cap_capable+0x1f9/0x260 [ 784.841179] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 784.846705] ? security_capable+0x99/0xc0 [ 784.850844] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 784.856372] ? ns_capable_common+0x13f/0x170 [ 784.860793] ? get_anon_bdev+0x2f0/0x2f0 [ 784.864840] ? sget+0x113/0x150 [ 784.868112] ? fuse_get_root_inode+0x190/0x190 [ 784.872682] mount_nodev+0x6b/0x110 [ 784.876297] fuse_mount+0x2c/0x40 [ 784.879741] mount_fs+0xae/0x328 [ 784.883098] vfs_kern_mount.part.34+0xd4/0x4d0 [ 784.887669] ? may_umount+0xb0/0xb0 [ 784.891289] ? _raw_read_unlock+0x22/0x30 [ 784.895434] ? __get_fs_type+0x97/0xc0 [ 784.899316] do_mount+0x564/0x3070 [ 784.902849] ? copy_mount_string+0x40/0x40 [ 784.907075] ? rcu_pm_notify+0xc0/0xc0 [ 784.910958] ? copy_mount_options+0x5f/0x380 [ 784.915354] ? rcu_read_lock_sched_held+0x108/0x120 [ 784.920365] ? kmem_cache_alloc_trace+0x616/0x780 [ 784.925230] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 784.930774] ? _copy_from_user+0xdf/0x150 [ 784.934915] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 784.940451] ? copy_mount_options+0x285/0x380 [ 784.944943] ksys_mount+0x12d/0x140 [ 784.948560] __x64_sys_mount+0xbe/0x150 [ 784.952522] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 784.957535] do_syscall_64+0x1b1/0x800 [ 784.961411] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 784.966245] ? syscall_return_slowpath+0x5c0/0x5c0 [ 784.971175] ? syscall_return_slowpath+0x30f/0x5c0 [ 784.976097] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 784.981453] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 784.986379] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 784.991555] RIP: 0033:0x455979 [ 784.994730] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 785.002451] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 785.009707] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 785.016963] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 785.024219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 785.031475] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:33 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x600000000000000}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:33 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) socketpair(0xa, 0x805, 0x10000, &(0x7f0000000080)) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:33 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x40010000, 0xe2f]}) 2018/05/04 10:56:33 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000025, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:33 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(0xffffffffffffffff, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:33 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:33 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0xfffffdfd]}]}) 2018/05/04 10:56:33 executing program 2 (fault-call:3 fault-nth:55): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) [ 785.193960] binder: 8291:8293 transaction failed 29189/-22, size 0-0 line 2856 [ 785.202495] binder: 8283:8284 transaction failed 29189/-22, size 0-0 line 2856 [ 785.227210] FAULT_INJECTION: forcing a failure. [ 785.227210] name failslab, interval 1, probability 0, space 0, times 0 [ 785.238643] CPU: 0 PID: 8296 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 785.245839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 785.255204] Call Trace: [ 785.257797] dump_stack+0x1b9/0x294 [ 785.261432] ? dump_stack_print_info.cold.2+0x52/0x52 [ 785.266614] ? mutex_trylock+0x2a0/0x2a0 [ 785.270683] should_fail.cold.4+0xa/0x1a [ 785.274740] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 785.279838] ? graph_lock+0x170/0x170 [ 785.283634] ? find_held_lock+0x36/0x1c0 [ 785.287693] ? find_held_lock+0x36/0x1c0 [ 785.291751] ? __lock_is_held+0xb5/0x140 [ 785.295806] ? ci_populate_all_graphic_levels+0xd80/0x1820 [ 785.301432] ? check_same_owner+0x320/0x320 [ 785.305742] ? graph_lock+0x170/0x170 [ 785.309534] ? rcu_note_context_switch+0x710/0x710 [ 785.314453] ? kasan_check_write+0x14/0x20 [ 785.318682] __should_failslab+0x124/0x180 [ 785.322915] should_failslab+0x9/0x14 [ 785.326707] kmem_cache_alloc+0x2af/0x760 [ 785.330854] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 785.335865] __kernfs_new_node+0xe7/0x580 [ 785.340012] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 785.344880] ? lock_downgrade+0x8e0/0x8e0 [ 785.349041] ? kasan_check_read+0x11/0x20 [ 785.353186] ? do_raw_spin_unlock+0x9e/0x2e0 [ 785.357760] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 785.362349] kernfs_new_node+0x80/0xf0 [ 785.366231] kernfs_create_link+0x33/0x180 [ 785.370462] sysfs_do_create_link_sd.isra.2+0x90/0x130 [ 785.375732] sysfs_create_link+0x65/0xc0 [ 785.379786] device_add+0x481/0x16d0 [ 785.383497] ? device_private_init+0x230/0x230 [ 785.388076] ? kfree+0x1e9/0x260 [ 785.391436] ? kfree_const+0x5e/0x70 [ 785.395169] device_create_groups_vargs+0x1ff/0x270 [ 785.400185] device_create_vargs+0x46/0x60 [ 785.404422] bdi_register_va.part.10+0xbb/0x970 [ 785.409083] ? cgwb_kill+0x630/0x630 [ 785.412974] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 785.418674] ? bdi_init+0x416/0x510 [ 785.422289] ? wb_init+0x9e0/0x9e0 [ 785.425821] ? bdi_alloc_node+0x67/0xe0 [ 785.429786] ? bdi_alloc_node+0x67/0xe0 [ 785.433754] ? rcu_read_lock_sched_held+0x108/0x120 [ 785.439913] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 785.445207] bdi_register_va+0x68/0x80 [ 785.449086] super_setup_bdi_name+0x123/0x220 [ 785.453570] ? kill_block_super+0x100/0x100 [ 785.457894] ? kmem_cache_alloc_trace+0x616/0x780 [ 785.462729] ? match_wildcard+0x3c0/0x3c0 [ 785.466869] ? trace_hardirqs_on+0xd/0x10 [ 785.471015] fuse_fill_super+0xe6e/0x1e20 [ 785.475165] ? fuse_get_root_inode+0x190/0x190 [ 785.479757] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 785.485032] ? kasan_check_read+0x11/0x20 [ 785.489174] ? cap_capable+0x1f9/0x260 [ 785.493055] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 785.498582] ? security_capable+0x99/0xc0 [ 785.502732] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 785.508264] ? ns_capable_common+0x13f/0x170 [ 785.512671] ? get_anon_bdev+0x2f0/0x2f0 [ 785.516719] ? sget+0x113/0x150 [ 785.520004] ? fuse_get_root_inode+0x190/0x190 [ 785.524583] mount_nodev+0x6b/0x110 [ 785.528212] fuse_mount+0x2c/0x40 [ 785.531666] mount_fs+0xae/0x328 [ 785.535032] vfs_kern_mount.part.34+0xd4/0x4d0 [ 785.539605] ? may_umount+0xb0/0xb0 [ 785.543228] ? _raw_read_unlock+0x22/0x30 [ 785.547375] ? __get_fs_type+0x97/0xc0 [ 785.551275] do_mount+0x564/0x3070 [ 785.554808] ? do_raw_spin_unlock+0x9e/0x2e0 [ 785.559211] ? copy_mount_string+0x40/0x40 [ 785.563439] ? rcu_pm_notify+0xc0/0xc0 [ 785.567343] ? copy_mount_options+0x5f/0x380 [ 785.571747] ? rcu_read_lock_sched_held+0x108/0x120 [ 785.576769] ? kmem_cache_alloc_trace+0x616/0x780 [ 785.581610] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 785.587154] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 785.592687] ? copy_mount_options+0x285/0x380 [ 785.597177] ksys_mount+0x12d/0x140 [ 785.600798] __x64_sys_mount+0xbe/0x150 [ 785.604762] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 785.609774] do_syscall_64+0x1b1/0x800 [ 785.613662] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 785.618498] ? syscall_return_slowpath+0x5c0/0x5c0 [ 785.623431] ? syscall_return_slowpath+0x30f/0x5c0 [ 785.628354] ? retint_user+0x18/0x18 [ 785.632069] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 785.636909] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 785.642089] RIP: 0033:0x455979 2018/05/04 10:56:33 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0xffffffffffffffff, 0xe2f]}) [ 785.645265] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 785.652973] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 785.660232] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 785.667490] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 785.674756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 785.682018] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 785.690622] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:56:33 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x800000f, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:33 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x60}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:33 executing program 1: r0 = socket$inet(0x2, 0x1, 0x80000000) recvmsg(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/196, 0xc4}], 0x1, &(0x7f0000000200)=""/102, 0x66, 0x8001}, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000080)={'team_slave_1\x00', {0x2, 0x4e24, @multicast1=0xe0000001}}) r1 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="11634840", @ANYRES64=0x0, @ANYBLOB="008a2ba464c28e638cfe1dcec37aafbad1cf606d8000661c35ddddcd84398340cb88db9fff1a82a9dffc094d144b98b30f367ea3a7f70aeea648a9e272c42a063425fc17b56bc48fe159f79cba7681468f8f58b2a523754f49f43818124304fe5b803d330fdad9e1642938bfee7fdee1b7bb652d8513651c0aa0fb986721933590d0aa86bd88a8caed90b91f8978d1460754d5a5f47d38f4b30733b487747cc486a78afa5e3168504809188c1c1d5c1eb11ff134d8fd7e39229194baed"], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0) 2018/05/04 10:56:33 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x4001000000000000, 0xe2f]}) [ 785.708249] binder: 8291:8293 transaction failed 29189/-22, size 0-0 line 2856 [ 785.733359] binder: undelivered TRANSACTION_ERROR: 29189 [ 785.751290] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:56:33 executing program 2 (fault-call:3 fault-nth:56): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:33 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x1002000000000, 0xe2f]}) [ 785.804711] binder: 8309:8310 transaction failed 29189/-22, size 4648622482928819509--6232389249126397749 line 2856 [ 785.825809] binder: undelivered TRANSACTION_ERROR: 29189 [ 785.843484] binder: 8309:8314 transaction failed 29189/-22, size 4648622482928819509--6232389249126397749 line 2856 [ 785.858619] binder: 8304:8311 transaction failed 29189/-22, size 0-0 line 2856 [ 785.884667] binder: undelivered TRANSACTION_ERROR: 29189 [ 785.893881] FAULT_INJECTION: forcing a failure. [ 785.893881] name failslab, interval 1, probability 0, space 0, times 0 [ 785.905414] CPU: 1 PID: 8316 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 785.912630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 785.921999] Call Trace: [ 785.924618] dump_stack+0x1b9/0x294 [ 785.928250] ? dump_stack_print_info.cold.2+0x52/0x52 [ 785.933437] ? lock_release+0xa10/0xa10 [ 785.937409] ? check_same_owner+0x320/0x320 [ 785.941746] should_fail.cold.4+0xa/0x1a [ 785.945815] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 785.950916] ? kasan_check_write+0x14/0x20 [ 785.955156] ? __mutex_lock+0x7d9/0x17f0 [ 785.959223] ? graph_lock+0x170/0x170 [ 785.963037] ? find_held_lock+0x36/0x1c0 [ 785.967096] ? __lock_is_held+0xb5/0x140 [ 785.971148] ? do_con_trol+0x2650/0x5f10 [ 785.975207] ? check_same_owner+0x320/0x320 [ 785.979522] ? find_held_lock+0x36/0x1c0 [ 785.983594] ? rcu_note_context_switch+0x710/0x710 [ 785.988527] __should_failslab+0x124/0x180 [ 785.992772] should_failslab+0x9/0x14 [ 785.996591] kmem_cache_alloc+0x2af/0x760 [ 786.000753] ? kasan_check_write+0x14/0x20 [ 786.005003] ? __mutex_unlock_slowpath+0x180/0x8a0 [ 786.009941] ? lock_downgrade+0x8e0/0x8e0 [ 786.014103] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 786.019132] __kernfs_new_node+0xe7/0x580 [ 786.023299] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 786.028076] ? kasan_check_write+0x14/0x20 [ 786.032330] ? __mutex_unlock_slowpath+0x180/0x8a0 [ 786.037279] ? __lock_is_held+0xb5/0x140 [ 786.041384] ? wait_for_completion+0x870/0x870 [ 786.045995] kernfs_new_node+0x80/0xf0 [ 786.049890] __kernfs_create_file+0x4d/0x330 [ 786.054302] sysfs_add_file_mode_ns+0x21a/0x560 [ 786.058974] internal_create_group+0x282/0x970 [ 786.063554] sysfs_create_groups+0x9b/0x150 [ 786.067871] device_add+0x84d/0x16d0 [ 786.071583] ? device_private_init+0x230/0x230 [ 786.076164] ? kfree+0x1e9/0x260 [ 786.079531] ? kfree_const+0x5e/0x70 [ 786.083239] device_create_groups_vargs+0x1ff/0x270 [ 786.088245] device_create_vargs+0x46/0x60 [ 786.092471] bdi_register_va.part.10+0xbb/0x970 [ 786.097127] ? cgwb_kill+0x630/0x630 [ 786.100835] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 786.106356] ? bdi_init+0x416/0x510 [ 786.109968] ? wb_init+0x9e0/0x9e0 [ 786.113519] ? bdi_alloc_node+0x67/0xe0 [ 786.117483] ? bdi_alloc_node+0x67/0xe0 [ 786.121446] ? rcu_read_lock_sched_held+0x108/0x120 [ 786.126454] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 786.131731] ? _raw_spin_unlock+0x22/0x30 [ 786.135877] bdi_register_va+0x68/0x80 [ 786.139756] super_setup_bdi_name+0x123/0x220 [ 786.144243] ? kill_block_super+0x100/0x100 [ 786.148557] ? kmem_cache_alloc_trace+0x616/0x780 [ 786.153389] ? match_wildcard+0x3c0/0x3c0 [ 786.157528] ? trace_hardirqs_on+0xd/0x10 [ 786.161669] fuse_fill_super+0xe6e/0x1e20 [ 786.165818] ? fuse_get_root_inode+0x190/0x190 [ 786.170390] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 786.175398] ? kasan_check_read+0x11/0x20 [ 786.179536] ? cap_capable+0x1f9/0x260 [ 786.183414] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 786.189035] ? security_capable+0x99/0xc0 [ 786.193173] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 786.198730] ? ns_capable_common+0x13f/0x170 [ 786.203135] ? get_anon_bdev+0x2f0/0x2f0 [ 786.207182] ? sget+0x113/0x150 [ 786.210454] ? fuse_get_root_inode+0x190/0x190 [ 786.215029] mount_nodev+0x6b/0x110 [ 786.218646] fuse_mount+0x2c/0x40 [ 786.222122] mount_fs+0xae/0x328 [ 786.225477] vfs_kern_mount.part.34+0xd4/0x4d0 [ 786.230307] ? may_umount+0xb0/0xb0 [ 786.233925] ? _raw_read_unlock+0x22/0x30 [ 786.238069] ? __get_fs_type+0x97/0xc0 [ 786.241947] do_mount+0x564/0x3070 [ 786.245476] ? copy_mount_string+0x40/0x40 [ 786.249696] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 786.254703] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 786.259448] ? retint_kernel+0x10/0x10 [ 786.263328] ? copy_mount_options+0x1f0/0x380 [ 786.267810] ? copy_mount_options+0x1f6/0x380 [ 786.272780] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 786.278306] ? copy_mount_options+0x285/0x380 [ 786.282793] ksys_mount+0x12d/0x140 [ 786.286421] __x64_sys_mount+0xbe/0x150 [ 786.290383] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 786.295390] do_syscall_64+0x1b1/0x800 [ 786.299267] ? syscall_return_slowpath+0x5c0/0x5c0 [ 786.304185] ? syscall_return_slowpath+0x30f/0x5c0 [ 786.309118] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 786.314481] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 786.319312] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 786.324670] RIP: 0033:0x455979 [ 786.327854] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 786.335549] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 786.342811] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 786.350068] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 786.357321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 786.364577] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 786.372297] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:56:34 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000060, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:34 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0xf0ff7f00000000, 0xe2f]}) 2018/05/04 10:56:34 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x74}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00'], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:34 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:34 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040), 0x0, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:34 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x3f00000000000000]}]}) 2018/05/04 10:56:34 executing program 2 (fault-call:3 fault-nth:57): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:34 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000009, 0x1ff307543bf68163, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 786.568836] binder: 8331:8333 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:56:34 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0xd1e1ff7f, 0xe2f]}) [ 786.611650] binder: undelivered TRANSACTION_ERROR: 29189 [ 786.627574] binder: 8331:8333 transaction failed 29189/-22, size 0-0 line 2856 [ 786.633291] binder: 8326:8342 transaction failed 29189/-22, size 0-0 line 2856 [ 786.651510] FAULT_INJECTION: forcing a failure. [ 786.651510] name failslab, interval 1, probability 0, space 0, times 0 [ 786.662893] CPU: 0 PID: 8337 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 786.670093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 786.679450] binder: undelivered TRANSACTION_ERROR: 29189 [ 786.679467] Call Trace: [ 786.687688] dump_stack+0x1b9/0x294 [ 786.691333] ? dump_stack_print_info.cold.2+0x52/0x52 [ 786.693226] binder: undelivered TRANSACTION_ERROR: 29189 [ 786.696544] ? __mutex_lock+0x7d9/0x17f0 [ 786.696570] should_fail.cold.4+0xa/0x1a [ 786.696589] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 786.715253] ? kasan_kmalloc+0xc4/0xe0 [ 786.719166] ? graph_lock+0x170/0x170 [ 786.722992] ? find_held_lock+0x36/0x1c0 [ 786.727076] ? __lock_is_held+0xb5/0x140 [ 786.731181] ? check_same_owner+0x320/0x320 [ 786.735513] ? kasan_check_write+0x14/0x20 [ 786.739762] ? __mutex_unlock_slowpath+0x180/0x8a0 [ 786.744710] ? rcu_note_context_switch+0x710/0x710 [ 786.749660] __should_failslab+0x124/0x180 [ 786.753921] should_failslab+0x9/0x14 [ 786.757740] kmem_cache_alloc+0x2af/0x760 [ 786.761907] ? __mutex_unlock_slowpath+0x180/0x8a0 [ 786.763744] binder: 8350:8351 transaction failed 29189/-22, size 0-0 line 2856 [ 786.766879] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 786.766899] __kernfs_new_node+0xe7/0x580 [ 786.766918] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 786.766937] ? mutex_unlock+0xd/0x10 [ 786.766952] ? kernfs_activate+0x20e/0x2a0 [ 786.766970] ? kernfs_walk_and_get_ns+0x320/0x320 [ 786.766987] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 786.767000] ? kernfs_link_sibling+0x1d2/0x3b0 [ 786.767019] kernfs_new_node+0x80/0xf0 [ 786.767037] __kernfs_create_file+0x4d/0x330 [ 786.767053] sysfs_add_file_mode_ns+0x21a/0x560 [ 786.767073] internal_create_group+0x282/0x970 [ 786.812073] binder: undelivered TRANSACTION_ERROR: 29189 [ 786.815236] sysfs_create_groups+0x9b/0x150 [ 786.815257] device_add+0x84d/0x16d0 [ 786.815277] ? device_private_init+0x230/0x230 [ 786.815293] ? kfree+0x1e9/0x260 [ 786.815312] ? kfree_const+0x5e/0x70 [ 786.815330] device_create_groups_vargs+0x1ff/0x270 [ 786.815347] device_create_vargs+0x46/0x60 [ 786.815365] bdi_register_va.part.10+0xbb/0x970 [ 786.844847] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 786.847042] ? cgwb_kill+0x630/0x630 [ 786.847064] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 786.847076] ? bdi_init+0x416/0x510 [ 786.847089] ? wb_init+0x9e0/0x9e0 [ 786.847105] ? bdi_alloc_node+0x67/0xe0 [ 786.847118] ? bdi_alloc_node+0x67/0xe0 [ 786.847135] ? rcu_read_lock_sched_held+0x108/0x120 [ 786.847153] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 786.847172] ? _raw_spin_unlock+0x22/0x30 [ 786.847189] bdi_register_va+0x68/0x80 [ 786.864900] binder: 8354:8355 transaction failed 29189/-22, size 0-0 line 2856 [ 786.868176] super_setup_bdi_name+0x123/0x220 [ 786.868191] ? kill_block_super+0x100/0x100 [ 786.868223] ? kmem_cache_alloc_trace+0x616/0x780 [ 786.868241] ? match_wildcard+0x3c0/0x3c0 [ 786.868258] ? trace_hardirqs_on+0xd/0x10 [ 786.868280] fuse_fill_super+0xe6e/0x1e20 [ 786.868299] ? fuse_get_root_inode+0x190/0x190 [ 786.868324] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 786.910197] binder: undelivered TRANSACTION_ERROR: 29189 [ 786.911458] ? kasan_check_read+0x11/0x20 [ 786.911478] ? cap_capable+0x1f9/0x260 [ 786.911502] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 786.911517] ? security_capable+0x99/0xc0 [ 786.911537] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 786.911554] ? ns_capable_common+0x13f/0x170 [ 786.911572] ? get_anon_bdev+0x2f0/0x2f0 [ 786.911586] ? sget+0x113/0x150 [ 786.911604] ? fuse_get_root_inode+0x190/0x190 [ 786.970903] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 786.972370] mount_nodev+0x6b/0x110 [ 786.972390] fuse_mount+0x2c/0x40 [ 786.972406] mount_fs+0xae/0x328 [ 786.972428] vfs_kern_mount.part.34+0xd4/0x4d0 [ 786.972444] ? may_umount+0xb0/0xb0 [ 786.972464] ? _raw_read_unlock+0x22/0x30 [ 786.972477] ? __get_fs_type+0x97/0xc0 [ 786.972496] do_mount+0x564/0x3070 [ 786.972513] ? copy_mount_string+0x40/0x40 [ 786.972532] ? rcu_pm_notify+0xc0/0xc0 [ 786.984012] binder: 8356:8359 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:56:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000000)=[@release={0x40046306, 0x4}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:34 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf6810a, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:34 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x4800}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:34 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68125, 0x0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:34 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x2000000000000000}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:34 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x700000000000000}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:34 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0xffffff9e, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:35 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x48000000}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:35 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x7a00000000000000, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 786.986111] ? copy_mount_options+0x5f/0x380 [ 786.986129] ? rcu_read_lock_sched_held+0x108/0x120 [ 786.986147] ? kmem_cache_alloc_trace+0x616/0x780 [ 786.986168] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 786.986186] ? _copy_from_user+0xdf/0x150 [ 786.986209] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 786.986226] ? copy_mount_options+0x285/0x380 [ 787.025046] binder: undelivered TRANSACTION_ERROR: 29189 [ 787.027060] ksys_mount+0x12d/0x140 [ 787.027079] __x64_sys_mount+0xbe/0x150 2018/05/04 10:56:35 executing program 2 (fault-call:3 fault-nth:58): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) [ 787.027096] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 787.027115] do_syscall_64+0x1b1/0x800 [ 787.027132] ? finish_task_switch+0x1ca/0x810 [ 787.027149] ? syscall_return_slowpath+0x5c0/0x5c0 [ 787.027166] ? syscall_return_slowpath+0x30f/0x5c0 [ 787.027185] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 787.027207] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 787.075754] binder: 8360:8361 transaction failed 29189/-22, size 0-0 line 2856 [ 787.076672] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 787.076684] RIP: 0033:0x455979 [ 787.076692] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 787.076707] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 787.076716] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 787.076725] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 787.076734] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 787.076742] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 787.142482] binder: 8347:8363 Release 1 refcount change on invalid ref 4 ret -22 [ 787.147355] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 787.154817] binder: 8347:8363 Release 1 refcount change on invalid ref 4 ret -22 [ 787.185901] FAULT_INJECTION: forcing a failure. [ 787.185901] name failslab, interval 1, probability 0, space 0, times 0 [ 787.229537] binder: undelivered TRANSACTION_ERROR: 29189 [ 787.240581] CPU: 1 PID: 8368 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 787.240591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 787.240596] Call Trace: [ 787.240621] dump_stack+0x1b9/0x294 [ 787.240641] ? dump_stack_print_info.cold.2+0x52/0x52 [ 787.274206] should_fail.cold.4+0xa/0x1a [ 787.278284] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 787.283400] ? graph_lock+0x170/0x170 [ 787.287203] ? lock_downgrade+0x8e0/0x8e0 [ 787.291342] ? find_held_lock+0x36/0x1c0 [ 787.295399] ? __lock_is_held+0xb5/0x140 [ 787.299464] ? check_same_owner+0x320/0x320 [ 787.303794] ? wait_for_completion+0x870/0x870 [ 787.308475] ? rcu_note_context_switch+0x710/0x710 [ 787.313423] ? graph_lock+0x170/0x170 [ 787.317228] __should_failslab+0x124/0x180 [ 787.321472] should_failslab+0x9/0x14 [ 787.325274] kmem_cache_alloc+0x2af/0x760 [ 787.329424] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 787.334442] __kernfs_new_node+0xe7/0x580 [ 787.338606] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 787.343376] ? kernfs_walk_and_get_ns+0x320/0x320 [ 787.348222] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 787.353749] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 787.359275] ? kernfs_put+0x493/0x750 [ 787.363081] ? kernfs_add_one+0x129/0x4d0 [ 787.367245] ? kernfs_get+0x30/0x30 [ 787.370889] kernfs_new_node+0x80/0xf0 [ 787.374790] kernfs_create_dir_ns+0x3d/0x140 [ 787.379212] internal_create_group+0x110/0x970 [ 787.383808] ? internal_create_group+0x347/0x970 [ 787.388577] sysfs_create_group+0x1f/0x30 [ 787.392730] dpm_sysfs_add+0x26/0x210 [ 787.396719] device_add+0xa11/0x16d0 [ 787.400436] ? device_private_init+0x230/0x230 [ 787.405020] ? kfree+0x1e9/0x260 [ 787.408398] ? kfree_const+0x5e/0x70 [ 787.412108] device_create_groups_vargs+0x1ff/0x270 [ 787.417137] device_create_vargs+0x46/0x60 [ 787.421374] bdi_register_va.part.10+0xbb/0x970 [ 787.426054] ? cgwb_kill+0x630/0x630 [ 787.429768] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 787.435297] ? bdi_init+0x416/0x510 [ 787.438929] ? wb_init+0x9e0/0x9e0 [ 787.442475] ? bdi_alloc_node+0x67/0xe0 [ 787.446464] ? bdi_alloc_node+0x67/0xe0 [ 787.450449] ? rcu_read_lock_sched_held+0x108/0x120 [ 787.455482] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 787.460780] ? _raw_spin_unlock+0x22/0x30 [ 787.464950] bdi_register_va+0x68/0x80 [ 787.468856] super_setup_bdi_name+0x123/0x220 [ 787.473376] ? kill_block_super+0x100/0x100 [ 787.477712] ? kmem_cache_alloc_trace+0x616/0x780 [ 787.482566] ? match_wildcard+0x3c0/0x3c0 [ 787.486705] ? trace_hardirqs_on+0xd/0x10 [ 787.490857] fuse_fill_super+0xe6e/0x1e20 [ 787.494997] ? fuse_get_root_inode+0x190/0x190 [ 787.499650] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 787.504682] ? kasan_check_read+0x11/0x20 [ 787.508843] ? cap_capable+0x1f9/0x260 [ 787.512749] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 787.518291] ? security_capable+0x99/0xc0 [ 787.522441] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 787.527977] ? ns_capable_common+0x13f/0x170 [ 787.532395] ? get_anon_bdev+0x2f0/0x2f0 [ 787.536453] ? sget+0x113/0x150 [ 787.539727] ? fuse_get_root_inode+0x190/0x190 [ 787.544299] mount_nodev+0x6b/0x110 [ 787.547915] fuse_mount+0x2c/0x40 [ 787.551358] mount_fs+0xae/0x328 [ 787.554720] vfs_kern_mount.part.34+0xd4/0x4d0 [ 787.559293] ? may_umount+0xb0/0xb0 [ 787.562912] ? _raw_read_unlock+0x22/0x30 [ 787.567048] ? __get_fs_type+0x97/0xc0 [ 787.570931] do_mount+0x564/0x3070 [ 787.574465] ? copy_mount_string+0x40/0x40 [ 787.578687] ? rcu_pm_notify+0xc0/0xc0 [ 787.582566] ? copy_mount_options+0x5f/0x380 [ 787.586965] ? rcu_read_lock_sched_held+0x108/0x120 [ 787.591974] ? kmem_cache_alloc_trace+0x616/0x780 [ 787.596810] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 787.602336] ? _copy_from_user+0xdf/0x150 [ 787.606479] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 787.612016] ? copy_mount_options+0x285/0x380 [ 787.616504] ksys_mount+0x12d/0x140 [ 787.620123] __x64_sys_mount+0xbe/0x150 [ 787.624091] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 787.629099] do_syscall_64+0x1b1/0x800 [ 787.632972] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 787.637805] ? syscall_return_slowpath+0x5c0/0x5c0 [ 787.642737] ? syscall_return_slowpath+0x30f/0x5c0 [ 787.647670] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 787.653034] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 787.657870] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 787.663052] RIP: 0033:0x455979 [ 787.666227] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 787.673926] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 787.681186] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 787.688455] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 787.695724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 787.702984] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:35 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x4}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:35 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x100000000000000]}]}) 2018/05/04 10:56:35 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0xf0ff7f, 0xe2f]}) 2018/05/04 10:56:35 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x2000000000000000, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:35 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040), 0x0, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:35 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:35 executing program 2 (fault-call:3 fault-nth:59): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) [ 787.875738] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 787.887654] binder: 8385:8390 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:56:35 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x800e000000000000, 0xe2f]}) 2018/05/04 10:56:36 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x6000000, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 787.921615] binder: 8379:8392 transaction failed 29189/-22, size 0-0 line 2856 [ 787.931842] binder: undelivered TRANSACTION_ERROR: 29189 [ 787.945862] FAULT_INJECTION: forcing a failure. [ 787.945862] name failslab, interval 1, probability 0, space 0, times 0 [ 787.957242] CPU: 1 PID: 8391 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 787.959491] binder: 8385:8390 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:56:36 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x6c00, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 787.964432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 787.964439] Call Trace: [ 787.964464] dump_stack+0x1b9/0x294 [ 787.964485] ? dump_stack_print_info.cold.2+0x52/0x52 [ 787.964511] should_fail.cold.4+0xa/0x1a [ 787.964527] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 787.964549] ? lock_release+0xa10/0xa10 [ 787.981985] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 787.983857] ? check_same_owner+0x320/0x320 [ 787.983875] ? graph_lock+0x170/0x170 [ 787.983895] ? rcu_note_context_switch+0x710/0x710 [ 787.983909] ? find_held_lock+0x36/0x1c0 [ 787.983929] ? find_held_lock+0x36/0x1c0 [ 787.983948] ? __lock_is_held+0xb5/0x140 [ 788.024661] binder: undelivered TRANSACTION_ERROR: 29189 [ 788.027461] ? check_same_owner+0x320/0x320 [ 788.027482] ? rcu_note_context_switch+0x710/0x710 [ 788.027503] __should_failslab+0x124/0x180 [ 788.027519] should_failslab+0x9/0x14 [ 788.027536] kmem_cache_alloc+0x2af/0x760 2018/05/04 10:56:36 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x6}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:36 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1163484080623ce4da436846ac9b14bdf678a2b6689570002494f700000000000024bd699d615e9908032b9a618d32a285454c0d2149a152109446ebd4d824596b2ba1cb6a88ef27e5d56fe08a8fc12e9913819b9ea0390b43bed3e82600c0016753b9a24f754ada8967600aacb1e76384a588df07c23ba58dc34f116cdb2afa12e29fe51582581dc584dad579a70cc166a0c04132ae266abd", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:36 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x6000, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 788.040782] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 788.045167] ? kasan_check_write+0x14/0x20 [ 788.045187] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 788.045207] __kernfs_new_node+0xe7/0x580 [ 788.045225] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 788.045242] ? kasan_check_write+0x14/0x20 [ 788.045259] ? __mutex_unlock_slowpath+0x180/0x8a0 [ 788.045271] ? graph_lock+0x170/0x170 [ 788.045289] ? wait_for_completion+0x870/0x870 [ 788.060180] binder: undelivered TRANSACTION_ERROR: 29189 [ 788.062543] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 2018/05/04 10:56:36 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x10020, 0xe2f]}) [ 788.062566] kernfs_new_node+0x80/0xf0 [ 788.062585] __kernfs_create_file+0x4d/0x330 [ 788.062604] sysfs_add_file_mode_ns+0x21a/0x560 [ 788.062630] sysfs_add_file+0x4e/0x60 [ 788.062648] sysfs_merge_group+0xfa/0x230 [ 788.142903] dpm_sysfs_add+0x161/0x210 [ 788.146814] device_add+0xa11/0x16d0 [ 788.150552] ? device_private_init+0x230/0x230 [ 788.155157] ? kfree+0x1e9/0x260 [ 788.158580] ? kfree_const+0x5e/0x70 [ 788.161790] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 788.162346] device_create_groups_vargs+0x1ff/0x270 [ 788.162366] device_create_vargs+0x46/0x60 [ 788.162387] bdi_register_va.part.10+0xbb/0x970 [ 788.162403] ? cgwb_kill+0x630/0x630 [ 788.162423] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 788.162433] ? bdi_init+0x416/0x510 [ 788.162449] ? wb_init+0x9e0/0x9e0 [ 788.201326] ? bdi_alloc_node+0x67/0xe0 [ 788.202462] binder: 8401:8407 transaction failed 29189/-22, size 0-0 line 2856 [ 788.205312] ? bdi_alloc_node+0x67/0xe0 [ 788.205330] ? rcu_read_lock_sched_held+0x108/0x120 [ 788.205348] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 788.205370] ? _raw_spin_unlock+0x22/0x30 [ 788.205387] bdi_register_va+0x68/0x80 [ 788.205404] super_setup_bdi_name+0x123/0x220 [ 788.205417] ? kill_block_super+0x100/0x100 [ 788.205434] ? kmem_cache_alloc_trace+0x616/0x780 [ 788.248671] ? match_wildcard+0x3c0/0x3c0 [ 788.252838] ? trace_hardirqs_on+0xd/0x10 [ 788.257009] fuse_fill_super+0xe6e/0x1e20 [ 788.261183] ? fuse_get_root_inode+0x190/0x190 [ 788.265783] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 788.271622] ? kasan_check_read+0x11/0x20 [ 788.275788] ? cap_capable+0x1f9/0x260 [ 788.279697] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 788.285262] ? security_capable+0x99/0xc0 [ 788.289442] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 788.295014] ? ns_capable_common+0x13f/0x170 [ 788.299440] ? get_anon_bdev+0x2f0/0x2f0 [ 788.302871] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 788.303509] ? sget+0x113/0x150 [ 788.303529] ? fuse_get_root_inode+0x190/0x190 2018/05/04 10:56:36 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x800e, 0xe2f]}) 2018/05/04 10:56:36 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x2, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:36 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x68}], 0x0, 0x0, &(0x7f0000011f9d)}) [ 788.303546] mount_nodev+0x6b/0x110 [ 788.303562] fuse_mount+0x2c/0x40 [ 788.303579] mount_fs+0xae/0x328 [ 788.303605] vfs_kern_mount.part.34+0xd4/0x4d0 [ 788.303620] ? may_umount+0xb0/0xb0 [ 788.303642] ? _raw_read_unlock+0x22/0x30 [ 788.314505] binder: 8402:8408 got transaction to invalid handle [ 788.315474] ? __get_fs_type+0x97/0xc0 [ 788.315495] do_mount+0x564/0x3070 [ 788.315516] ? copy_mount_string+0x40/0x40 [ 788.315532] ? rcu_pm_notify+0xc0/0xc0 [ 788.315555] ? copy_mount_options+0x5f/0x380 [ 788.315567] ? rcu_read_lock_sched_held+0x108/0x120 [ 788.315590] ? kmem_cache_alloc_trace+0x616/0x780 [ 788.320211] binder: 8402:8408 transaction failed 29201/-22, size -7337767832402370147-958217260977261921 line 2856 [ 788.323785] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 788.323802] ? _copy_from_user+0xdf/0x150 [ 788.323818] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 788.323835] ? copy_mount_options+0x285/0x380 [ 788.334429] binder: undelivered TRANSACTION_ERROR: 29189 [ 788.335218] ksys_mount+0x12d/0x140 [ 788.335237] __x64_sys_mount+0xbe/0x150 [ 788.335253] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 788.335273] do_syscall_64+0x1b1/0x800 [ 788.335291] ? syscall_return_slowpath+0x5c0/0x5c0 [ 788.335309] ? syscall_return_slowpath+0x30f/0x5c0 [ 788.335329] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 788.335346] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 788.335364] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 788.365113] binder: undelivered TRANSACTION_ERROR: 29201 [ 788.369034] RIP: 0033:0x455979 [ 788.369043] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 788.369059] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 788.369067] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 788.369076] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 788.369084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 788.369092] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 788.434947] binder: 8414:8415 transaction failed 29189/-22, size 0-0 line 2856 [ 788.439263] binder: 8402:8408 got transaction to invalid handle [ 788.457260] binder: undelivered TRANSACTION_ERROR: 29189 [ 788.458299] binder: 8402:8408 transaction failed 29201/-22, size -7337767832402370147-958217260977261921 line 2856 [ 788.552818] binder: undelivered TRANSACTION_ERROR: 29201 2018/05/04 10:56:36 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) epoll_wait(0xffffffffffffffff, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000cd8ff4)) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000007000)) epoll_wait(0xffffffffffffffff, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:36 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xf00]}]}) 2018/05/04 10:56:36 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040), 0x0, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:36 executing program 2 (fault-call:3 fault-nth:60): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:36 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x7400000000000000, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:36 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x4001, 0xe2f]}) 2018/05/04 10:56:36 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0xa000000}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:36 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2, 0x80010, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="000000009ac6a291aed1c96e093c8abecc5c3e4b1da7c359221469d8715fd517885814a45e26994805264f9bfedfc9dd1ca5ba07f3ab50c517940ead0490932fa40757f06ab4314ade1c105d5f1aee6e96f74fa97d1a23e8c33dadd117793d41282ea550e1b7a5d04edb6894f2bad50fff2b9efeff96eb4be5be35271e9d30976fd4afce1a55ef3caaab562737a24b1ab9f87592c601f2e6446b025930c7ec0b64586752281387e2d6a47d092789ddfce24f1696095923602fc45aeea3e4700295dfd45fb3b7ddd14580541f0900000000000000858c69919c140eade70c785f01e0a1b0713cefa21b8b92a23a00ddcc1c01f98eb4630e8242509cf0e03a1ab6135416000000000000000000000000000000", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) [ 788.935061] binder: 8425:8434 unknown command 0 [ 788.936165] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 788.957374] binder: 8427:8435 transaction failed 29189/-22, size 0-0 line 2856 [ 788.964243] binder: 8425:8434 ioctl c0306201 20000040 returned -22 [ 788.992872] FAULT_INJECTION: forcing a failure. [ 788.992872] name failslab, interval 1, probability 0, space 0, times 0 [ 789.004267] CPU: 0 PID: 8439 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 789.011466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 789.015912] binder: undelivered TRANSACTION_ERROR: 29189 [ 789.020822] Call Trace: [ 789.020848] dump_stack+0x1b9/0x294 [ 789.020870] ? dump_stack_print_info.cold.2+0x52/0x52 [ 789.020889] ? __mutex_lock+0x7d9/0x17f0 2018/05/04 10:56:37 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x7ffff000, 0xe2f]}) 2018/05/04 10:56:37 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x7000000}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:37 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x140, 0xe2f]}) 2018/05/04 10:56:37 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = epoll_create1(0x0) epoll_wait(r1, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000cd8ff4)) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000007000)) epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) [ 789.020910] should_fail.cold.4+0xa/0x1a [ 789.020928] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 789.050962] ? kasan_kmalloc+0xc4/0xe0 [ 789.054876] ? graph_lock+0x170/0x170 [ 789.058698] ? find_held_lock+0x36/0x1c0 [ 789.062696] binder: 8443:8444 transaction failed 29189/-22, size 0-0 line 2856 [ 789.062772] ? __lock_is_held+0xb5/0x140 [ 789.074198] ? check_same_owner+0x320/0x320 [ 789.078531] ? kasan_check_write+0x14/0x20 [ 789.082778] ? __mutex_unlock_slowpath+0x180/0x8a0 [ 789.087727] ? rcu_note_context_switch+0x710/0x710 [ 789.092672] __should_failslab+0x124/0x180 [ 789.096923] should_failslab+0x9/0x14 [ 789.100736] kmem_cache_alloc+0x2af/0x760 [ 789.104899] ? __mutex_unlock_slowpath+0x180/0x8a0 [ 789.109846] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 789.114879] __kernfs_new_node+0xe7/0x580 [ 789.119051] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 789.123818] ? mutex_unlock+0xd/0x10 [ 789.127542] ? kernfs_activate+0x20e/0x2a0 [ 789.131795] ? kernfs_walk_and_get_ns+0x320/0x320 [ 789.136657] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 789.142209] ? kernfs_link_sibling+0x1d2/0x3b0 [ 789.146826] kernfs_new_node+0x80/0xf0 [ 789.150731] __kernfs_create_file+0x4d/0x330 [ 789.155162] sysfs_add_file_mode_ns+0x21a/0x560 [ 789.159851] internal_create_group+0x282/0x970 [ 789.162213] binder: undelivered TRANSACTION_ERROR: 29189 [ 789.164447] sysfs_create_groups+0x9b/0x150 [ 789.164467] device_add+0x84d/0x16d0 [ 789.164487] ? device_private_init+0x230/0x230 [ 789.164503] ? kfree+0x1e9/0x260 [ 789.164521] ? kfree_const+0x5e/0x70 [ 789.164541] device_create_groups_vargs+0x1ff/0x270 [ 789.194671] device_create_vargs+0x46/0x60 [ 789.198925] bdi_register_va.part.10+0xbb/0x970 [ 789.203609] ? cgwb_kill+0x630/0x630 [ 789.207351] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 789.212926] ? bdi_init+0x416/0x510 [ 789.216570] ? wb_init+0x9e0/0x9e0 [ 789.220134] ? bdi_alloc_node+0x67/0xe0 [ 789.224117] ? bdi_alloc_node+0x67/0xe0 [ 789.228101] ? rcu_read_lock_sched_held+0x108/0x120 [ 789.233131] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 789.238428] ? _raw_spin_unlock+0x22/0x30 [ 789.242596] bdi_register_va+0x68/0x80 [ 789.246493] super_setup_bdi_name+0x123/0x220 [ 789.251017] ? kill_block_super+0x100/0x100 [ 789.255342] ? kmem_cache_alloc_trace+0x616/0x780 [ 789.260175] ? match_wildcard+0x3c0/0x3c0 [ 789.264336] ? trace_hardirqs_on+0xd/0x10 [ 789.268478] fuse_fill_super+0xe6e/0x1e20 [ 789.272632] ? fuse_get_root_inode+0x190/0x190 [ 789.277213] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 789.282218] ? kasan_check_read+0x11/0x20 [ 789.286371] ? cap_capable+0x1f9/0x260 [ 789.290258] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 789.295789] ? security_capable+0x99/0xc0 [ 789.299931] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 789.305461] ? ns_capable_common+0x13f/0x170 [ 789.309863] ? get_anon_bdev+0x2f0/0x2f0 [ 789.313912] ? sget+0x113/0x150 [ 789.317192] ? fuse_get_root_inode+0x190/0x190 [ 789.321772] mount_nodev+0x6b/0x110 [ 789.325400] fuse_mount+0x2c/0x40 [ 789.328845] mount_fs+0xae/0x328 [ 789.332204] vfs_kern_mount.part.34+0xd4/0x4d0 [ 789.336790] ? may_umount+0xb0/0xb0 [ 789.340448] ? _raw_read_unlock+0x22/0x30 [ 789.344597] ? __get_fs_type+0x97/0xc0 [ 789.348497] do_mount+0x564/0x3070 [ 789.352045] ? do_raw_spin_unlock+0x9e/0x2e0 [ 789.356453] ? copy_mount_string+0x40/0x40 [ 789.360677] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 789.365685] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 789.370436] ? retint_kernel+0x10/0x10 [ 789.374328] ? copy_mount_options+0x1f0/0x380 [ 789.378813] ? copy_mount_options+0x1f6/0x380 [ 789.383303] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 789.388843] ? copy_mount_options+0x285/0x380 [ 789.393336] ksys_mount+0x12d/0x140 [ 789.396961] __x64_sys_mount+0xbe/0x150 [ 789.400926] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 789.405955] do_syscall_64+0x1b1/0x800 [ 789.409845] ? syscall_slow_exit_work+0x4f0/0x4f0 [ 789.414684] ? syscall_return_slowpath+0x5c0/0x5c0 [ 789.419607] ? syscall_return_slowpath+0x30f/0x5c0 [ 789.424535] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 789.429908] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 789.434760] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 789.440564] RIP: 0033:0x455979 [ 789.443746] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 789.451451] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 789.458720] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 789.465997] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 789.473276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 789.480535] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:38 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x7a000000, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:38 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x100000000000000, 0xe2f]}) 2018/05/04 10:56:38 executing program 2 (fault-call:3 fault-nth:61): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:38 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:38 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x3f00]}]}) 2018/05/04 10:56:38 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) r1 = mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x8, 0x8010, r0, 0x0) r2 = mmap$binder(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000005, 0x14030, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0xb8, 0x0, &(0x7f00000001c0)=[@increfs_done={0x40106308, r1, 0x2}, @acquire_done={0x40106309, r2, 0x2}, @acquire={0x40046305, 0x1}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x10, &(0x7f0000000080)=[@fd={0x66642a85, 0x0, r0, 0x0, 0x3}, @fda={0x66646185, 0x4, 0x2, 0x24}], &(0x7f00000000c0)=[0x58, 0x40]}}, @reply={0x40406301, {0x4, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x28, 0x28, &(0x7f0000000140)=[@ptr={0x70742a85, 0x0, &(0x7f0000000100), 0x1, 0x1, 0x2e}], &(0x7f0000000180)=[0x30, 0x0, 0x20, 0x0, 0x78]}}], 0x4f, 0x0, &(0x7f0000000280)="5cf455c2a7c88637589cb5cccee762fdd7eaae7093c32a446236195e6e6097a8c4cf1ac09ba7708ffad17148a1e1ee20f67363f5017dd2b37de6ca499c6295a995a12eea8b212971a88279424f1740"}) 2018/05/04 10:56:38 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x2000}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:38 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = epoll_create1(0x0) epoll_wait(r1, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000cd8ff4)) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000007000)) epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) [ 790.181673] binder: 8466:8473 transaction failed 29189/-22, size 0-0 line 2856 [ 790.189872] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 790.196371] binder: 8468:8474 transaction failed 29189/-22, size 0-0 line 2856 [ 790.219212] binder: undelivered TRANSACTION_ERROR: 29189 [ 790.222634] FAULT_INJECTION: forcing a failure. [ 790.222634] name failslab, interval 1, probability 0, space 0, times 0 [ 790.225595] binder: 8466:8473 BC_INCREFS_DONE u0000000000000000 no match [ 790.236197] CPU: 1 PID: 8475 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 790.243074] binder: 8466:8473 BC_ACQUIRE_DONE u0000000000000000 no match [ 790.250211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 790.250218] Call Trace: [ 790.250245] dump_stack+0x1b9/0x294 [ 790.250266] ? dump_stack_print_info.cold.2+0x52/0x52 [ 790.257162] binder: 8466:8473 Acquire 1 refcount change on invalid ref 1 ret -22 [ 790.266447] ? __mutex_lock+0x7d9/0x17f0 [ 790.266472] should_fail.cold.4+0xa/0x1a [ 790.269053] binder: 8466:8473 got reply transaction with no transaction stack [ 790.273521] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 790.273539] ? kasan_kmalloc+0xc4/0xe0 [ 790.273555] ? graph_lock+0x170/0x170 [ 790.273573] ? find_held_lock+0x36/0x1c0 [ 790.278815] binder: 8466:8473 transaction failed 29201/-71, size 56-16 line 2763 [ 790.286310] ? __lock_is_held+0xb5/0x140 [ 790.286336] ? check_same_owner+0x320/0x320 [ 790.310637] binder: undelivered TRANSACTION_ERROR: 29189 [ 790.310678] ? kasan_check_write+0x14/0x20 [ 790.318192] binder: 8466:8473 transaction failed 29189/-22, size 0-0 line 2856 [ 790.318519] ? __mutex_unlock_slowpath+0x180/0x8a0 [ 790.318539] ? rcu_note_context_switch+0x710/0x710 [ 790.318563] __should_failslab+0x124/0x180 [ 790.365557] should_failslab+0x9/0x14 [ 790.369377] kmem_cache_alloc+0x2af/0x760 [ 790.373554] ? __mutex_unlock_slowpath+0x180/0x8a0 2018/05/04 10:56:38 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x1000000, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:38 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0xa00}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:38 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0x7ffff000]}) 2018/05/04 10:56:38 executing program 1: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x1, 0x0) getsockopt$inet_sctp_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f00000000c0)={0x4, [0x2, 0x5, 0x3ff, 0x81]}, &(0x7f0000000100)=0xc) r1 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) fallocate(r0, 0x0, 0xff10, 0x3) writev(r1, &(0x7f0000001400)=[{&(0x7f0000000140)="40a8adfbb64587b44e9a4514772f0b7f7c6f7c9fc55c8fa3942e0636ce023dbe9a3c593ae9fcf1dc34297e36b26cf8ce15753f07d00e003e269b2de915ff46e47f88c0538b0d1c6530df5c683710024aab7b24d2ab69e74e63450536246852072ef88fa4c7062f40ad5a5a751db3b044b986b138dcda7eec7ee2ffef58b736cc905be6217db73e1cf848e0c921b16750bf0d8b9e17cbeaa0e89a5ee38bf948dd9779e9c22f66f0583f2118830ef87494c33517ab2b85d855b18df872dfe86b6521c84e", 0xc3}, {&(0x7f0000000240)="9f27a68fd8ec38367d0b4f0985f178a42c1bd29372dd8f1f", 0x18}, {&(0x7f0000000280)="c48d1d6ffa79e1ac920c1d1249aac96662c2a10dc8bdf3c1fd9fdfd202091d44089c7de9956850eb59ef6f728e", 0x2d}, {&(0x7f00000002c0)="b80f3c92aee4c84c39a0493ad6db36f8a6e908c855da66fc409fbb938b19fb7ea84df312479eb698cde73e562b47805fdc733627d0ca92fda5e79976199ebd87d3bdc98d33a181d9098e97bd74b4cf3982493d6c349e1337680cfb77b2d8ae8914eb7cf8dff644ce", 0x68}, {&(0x7f0000000340)="06063c81ed96a88761d7ed34a0d630958dfd66d2c317e0f814f54bdf2e350012ff0041102abbeba786f09d69f3c3f42fc851a1c53c0373dd5eb8fe9f557f341198ff2b761d77c742eafed55932e6e427b1a5e3bb1aa76fa2bebd7e1b86ff01247d7a875ccbfaa850b1409f4fe705c3c397638c9d2ac64ebdbe5e8eb79b5bcfcd898080074b289b1ae0a96b576520896a93410ebc8e2b47b5b11ef62ce4809013b45dc0e1fb", 0xa5}, {&(0x7f0000000400)="184e979b5aebe4bd964fd1e2e88059a4bcc492ab278313f258d7f12f19c33003fc2a43e0421fddf2f505d81b792b83fdc280633c1e3b60963e28fcebd59dde4a13667789eae6088d5728dcd1ebe3dbb8ffb8ba0bf9faa2dafd3b01ad81dbec47af27d533c8f236ab11cf843deeeee565bdfda0debd43a0145731bbe67cd209fc5f81d549d7ec4b9a30f25c6879202c059622abc348d3da115875cd87c52e8f0ba1d6ed5dc5a684c0e16bf374482acdbb80c99b37b133b1d2620ab1943b725074fffea4dffcd2c51bf96d5e43a90d324b675d3ddeb61ad2a5ab5df546179773a4e536a821be1e8cb30feea1048f00bfbd5e50f85497dd3d753af88bb4eda5f990687e00d60fcb0c2620eba195f65e07ed4c9e400f408606b651082c6101c6ae1d31d9348c25082fa6ff76e93bdae22a93c59d380b9e36e0da92d4d8db24976f8c993f6af8a46e27b985ad9a8ae13e55ed87a5155b513620a9d792ffb807e38ac4c1c70e9472f63a429690c71aa9ff83393bc16f73ea60c01eea67fbccbe4eca589be5ce6b70bbe888aecd4a59a303a5c7c6edb476cab0f5d931ed661038b2a3764302564ad6803ce70ccf28a5364e437a879ab5e3a294822ac7e8a77561dfd2551c57b6d0d7886446606071835853534989f54a830e31d2d71bfaae6f6e64f9d9d158faa7d1790f016dfdfebb831b0a51029e3547763e539d4c0e19182106c701a75d2551867dc16527dfdc46ce95159b4e26fd1b5d0ecd30a49a72fe60f007579f8c3d8ff7454ac94db494ca8cc7156bdc9068ec2881d8fc3080f7f186027e44746f098f71bfbf4b6ed4e295694fde253db83696dd25ff3a6ee36e7b857f816d3c1e41704635f4b6f8a975e738618747895473351786e9931a87bfe0deda0380647ea2b192c753b523c28374f7424b8cd9ff21eca7d15126b1aab920f6824db92e3d769e5dd33d4d020ebe51f4136ba22ffd0e5044795b39230e7da9812296f2a25cce7ed6d83f93fa4c26966347449052bd367313789cbb771b46ed56624fb2ca5e3e217059cb03c9776227909a6a8ffc7d1b437aac8b67773a84c4ea1326ac27effcfaeefafe35093f836242efc147cb4395d685384f246fd87417b91f0a149af305f9ee232ac69d03de1b0c933c6eb4dc6af4aac9ebf52743fbac62ff6bfba284b1270bb534e8ebd18486f146c0dd946cc3a06cae34f943fa88cf3a62e047a33d8f4561e94c1f25107864da8c6ccd0c7c2e81f64dec45be250a76aee67eb921bde0983e472ce80a03c399c2086ec91e9c8a41e773a2e689fc9da70b67cfe5cc43f7c65ace8bd7d44b359a5e4c70d55f4398c8d57d7d14e001c6c6357fd72d6a3d9280467fbcf1caea2927a9055bd2b411d0b8df96f72afbf518e5e52da0e0752028a62ffc014b88c175eaf0fb2915a07fd509d16532fdf030889bd93410ad9253c7f1c4b79398379fe0bb132d8dae47ddd29e8e7025c61eb1b4e5411544dd9f81136d5ee97eaf84e05ccc6b0c68930ae477132bc0fb45c14c734c80056d0dc7af833c6ebacb59f226ff7fc76d516d9ad7cc27655e5380f704eaa68cb848683ababe4a1d2e135cd9204156654ffe2e6ea159ed542e1af1ba980ed955e1e30b59490c25c740173afa53f0973ec3525b4989aa081a17445c6901f54a9c404de338272bfb01a7be10ba6c9107f7ea8c0c9d02d9d5eb5908f9ba42c7ba19e0baacf3a1b3dffec93376be55e9fe27bdc66081de73a9073013d67989ca0702ac86c05157c36280334b1bed7e6a0f2731ba79df970ccf788023b3f641e16c6c3eb55852171e32dd0fb3350baf827dae45d73faaa1a30c6a1ff0b6a6b54962ddaa20300a155ca877ce041f124448182c86a5979ad6f527e6fba4f5cbcacdb22ebbbf33f24906e76df6c4c4bd247303e7eb95698be2f3fee9fa22429477ebe992ee1a795d96d2ba2264935cc07a662d954d0013acd09043826d5283354e37fa756f649821749a47107ef5b8f499b41a6d915098e7c43eb6eeb2363e7df5ff5397aabef4dffbb0b5bd4eff2f2eed87e6905d1de24ffcc898aa35a1020a423ccc69d732304a2d483bbe38792d0a33a7a24786adc6282122aa2cea0ff29bc8cc97e5a676e71e6177b1f134181dd93d238d107175a45cdc99abd62219d5178a267676f61686bdd75d679d0358f8fe2bdc40b8dc13149bebdff3b05a249437d276b7fc8672417d3d22ea8c2611baa1cfdcf268397cd542dace3c3f6ef800142a2a2d45cc661bb8c37d2424e7472db740b5beae58d05fb3c752d84d9ff4b5f546bf4d38f89828bd52d4b7b57c9259e27532fe17209c61573035612b472ab10e755fa843da2ba094c03def2d001dd664921ba306de026f7d9888c5080bc4b60468e53520da9f17476a01ac71b90b29647d75c7c0e81859ccab22161310cff6341993139fd9c5589c0e46e6c6be927a224b99a11b6706a0d1a31a9c69d92933c6180cfd842b9107103446eaeb442509458c600a5a3701c071c86a91c93591811ecf87bfce5e54aecc87d89a529432d442a8911e600303b48897ac49c0a5fd123bc6e6f620738906b54fcbdebde4d0e2e920d09d75c3e7f320f0e6291a9ffd8b446bd7df9feef9ce2c053d4e6f8b8ae67f7e3a515e004545b2c592f5a5479a3d6f99ac21fc64b12377d1fa30e800d5ff6477c46e920f3743c9615f3fd7a633390f2cd70fa93850a777b3d9ac302f663df6568d8b2ee871c6768ae723ebd2f6e9a132454a5ec612f5b8847ff5bcccd081da776bcd20b5442bfa3a68eaa793fca0a0506607b5db6175ef9e66457ba76d8f719b4729609fec71282d52c9531841c8c95a450f11800027156ceb2a1a5f911dcd7b337a8ed4c478cc4eeb359c2182a3ff44dff7b4192ce0bc227d28dfc865c06fa6b5171cec40a4aa942082d0f3963d167e74fbf693334ee1d0d26b813ad30745e2682e7cce3ab128d8faf7c8cdd66cabb5b8b644ecaa055597a2d85d33bdd7c867f9e850159255aac6b013708961a170a6f5b1487586031d0f2c30f8fd3f99694bd965fe0f794c0f57c5aa8a0c940cd1db2fc1f40451b580eb4beb65e861d409ec1e3f49260d928146ef181b29307b672084d25895042989f3ae0b0b32ffae2956f0f3a22f25c5bc0b5ccd95b181c5c89ac5a4c5b8dd017dcef21e6739eddf15d24f7e28513db8a52500918da6587c04d0438a038c408132661d7fca71eea65ae4fd4ced14f07ec09d32f335df159586b3b053552eec0be3cdfb5cefa84be720750ba0e0cc73f88cdf399139afbf9ad903b955f0e245ddb2f17ae640626eb888b0209063fc3405f2fb6d3c44aa6e9a2052dfec590dd54be66ec2e53beed61bf80bc013ee45ac1ccebf286b0eeeb5dca64f27c846a4c35edd826003a8a35da34a02c455b44c290f9ac958edd6f60f7b604f42fad987152f9cda35838f5bef7e2da279a484dbf871a56715668b6374a540e1cbbe2d43f43a98bf945ea3a50faffaa271e2d29edab6ee1ce95453a66f6e47d678ec5754539d97b73b44ce6ab0e63d8c0857b3fdfca762dd0dc9c49a72fc0bece2f8b679f8b46c7fd130c0f3e34ed2915c72737552b60b198a0851c15a8fd89f2e5c120009a8024092efbf0561f00df180d0099959e7464cb8a2f0ec49eb37867cc17b41426297f224b438a73f3035212c1af5dd546e0a04bbceff822a3713cebf311163244972dd25889bd5c83b1553cc6ec11d86a299d2a45f07be91d660d803742c1a26693e4be8083473ae24825c6744b587486ef3fe0530f73ee07421bffebae9e89a0ae06c34da27aafd555ec87dbec813393d0796d2fe5065c79a34e559bd902fe04d09483f729a493a3c0d39c91bd3c0999f0048d305e705478055ef53ba5859a1f7c51b4de2519340d8ba213c76fcd1a062f45c62c651627782c16c4dfc5c04b27d92aec873b2256e7ce82a2c2c1ec40b7afb5b97ed59f06f4b6f5664b407779edcaaba25953a516f84e6c992d18b38c5c6b45e0d28a041cb298bd2954589e79bd7b5396a1fdcddcb5ebd8605a512b8fae8889783b15a9023440179ab30a6355f86d428848640ee29851c101bad4501e1e4e6a4d05b67b06b4eeec6a7229cae296a70952f930852a6b14b6c78e3419f13b34877dc21b7f30d88283cb15827fa64fb606de4469365f76924415061b71dee8c064da9788495441ea83eb5d7cc9e5f1facca7c0eec2681c0a6f4f847033d4baf0d31b34d614f25e08c350210c0971e7621604c7ba945a891821a45070681683bc11e0823d8610ea028fd1c15fe12003d3d29dff12140e1a4253a10d2d8547658e4a71554d626cbae5db4e8596f13fea43a8fba3b9368a06aede1393753e22d8df8930f783caac0b75b5eb6ea25dfd65c7df0a3db93512808b593294942868efeb4c3022fb94fd9d74aa07fbb1e0b6d66675ac744a53edff6d65eeb1fa5f8eb6ba05f30d6479b7d01244a6c2ead4eaae42479949061c8a178406e96b1bbf69570b728381f80513ddd38c82df3258402aba56c2c15c9f72443a95556a6367b686fff1c3ce4c8be9d0a38e37361c4db66606a2bd5444e4dd05a7175ac77f45340f9f2512a83cc7dfde198a969256229a68afaf53ae7c10f74a83cf379b79709061175269143ba89b9ca5081d52ef0a08c48a8f5f82fcdd6b76c69a6bce429384f07d40f272f57e9da158a7ff8a101b9a17fa0241aaf9d1063d8e826cfbb1a08b2feed0d95a240dae8f659409b9191f4d9f3a84575600c7c837ad997d5b2bbc642cab9e0b6f43e0ad4ea750390864ef50321ad7d36b45428cbc20177cc9d7f2a8668c2ff47203515894e4d3b13f29644d59625c5f46a27b71f64cab71bf86772155e4232a234d22cf12c4bd6b4209957cd4ba9224814fc4baffb643d6d3fab1f6c8a43291e86a5ec3b26bc5585fcdb95023d9784a27dd2f143b91b5390b863a6bf4d053a873cf5b99bbf20199749261ebeb18e21e433d6722e484d108dabc576dcee01d717f2dacf989de4ee4ca0b1fb04667f596d24a9b2f3dd0ca0e28c4bde2d9296516e7dc512f45faa1f7d88838858fcd2501d1356d8a9810a82c6fbde4d68afb153727bffc3f1ef0dea369053387fd45f39893ee7e96b6b119f48a213f9309b12b0694dc21a1cab77f5add4c4bc037ff399d1d8341faff92486d568dac44de7c9c2d10ddb1fd62976ead13bb07ecec0f77c3ada89d67f7630867266d4c4d1cd29343e3115e76f7bc281a240d83dcf934ee60d3586fa35a7c0751ff7a62856810fac510264d623fa9be3f98b4b1885d4e50a6ec4c585e21184a7742af5c700a29cc75aea1850f3680488813d070d8ae4c699cbe8049631dc2eb7cb533fbc8f75dac7406584145067107a03b22fc822825b2dece0e9ff1241f23b94821c1a6b0483bc3e35e346bc2bc17f02a767b23f97be6b96bcca956c66d4579772dcc4814a4dfcd3ea9153ba412b73a8292484d762a4eb3b338b746b2de387a1ce99594af4fbf07c43c8a0b3bbece6cd3942a042d9910be036247a87865134dad70c14c4d78f1bc829c20f3539781d27d6217b43ed0ce3726e1e3ff8be4f46a6eb43637cbbce8d1e7bb471ccd8b7cb18035baeb879139f954aad9862481297335e071a07887305da4b405ae4aaaa50fb6eedaa4903fe4561a62a30992472688179b6d18047d32c2ba3d94ed42f4c98990a6eca5d2668913282a238b4be1f2081e8b01c6ccd1668ce9e15f6c37cb3e2d764aa0c08399722dc3db03410b5a57ebaafd19c5365ac79b492cc2425ce97773870171e5802", 0x1000}], 0x6) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="cb36c016", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0) [ 790.378507] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 790.383546] __kernfs_new_node+0xe7/0x580 [ 790.384369] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 790.387704] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 790.387724] ? mutex_unlock+0xd/0x10 [ 790.387738] ? kernfs_activate+0x20e/0x2a0 [ 790.387755] ? kernfs_walk_and_get_ns+0x320/0x320 [ 790.387772] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 790.387790] ? kernfs_link_sibling+0x1d2/0x3b0 [ 790.411612] binder: undelivered TRANSACTION_ERROR: 29189 [ 790.413910] kernfs_new_node+0x80/0xf0 [ 790.413930] __kernfs_create_file+0x4d/0x330 [ 790.413949] sysfs_add_file_mode_ns+0x21a/0x560 [ 790.413972] internal_create_group+0x282/0x970 [ 790.413997] sysfs_create_groups+0x9b/0x150 [ 790.414017] device_add+0x84d/0x16d0 [ 790.414033] ? device_private_init+0x230/0x230 [ 790.414051] ? kfree+0x1e9/0x260 [ 790.463075] ? kfree_const+0x5e/0x70 [ 790.466808] device_create_groups_vargs+0x1ff/0x270 [ 790.470436] binder: 8479:8484 transaction failed 29189/-22, size 0-0 line 2856 [ 790.471836] device_create_vargs+0x46/0x60 [ 790.471860] bdi_register_va.part.10+0xbb/0x970 [ 790.471876] ? cgwb_kill+0x630/0x630 [ 790.471896] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 790.471908] ? bdi_init+0x416/0x510 [ 790.471922] ? wb_init+0x9e0/0x9e0 [ 790.471935] ? bdi_alloc_node+0x67/0xe0 [ 790.471951] ? bdi_alloc_node+0x67/0xe0 [ 790.507042] binder: undelivered TRANSACTION_ERROR: 29189 [ 790.508610] ? rcu_read_lock_sched_held+0x108/0x120 [ 790.508630] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 790.508652] ? _raw_spin_unlock+0x22/0x30 [ 790.508673] bdi_register_va+0x68/0x80 [ 790.508693] super_setup_bdi_name+0x123/0x220 [ 790.508709] ? kill_block_super+0x100/0x100 [ 790.508725] ? kmem_cache_alloc_trace+0x616/0x780 [ 790.508744] ? match_wildcard+0x3c0/0x3c0 [ 790.554913] ? trace_hardirqs_on+0xd/0x10 [ 790.554937] fuse_fill_super+0xe6e/0x1e20 [ 790.561344] binder: 8485:8486 unknown command 381695691 [ 790.563247] ? fuse_get_root_inode+0x190/0x190 [ 790.563269] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 790.563290] ? kasan_check_read+0x11/0x20 [ 790.563308] ? cap_capable+0x1f9/0x260 [ 790.563329] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 790.575315] binder: 8485:8486 ioctl c0306201 20000040 returned -22 [ 790.578266] ? security_capable+0x99/0xc0 [ 790.578290] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 790.578306] ? ns_capable_common+0x13f/0x170 [ 790.578323] ? get_anon_bdev+0x2f0/0x2f0 [ 790.578336] ? sget+0x113/0x150 [ 790.578352] ? fuse_get_root_inode+0x190/0x190 [ 790.578370] mount_nodev+0x6b/0x110 [ 790.620045] binder: 8485:8488 unknown command 381695691 [ 790.620254] fuse_mount+0x2c/0x40 [ 790.620271] mount_fs+0xae/0x328 [ 790.620290] vfs_kern_mount.part.34+0xd4/0x4d0 [ 790.625535] binder: 8485:8488 ioctl c0306201 20000040 returned -22 [ 790.628509] ? may_umount+0xb0/0xb0 [ 790.628528] ? _raw_read_unlock+0x22/0x30 [ 790.628541] ? __get_fs_type+0x97/0xc0 [ 790.628560] do_mount+0x564/0x3070 [ 790.628578] ? do_raw_spin_unlock+0x9e/0x2e0 [ 790.628597] ? copy_mount_string+0x40/0x40 [ 790.628609] ? rcu_pm_notify+0xc0/0xc0 [ 790.628628] ? copy_mount_options+0x5f/0x380 [ 790.683631] ? rcu_read_lock_sched_held+0x108/0x120 [ 790.683651] ? kmem_cache_alloc_trace+0x616/0x780 [ 790.693516] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 790.699072] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 790.704627] ? copy_mount_options+0x285/0x380 [ 790.709148] ksys_mount+0x12d/0x140 [ 790.712791] __x64_sys_mount+0xbe/0x150 [ 790.716756] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 790.721768] do_syscall_64+0x1b1/0x800 [ 790.725643] ? finish_task_switch+0x1ca/0x810 [ 790.730126] ? syscall_return_slowpath+0x5c0/0x5c0 [ 790.735060] ? syscall_return_slowpath+0x30f/0x5c0 [ 790.740004] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 790.745371] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 790.750224] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 790.755416] RIP: 0033:0x455979 [ 790.758595] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 790.766300] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 790.773567] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 790.780827] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 790.788086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 790.795359] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:39 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x20000000, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:39 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x7a}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:39 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xd]}) 2018/05/04 10:56:39 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x4000000000000000]}]}) 2018/05/04 10:56:39 executing program 2 (fault-call:3 fault-nth:62): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:39 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:39 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002300)='/dev/binder#\x00', 0x0, 0x4) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000011f9d)}) recvmmsg(0xffffffffffffff9c, &(0x7f0000002080)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000080)=""/16, 0x10}, {&(0x7f00000000c0)=""/50, 0x32}, {&(0x7f0000000100)=""/170, 0xaa}, {&(0x7f00000001c0)=""/192, 0xc0}], 0x4, &(0x7f00000002c0)=""/81, 0x51, 0xca}, 0x400}, {{&(0x7f0000000340)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x80, &(0x7f0000001440)=[{&(0x7f00000003c0)=""/83, 0x53}, {&(0x7f0000000440)=""/4096, 0x1000}], 0x2, &(0x7f0000001480)=""/78, 0x4e, 0x8126}, 0xb8d1}, {{&(0x7f0000001500)=@pppol2tpv3={0x0, 0x0, {0x0, 0xffffffffffffffff, {0x0, 0x0, @multicast2}}}, 0x80, &(0x7f00000015c0)=[{&(0x7f0000001580)=""/50, 0x32}], 0x1, &(0x7f0000001600)=""/188, 0xbc, 0x6}, 0x3}, {{&(0x7f00000016c0)=@pppoe={0x0, 0x0, {0x0, @link_local}}, 0x80, &(0x7f0000001a80)=[{&(0x7f0000001740)=""/63, 0x3f}, {&(0x7f0000001780)=""/5, 0x5}, {&(0x7f00000017c0)=""/137, 0x89}, {&(0x7f0000001880)=""/244, 0xf4}, {&(0x7f0000001980)=""/126, 0x7e}, {&(0x7f0000001a00)=""/113, 0x71}], 0x6, &(0x7f0000001b00)=""/46, 0x2e, 0x9}, 0x8}, {{&(0x7f0000001b40)=@ax25, 0x80, &(0x7f0000001cc0)=[{&(0x7f0000001bc0)=""/220, 0xdc}], 0x1, &(0x7f0000001d00), 0x0, 0x11}, 0x8}, {{0x0, 0x0, &(0x7f0000002040)=[{&(0x7f0000001d40)=""/218, 0xda}, {&(0x7f0000001e40)=""/192, 0xc0}, {&(0x7f0000001f00)=""/248, 0xf8}, {&(0x7f0000002000)=""/10, 0xa}], 0x4}, 0x5}], 0x6, 0x40, &(0x7f0000002200)={0x77359400}) ioctl$sock_inet_tcp_SIOCOUTQ(r1, 0x5411, &(0x7f0000001d00)) ioctl$int_out(r1, 0x5462, &(0x7f0000000000)) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r1, 0x114, 0xa, &(0x7f0000002340)=ANY=[@ANYBLOB="999e0a05c7577038701a3d7918af36a9760ba22e3718c1f5cae31051601b8f056000904073d90cc5de9d2ead22a74382434bbfe07a20104fd8ac97b4bead27ad82556a4e35c284ce06279cc6151565038bb0b2446e35a243858c9ef86db3e63f3f5e76dacb5707f144c1bc533ab57fae893c419923e2af5e93fb97c073bbadbbb364693d8afbeccf73e07db1eae59d3d128d4b5470526db732cc729c93a719dbc9c44539b0cc3f64dad60ab311d2ec50960e1998780cdee22916ea6ea01ea129cc275856d95176289ef7383e717cbebfa856b52ee79574406005e38abc2646317dd0cfc3591c87baac26f1f270e0cc5ac6"], 0x1) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:39 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = epoll_create1(0x0) epoll_wait(r1, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000cd8ff4)) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000007000)) epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) [ 791.270809] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 791.279015] binder: 8506:8512 transaction failed 29189/-22, size 0-0 line 2856 [ 791.291163] FAULT_INJECTION: forcing a failure. [ 791.291163] name failslab, interval 1, probability 0, space 0, times 0 [ 791.302510] CPU: 1 PID: 8498 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 791.309713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 2018/05/04 10:56:39 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$EVIOCGEFFECTS(r0, 0x80044584, &(0x7f0000000080)=""/100) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:39 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0x20000f2f]}) [ 791.319075] Call Trace: [ 791.321685] dump_stack+0x1b9/0x294 [ 791.325348] ? dump_stack_print_info.cold.2+0x52/0x52 [ 791.330565] should_fail.cold.4+0xa/0x1a [ 791.334651] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 791.339780] ? graph_lock+0x170/0x170 [ 791.341380] binder: 8514:8515 ioctl 80044584 20000080 returned -22 [ 791.343595] ? lock_downgrade+0x8e0/0x8e0 [ 791.343616] ? find_held_lock+0x36/0x1c0 [ 791.343637] ? __lock_is_held+0xb5/0x140 [ 791.343667] ? check_same_owner+0x320/0x320 [ 791.343680] ? wait_for_completion+0x870/0x870 [ 791.343700] ? rcu_note_context_switch+0x710/0x710 [ 791.376018] ? graph_lock+0x170/0x170 [ 791.379818] __should_failslab+0x124/0x180 [ 791.384047] should_failslab+0x9/0x14 [ 791.387841] kmem_cache_alloc+0x2af/0x760 [ 791.391982] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 791.397052] __kernfs_new_node+0xe7/0x580 [ 791.401219] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 791.405968] ? kernfs_walk_and_get_ns+0x320/0x320 [ 791.410802] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 791.416335] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 791.421865] ? kernfs_put+0x493/0x750 [ 791.425663] ? kernfs_add_one+0x129/0x4d0 [ 791.429896] ? kernfs_get+0x30/0x30 [ 791.433515] kernfs_new_node+0x80/0xf0 [ 791.437408] kernfs_create_dir_ns+0x3d/0x140 [ 791.441843] internal_create_group+0x110/0x970 [ 791.446425] ? internal_create_group+0x347/0x970 [ 791.451172] sysfs_create_group+0x1f/0x30 [ 791.455309] dpm_sysfs_add+0x26/0x210 [ 791.459111] device_add+0xa11/0x16d0 [ 791.462814] ? device_private_init+0x230/0x230 [ 791.467383] ? kfree+0x1e9/0x260 [ 791.470739] ? kfree_const+0x5e/0x70 [ 791.474443] device_create_groups_vargs+0x1ff/0x270 [ 791.479448] device_create_vargs+0x46/0x60 [ 791.483683] bdi_register_va.part.10+0xbb/0x970 [ 791.488700] ? cgwb_kill+0x630/0x630 [ 791.492408] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 791.497931] ? bdi_init+0x416/0x510 [ 791.501554] ? wb_init+0x9e0/0x9e0 [ 791.505084] ? bdi_alloc_node+0x67/0xe0 [ 791.509047] ? bdi_alloc_node+0x67/0xe0 [ 791.513015] ? rcu_read_lock_sched_held+0x108/0x120 [ 791.518038] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 791.523307] ? _raw_spin_unlock+0x22/0x30 [ 791.527451] bdi_register_va+0x68/0x80 [ 791.531338] super_setup_bdi_name+0x123/0x220 [ 791.535825] ? kill_block_super+0x100/0x100 [ 791.540159] ? kmem_cache_alloc_trace+0x616/0x780 [ 791.544998] ? match_wildcard+0x3c0/0x3c0 [ 791.549145] ? trace_hardirqs_on+0xd/0x10 [ 791.553291] fuse_fill_super+0xe6e/0x1e20 [ 791.557443] ? fuse_get_root_inode+0x190/0x190 [ 791.562024] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 791.567057] ? kasan_check_read+0x11/0x20 [ 791.571197] ? cap_capable+0x1f9/0x260 [ 791.575082] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 791.580615] ? security_capable+0x99/0xc0 [ 791.584757] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 791.590287] ? ns_capable_common+0x13f/0x170 [ 791.594706] ? get_anon_bdev+0x2f0/0x2f0 [ 791.598756] ? sget+0x113/0x150 [ 791.602030] ? fuse_get_root_inode+0x190/0x190 [ 791.606604] mount_nodev+0x6b/0x110 [ 791.610233] fuse_mount+0x2c/0x40 [ 791.613679] mount_fs+0xae/0x328 [ 791.617040] vfs_kern_mount.part.34+0xd4/0x4d0 [ 791.621613] ? may_umount+0xb0/0xb0 [ 791.625244] ? _raw_read_unlock+0x22/0x30 [ 791.629378] ? __get_fs_type+0x97/0xc0 [ 791.633256] do_mount+0x564/0x3070 [ 791.636792] ? do_raw_spin_unlock+0x9e/0x2e0 [ 791.641196] ? copy_mount_string+0x40/0x40 [ 791.645526] ? rcu_pm_notify+0xc0/0xc0 [ 791.649406] ? copy_mount_options+0x5f/0x380 [ 791.653804] ? rcu_read_lock_sched_held+0x108/0x120 [ 791.658812] ? kmem_cache_alloc_trace+0x616/0x780 [ 791.663648] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 791.669189] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 791.674718] ? copy_mount_options+0x285/0x380 [ 791.679215] ksys_mount+0x12d/0x140 [ 791.682852] __x64_sys_mount+0xbe/0x150 [ 791.686819] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 791.691831] do_syscall_64+0x1b1/0x800 [ 791.695720] ? finish_task_switch+0x1ca/0x810 [ 791.700208] ? syscall_return_slowpath+0x5c0/0x5c0 [ 791.705128] ? syscall_return_slowpath+0x30f/0x5c0 [ 791.710050] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 791.715410] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 791.720248] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 791.725425] RIP: 0033:0x455979 [ 791.728601] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 791.736306] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 791.743571] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 791.750830] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 791.758103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 791.765362] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:39 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x7a00, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:39 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0xe80]}) [ 791.780515] binder: 8514:8515 transaction failed 29189/-22, size 0-0 line 2856 [ 791.804069] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 791.811974] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:56:39 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x400000000000000}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:39 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0xf0, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:39 executing program 2 (fault-call:3 fault-nth:63): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) [ 791.825710] binder: 8514:8515 ioctl 80044584 20000080 returned -22 [ 791.832047] binder: undelivered TRANSACTION_ERROR: 29189 [ 791.832465] binder: 8514:8520 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:56:39 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x140]}) 2018/05/04 10:56:39 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x48, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:39 executing program 1: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x14, 0x0, &(0x7f0000000080)=[@enter_looper={0x630c}, @acquire={0x40046305, 0x3}, @decrefs={0x40046307}], 0x41, 0x0, &(0x7f00000000c0)="5ddfa7222ead3b43a4e524f6651baf69ed8259a772b4e948e9ce62cc2b3c043beb88283148bbba69eb3ae4fc7bc420ca62c6382b69be9dc6206d8b659278c4c502"}) fcntl$setsig(0xffffffffffffffff, 0xa, 0x11) ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0) [ 791.910198] binder: 8526:8527 transaction failed 29189/-22, size 0-0 line 2856 [ 791.938416] binder: undelivered TRANSACTION_ERROR: 29189 [ 791.956144] FAULT_INJECTION: forcing a failure. [ 791.956144] name failslab, interval 1, probability 0, space 0, times 0 [ 791.967681] CPU: 0 PID: 8531 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 791.974883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 791.976545] binder: undelivered TRANSACTION_ERROR: 29189 [ 791.984240] Call Trace: [ 791.984267] dump_stack+0x1b9/0x294 [ 791.984292] ? dump_stack_print_info.cold.2+0x52/0x52 [ 791.984311] ? __mutex_lock+0x7d9/0x17f0 [ 791.984334] should_fail.cold.4+0xa/0x1a 2018/05/04 10:56:40 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x20000100]}) [ 792.009298] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 792.014429] ? kasan_kmalloc+0xc4/0xe0 [ 792.018337] ? graph_lock+0x170/0x170 [ 792.022162] ? find_held_lock+0x36/0x1c0 [ 792.026247] ? __lock_is_held+0xb5/0x140 [ 792.030342] ? check_same_owner+0x320/0x320 [ 792.034690] ? kasan_check_write+0x14/0x20 [ 792.038947] ? __mutex_unlock_slowpath+0x180/0x8a0 [ 792.043896] ? rcu_note_context_switch+0x710/0x710 [ 792.048858] __should_failslab+0x124/0x180 [ 792.053119] should_failslab+0x9/0x14 [ 792.056942] kmem_cache_alloc+0x2af/0x760 [ 792.061113] ? __mutex_unlock_slowpath+0x180/0x8a0 [ 792.066075] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 792.071116] __kernfs_new_node+0xe7/0x580 [ 792.075292] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 792.080068] ? mutex_unlock+0xd/0x10 [ 792.083806] ? kernfs_activate+0x20e/0x2a0 [ 792.088067] ? kernfs_walk_and_get_ns+0x320/0x320 [ 792.092937] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 792.098493] ? kernfs_link_sibling+0x1d2/0x3b0 [ 792.103104] kernfs_new_node+0x80/0xf0 [ 792.107015] __kernfs_create_file+0x4d/0x330 [ 792.111437] sysfs_add_file_mode_ns+0x21a/0x560 [ 792.116111] sysfs_add_file+0x4e/0x60 [ 792.119908] sysfs_merge_group+0xfa/0x230 [ 792.124062] dpm_sysfs_add+0x161/0x210 [ 792.127944] device_add+0xa11/0x16d0 [ 792.131652] ? device_private_init+0x230/0x230 [ 792.136224] ? kfree+0x1e9/0x260 [ 792.139585] ? kfree_const+0x5e/0x70 [ 792.143287] device_create_groups_vargs+0x1ff/0x270 [ 792.148294] device_create_vargs+0x46/0x60 [ 792.152520] bdi_register_va.part.10+0xbb/0x970 [ 792.157179] ? cgwb_kill+0x630/0x630 [ 792.160882] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 792.166403] ? bdi_init+0x416/0x510 [ 792.170021] ? wb_init+0x9e0/0x9e0 [ 792.173548] ? bdi_alloc_node+0x67/0xe0 [ 792.177505] ? bdi_alloc_node+0x67/0xe0 [ 792.181464] ? rcu_read_lock_sched_held+0x108/0x120 [ 792.186466] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 792.191735] ? _raw_spin_unlock+0x22/0x30 [ 792.195883] bdi_register_va+0x68/0x80 [ 792.199766] super_setup_bdi_name+0x123/0x220 [ 792.204249] ? kill_block_super+0x100/0x100 [ 792.208562] ? kmem_cache_alloc_trace+0x616/0x780 [ 792.213395] ? match_wildcard+0x3c0/0x3c0 [ 792.217540] fuse_fill_super+0xe6e/0x1e20 [ 792.221701] ? fuse_get_root_inode+0x190/0x190 [ 792.226273] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 792.231280] ? kasan_check_read+0x11/0x20 [ 792.235429] ? cap_capable+0x1f9/0x260 [ 792.239312] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 792.244835] ? security_capable+0x99/0xc0 [ 792.248982] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 792.254702] ? ns_capable_common+0x13f/0x170 [ 792.259111] ? get_anon_bdev+0x2f0/0x2f0 [ 792.263158] ? sget+0x113/0x150 [ 792.266515] ? fuse_get_root_inode+0x190/0x190 [ 792.271094] mount_nodev+0x6b/0x110 [ 792.274714] fuse_mount+0x2c/0x40 [ 792.278154] mount_fs+0xae/0x328 [ 792.281695] vfs_kern_mount.part.34+0xd4/0x4d0 [ 792.286265] ? may_umount+0xb0/0xb0 [ 792.289890] ? _raw_read_unlock+0x22/0x30 [ 792.294031] ? __get_fs_type+0x97/0xc0 [ 792.297910] do_mount+0x564/0x3070 [ 792.301440] ? copy_mount_string+0x40/0x40 [ 792.305664] ? rcu_pm_notify+0xc0/0xc0 [ 792.309546] ? copy_mount_options+0x5f/0x380 [ 792.313944] ? rcu_read_lock_sched_held+0x108/0x120 [ 792.318951] ? kmem_cache_alloc_trace+0x616/0x780 [ 792.323785] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 792.329325] ? _copy_from_user+0xdf/0x150 [ 792.333474] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 792.339000] ? copy_mount_options+0x285/0x380 [ 792.343491] ksys_mount+0x12d/0x140 [ 792.347128] __x64_sys_mount+0xbe/0x150 [ 792.351091] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 792.356106] do_syscall_64+0x1b1/0x800 [ 792.359981] ? finish_task_switch+0x1ca/0x810 [ 792.364465] ? syscall_return_slowpath+0x5c0/0x5c0 [ 792.369384] ? syscall_return_slowpath+0x30f/0x5c0 [ 792.374306] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 792.379662] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 792.384497] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 792.389674] RIP: 0033:0x455979 [ 792.392851] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 792.400551] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 792.407809] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 792.415065] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 792.422333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 792.429591] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:40 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0xfdfdffff}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:40 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x74, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:40 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0xe8, 0x0, &(0x7f00000002c0)=[@dead_binder_done={0x40086310, 0x1}, @transaction={0x40406300, {0x3, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000080)=[@fda={0x66646185, 0x8, 0x4, 0xb}, @fd={0x66642a85, 0x0, r0, 0x0, 0x3}, @fda={0x66646185, 0x7, 0x1, 0x1c}], &(0x7f0000000100)=[0x48, 0x38, 0x38]}}, @increfs={0x40046304, 0x3}, @transaction={0x40406300, {0x4, 0x0, 0x4, 0x0, 0x11, 0x0, 0x0, 0x40, 0x48, &(0x7f0000000180)=[@ptr={0x70742a85, 0x0, &(0x7f0000000140), 0x1, 0x4, 0x2a}, @fd={0x66642a85, 0x0, r0, 0x0, 0x2}], &(0x7f00000001c0)=[0x38, 0x0, 0x18, 0x28, 0x78, 0x40, 0x30, 0x18, 0x48]}}, @transaction_sg={0x40486311, {{0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x40, &(0x7f0000000240), &(0x7f0000000280)=[0x0, 0x60, 0x0, 0x0, 0x78, 0x20, 0x0, 0x0]}, 0x80000000}}], 0x4a, 0x0, &(0x7f00000003c0)="d90b74f244e8cbc6297864a2a7bd4554de2108ccc3cddb4e2984a8ca74fa7a0af5f90d54b255bc9238da0545356518960e122aa928f15d5197b2eab2a95aa833a6659bdb8c7c08066e06"}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:40 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x100000000000000]}) 2018/05/04 10:56:40 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:40 executing program 2 (fault-call:3 fault-nth:64): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:40 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x1700000000000000]}]}) 2018/05/04 10:56:40 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:40 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0xffffffff00000000]}) [ 792.656190] binder: 8555:8557 transaction failed 29189/-22, size 0-0 line 2856 [ 792.674713] binder: 8546:8559 transaction failed 29189/-22, size 0-0 line 2856 [ 792.686156] binder: 8555:8557 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:56:40 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x6000000000000000, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 792.705554] binder: 8555:8563 BC_DEAD_BINDER_DONE 0000000000000001 not found [ 792.712971] binder: 8555:8563 got transaction to invalid handle [ 792.719138] binder: 8555:8563 transaction failed 29201/-22, size 88-24 line 2856 [ 792.738531] FAULT_INJECTION: forcing a failure. [ 792.738531] name failslab, interval 1, probability 0, space 0, times 0 [ 792.743741] binder: undelivered TRANSACTION_ERROR: 29189 [ 792.749904] CPU: 0 PID: 8561 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 792.762498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 792.771866] Call Trace: [ 792.774479] dump_stack+0x1b9/0x294 [ 792.778124] ? dump_stack_print_info.cold.2+0x52/0x52 [ 792.782376] binder: undelivered TRANSACTION_ERROR: 29189 [ 792.783325] ? __mutex_lock+0x7d9/0x17f0 [ 792.783353] should_fail.cold.4+0xa/0x1a [ 792.783373] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 792.783393] ? kasan_kmalloc+0xc4/0xe0 [ 792.783413] ? graph_lock+0x170/0x170 [ 792.783433] ? find_held_lock+0x36/0x1c0 [ 792.783455] ? __lock_is_held+0xb5/0x140 [ 792.817997] ? check_same_owner+0x320/0x320 [ 792.822342] ? kasan_check_write+0x14/0x20 [ 792.826597] ? __mutex_unlock_slowpath+0x180/0x8a0 [ 792.831549] ? rcu_note_context_switch+0x710/0x710 [ 792.836499] __should_failslab+0x124/0x180 [ 792.840757] should_failslab+0x9/0x14 [ 792.844575] kmem_cache_alloc+0x2af/0x760 [ 792.848758] ? __mutex_unlock_slowpath+0x180/0x8a0 2018/05/04 10:56:40 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x180, 0x0) ioctl$KDSIGACCEPT(r1, 0x4b4e, 0x40) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="11634840c8004a4028efdc241b448bbbb6b21ff2781855373f15d73ebb7cf7d0ae7f1f6614ea2a59e0029c22ff140f7214bd9a996d0c3e139fe28385cac747dc28777ea0", @ANYRES64=0x0, @ANYPTR64=&(0x7f00000000c0)=ANY=[@ANYRES64]], 0xbc, 0x0, &(0x7f0000000080)}) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000080)={0x303, 0x33}, 0x4) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:40 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x7}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:40 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x2f0f002000000000]}) [ 792.853747] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 792.858780] __kernfs_new_node+0xe7/0x580 [ 792.862948] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 792.867729] ? mutex_unlock+0xd/0x10 [ 792.871462] ? kernfs_activate+0x20e/0x2a0 [ 792.875727] ? kernfs_walk_and_get_ns+0x320/0x320 [ 792.880596] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 792.886148] ? kernfs_link_sibling+0x1d2/0x3b0 [ 792.890754] kernfs_new_node+0x80/0xf0 [ 792.894659] __kernfs_create_file+0x4d/0x330 [ 792.899083] sysfs_add_file_mode_ns+0x21a/0x560 [ 792.901419] binder: 8568:8573 transaction failed 29189/-22, size 0-0 line 2856 [ 792.903779] sysfs_add_file+0x4e/0x60 [ 792.903797] sysfs_merge_group+0xfa/0x230 [ 792.903819] dpm_sysfs_add+0x161/0x210 [ 792.903838] device_add+0xa11/0x16d0 [ 792.903858] ? device_private_init+0x230/0x230 [ 792.903871] ? kfree+0x1e9/0x260 [ 792.903892] ? kfree_const+0x5e/0x70 [ 792.931682] binder: undelivered TRANSACTION_ERROR: 29189 [ 792.934695] device_create_groups_vargs+0x1ff/0x270 [ 792.934737] device_create_vargs+0x46/0x60 [ 792.934759] bdi_register_va.part.10+0xbb/0x970 [ 792.934775] ? cgwb_kill+0x630/0x630 [ 792.934794] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 792.934808] ? bdi_init+0x416/0x510 [ 792.950779] binder: 8569:8574 got transaction to invalid handle [ 792.953189] ? wb_init+0x9e0/0x9e0 [ 792.953205] ? bdi_alloc_node+0x67/0xe0 [ 792.953218] ? bdi_alloc_node+0x67/0xe0 [ 792.953233] ? rcu_read_lock_sched_held+0x108/0x120 [ 792.953253] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 792.957951] binder: 8569:8574 transaction failed 29201/-22, size 2493871456248326676--7378377143982549761 line 2856 [ 792.961621] ? _raw_spin_unlock+0x22/0x30 [ 792.961640] bdi_register_va+0x68/0x80 [ 792.961656] super_setup_bdi_name+0x123/0x220 [ 792.961673] ? kill_block_super+0x100/0x100 [ 792.972006] binder: 8569:8574 got transaction to invalid handle [ 792.976867] ? kmem_cache_alloc_trace+0x616/0x780 [ 792.976886] ? match_wildcard+0x3c0/0x3c0 [ 792.976904] ? trace_hardirqs_on+0xd/0x10 [ 792.976926] fuse_fill_super+0xe6e/0x1e20 [ 792.976947] ? fuse_get_root_inode+0x190/0x190 [ 792.976965] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 792.976983] ? kasan_check_read+0x11/0x20 [ 792.980556] binder: 8569:8574 transaction failed 29201/-22, size 2493871456248326676--7378377143982549761 line 2856 [ 792.984484] ? cap_capable+0x1f9/0x260 [ 792.984506] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 792.984519] ? security_capable+0x99/0xc0 [ 792.984538] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 793.092792] ? ns_capable_common+0x13f/0x170 [ 793.097205] ? get_anon_bdev+0x2f0/0x2f0 [ 793.101266] ? sget+0x113/0x150 [ 793.104549] ? fuse_get_root_inode+0x190/0x190 [ 793.109146] mount_nodev+0x6b/0x110 [ 793.112775] fuse_mount+0x2c/0x40 [ 793.116231] mount_fs+0xae/0x328 [ 793.119591] vfs_kern_mount.part.34+0xd4/0x4d0 [ 793.124170] ? may_umount+0xb0/0xb0 [ 793.127797] ? _raw_read_unlock+0x22/0x30 [ 793.131935] ? __get_fs_type+0x97/0xc0 [ 793.135824] do_mount+0x564/0x3070 [ 793.139365] ? copy_mount_string+0x40/0x40 [ 793.143596] ? rcu_pm_notify+0xc0/0xc0 [ 793.147489] ? copy_mount_options+0x5f/0x380 [ 793.151890] ? rcu_read_lock_sched_held+0x108/0x120 [ 793.156918] ? kmem_cache_alloc_trace+0x616/0x780 [ 793.161775] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 793.167310] ? copy_mount_options+0x285/0x380 [ 793.171812] ksys_mount+0x12d/0x140 [ 793.175452] __x64_sys_mount+0xbe/0x150 [ 793.179439] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 793.184465] do_syscall_64+0x1b1/0x800 [ 793.188357] ? finish_task_switch+0x1ca/0x810 [ 793.192854] ? syscall_return_slowpath+0x5c0/0x5c0 [ 793.197790] ? syscall_return_slowpath+0x30f/0x5c0 [ 793.202731] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 793.208106] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 793.212956] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 793.218147] RIP: 0033:0x455979 [ 793.221324] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 793.229031] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 793.236298] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 793.243559] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 793.250831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 793.258117] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:41 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x74000000, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:41 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0xd1e1ff7f00000000]}) 2018/05/04 10:56:41 executing program 2 (fault-call:3 fault-nth:65): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:41 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x4c}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:41 executing program 1: r0 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x2e72, 0x20000) setsockopt$l2tp_PPPOL2TP_SO_RECVSEQ(r0, 0x111, 0x2, 0x1, 0x4) r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x2) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x46, 0x0, &(0x7f0000000180)="f4a874d32d799934cea60dcbac63868deeb8df671d80bbe74b76d8097a825086fc17000953a3ae13f76899fe3fe7b3b6e1f0641f4d090fc819da1b879fd94ec7638121822a18"}) setsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, &(0x7f0000000100), 0x4) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f00000000c0)={0x81, 0x5, 0xd1, 0x401, 0xffffffffffffffc0}, 0x14) ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0) 2018/05/04 10:56:41 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x40000000]}]}) 2018/05/04 10:56:41 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:41 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) [ 793.769785] binder: 8584:8588 transaction failed 29189/-22, size 0-0 line 2856 [ 793.771248] nla_parse: 4 callbacks suppressed [ 793.771257] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 793.793478] binder: undelivered TRANSACTION_ERROR: 29189 [ 793.801913] FAULT_INJECTION: forcing a failure. [ 793.801913] name failslab, interval 1, probability 0, space 0, times 0 [ 793.810231] binder: 8584:8588 transaction failed 29189/-22, size 0-0 line 2856 [ 793.813241] CPU: 1 PID: 8591 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 793.827849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 793.837206] Call Trace: [ 793.839805] dump_stack+0x1b9/0x294 [ 793.843434] ? dump_stack_print_info.cold.2+0x52/0x52 [ 793.848620] ? __mutex_lock+0x7d9/0x17f0 [ 793.852677] should_fail.cold.4+0xa/0x1a [ 793.856727] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 793.861818] ? kasan_kmalloc+0xc4/0xe0 [ 793.865700] ? graph_lock+0x170/0x170 [ 793.869506] ? find_held_lock+0x36/0x1c0 [ 793.873559] ? __lock_is_held+0xb5/0x140 [ 793.877636] ? check_same_owner+0x320/0x320 [ 793.881947] ? kasan_check_write+0x14/0x20 [ 793.886174] ? __mutex_unlock_slowpath+0x180/0x8a0 [ 793.891098] ? rcu_note_context_switch+0x710/0x710 [ 793.896025] __should_failslab+0x124/0x180 [ 793.900253] should_failslab+0x9/0x14 [ 793.904043] kmem_cache_alloc+0x2af/0x760 [ 793.908181] ? __mutex_unlock_slowpath+0x180/0x8a0 [ 793.913104] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 793.918122] __kernfs_new_node+0xe7/0x580 [ 793.922261] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 793.927005] ? mutex_unlock+0xd/0x10 [ 793.930712] ? kernfs_activate+0x20e/0x2a0 [ 793.934936] ? kernfs_walk_and_get_ns+0x320/0x320 [ 793.939770] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 793.945297] ? kernfs_link_sibling+0x1d2/0x3b0 [ 793.949871] kernfs_new_node+0x80/0xf0 [ 793.953751] __kernfs_create_file+0x4d/0x330 [ 793.958152] sysfs_add_file_mode_ns+0x21a/0x560 [ 793.962822] sysfs_add_file+0x4e/0x60 [ 793.966625] sysfs_merge_group+0xfa/0x230 [ 793.970765] dpm_sysfs_add+0x161/0x210 [ 793.974643] device_add+0xa11/0x16d0 [ 793.978350] ? device_private_init+0x230/0x230 [ 793.982922] ? kfree+0x1e9/0x260 [ 793.986280] ? kfree_const+0x5e/0x70 [ 793.989985] device_create_groups_vargs+0x1ff/0x270 [ 793.994993] device_create_vargs+0x46/0x60 [ 793.999222] bdi_register_va.part.10+0xbb/0x970 [ 794.003879] ? cgwb_kill+0x630/0x630 [ 794.007583] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 794.013121] ? bdi_init+0x416/0x510 [ 794.016737] ? wb_init+0x9e0/0x9e0 [ 794.020265] ? bdi_alloc_node+0x67/0xe0 [ 794.024226] ? bdi_alloc_node+0x67/0xe0 [ 794.028193] ? rcu_read_lock_sched_held+0x108/0x120 [ 794.033200] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 794.038470] ? _raw_spin_unlock+0x22/0x30 [ 794.042610] bdi_register_va+0x68/0x80 [ 794.046489] super_setup_bdi_name+0x123/0x220 [ 794.050971] ? kill_block_super+0x100/0x100 [ 794.055280] ? kmem_cache_alloc_trace+0x616/0x780 [ 794.060119] ? match_wildcard+0x3c0/0x3c0 [ 794.064263] fuse_fill_super+0xe6e/0x1e20 [ 794.068400] ? fuse_get_root_inode+0x190/0x190 [ 794.072970] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 794.077976] ? kasan_check_read+0x11/0x20 [ 794.082118] ? cap_capable+0x1f9/0x260 [ 794.085997] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 794.091529] ? security_capable+0x99/0xc0 [ 794.095666] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 794.101189] ? ns_capable_common+0x13f/0x170 [ 794.105584] ? get_anon_bdev+0x2f0/0x2f0 [ 794.109631] ? sget+0x113/0x150 [ 794.112902] ? fuse_get_root_inode+0x190/0x190 [ 794.117493] mount_nodev+0x6b/0x110 [ 794.121134] fuse_mount+0x2c/0x40 [ 794.124579] mount_fs+0xae/0x328 [ 794.127934] vfs_kern_mount.part.34+0xd4/0x4d0 [ 794.132503] ? may_umount+0xb0/0xb0 [ 794.136123] ? _raw_read_unlock+0x22/0x30 [ 794.140265] ? __get_fs_type+0x97/0xc0 [ 794.144142] do_mount+0x564/0x3070 [ 794.147674] ? copy_mount_string+0x40/0x40 [ 794.151896] ? rcu_pm_notify+0xc0/0xc0 [ 794.155774] ? copy_mount_options+0x5f/0x380 [ 794.160172] ? rcu_read_lock_sched_held+0x108/0x120 [ 794.165177] ? kmem_cache_alloc_trace+0x616/0x780 [ 794.170009] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 794.175546] ? _copy_from_user+0xdf/0x150 [ 794.179684] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 794.185399] ? copy_mount_options+0x285/0x380 [ 794.189884] ksys_mount+0x12d/0x140 [ 794.193510] __x64_sys_mount+0xbe/0x150 [ 794.197482] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 794.202487] do_syscall_64+0x1b1/0x800 [ 794.206361] ? finish_task_switch+0x1ca/0x810 [ 794.210843] ? syscall_return_slowpath+0x5c0/0x5c0 [ 794.215761] ? syscall_return_slowpath+0x30f/0x5c0 [ 794.220680] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 794.226036] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 794.230869] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 794.236041] RIP: 0033:0x455979 [ 794.239216] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 794.246922] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 794.254180] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 794.261435] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 2018/05/04 10:56:42 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x7ffff000]}) [ 794.268691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 794.276574] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 794.289775] binder: 8583:8599 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:56:42 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x802) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1100000000f80000006116de3be00777c196baf6e4d28b3890000000", @ANYRES64=0x0, @ANYBLOB="00ff60c67fe7c5f35b1296ffbff1674bd41b0000262000000078b5d9ab53c9c67e097efb3968a70975362f691d9e4663923c83d696f1918541f0c319bae767e71e095e2422b1a0788b2b883881bd14bdb83c35ad756ac71119dca17c4378918a7df274ae8e79ae01de1fc426ad68518db2faccdaac92c80879943083a2819090ed388b2de0aae6bc00194992722384c07a90e50da36b8d7bf34ddea26bdd1c994c364311062e4b340dbd88264d7eb426c4018d2345c4817621"], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) socketpair$inet6_dccp(0xa, 0x6, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r2 = syz_open_dev$vcsa(&(0x7f00000000c0)='/dev/vcsa#\x00', 0x40, 0x80001) ioctl$DRM_IOCTL_SET_MASTER(r2, 0x641e) connect$l2tp(r2, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e24, @broadcast=0xffffffff}, 0x4, 0x4, 0x2, 0x3}}, 0x26) 2018/05/04 10:56:42 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x2000000, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:42 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x7a000000}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:42 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0xf0ff7f]}) [ 794.338403] binder: undelivered TRANSACTION_ERROR: 29189 [ 794.344220] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:56:42 executing program 2 (fault-call:3 fault-nth:66): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) [ 794.385128] binder: 8606:8608 unknown command 17 [ 794.390631] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 794.401972] binder: 8606:8608 ioctl c0306201 20000040 returned -22 [ 794.418405] binder: 8609:8610 transaction failed 29189/-22, size 0-0 line 2856 [ 794.433783] binder: 8606:8608 unknown command 17 [ 794.448152] binder: 8606:8608 ioctl c0306201 20000040 returned -22 [ 794.449089] binder: undelivered TRANSACTION_ERROR: 29189 [ 794.484281] FAULT_INJECTION: forcing a failure. [ 794.484281] name failslab, interval 1, probability 0, space 0, times 0 [ 794.496195] CPU: 1 PID: 8614 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 794.503398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 794.512763] Call Trace: [ 794.515370] dump_stack+0x1b9/0x294 [ 794.519011] ? dump_stack_print_info.cold.2+0x52/0x52 [ 794.524210] ? kobject_uevent_env+0x62e/0xea0 [ 794.528723] should_fail.cold.4+0xa/0x1a [ 794.532796] ? debug_check_no_locks_freed+0x310/0x310 [ 794.538001] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 794.543117] ? __might_sleep+0x95/0x190 [ 794.547105] ? graph_lock+0x170/0x170 [ 794.550916] ? __mutex_lock+0x7d9/0x17f0 [ 794.554987] ? unwind_get_return_address+0x61/0xa0 [ 794.559929] ? find_held_lock+0x36/0x1c0 [ 794.564003] ? __lock_is_held+0xb5/0x140 [ 794.568090] ? check_same_owner+0x320/0x320 [ 794.572437] ? rcu_note_context_switch+0x710/0x710 [ 794.577382] ? put_dec+0xf0/0xf0 [ 794.580759] ? format_decode+0x1a9/0xae0 [ 794.584835] __should_failslab+0x124/0x180 [ 794.589089] should_failslab+0x9/0x14 [ 794.592899] kmem_cache_alloc_node+0x272/0x780 [ 794.597519] __alloc_skb+0x111/0x780 [ 794.601254] ? skb_scrub_packet+0x580/0x580 [ 794.605583] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 794.610796] ? netlink_has_listeners+0x2ff/0x4c0 [ 794.615830] ? netlink_tap_init_net+0x3c0/0x3c0 [ 794.620499] kobject_uevent_env+0x801/0xea0 [ 794.624823] ? device_pm_add+0x221/0x340 [ 794.628883] kobject_uevent+0x1f/0x30 [ 794.632686] device_add+0xb01/0x16d0 [ 794.636403] ? device_private_init+0x230/0x230 [ 794.640977] ? kfree+0x1e9/0x260 [ 794.644335] ? kfree_const+0x5e/0x70 [ 794.648073] device_create_groups_vargs+0x1ff/0x270 [ 794.653088] device_create_vargs+0x46/0x60 [ 794.657326] bdi_register_va.part.10+0xbb/0x970 [ 794.662000] ? cgwb_kill+0x630/0x630 [ 794.665711] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 794.671245] ? bdi_init+0x416/0x510 [ 794.674861] ? wb_init+0x9e0/0x9e0 [ 794.678402] ? bdi_alloc_node+0x67/0xe0 [ 794.682379] ? bdi_alloc_node+0x67/0xe0 [ 794.686359] ? rcu_read_lock_sched_held+0x108/0x120 [ 794.691391] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 794.696682] ? _raw_spin_unlock+0x22/0x30 [ 794.700846] bdi_register_va+0x68/0x80 [ 794.704754] super_setup_bdi_name+0x123/0x220 [ 794.709274] ? kill_block_super+0x100/0x100 [ 794.713603] ? kmem_cache_alloc_trace+0x616/0x780 [ 794.718445] ? match_wildcard+0x3c0/0x3c0 [ 794.722591] ? trace_hardirqs_on+0xd/0x10 [ 794.726731] fuse_fill_super+0xe6e/0x1e20 [ 794.730871] ? fuse_get_root_inode+0x190/0x190 [ 794.735459] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 794.740489] ? kasan_check_read+0x11/0x20 [ 794.744644] ? cap_capable+0x1f9/0x260 [ 794.748550] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 794.754101] ? security_capable+0x99/0xc0 [ 794.758267] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 794.763833] ? ns_capable_common+0x13f/0x170 [ 794.768248] ? get_anon_bdev+0x2f0/0x2f0 [ 794.772294] ? sget+0x113/0x150 [ 794.775561] ? fuse_get_root_inode+0x190/0x190 [ 794.780139] mount_nodev+0x6b/0x110 [ 794.783756] fuse_mount+0x2c/0x40 [ 794.787197] mount_fs+0xae/0x328 [ 794.790561] vfs_kern_mount.part.34+0xd4/0x4d0 [ 794.795137] ? may_umount+0xb0/0xb0 [ 794.798750] ? _raw_read_unlock+0x22/0x30 [ 794.802880] ? __get_fs_type+0x97/0xc0 [ 794.806753] do_mount+0x564/0x3070 [ 794.810284] ? copy_mount_string+0x40/0x40 [ 794.814516] ? rcu_pm_notify+0xc0/0xc0 [ 794.818395] ? copy_mount_options+0x5f/0x380 [ 794.822787] ? rcu_read_lock_sched_held+0x108/0x120 [ 794.827795] ? kmem_cache_alloc_trace+0x616/0x780 [ 794.832625] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 794.838151] ? _copy_from_user+0xdf/0x150 [ 794.842291] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 794.847813] ? copy_mount_options+0x285/0x380 [ 794.852312] ksys_mount+0x12d/0x140 [ 794.855938] __x64_sys_mount+0xbe/0x150 [ 794.859900] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 794.864901] do_syscall_64+0x1b1/0x800 [ 794.868784] ? finish_task_switch+0x1ca/0x810 [ 794.873263] ? syscall_return_slowpath+0x5c0/0x5c0 [ 794.878183] ? syscall_return_slowpath+0x30f/0x5c0 [ 794.883101] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 794.888459] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 794.893297] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 794.898496] RIP: 0033:0x455979 [ 794.901682] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 794.909379] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 794.916647] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 794.923913] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 794.931166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 794.938419] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:43 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0xf0ff7f00000000]}) 2018/05/04 10:56:43 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x100000000000000]}]}) 2018/05/04 10:56:43 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x4c00, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) r1 = dup(r0) setsockopt$ALG_SET_AEAD_AUTHSIZE(r1, 0x117, 0x5, 0x0, 0x7fffffff) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:43 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311, 0x0, 0x74000000}], 0x0, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:43 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:43 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:43 executing program 2 (fault-call:3 fault-nth:67): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) [ 795.063250] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 795.068857] binder: 8631:8635 transaction failed 29189/-22, size 0-0 line 2856 [ 795.095817] FAULT_INJECTION: forcing a failure. [ 795.095817] name failslab, interval 1, probability 0, space 0, times 0 [ 795.107195] CPU: 1 PID: 8638 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 795.111943] binder: 8629:8641 transaction failed 29189/-22, size 0-0 line 2856 [ 795.114389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 795.114395] Call Trace: [ 795.114420] dump_stack+0x1b9/0x294 [ 795.114442] ? dump_stack_print_info.cold.2+0x52/0x52 [ 795.114462] ? mutex_trylock+0x2a0/0x2a0 [ 795.114482] should_fail.cold.4+0xa/0x1a [ 795.150634] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 795.155738] ? graph_lock+0x170/0x170 [ 795.159525] ? lock_downgrade+0x8e0/0x8e0 [ 795.163702] ? kasan_check_write+0x14/0x20 [ 795.167932] ? __mutex_unlock_slowpath+0x180/0x8a0 [ 795.172852] ? find_held_lock+0x36/0x1c0 [ 795.176914] ? __lock_is_held+0xb5/0x140 [ 795.180974] ? check_same_owner+0x320/0x320 [ 795.185291] ? rcu_note_context_switch+0x710/0x710 [ 795.190228] __should_failslab+0x124/0x180 [ 795.194456] should_failslab+0x9/0x14 [ 795.198246] kmem_cache_alloc_trace+0x2cb/0x780 [ 795.202912] ? device_create_file+0x1e0/0x1e0 [ 795.207396] kobject_uevent_env+0x20f/0xea0 [ 795.211708] ? device_pm_add+0x221/0x340 [ 795.215761] kobject_uevent+0x1f/0x30 [ 795.219550] device_add+0xb01/0x16d0 [ 795.223256] ? device_private_init+0x230/0x230 [ 795.227826] ? kfree+0x1e9/0x260 [ 795.231182] ? kfree_const+0x5e/0x70 [ 795.234901] device_create_groups_vargs+0x1ff/0x270 [ 795.239921] device_create_vargs+0x46/0x60 [ 795.244159] bdi_register_va.part.10+0xbb/0x970 [ 795.248816] ? cgwb_kill+0x630/0x630 [ 795.252521] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 795.258048] ? bdi_init+0x416/0x510 [ 795.261660] ? wb_init+0x9e0/0x9e0 [ 795.265200] ? bdi_alloc_node+0x67/0xe0 [ 795.269162] ? bdi_alloc_node+0x67/0xe0 [ 795.273129] ? rcu_read_lock_sched_held+0x108/0x120 [ 795.278136] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 795.283404] ? _raw_spin_unlock+0x22/0x30 [ 795.287547] bdi_register_va+0x68/0x80 [ 795.291427] super_setup_bdi_name+0x123/0x220 [ 795.295910] ? kill_block_super+0x100/0x100 [ 795.300221] ? kmem_cache_alloc_trace+0x616/0x780 [ 795.305052] ? match_wildcard+0x3c0/0x3c0 [ 795.309187] ? trace_hardirqs_on+0xd/0x10 [ 795.313332] fuse_fill_super+0xe6e/0x1e20 [ 795.317475] ? fuse_get_root_inode+0x190/0x190 [ 795.322049] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 795.327055] ? kasan_check_read+0x11/0x20 [ 795.331194] ? cap_capable+0x1f9/0x260 [ 795.335077] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 795.340602] ? security_capable+0x99/0xc0 [ 795.344739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 795.350264] ? ns_capable_common+0x13f/0x170 [ 795.354667] ? get_anon_bdev+0x2f0/0x2f0 [ 795.358715] ? sget+0x113/0x150 [ 795.361984] ? fuse_get_root_inode+0x190/0x190 [ 795.366557] mount_nodev+0x6b/0x110 [ 795.370173] fuse_mount+0x2c/0x40 [ 795.373615] mount_fs+0xae/0x328 [ 795.376971] vfs_kern_mount.part.34+0xd4/0x4d0 [ 795.381543] ? may_umount+0xb0/0xb0 [ 795.385160] ? _raw_read_unlock+0x22/0x30 [ 795.389294] ? __get_fs_type+0x97/0xc0 [ 795.393172] do_mount+0x564/0x3070 [ 795.396702] ? copy_mount_string+0x40/0x40 [ 795.400923] ? rcu_pm_notify+0xc0/0xc0 [ 795.404803] ? copy_mount_options+0x5f/0x380 [ 795.409198] ? rcu_read_lock_sched_held+0x108/0x120 [ 795.414206] ? kmem_cache_alloc_trace+0x616/0x780 [ 795.419046] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 795.424574] ? _copy_from_user+0xdf/0x150 [ 795.428712] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 795.434238] ? copy_mount_options+0x285/0x380 [ 795.438739] ksys_mount+0x12d/0x140 [ 795.442359] __x64_sys_mount+0xbe/0x150 [ 795.446320] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 795.451327] do_syscall_64+0x1b1/0x800 [ 795.455201] ? finish_task_switch+0x1ca/0x810 [ 795.459686] ? syscall_return_slowpath+0x5c0/0x5c0 [ 795.464951] ? syscall_return_slowpath+0x30f/0x5c0 [ 795.469871] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 795.475227] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 795.480061] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 795.485241] RIP: 0033:0x455979 [ 795.488430] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 795.496127] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 795.503384] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 2018/05/04 10:56:43 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x4001000000000000]}) 2018/05/04 10:56:43 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x68000000, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:43 executing program 2 (fault-call:3 fault-nth:68): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) [ 795.510640] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 795.517896] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 795.525260] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 795.533144] binder: undelivered TRANSACTION_ERROR: 29189 [ 795.543548] binder: 8631:8635 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:56:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000001c0)=[@reply={0x40406301, {0x4, 0x0, 0x1, 0x0, 0x11, 0x0, 0x0, 0x50, 0x38, &(0x7f0000000100)=[@ptr={0x70742a85, 0x1, &(0x7f0000000080), 0x1, 0x2, 0x38}, @ptr={0x70742a85, 0x1, &(0x7f00000000c0), 0x1, 0x2, 0x1b}], &(0x7f0000000180)=[0x0, 0x18, 0x30, 0x28, 0x0, 0x38, 0x20]}}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:43 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x7, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:43 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x1000000]}) [ 795.596681] binder: undelivered TRANSACTION_ERROR: 29189 [ 795.607449] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:56:43 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x800e0000]}) [ 795.638421] binder: 8649:8650 got reply transaction with no transaction stack [ 795.642531] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 795.645842] binder: 8649:8650 transaction failed 29201/-71, size 80-56 line 2763 2018/05/04 10:56:43 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0xc40d, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 795.685420] binder: undelivered TRANSACTION_ERROR: 29201 [ 795.696804] binder: 8652:8654 transaction failed 29189/-22, size 0-0 line 2856 [ 795.706406] binder: 8649:8650 got reply transaction with no transaction stack [ 795.713807] binder: 8649:8650 transaction failed 29201/-71, size 80-56 line 2763 [ 795.732677] FAULT_INJECTION: forcing a failure. [ 795.732677] name failslab, interval 1, probability 0, space 0, times 0 [ 795.744096] CPU: 1 PID: 8658 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 795.751313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 795.760678] Call Trace: [ 795.763285] dump_stack+0x1b9/0x294 [ 795.766930] ? dump_stack_print_info.cold.2+0x52/0x52 [ 795.771403] binder: undelivered TRANSACTION_ERROR: 29201 [ 795.772133] ? is_bpf_text_address+0xd7/0x170 2018/05/04 10:56:43 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x600000000000000, 0x0, &(0x7f0000011f9d)}) [ 795.778985] binder: undelivered TRANSACTION_ERROR: 29189 [ 795.782155] ? kernel_text_address+0x79/0xf0 [ 795.782175] ? __unwind_start+0x166/0x330 [ 795.782198] should_fail.cold.4+0xa/0x1a [ 795.782216] ? __save_stack_trace+0x7e/0xd0 [ 795.782233] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 795.782255] ? graph_lock+0x170/0x170 [ 795.813480] ? save_stack+0x43/0xd0 [ 795.817126] ? kasan_kmalloc+0xc4/0xe0 [ 795.821028] ? kasan_slab_alloc+0x12/0x20 [ 795.823356] binder: 8661:8662 transaction failed 29189/-22, size 0-0 line 2856 [ 795.825185] ? find_held_lock+0x36/0x1c0 [ 795.825205] ? __lock_is_held+0xb5/0x140 [ 795.825233] ? check_same_owner+0x320/0x320 [ 795.825253] ? rcu_note_context_switch+0x710/0x710 [ 795.825272] __should_failslab+0x124/0x180 [ 795.825293] should_failslab+0x9/0x14 [ 795.851828] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 795.854216] kmem_cache_alloc_node_trace+0x26f/0x770 [ 795.854242] __kmalloc_node_track_caller+0x33/0x70 [ 795.854261] __kmalloc_reserve.isra.38+0x3a/0xe0 [ 795.854279] __alloc_skb+0x14d/0x780 [ 795.885123] ? skb_scrub_packet+0x580/0x580 [ 795.889460] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 795.894678] ? netlink_has_listeners+0x2ff/0x4c0 [ 795.899458] ? netlink_tap_init_net+0x3c0/0x3c0 [ 795.904157] kobject_uevent_env+0x801/0xea0 [ 795.908494] ? device_pm_add+0x221/0x340 [ 795.912581] kobject_uevent+0x1f/0x30 [ 795.916386] device_add+0xb01/0x16d0 [ 795.920096] ? device_private_init+0x230/0x230 [ 795.924666] ? kfree+0x1e9/0x260 [ 795.928042] ? kfree_const+0x5e/0x70 [ 795.931767] device_create_groups_vargs+0x1ff/0x270 [ 795.936786] device_create_vargs+0x46/0x60 [ 795.941036] bdi_register_va.part.10+0xbb/0x970 [ 795.945723] ? cgwb_kill+0x630/0x630 [ 795.949443] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 795.954975] ? bdi_init+0x416/0x510 [ 795.958592] ? wb_init+0x9e0/0x9e0 [ 795.962126] ? bdi_alloc_node+0x67/0xe0 [ 795.966086] ? bdi_alloc_node+0x67/0xe0 [ 795.970058] ? rcu_read_lock_sched_held+0x108/0x120 [ 795.975075] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 795.980362] ? _raw_spin_unlock+0x22/0x30 [ 795.984508] bdi_register_va+0x68/0x80 [ 795.988382] super_setup_bdi_name+0x123/0x220 [ 795.992861] ? kill_block_super+0x100/0x100 [ 795.997183] ? kmem_cache_alloc_trace+0x616/0x780 [ 796.002037] ? match_wildcard+0x3c0/0x3c0 [ 796.006192] ? trace_hardirqs_on+0xd/0x10 [ 796.010348] fuse_fill_super+0xe6e/0x1e20 [ 796.014509] ? fuse_get_root_inode+0x190/0x190 [ 796.019107] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 796.024131] ? kasan_check_read+0x11/0x20 [ 796.028269] ? cap_capable+0x1f9/0x260 [ 796.032155] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 796.037680] ? security_capable+0x99/0xc0 [ 796.041825] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 796.047362] ? ns_capable_common+0x13f/0x170 [ 796.051763] ? get_anon_bdev+0x2f0/0x2f0 [ 796.055813] ? sget+0x113/0x150 [ 796.059082] ? fuse_get_root_inode+0x190/0x190 [ 796.063648] mount_nodev+0x6b/0x110 [ 796.067262] fuse_mount+0x2c/0x40 [ 796.070701] mount_fs+0xae/0x328 [ 796.074064] vfs_kern_mount.part.34+0xd4/0x4d0 [ 796.078640] ? may_umount+0xb0/0xb0 [ 796.082255] ? _raw_read_unlock+0x22/0x30 [ 796.086386] ? __get_fs_type+0x97/0xc0 [ 796.090271] do_mount+0x564/0x3070 [ 796.093808] ? copy_mount_string+0x40/0x40 [ 796.098037] ? rcu_pm_notify+0xc0/0xc0 [ 796.101922] ? copy_mount_options+0x5f/0x380 [ 796.106338] ? rcu_read_lock_sched_held+0x108/0x120 [ 796.111347] ? kmem_cache_alloc_trace+0x616/0x780 [ 796.116182] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 796.121707] ? _copy_from_user+0xdf/0x150 [ 796.125845] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 796.131380] ? copy_mount_options+0x285/0x380 [ 796.135866] ksys_mount+0x12d/0x140 [ 796.139491] __x64_sys_mount+0xbe/0x150 [ 796.143454] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 796.148470] do_syscall_64+0x1b1/0x800 [ 796.152352] ? finish_task_switch+0x1ca/0x810 [ 796.156848] ? syscall_return_slowpath+0x5c0/0x5c0 [ 796.161770] ? syscall_return_slowpath+0x30f/0x5c0 [ 796.166701] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 796.172069] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 796.176907] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 796.182101] RIP: 0033:0x455979 [ 796.185275] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 796.192965] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 796.200226] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 796.207481] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 796.214735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 796.222012] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:44 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x40010000]}) 2018/05/04 10:56:44 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x300, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:44 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x9effffff00000000, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:44 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:44 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:44 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xf00000000000000]}]}) 2018/05/04 10:56:44 executing program 2 (fault-call:3 fault-nth:69): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:44 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840", @ANYRES64=0x0, @ANYBLOB="000081307f220000"], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0x1f, 0x4800) ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f00000000c0)={0xfff, 0x5c, 0xff, 0x800, 0xcaf, 0x101}) 2018/05/04 10:56:44 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0xd1e1ff7f]}) [ 796.315980] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 796.326259] binder: 8680:8681 transaction failed 29189/-22, size 0-0 line 2856 [ 796.354233] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:56:44 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0xc0f000000000000, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 796.371981] binder: 8680:8681 transaction failed 29189/-22, size 0-0 line 2856 [ 796.375994] binder: 8675:8688 transaction failed 29189/-22, size 0-0 line 2856 [ 796.402903] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 796.406082] FAULT_INJECTION: forcing a failure. [ 796.406082] name failslab, interval 1, probability 0, space 0, times 0 [ 796.422881] CPU: 1 PID: 8686 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 796.430085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 796.438303] binder: undelivered TRANSACTION_ERROR: 29189 [ 796.439442] Call Trace: [ 796.439470] dump_stack+0x1b9/0x294 [ 796.439492] ? dump_stack_print_info.cold.2+0x52/0x52 [ 796.439510] ? is_bpf_text_address+0xd7/0x170 [ 796.439529] ? kernel_text_address+0x79/0xf0 [ 796.439542] ? __unwind_start+0x166/0x330 2018/05/04 10:56:44 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x800e000000000000]}) 2018/05/04 10:56:44 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0xf00000000000000, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:44 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0), 0x3bf, 0x0, &(0x7f0000000140)="61bb58b17f9fba842cd573b96af0b8b573a5d71f1392fc94e4bd000000000000000000000000000000"}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x40, 0x0) ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0) 2018/05/04 10:56:44 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x4c00, 0x0, &(0x7f0000011f9d)}) [ 796.439561] should_fail.cold.4+0xa/0x1a [ 796.473549] ? __save_stack_trace+0x7e/0xd0 [ 796.477894] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 796.483025] ? graph_lock+0x170/0x170 [ 796.486848] ? save_stack+0x43/0xd0 [ 796.490493] ? kasan_kmalloc+0xc4/0xe0 [ 796.494395] ? kasan_slab_alloc+0x12/0x20 [ 796.498568] ? find_held_lock+0x36/0x1c0 [ 796.502651] ? __lock_is_held+0xb5/0x140 [ 796.506734] ? check_same_owner+0x320/0x320 [ 796.511071] ? rcu_note_context_switch+0x710/0x710 [ 796.516019] __should_failslab+0x124/0x180 [ 796.519348] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 796.520266] should_failslab+0x9/0x14 [ 796.520285] kmem_cache_alloc_node_trace+0x26f/0x770 [ 796.520311] __kmalloc_node_track_caller+0x33/0x70 [ 796.520332] __kmalloc_reserve.isra.38+0x3a/0xe0 [ 796.520350] __alloc_skb+0x14d/0x780 [ 796.520368] ? skb_scrub_packet+0x580/0x580 [ 796.520391] ? rcu_bh_force_quiescent_state+0x20/0x20 [ 796.550724] binder: 8698:8699 transaction failed 29189/-22, size 0-0 line 2856 [ 796.551226] ? netlink_has_listeners+0x2ff/0x4c0 2018/05/04 10:56:44 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x4000000, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 796.551247] ? netlink_tap_init_net+0x3c0/0x3c0 [ 796.577515] kobject_uevent_env+0x801/0xea0 [ 796.581867] ? device_pm_add+0x221/0x340 [ 796.585962] kobject_uevent+0x1f/0x30 [ 796.589787] device_add+0xb01/0x16d0 [ 796.593522] ? device_private_init+0x230/0x230 [ 796.598120] ? kfree+0x1e9/0x260 [ 796.601510] ? kfree_const+0x5e/0x70 [ 796.605250] device_create_groups_vargs+0x1ff/0x270 [ 796.610289] device_create_vargs+0x46/0x60 [ 796.610447] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 796.614535] bdi_register_va.part.10+0xbb/0x970 [ 796.614551] ? cgwb_kill+0x630/0x630 [ 796.614572] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 796.614585] ? bdi_init+0x416/0x510 [ 796.614599] ? wb_init+0x9e0/0x9e0 [ 796.614614] ? bdi_alloc_node+0x67/0xe0 [ 796.614626] ? bdi_alloc_node+0x67/0xe0 [ 796.614642] ? rcu_read_lock_sched_held+0x108/0x120 [ 796.614658] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 796.614677] ? _raw_spin_unlock+0x22/0x30 [ 796.614695] bdi_register_va+0x68/0x80 [ 796.670557] super_setup_bdi_name+0x123/0x220 [ 796.675072] ? kill_block_super+0x100/0x100 [ 796.679407] ? kmem_cache_alloc_trace+0x616/0x780 [ 796.684261] ? match_wildcard+0x3c0/0x3c0 [ 796.688420] ? trace_hardirqs_on+0xd/0x10 [ 796.692585] fuse_fill_super+0xe6e/0x1e20 [ 796.696735] ? fuse_get_root_inode+0x190/0x190 [ 796.701322] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 796.706356] ? kasan_check_read+0x11/0x20 [ 796.710504] ? cap_capable+0x1f9/0x260 [ 796.714385] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 796.719915] ? security_capable+0x99/0xc0 [ 796.724069] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 796.729617] ? ns_capable_common+0x13f/0x170 [ 796.734038] ? get_anon_bdev+0x2f0/0x2f0 [ 796.738094] ? sget+0x113/0x150 [ 796.741367] ? fuse_get_root_inode+0x190/0x190 [ 796.745953] mount_nodev+0x6b/0x110 [ 796.749583] fuse_mount+0x2c/0x40 [ 796.753038] mount_fs+0xae/0x328 [ 796.756416] vfs_kern_mount.part.34+0xd4/0x4d0 [ 796.760992] ? may_umount+0xb0/0xb0 [ 796.764626] ? _raw_read_unlock+0x22/0x30 [ 796.768767] ? __get_fs_type+0x97/0xc0 [ 796.772644] do_mount+0x564/0x3070 [ 796.776187] ? copy_mount_string+0x40/0x40 [ 796.780424] ? rcu_pm_notify+0xc0/0xc0 [ 796.784321] ? copy_mount_options+0x5f/0x380 [ 796.788736] ? rcu_read_lock_sched_held+0x108/0x120 [ 796.793763] ? kmem_cache_alloc_trace+0x616/0x780 [ 796.798607] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 796.804135] ? _copy_from_user+0xdf/0x150 [ 796.808274] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 796.813807] ? copy_mount_options+0x285/0x380 [ 796.818312] ksys_mount+0x12d/0x140 [ 796.821939] __x64_sys_mount+0xbe/0x150 [ 796.825907] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 796.830916] do_syscall_64+0x1b1/0x800 [ 796.834791] ? finish_task_switch+0x1ca/0x810 [ 796.839283] ? syscall_return_slowpath+0x5c0/0x5c0 [ 796.844203] ? syscall_return_slowpath+0x30f/0x5c0 [ 796.849143] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 796.854499] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 796.859347] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 796.864531] RIP: 0033:0x455979 [ 796.867703] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 796.875400] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 796.882656] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 796.889936] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 796.897201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 796.904480] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:45 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x6000, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:45 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x9effffff, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:45 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x2f0f0020]}) 2018/05/04 10:56:45 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:45 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="11634840", @ANYRES64=0x0, @ANYBLOB="fc32a8cd5c4051cd551fa0edf9239d55aa429b836ac00a14b0b054c7c3424cf5efbc240c5adb0cd454cb"], 0x0, 0x0, &(0x7f0000011f9d)}) r1 = memfd_create(&(0x7f0000000080)='proc#$vboxnet0mime_type\x00', 0x1) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f00000000c0)={{0x2, 0x4e22, @remote={0xac, 0x14, 0x14, 0xbb}}, {0x306, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff]}, 0x4a, {0x2, 0x4e21, @local={0xac, 0x14, 0x14, 0xaa}}, 'team0\x00'}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:45 executing program 2 (fault-call:3 fault-nth:70): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:45 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xf000000]}]}) 2018/05/04 10:56:45 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:45 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x10020]}) [ 797.439152] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 797.450376] binder: 8715:8724 transaction failed 29189/-22, size -771168027556925264--3166915258151027473 line 2856 [ 797.461478] binder: 8721:8726 transaction failed 29189/-22, size 0-0 line 2856 [ 797.477354] FAULT_INJECTION: forcing a failure. [ 797.477354] name failslab, interval 1, probability 0, space 0, times 0 2018/05/04 10:56:45 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x1002000000000]}) [ 797.488663] CPU: 0 PID: 8728 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 797.495861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 797.505234] Call Trace: [ 797.507844] dump_stack+0x1b9/0x294 [ 797.511495] ? dump_stack_print_info.cold.2+0x52/0x52 [ 797.516708] ? lock_downgrade+0x8e0/0x8e0 [ 797.517726] binder: undelivered TRANSACTION_ERROR: 29189 [ 797.520879] should_fail.cold.4+0xa/0x1a [ 797.520902] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 797.520925] ? graph_lock+0x170/0x170 2018/05/04 10:56:45 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x68, 0x0, &(0x7f0000011f9d)}) [ 797.520941] ? kernel_text_address+0x79/0xf0 [ 797.520954] ? __unwind_start+0x166/0x330 [ 797.520971] ? __kernel_text_address+0xd/0x40 [ 797.545086] binder: 8715:8724 transaction failed 29189/-22, size -771168027556925264--3166915258151027473 line 2856 [ 797.547912] ? find_held_lock+0x36/0x1c0 [ 797.547935] ? __lock_is_held+0xb5/0x140 [ 797.547966] ? check_same_owner+0x320/0x320 [ 797.547981] ? device_create_groups_vargs+0x1ff/0x270 [ 797.547993] ? device_create_vargs+0x46/0x60 [ 797.548006] ? bdi_register_va.part.10+0xbb/0x970 2018/05/04 10:56:45 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0xa, 0x0, &(0x7f0000011f9d)}) [ 797.548024] ? rcu_note_context_switch+0x710/0x710 [ 797.548037] ? mount_nodev+0x6b/0x110 [ 797.548049] ? fuse_mount+0x2c/0x40 [ 797.548066] ? mount_fs+0xae/0x328 [ 797.587212] binder: 8733:8735 transaction failed 29189/-22, size 0-0 line 2856 [ 797.590047] __should_failslab+0x124/0x180 [ 797.590068] should_failslab+0x9/0x14 [ 797.590085] kmem_cache_alloc+0x2af/0x760 [ 797.590111] skb_clone+0x1ed/0x4f0 [ 797.590128] ? refcount_add_not_zero+0x310/0x320 [ 797.590142] ? skb_split+0x11d0/0x11d0 2018/05/04 10:56:45 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000080)='/dev/admmidi#\x00', 0x80000000, 0x20000) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0xc, 0x0, &(0x7f0000000100)=[@register_looper={0x630b}, @decrefs={0x40046307, 0x4}], 0x8e, 0x0, &(0x7f0000000140)="169a8b520f2a6271ad9931e5547735396a9262cbf08b4335b5bb89067f7ca2fc0b3c5755e9464787c76c35303459f4eaca826be54924286696b7ad5b6c5bf01d88e085e9c222bae79fc6cd2ad4833c6ed41413c3fc386a7cb49ee1ee246fc6a2337bff66d70115ee03e19a9cb5f49282e6626282b9afed112e77c0dc5c3d547670ddd5ddfcb12a3964316617c24b"}) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000040)) getsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, &(0x7f00000000c0)=0x8, &(0x7f0000000000)=0x4) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f00000002c0)={0x0, @in6={{0xa, 0x4e23, 0x401, @remote={0xfe, 0x80, [], 0xbb}, 0x8000}}, [0x3c83, 0xffffffffffffffe0, 0x80000000, 0xffffffff80000000, 0xfff, 0x40, 0x1000, 0x50000000, 0xaf4, 0x7, 0x7b, 0x3ff, 0x7, 0x9, 0xffffffff80000000]}, &(0x7f00000003c0)=0x100) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000400)={r2, 0x81}, 0x8) [ 797.590158] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 797.590178] ? netlink_trim+0x1b2/0x370 [ 797.643356] binder: undelivered TRANSACTION_ERROR: 29189 [ 797.646656] ? netlink_skb_destructor+0x210/0x210 [ 797.646673] ? cleanup_uevent_env+0x40/0x40 [ 797.646691] netlink_broadcast_filtered+0x1024/0x1580 [ 797.646712] ? __netlink_sendskb+0xd0/0xd0 [ 797.646739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 797.646758] ? refcount_inc_not_zero+0x1dd/0x2d0 [ 797.646776] ? refcount_add_not_zero+0x320/0x320 [ 797.646796] ? cleanup_uevent_env+0x40/0x40 [ 797.646813] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 797.646830] kobject_uevent_env+0x6e4/0xea0 [ 797.646845] ? device_pm_add+0x221/0x340 [ 797.646864] kobject_uevent+0x1f/0x30 [ 797.673484] binder: 8737:8738 ERROR: BC_REGISTER_LOOPER called without request [ 797.676411] device_add+0xb01/0x16d0 [ 797.676432] ? device_private_init+0x230/0x230 [ 797.676447] ? kfree+0x1e9/0x260 [ 797.676465] ? kfree_const+0x5e/0x70 [ 797.676484] device_create_groups_vargs+0x1ff/0x270 [ 797.676502] device_create_vargs+0x46/0x60 2018/05/04 10:56:45 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x7fffe1d1]}) [ 797.676522] bdi_register_va.part.10+0xbb/0x970 [ 797.676536] ? cgwb_kill+0x630/0x630 [ 797.676560] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 797.681355] binder: 8737:8738 DecRefs 0 refcount change on invalid ref 4 ret -22 [ 797.686062] ? bdi_init+0x416/0x510 [ 797.686073] ? wb_init+0x9e0/0x9e0 [ 797.686085] ? bdi_alloc_node+0x67/0xe0 [ 797.686097] ? bdi_alloc_node+0x67/0xe0 [ 797.686112] ? rcu_read_lock_sched_held+0x108/0x120 [ 797.686132] ? kmem_cache_alloc_node_trace+0x34e/0x770 2018/05/04 10:56:45 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x300000000000000, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:45 executing program 1: r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0xffffffffffffffff, 0x0, 0x1, 0x195, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20) ioctl$SG_NEXT_CMD_LEN(r0, 0x2283, &(0x7f0000000140)=0xc7) r1 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$mice(&(0x7f0000000080)='/dev/input/mice\x00', 0x0, 0x400000) ioctl$EVIOCSABS0(r2, 0x401845c0, &(0x7f00000000c0)={0x10001, 0x8, 0x0, 0xfffffffffffffffd, 0x0, 0xffffffffffff8001}) ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0) ioctl$BLKALIGNOFF(r2, 0x127a, &(0x7f0000000000)) [ 797.698006] binder: 8737:8738 ERROR: BC_REGISTER_LOOPER called without request [ 797.699774] ? _raw_spin_unlock+0x22/0x30 [ 797.699797] bdi_register_va+0x68/0x80 [ 797.699816] super_setup_bdi_name+0x123/0x220 [ 797.699832] ? kill_block_super+0x100/0x100 [ 797.699850] ? kmem_cache_alloc_trace+0x616/0x780 [ 797.699868] ? match_wildcard+0x3c0/0x3c0 [ 797.699883] ? trace_hardirqs_on+0xd/0x10 [ 797.699904] fuse_fill_super+0xe6e/0x1e20 [ 797.704014] binder: 8737:8738 DecRefs 0 refcount change on invalid ref 4 ret -22 [ 797.707752] ? fuse_get_root_inode+0x190/0x190 2018/05/04 10:56:45 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) [ 797.707770] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 797.707791] ? kasan_check_read+0x11/0x20 [ 797.726301] binder: 8736:8741 transaction failed 29189/-22, size 0-0 line 2856 [ 797.726779] ? cap_capable+0x1f9/0x260 [ 797.726804] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 797.726819] ? security_capable+0x99/0xc0 [ 797.726838] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 797.785217] binder: undelivered TRANSACTION_ERROR: 29189 [ 797.786578] ? ns_capable_common+0x13f/0x170 [ 797.786599] ? get_anon_bdev+0x2f0/0x2f0 [ 797.786613] ? sget+0x113/0x150 [ 797.786633] ? fuse_get_root_inode+0x190/0x190 [ 797.786648] mount_nodev+0x6b/0x110 [ 797.786664] fuse_mount+0x2c/0x40 [ 797.786681] mount_fs+0xae/0x328 [ 797.786700] vfs_kern_mount.part.34+0xd4/0x4d0 [ 797.870305] binder: 8743:8748 transaction failed 29189/-22, size 0-0 line 2856 [ 797.875823] ? may_umount+0xb0/0xb0 [ 797.875840] ? _raw_read_unlock+0x22/0x30 [ 797.875852] ? __get_fs_type+0x97/0xc0 [ 797.875872] do_mount+0x564/0x3070 [ 797.875889] ? copy_mount_string+0x40/0x40 [ 797.939633] ? rcu_pm_notify+0xc0/0xc0 [ 797.941918] binder: 8749:8750 transaction failed 29189/-22, size 0-0 line 2856 [ 797.943546] ? copy_mount_options+0x5f/0x380 [ 797.943562] ? rcu_read_lock_sched_held+0x108/0x120 [ 797.943579] ? kmem_cache_alloc_trace+0x616/0x780 [ 797.943601] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 797.952068] binder: undelivered TRANSACTION_ERROR: 29189 [ 797.955359] ? _copy_from_user+0xdf/0x150 [ 797.955383] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 797.955398] ? copy_mount_options+0x285/0x380 [ 797.955416] ksys_mount+0x12d/0x140 [ 797.955434] __x64_sys_mount+0xbe/0x150 [ 797.955449] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 797.955467] do_syscall_64+0x1b1/0x800 [ 797.955480] ? finish_task_switch+0x1ca/0x810 [ 797.955499] ? syscall_return_slowpath+0x5c0/0x5c0 [ 797.962694] binder: 8749:8750 transaction failed 29189/-22, size 0-0 line 2856 [ 797.965345] ? syscall_return_slowpath+0x30f/0x5c0 [ 797.965367] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 797.965387] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 797.965406] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 797.965417] RIP: 0033:0x455979 [ 797.965425] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 797.965440] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 797.965448] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 797.965456] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 797.965469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 797.989661] binder: undelivered TRANSACTION_ERROR: 29189 [ 797.990576] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:46 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x2000000, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:46 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x200000000) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000000080)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:46 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x7000000, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:46 executing program 2 (fault-call:3 fault-nth:71): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:46 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:46 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x3f000000]}]}) 2018/05/04 10:56:46 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:46 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0xffffffffffffffff]}) 2018/05/04 10:56:46 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x800e]}) [ 798.514309] binder: 8766:8768 transaction failed 29189/-22, size 0-0 line 2856 [ 798.522894] binder: 8762:8769 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:56:46 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0xc0f, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:46 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0xfdfdffff00000000, 0x0, &(0x7f0000011f9d)}) [ 798.565800] binder: undelivered TRANSACTION_ERROR: 29189 [ 798.598042] FAULT_INJECTION: forcing a failure. [ 798.598042] name failslab, interval 1, probability 0, space 0, times 0 [ 798.609991] CPU: 1 PID: 8772 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 798.617193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 798.626550] Call Trace: [ 798.629149] dump_stack+0x1b9/0x294 [ 798.632788] ? dump_stack_print_info.cold.2+0x52/0x52 [ 798.637991] ? d_add+0x605/0xa10 [ 798.641367] ? lock_downgrade+0x8e0/0x8e0 [ 798.645530] should_fail.cold.4+0xa/0x1a [ 798.649600] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 798.654723] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 798.659754] ? graph_lock+0x170/0x170 [ 798.661661] binder: 8766:8768 transaction failed 29189/-22, size 0-0 line 2856 [ 798.663558] ? __lockdep_init_map+0x105/0x590 [ 798.675478] ? find_held_lock+0x36/0x1c0 [ 798.679559] ? __lock_is_held+0xb5/0x140 [ 798.683646] ? check_same_owner+0x320/0x320 [ 798.687988] ? rcu_note_context_switch+0x710/0x710 [ 798.690764] binder: 8774:8775 transaction failed 29189/-22, size 0-0 line 2856 [ 798.692931] __should_failslab+0x124/0x180 [ 798.692953] should_failslab+0x9/0x14 [ 798.692969] kmem_cache_alloc+0x2af/0x760 [ 798.692990] alloc_inode+0xb2/0x190 [ 798.693010] new_inode_pseudo+0x69/0x1a0 [ 798.720273] ? prune_icache_sb+0x1a0/0x1a0 [ 798.724525] ? down_read+0x1b0/0x1b0 [ 798.728247] ? mntput+0x74/0xa0 [ 798.731540] new_inode+0x1c/0x40 [ 798.734927] debugfs_get_inode+0x19/0x120 [ 798.739106] debugfs_create_dir+0x75/0x3c0 [ 798.743353] bdi_register_va.part.10+0x318/0x970 [ 798.748118] ? cgwb_kill+0x630/0x630 [ 798.751989] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 798.757537] ? bdi_init+0x416/0x510 [ 798.761175] ? wb_init+0x9e0/0x9e0 [ 798.764736] ? bdi_alloc_node+0x67/0xe0 [ 798.768720] ? bdi_alloc_node+0x67/0xe0 [ 798.772702] ? rcu_read_lock_sched_held+0x108/0x120 [ 798.777735] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 798.783026] ? _raw_spin_unlock+0x22/0x30 [ 798.787188] bdi_register_va+0x68/0x80 [ 798.791091] super_setup_bdi_name+0x123/0x220 [ 798.795597] ? kill_block_super+0x100/0x100 [ 798.799932] ? kmem_cache_alloc_trace+0x616/0x780 [ 798.804799] ? match_wildcard+0x3c0/0x3c0 [ 798.808957] ? trace_hardirqs_on+0xd/0x10 2018/05/04 10:56:46 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0xa00000000000000, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:46 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="116348dd", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, &(0x7f0000011f9d)}) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x2, 0x0) ioctl$RNDZAPENTCNT(r1, 0x5204, &(0x7f00000000c0)=0xdb) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) [ 798.813122] fuse_fill_super+0xe6e/0x1e20 [ 798.817285] ? fuse_get_root_inode+0x190/0x190 [ 798.821880] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 798.826910] ? kasan_check_read+0x11/0x20 [ 798.831070] ? cap_capable+0x1f9/0x260 [ 798.834229] binder: undelivered TRANSACTION_ERROR: 29189 [ 798.834971] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 798.834989] ? security_capable+0x99/0xc0 [ 798.835009] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 798.835025] ? ns_capable_common+0x13f/0x170 [ 798.835043] ? get_anon_bdev+0x2f0/0x2f0 [ 798.835057] ? sget+0x113/0x150 [ 798.835079] ? fuse_get_root_inode+0x190/0x190 [ 798.872025] mount_nodev+0x6b/0x110 [ 798.875673] fuse_mount+0x2c/0x40 [ 798.879145] mount_fs+0xae/0x328 [ 798.882530] vfs_kern_mount.part.34+0xd4/0x4d0 [ 798.883116] binder: 8781:8782 unknown command -582458607 [ 798.887264] ? may_umount+0xb0/0xb0 [ 798.887283] ? _raw_read_unlock+0x22/0x30 [ 798.887297] ? __get_fs_type+0x97/0xc0 [ 798.887317] do_mount+0x564/0x3070 [ 798.887337] ? copy_mount_string+0x40/0x40 [ 798.887353] ? rcu_pm_notify+0xc0/0xc0 [ 798.887374] ? copy_mount_options+0x5f/0x380 [ 798.887388] ? rcu_read_lock_sched_held+0x108/0x120 [ 798.887404] ? kmem_cache_alloc_trace+0x616/0x780 [ 798.887421] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 798.887442] ? _copy_from_user+0xdf/0x150 [ 798.908318] binder: 8781:8782 ioctl c0306201 20000040 returned -22 [ 798.912262] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 798.912279] ? copy_mount_options+0x285/0x380 [ 798.912299] ksys_mount+0x12d/0x140 [ 798.912318] __x64_sys_mount+0xbe/0x150 [ 798.912334] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 798.912352] do_syscall_64+0x1b1/0x800 [ 798.912367] ? finish_task_switch+0x1ca/0x810 [ 798.912383] ? syscall_return_slowpath+0x5c0/0x5c0 [ 798.912398] ? syscall_return_slowpath+0x30f/0x5c0 [ 798.912421] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 798.993278] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 798.993303] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 799.000541] binder: 8781:8782 unknown command -582458607 [ 799.003319] RIP: 0033:0x455979 [ 799.003328] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 799.003344] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 799.003353] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 799.003361] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 799.003369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 799.003378] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 799.012709] binder: 8778:8779 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:56:47 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x4001]}) 2018/05/04 10:56:47 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0xa000000, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:47 executing program 2 (fault-call:3 fault-nth:72): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) [ 799.021464] nla_parse: 1 callbacks suppressed [ 799.021473] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 799.069356] binder: 8781:8782 ioctl c0306201 20000040 returned -22 2018/05/04 10:56:47 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt(r1, 0x9, 0x4, &(0x7f0000000080)="7190b38ab9152cfa", 0x8) r2 = getgid() r3 = getgid() getresgid(&(0x7f00000000c0)=0x0, &(0x7f0000000100), &(0x7f0000000140)) setresgid(r2, r3, r4) [ 799.143416] binder: 8788:8790 transaction failed 29189/-22, size 0-0 line 2856 [ 799.187592] FAULT_INJECTION: forcing a failure. [ 799.187592] name failslab, interval 1, probability 0, space 0, times 0 [ 799.188884] binder: 8792:8793 transaction failed 29189/-22, size 0-0 line 2856 [ 799.198997] CPU: 1 PID: 8791 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 799.207926] binder: undelivered TRANSACTION_ERROR: 29189 [ 799.213496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 799.213503] Call Trace: [ 799.213531] dump_stack+0x1b9/0x294 [ 799.213552] ? dump_stack_print_info.cold.2+0x52/0x52 [ 799.213569] ? d_add+0x605/0xa10 [ 799.213584] ? lock_downgrade+0x8e0/0x8e0 [ 799.213612] should_fail.cold.4+0xa/0x1a [ 799.222124] binder: 8792:8793 transaction failed 29189/-22, size 0-0 line 2856 [ 799.228414] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 799.228437] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 799.228453] ? graph_lock+0x170/0x170 [ 799.228466] ? __lockdep_init_map+0x105/0x590 [ 799.228484] ? find_held_lock+0x36/0x1c0 [ 799.277124] binder: undelivered TRANSACTION_ERROR: 29189 [ 799.277186] ? __lock_is_held+0xb5/0x140 [ 799.290766] ? check_same_owner+0x320/0x320 [ 799.295112] ? rcu_note_context_switch+0x710/0x710 [ 799.300052] __should_failslab+0x124/0x180 [ 799.304397] should_failslab+0x9/0x14 [ 799.308203] kmem_cache_alloc+0x2af/0x760 [ 799.312365] alloc_inode+0xb2/0x190 [ 799.315998] new_inode_pseudo+0x69/0x1a0 [ 799.320075] ? prune_icache_sb+0x1a0/0x1a0 [ 799.324323] ? down_read+0x1b0/0x1b0 [ 799.328045] ? mntput+0x74/0xa0 [ 799.331336] new_inode+0x1c/0x40 [ 799.334712] debugfs_get_inode+0x19/0x120 [ 799.338872] debugfs_create_dir+0x75/0x3c0 [ 799.343117] bdi_register_va.part.10+0x318/0x970 [ 799.347881] ? cgwb_kill+0x630/0x630 [ 799.351606] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 799.357151] ? bdi_init+0x416/0x510 [ 799.360785] ? wb_init+0x9e0/0x9e0 [ 799.364329] ? bdi_alloc_node+0x67/0xe0 [ 799.368305] ? bdi_alloc_node+0x67/0xe0 [ 799.372286] ? rcu_read_lock_sched_held+0x108/0x120 [ 799.377310] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 799.382598] ? _raw_spin_unlock+0x22/0x30 [ 799.386758] bdi_register_va+0x68/0x80 [ 799.390663] super_setup_bdi_name+0x123/0x220 [ 799.395166] ? kill_block_super+0x100/0x100 [ 799.399503] ? kmem_cache_alloc_trace+0x616/0x780 [ 799.404365] ? match_wildcard+0x3c0/0x3c0 [ 799.408524] ? trace_hardirqs_on+0xd/0x10 [ 799.412692] fuse_fill_super+0xe6e/0x1e20 [ 799.416853] ? fuse_get_root_inode+0x190/0x190 [ 799.421442] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 799.426466] ? kasan_check_read+0x11/0x20 [ 799.430622] ? cap_capable+0x1f9/0x260 [ 799.434525] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 799.440078] ? security_capable+0x99/0xc0 [ 799.444235] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 799.449783] ? ns_capable_common+0x13f/0x170 [ 799.454205] ? get_anon_bdev+0x2f0/0x2f0 [ 799.458273] ? sget+0x113/0x150 [ 799.461562] ? fuse_get_root_inode+0x190/0x190 [ 799.466148] mount_nodev+0x6b/0x110 [ 799.469784] fuse_mount+0x2c/0x40 [ 799.473243] mount_fs+0xae/0x328 [ 799.476618] vfs_kern_mount.part.34+0xd4/0x4d0 [ 799.481212] ? may_umount+0xb0/0xb0 [ 799.484854] ? _raw_read_unlock+0x22/0x30 [ 799.489012] ? __get_fs_type+0x97/0xc0 [ 799.492935] do_mount+0x564/0x3070 [ 799.496470] ? copy_mount_string+0x40/0x40 [ 799.500699] ? rcu_pm_notify+0xc0/0xc0 [ 799.504583] ? copy_mount_options+0x5f/0x380 [ 799.509001] ? rcu_read_lock_sched_held+0x108/0x120 [ 799.514016] ? kmem_cache_alloc_trace+0x616/0x780 [ 799.518853] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 799.524380] ? _copy_from_user+0xdf/0x150 [ 799.528518] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 799.534045] ? copy_mount_options+0x285/0x380 [ 799.538542] ksys_mount+0x12d/0x140 [ 799.542158] __x64_sys_mount+0xbe/0x150 [ 799.546122] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 799.551130] do_syscall_64+0x1b1/0x800 [ 799.555012] ? finish_task_switch+0x1ca/0x810 [ 799.559501] ? syscall_return_slowpath+0x5c0/0x5c0 [ 799.564417] ? syscall_return_slowpath+0x30f/0x5c0 [ 799.569340] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 799.574695] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 799.579546] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 799.584727] RIP: 0033:0x455979 [ 799.587903] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 799.595600] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 799.602856] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 799.610117] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 799.617373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 799.624629] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:47 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x20000f2f]}) 2018/05/04 10:56:47 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x94ab030000000000, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:47 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x500, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:47 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000180)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) futex(&(0x7f0000000080)=0x2, 0x0, 0x2, &(0x7f0000000100)={r1, r2+30000000}, &(0x7f0000000140)=0x2, 0x1) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:47 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = epoll_create1(0x0) epoll_wait(r1, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000cd8ff4)) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000007000)) epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:47 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:47 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xfdfdffff]}]}) 2018/05/04 10:56:47 executing program 2 (fault-call:3 fault-nth:73): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:47 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x0, 0xf0ff7f00000000]}) 2018/05/04 10:56:47 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x94ab0300, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 799.832347] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 799.849829] binder: 8807:8812 transaction failed 29189/-22, size 0-0 line 2856 [ 799.866387] binder: 8805:8816 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:56:47 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x48, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:48 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x0, 0x100000000000000]}) [ 799.947012] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. 2018/05/04 10:56:48 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x4c, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:48 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x0, 0xd1e1ff7f]}) [ 800.026219] binder: 8821:8824 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:56:48 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x100000000000000, 0x0, &(0x7f0000011f9d)}) [ 800.068015] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 800.172388] binder: 8830:8831 transaction failed 29189/-22, size 0-0 line 2856 [ 800.211924] FAULT_INJECTION: forcing a failure. [ 800.211924] name failslab, interval 1, probability 0, space 0, times 0 [ 800.223282] CPU: 0 PID: 8829 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 800.230478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 800.239834] Call Trace: [ 800.242436] dump_stack+0x1b9/0x294 [ 800.246075] ? dump_stack_print_info.cold.2+0x52/0x52 [ 800.251278] ? kernel_text_address+0x79/0xf0 [ 800.255693] ? __unwind_start+0x166/0x330 [ 800.259850] ? __kernel_text_address+0xd/0x40 [ 800.264357] should_fail.cold.4+0xa/0x1a [ 800.268435] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 800.273559] ? __lock_acquire+0x7f5/0x5140 [ 800.277803] ? __lock_acquire+0x7f5/0x5140 [ 800.282049] ? save_stack+0xa9/0xd0 [ 800.285691] ? graph_lock+0x170/0x170 [ 800.289500] ? kasan_kmalloc+0xc4/0xe0 [ 800.293393] ? kasan_slab_alloc+0x12/0x20 [ 800.297550] ? find_held_lock+0x36/0x1c0 [ 800.301621] ? __lock_is_held+0xb5/0x140 [ 800.305711] ? check_same_owner+0x320/0x320 [ 800.310052] ? __lock_acquire+0x7f5/0x5140 [ 800.314321] ? rcu_note_context_switch+0x710/0x710 [ 800.319262] __should_failslab+0x124/0x180 [ 800.323507] should_failslab+0x9/0x14 [ 800.327317] kmem_cache_alloc+0x2af/0x760 [ 800.331482] ? debug_check_no_locks_freed+0x310/0x310 [ 800.336726] __d_alloc+0xc0/0xd30 [ 800.340189] ? __lock_acquire+0x7f5/0x5140 [ 800.344435] ? shrink_dcache_for_umount+0x290/0x290 [ 800.349458] ? print_usage_bug+0xc0/0xc0 [ 800.353538] ? debug_check_no_locks_freed+0x310/0x310 [ 800.358735] ? print_usage_bug+0xc0/0xc0 [ 800.362804] ? __lock_acquire+0x7f5/0x5140 [ 800.367074] d_alloc+0x8e/0x370 [ 800.370370] ? __d_alloc+0xd30/0xd30 [ 800.374113] d_alloc_parallel+0x152/0x1e80 [ 800.378356] ? graph_lock+0x170/0x170 [ 800.382169] ? __lock_acquire+0x7f5/0x5140 [ 800.386407] ? debug_check_no_locks_freed+0x310/0x310 [ 800.391606] ? __d_lookup_rcu+0xa80/0xa80 [ 800.395762] ? print_usage_bug+0xc0/0xc0 [ 800.399825] ? find_held_lock+0x36/0x1c0 [ 800.403900] ? lock_downgrade+0x8e0/0x8e0 [ 800.408058] ? __kernel_text_address+0xd/0x40 [ 800.412567] ? mark_held_locks+0xc9/0x160 [ 800.416728] ? __raw_spin_lock_init+0x1c/0x100 [ 800.421321] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 800.426343] ? __lockdep_init_map+0x105/0x590 [ 800.430845] ? __lockdep_init_map+0x105/0x590 [ 800.435352] ? lockdep_init_map+0x9/0x10 [ 800.439425] ? __init_waitqueue_head+0x96/0x140 [ 800.444106] ? init_wait_entry+0x1b0/0x1b0 [ 800.448349] ? d_alloc_parallel+0x1e80/0x1e80 [ 800.452854] ? lock_release+0xa10/0xa10 [ 800.457445] __lookup_slow+0x1e6/0x540 [ 800.461341] ? vfs_unlink+0x510/0x510 [ 800.465155] ? d_lookup+0x219/0x330 [ 800.468806] lookup_one_len+0x1c7/0x210 [ 800.472790] ? lookup_one_len_unlocked+0xf0/0xf0 [ 800.477555] ? down_write+0x87/0x120 [ 800.481274] ? start_creating+0xb1/0x200 [ 800.485344] ? down_read+0x1b0/0x1b0 [ 800.489069] ? mntput+0x74/0xa0 [ 800.492353] ? simple_pin_fs+0xa4/0x190 [ 800.496336] start_creating+0xc6/0x200 [ 800.500230] __debugfs_create_file+0x63/0x400 [ 800.504735] debugfs_create_file+0x57/0x70 [ 800.508978] bdi_register_va.part.10+0x365/0x970 [ 800.513738] ? cgwb_kill+0x630/0x630 [ 800.517462] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 800.523005] ? bdi_init+0x416/0x510 [ 800.526638] ? wb_init+0x9e0/0x9e0 [ 800.530185] ? bdi_alloc_node+0x67/0xe0 [ 800.534163] ? bdi_alloc_node+0x67/0xe0 [ 800.538144] ? rcu_read_lock_sched_held+0x108/0x120 [ 800.543169] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 800.548455] ? _raw_spin_unlock+0x22/0x30 [ 800.552609] bdi_register_va+0x68/0x80 [ 800.556506] super_setup_bdi_name+0x123/0x220 [ 800.561008] ? kill_block_super+0x100/0x100 [ 800.565338] ? kmem_cache_alloc_trace+0x616/0x780 [ 800.570192] ? match_wildcard+0x3c0/0x3c0 [ 800.574346] ? trace_hardirqs_on+0xd/0x10 [ 800.578510] fuse_fill_super+0xe6e/0x1e20 [ 800.582688] ? fuse_get_root_inode+0x190/0x190 [ 800.587369] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 800.592394] ? kasan_check_read+0x11/0x20 [ 800.596551] ? cap_capable+0x1f9/0x260 [ 800.600452] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 800.605997] ? security_capable+0x99/0xc0 [ 800.610166] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 800.615710] ? ns_capable_common+0x13f/0x170 [ 800.620135] ? get_anon_bdev+0x2f0/0x2f0 [ 800.624214] ? sget+0x113/0x150 [ 800.627507] ? fuse_get_root_inode+0x190/0x190 [ 800.632100] mount_nodev+0x6b/0x110 [ 800.635733] fuse_mount+0x2c/0x40 [ 800.639190] mount_fs+0xae/0x328 [ 800.642571] vfs_kern_mount.part.34+0xd4/0x4d0 [ 800.647163] ? may_umount+0xb0/0xb0 [ 800.650801] ? _raw_read_unlock+0x22/0x30 [ 800.654960] ? __get_fs_type+0x97/0xc0 [ 800.658878] do_mount+0x564/0x3070 [ 800.662448] ? copy_mount_string+0x40/0x40 [ 800.666692] ? rcu_pm_notify+0xc0/0xc0 [ 800.670595] ? copy_mount_options+0x5f/0x380 [ 800.675013] ? rcu_read_lock_sched_held+0x108/0x120 [ 800.680106] ? kmem_cache_alloc_trace+0x616/0x780 [ 800.684966] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 800.690523] ? _copy_from_user+0xdf/0x150 [ 800.694693] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 800.700238] ? copy_mount_options+0x285/0x380 [ 800.704783] ksys_mount+0x12d/0x140 [ 800.708419] __x64_sys_mount+0xbe/0x150 [ 800.712399] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 800.717428] do_syscall_64+0x1b1/0x800 [ 800.721334] ? syscall_return_slowpath+0x5c0/0x5c0 [ 800.726257] ? syscall_return_slowpath+0x30f/0x5c0 [ 800.731187] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 800.736560] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 800.741400] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 800.746581] RIP: 0033:0x455979 [ 800.749756] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 800.757450] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 800.764705] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 800.771961] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 800.779224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 800.786481] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 800.798499] binder: 8807:8833 transaction failed 29189/-22, size 0-0 line 2856 [ 800.920289] binder: undelivered TRANSACTION_ERROR: 29189 [ 800.926334] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:56:49 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0xf0c, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:49 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x0, 0x1000000]}) 2018/05/04 10:56:49 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x6800000000000000, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:49 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = epoll_create1(0x0) epoll_wait(r1, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000cd8ff4)) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000007000)) epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:49 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:49 executing program 2 (fault-call:3 fault-nth:74): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:49 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xffff8000]}]}) 2018/05/04 10:56:49 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="11634840", @ANYRES64=0x0, @ANYBLOB="5ab885fa5a0e0e0000000000000000"], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001200)={0x50, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {{0x3, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x18, 0x30, &(0x7f0000000100)=[@fd={0x66642a85, 0x0, r0, 0x0, 0x3}], &(0x7f0000000140)=[0x40, 0x18, 0x0, 0x18, 0x38, 0x38]}, 0x3}}, @exit_looper={0x630d}], 0x1000, 0x0, &(0x7f0000000200)="bd0a321741ba14d564ee719228d0d386cbae76b4b54e0a2cbe65fa3c4d78c174a9ecf4c6037be9164d4d4f9e45b93074eb3253f1a31ba6bebe67e1644e90dc71aadf41c41f28dd611179379a551ed0938979cb5c9babc6b926cf688722577aa7aa091ac4f7c6fe1c58d89205a4d2f506e4688fb41d7de58ae9def44e92c4c57f3d551236fac283773d8fa60fdc89436b8c193145826e153ca0a9a8e7d78c4e4ce7425723f9031d7b4a25a884cc64ea9b8105640a29e72fe1cf37b607049d6532eb9b5be1c46547d27d991b1f9ef5f9b94b5e645cba86f4e95a75472c5ff0805bca825ea38dcb797748d868118193254749c17c7942973ec085348b554e6ebebd561b4dcd3bc7c3f51d1504c15fd1775b2bbf63d7ac17356ca4d61b8cc7f9ce4922eb2303a7f177298274438a24820f7e480532acc57ab8160aab6bfee2ce8acff91a1627578160d48d000abdf3e438f8a1e0865f2300fb4aec414084b52cfc6cdcc56e3d098a15b5438547034be5d72d373fa67febc2a18afc046199b0d124167a29df64822d8b9688e13331ba17d4810c629d7d5880f8fd24005adc31e4fbd41f17d346727cfa42aea793e4840677f5acd2b8d36a9e91680b982e590a79d1c3d4c27d2e0c692a9ddc196d456226db56455ad94ef010710ae3c0ae1a9a176ea023662962f71dc7431c85b7375d6b3320dfdbf24536ad697a1d103321967ced3356e9cb8663b892d0e67c81ddae19384d70a0b809692a45665ef85c8ed7ea46f3d8872cf2ab7647a4af3ecbb48c44eef42454c245ed07888f64610aa704cedb5f22bc26458e987431b2d21f9c71228fc5eb31e6dde9e1cf6aa58fbead005a7cf603d3f7c81a38d65f385ed4695589b3c81a537a238c14b7d31a3dc1957b0d5981192b06a9fbd5d9eed84ba3a653e0461048cd1a837f29eb49fd694681c297887f614e26bca536e209775b9baffb0178844dea736ef238352112162eb63bffad21fec696b09a69bbe9409e9ed22b007fb52b64769aacf1f3137bd168ff0a28a519ac5791d3107388af9a8acf8ba4de83fbba54acabd00d5967ecc46c8ec4acb81b6237feec485329b39fc694ff8581176f38baf4f56e939a61089c83857a134c23e9cc817d6eb0fcc3ff7a18fa83d1a392513ce3e778a05fa119f76b2ba40ca0b87683f84f11667ed068cd738c3a291624209f3569dccc58fa653d286d0b2fdfe5e138ff22a4acd6ec80aa511d7e77b6a8b566aaa3e04fa57b3654ea9b6223d2d5b33e572115033d39485ec8e5188a8ba1864bd8cb23b3ece39a44498574ddb03f2a5ff57105dffd794a08263965fb8f2a5fe8ad4abda080cf4bb7e050dcf86e544abb277df907ee78a659197a9b122ce460a54582723bf3b8eea2374ea44f16f9df0bc8f9c738877bf5ae032217dfaab27b49d4e9530871adaff46701709fb2a2138e9b1e28cb50070f80a9f1943ba164ed1a0a698bdabc354cce1f9f795744ec31b6e9005e9830767b75e2e6ac566a927ec21a728ddfbae083ae94b312f272c7f87b9fdb043fe47c27d02ec897d82c809469c82efd7ae19be09bee0908285d6c0eec2599216f9d3e76e61ad687437d50859a42684cea1235e5dc382807c56a8e2fe258561927f455b9020877e05118f62a758344289d93a29b5305cdb3f3eaae5eac91666398e49eb6b9e0bba704a39b70113cde53d44aa30808b52794e2f192fd57b0c8839300b82d1f2036d98fc089a8c4dfb492b0db08b667ef9587f4934610674e40584b2acc0391488b2fea5f5fc7f98e4822b38285e53b30c5b99f5e0b00a2067a1f3512e8094aa36302e823ff8c86fc8d575dec621d3e37e4f0425ca02a83caa4d246c4fdd3eba04b9ff80d7050a75096f152acab47e475ec0f516f16ea0f952ae5158e546a5239389195ed2d1ca52670e95ea7d041945ff2754ff38fb792551082272e8061759b748a2097962702e1932cbcd0a5dbfa6c95ead367661d0717b11848ad12affed7bcfaab57bccb13cad1f779c90d4c242dad83800a8f7923c594aba66efb700ee040f7ca180b4d93166e33bb934adbdf27eceb87e985d37033e18a29c0ca4d5925349e4a8aa7f9a8fa9018290e370d18bb835aab6574c7ffe5f4b7cfe923667f4c072013961a91e93272f4442fc5104d16bd69df298abfbc6b9328202ccc8e0c7596c049cabef3aeedc31ba0045ea0ea9a7f5b713d6dbab404f59545d692bc37b8d2f71d27bd4570063de0c6feb29f0b3a449bb6f2ec7b19a118ce79cda15a4a068ccbb903ea5fbff8e93357c33e49d253aad7443700bbb8c44e3b3965b751ea86f32e16b4e0aac2fce0eb3e5c7a4e811414cbce0cc84c1002402c5d334c1bbee018eb5466e5283779a490d32931c044b1e9ae6c7350376aeecf11dbf5f1de7bedc486b0019ef84252c30e8c424f975e17e868543626f7722c38ddd0fa0a31f6b5ae2f68d86f1f16d880cb9d5ea6a786822cf909d9b98a52ff14b80c7ec839168f9bd472a290ea4a430e924a7285766c4dfffa0ac1f4c7234f960bd8e2e67ef109bec10c7a9a9bfc9bbe6872c335d443330978b2dcc715a47670571b58327dc020740f1cfbe5319a6896a6704e8df9abcc40c78b63372494b15e890b920243e797692ffb16b9e60a61c3cb50ffb3dd8a10c02c2ac4038d6639181f4640cc89ec355693fb43c387b8461bac279c83f588ce76368ab6de647467ce27af3b3066efccb40dd83e5d709ca6f492d8087a3090aaef6a5a6a50f4be625fba1f289383fa7c437f9c9a8ff55edad82db9ac36853e6e62147940b8314e53d4ea3d0ca3c432d2a209ffea5e28d80659f4ae75d6049d8b9f8297cef57636c7f1c879af0ea47e437cd850c5a4cc5424f68d821acbec67c3131cde011cb3afdeeeb50046e29356ac44ca12150e88dd9182519e22bec6a6ddf446aa924e0acfdd25e8283c118ef978d1530359d5700f348e996552664b38437a1f7490c2e5178e1f668f93b50d45b2ed545ea5f5205706a5a2b9d0a3505aa400495985d576519d8ae3f81c8dbf5221d009f6e8b8b27a2954b824a4e0b6236c91c8d068fe788caedb6183ba58bbad5ac6945d48fc4f6ab247952661db3ca034676bffc4ba7711b4746e607a63c5371d76a96e45ca0feda796b67d5e7166d7a45487b69d5548b9ac16129370fd200b319c79c85aea7b2d2f3e1347b75b25d9479d7115c8366e2a1933b627fa9094e5b677f4e87cf72cf0da58c4f2aa6f525668f2e94ba0fd0fbb2435d28373f846da2c49c41d7dfa5e0573ed7af74fdd41ab3f149801390d81b5156e524ca853b47b540d5c1e19b164e34fa9c347cfe398112671da2dbce4286f24ed9a182d8c7cdbd418edc2057a0d2825216ad9150a225a45adf715536d1870ed117d85a04f955918660dc3f320d1111005fca72df1d1f25b9982e5befd5c28ea8170115722a0d7977badc3b69a98e022544bb011b30488ee2252f8946c9000c93b532728a5c2d30a636281b8aac4d9d580c56e1357edd5f749a06d72d2304906c7ddf74ae75e9c2d374fcb7a250d8fd5593eae176585ef82682730a7be5fe2fb57ee4f781e4af18e5476b07338d3151fab0cbfa22a213fd520d25e3971b58f4f9578ec852e69cf99e78f83db965bea9452ee7eb9f836b53c41c304d6ae48b1da5d2a879b1410134d4814835f61e6880e0a1cc723adf1401bd7a42b1490e72bd4182272567362db8dffc2a0d189394c65b16fb4e31af440eff0f7eedeb82aec16db21b0bba861ce9e0fc00d24db4aaaf23fb0a04366f5724d5f109f12fef0af37f92e39b9bceb4ac4af9cdcbb2e0d91b684e6c378a25be451b7f03d859bb1270089e4df651ef8b7754280f8edb5c397a66cf523cb790067d353bce8562ffc6263b978e2fcd2a90fa601408826244d5a9ebfeb81d7000bca2df508b8caf2b1bb6a36dcf807d313e0b516c56f2cf729112a907d502ab4be7f59f9533a6aea4a888a8e0b862268623eb57e8f1828495f5c250613d65dec050e23209e2cd9244f0800a6e55e7bd9046851b6091dee51db78f0eda5e2e2c0ed57b1bf5edcbacd8cffbbc4321758b792a8b70fc020224181c284990acde2a8cacbcd774a639de0455d823834e3ad2af4208ab30e74e93dbe9dda90d2718dfc53a0e33710f91aa6906019458b58f4f8e14a7faa7d2a5076e13f59fa41fe1d51cd11bc9edc59c0e49d317f519d144ff47d30fd3e79f5b893c4d7486a62f9e987783e656c58d4650626b1a824f2957260d219cde016b00928410d676061a6d3cec505a828e7fe86834c38db0ed142a478d8a346dab9be5263d2d410b6e6edab0c5b0102070f5adcbdf7f24d7db8a6f5ec88c8e2bc7a0ce52ec320084ffc1ede103e598856ec01eb5993652302fd5dbdbc88334573ec1852e7b324613e55fdc401c986d079e6b1dc4d34d7cfde3c1d002db27bac276fd1158ee2acaac784d44279f768c98a6df992d7d0d058fc8590fb4c7863b35cfb26f9f8cad9af70b6eedce4df31624db8e52231ee98fb05186d859d10a1e9f7bb6f5b002f9f6b350caf06e638fd2123d591bb37a2b6587b6d9772802c5b107e3faee2f93003e3ef06802e43346c20f42d58aee380dab26a1a1ea14b56174e257a7dafb0b118f058c535fb68d32078de8028aef9d8780796991a62be1889b54505a22c931503bcc2d249e4ff5c295a37183f5a048ad35ef4964c0ca4c3d04483fffd0f9f549e5f42a1841ff5545b1b9fa4d13be19026d98131f8f1881fe45ac8df122538b331240f84d45ec986b5284d2bb60a04a31e5b3e365cd0d7e17e9d96e813a8055f5e684c2e66d2bfac0c74ff62dabb60166d3ab54ea63da4b8ace658a29643f134f6d76bd2e37c005a9b845189d54a4900cb7f95cf32c8e04d31e76b6ba736fea9de85a0e7fa2e73f5c26047d4753de7ffea649d4d6566998eef0ce244f7d23cfa264f62484f3f3c4cf9d25be2dc8e2857b23b17d2b4aa2364bf202f6816956c805a6b85dca81bf5eb394f5e1f94234011ca5d7cb1b92eddb252caf509d09f903831734895b76b30d0d428919ec687cac4945559d6213d622f5968d42cd1d21edcd33dc1ed7fd485e2283d9c5765043551fcc251d713e5f10e223c3250adfa7deff8863a2804c6b68dc80d42c7659571708f40f651284c366ccd90e10c7d19ddd9b3d4422ce2682cd8e486adf0c4d0a0f8acdb21f223535a878fc9ef0c47097e801fbc36d42cb67bfd4003d2598df0d65658f8d4c8909f0433a00f7069dbbcfd6d620ad493933391671eaace1d47f56ad578bcc2bde827e0efa1ead018e9042093a9b2e8728fdf5e01577a7adbd6cea30d5222d5f2439bb79fff56ce81dbd559010623f206af988a54c70cd8148b4884057c5f83f261462c97d5310ace7a9452df7c006a2bb8a066dbd4769f87c508424691ade0df0738988be053673f81c0b7cea7835bda056572cf504e962cdbb452f98e3e58e08fca2a9c304eb7190715b54e41558787d37cb8128700bc5bfea7d2f6f68f20558bc2df3f420d12e4f4f8ab752d51123f3628a960c704a8206782a4b037a76a8e38862bfc1c6886aa0064243e57ef7ca51219a7b5a32e6dc048299aa55aa1ee2ec5b4d65f5808e2e57ec5a4087b677da9275926ba5ced3a2774e05f1bc9a14031636a141005b492e1c54c54c93ec5eb288fa8d4ed64a14caad44a1a8dcd5f008eaf33970be8b01c111fc70399e4bdf5b86f44f5532350dfa3cb24d625809cf224ce90e6bb3c3277804b89f2628a1c477e21d53beef71c05800c6294"}) bpf$OBJ_GET_MAP(0x7, &(0x7f00000000c0)={&(0x7f0000000000)='./file0\x00'}, 0x10) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:49 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x0, 0x10020]}) [ 801.076649] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 801.096886] binder: 8847:8853 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:56:49 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0xf, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 801.149171] binder: 8847:8853 transaction failed 29189/-22, size 0-0 line 2856 [ 801.187785] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. 2018/05/04 10:56:49 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x0, 0xf0ff7f]}) [ 801.191531] binder: 8849:8860 transaction failed 29189/-22, size 0-0 line 2856 [ 801.205358] binder: 8847:8856 got reply transaction with no transaction stack [ 801.212804] binder: 8847:8856 transaction failed 29201/-71, size 24-48 line 2763 [ 801.229117] FAULT_INJECTION: forcing a failure. [ 801.229117] name failslab, interval 1, probability 0, space 0, times 0 [ 801.240705] CPU: 1 PID: 8859 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 2018/05/04 10:56:49 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x0, 0xffffffffffffffff]}) [ 801.247902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 801.257264] Call Trace: [ 801.259867] dump_stack+0x1b9/0x294 [ 801.263519] ? dump_stack_print_info.cold.2+0x52/0x52 [ 801.268727] ? d_add+0x605/0xa10 [ 801.272114] ? lock_downgrade+0x8e0/0x8e0 [ 801.276278] ? __kernel_text_address+0xd/0x40 [ 801.280796] should_fail.cold.4+0xa/0x1a [ 801.284881] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 801.290007] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 801.295041] ? graph_lock+0x170/0x170 2018/05/04 10:56:49 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x0, 0x800e000000000000]}) [ 801.298850] ? __lockdep_init_map+0x105/0x590 [ 801.303361] ? find_held_lock+0x36/0x1c0 [ 801.307436] ? __lock_is_held+0xb5/0x140 [ 801.311529] ? check_same_owner+0x320/0x320 [ 801.315867] ? rcu_note_context_switch+0x710/0x710 [ 801.320821] __should_failslab+0x124/0x180 [ 801.325077] should_failslab+0x9/0x14 [ 801.328892] kmem_cache_alloc+0x2af/0x760 [ 801.333064] alloc_inode+0xb2/0x190 [ 801.336709] new_inode_pseudo+0x69/0x1a0 [ 801.340787] ? prune_icache_sb+0x1a0/0x1a0 [ 801.345033] ? down_read+0x1b0/0x1b0 2018/05/04 10:56:49 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x0, 0x1002000000000]}) [ 801.348754] ? mntput+0x74/0xa0 [ 801.352048] new_inode+0x1c/0x40 [ 801.355424] debugfs_get_inode+0x19/0x120 [ 801.359586] __debugfs_create_file+0xb5/0x400 [ 801.364102] debugfs_create_file+0x57/0x70 [ 801.368355] bdi_register_va.part.10+0x365/0x970 [ 801.373128] ? cgwb_kill+0x630/0x630 [ 801.376862] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 801.382412] ? bdi_init+0x416/0x510 [ 801.386056] ? wb_init+0x9e0/0x9e0 [ 801.389607] ? bdi_alloc_node+0x67/0xe0 [ 801.393585] ? bdi_alloc_node+0x67/0xe0 [ 801.397567] ? rcu_read_lock_sched_held+0x108/0x120 [ 801.402591] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 801.407886] ? _raw_spin_unlock+0x22/0x30 [ 801.412049] bdi_register_va+0x68/0x80 [ 801.415950] super_setup_bdi_name+0x123/0x220 [ 801.420462] ? kill_block_super+0x100/0x100 [ 801.424807] ? kmem_cache_alloc_trace+0x616/0x780 [ 801.429653] ? match_wildcard+0x3c0/0x3c0 [ 801.433805] ? trace_hardirqs_on+0xd/0x10 [ 801.437970] fuse_fill_super+0xe6e/0x1e20 [ 801.442133] ? fuse_get_root_inode+0x190/0x190 [ 801.446720] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 801.451744] ? kasan_check_read+0x11/0x20 [ 801.455900] ? cap_capable+0x1f9/0x260 [ 801.459797] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 801.465340] ? security_capable+0x99/0xc0 [ 801.469502] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 801.475046] ? ns_capable_common+0x13f/0x170 [ 801.479459] ? get_anon_bdev+0x2f0/0x2f0 [ 801.483525] ? sget+0x113/0x150 [ 801.486813] ? fuse_get_root_inode+0x190/0x190 [ 801.491398] mount_nodev+0x6b/0x110 [ 801.495054] fuse_mount+0x2c/0x40 [ 801.498511] mount_fs+0xae/0x328 [ 801.501890] vfs_kern_mount.part.34+0xd4/0x4d0 [ 801.506481] ? may_umount+0xb0/0xb0 [ 801.510116] ? _raw_read_unlock+0x22/0x30 [ 801.514265] ? __get_fs_type+0x97/0xc0 [ 801.518169] do_mount+0x564/0x3070 [ 801.521719] ? copy_mount_string+0x40/0x40 [ 801.525957] ? rcu_pm_notify+0xc0/0xc0 [ 801.529851] ? copy_mount_options+0x5f/0x380 [ 801.534263] ? rcu_read_lock_sched_held+0x108/0x120 [ 801.539282] ? kmem_cache_alloc_trace+0x616/0x780 [ 801.544133] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 801.549678] ? _copy_from_user+0xdf/0x150 [ 801.553831] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 801.559370] ? copy_mount_options+0x285/0x380 [ 801.563875] ksys_mount+0x12d/0x140 [ 801.567513] __x64_sys_mount+0xbe/0x150 [ 801.571492] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 801.576516] do_syscall_64+0x1b1/0x800 [ 801.580408] ? syscall_return_slowpath+0x5c0/0x5c0 [ 801.585339] ? syscall_return_slowpath+0x30f/0x5c0 [ 801.590276] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 801.595646] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 801.600499] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 801.605686] RIP: 0033:0x455979 [ 801.608870] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 801.616582] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 801.623849] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 801.631117] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 801.638387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 801.645652] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 801.696996] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:56:50 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x0, 0x40010000]}) 2018/05/04 10:56:50 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x40030000000000, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:50 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0xffffff7f, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:50 executing program 2 (fault-call:3 fault-nth:75): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:50 executing program 1: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x208000, 0x0) fallocate(r0, 0x2, 0x0, 0x7) r1 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="116335408f43f996b2a457b1654401a55fb70f7ce93063b653ae94b353cb3a4a04342d452a30d70eba09a901f51e5b92b98686587477956294babb5fc992382f552f86575ff704660a4fbf75b65f6b1f4dda30a501c4ddd8c8351d8dfcc506a8107d91ef842cf53eef2c8cdcaff05387d062929166fd0e558b6b", @ANYRES64=0x0, @ANYBLOB="4a06dd18000006009aa2f2d3c7016384f676872f9a0d4316afcbaf317dc28dbb0e224cea55b6d4bb85ab7f7fc340266563855cb0f0cea0be8df7f35f613ae502010000000000000060611d5ca4bbd5a49bf02105ca28d392240000"], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0) pipe2(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) syz_open_dev$sndpcmc(&(0x7f0000000280)='/dev/snd/pcmC#D#c\x00', 0x4, 0x100) syz_open_dev$mice(&(0x7f00000002c0)='/dev/input/mice\x00', 0x0, 0x2a00) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x8440, 0x0) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x800) ioctl$TIOCGPGRP(r4, 0x540f, &(0x7f0000000340)=0x0) fcntl$lock(r1, 0x6, &(0x7f00000000c0)={0x1, 0x1, 0xffffffffffffffe1, 0x5, r5}) r6 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x7, 0x101000) ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f0000000300)={'team_slave_1\x00', 0x600}) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r3, 0xc08c5336, &(0x7f0000000380)={0x400000cec, 0x3f, 0xfffffffffffffffd, 'queue1\x00', 0x7}) connect$vsock_stream(r6, &(0x7f0000000140)={0x28, 0x0, 0xffffffff, @any=0xffffffff}, 0x10) sched_yield() getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r6, 0x84, 0x20, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2018/05/04 10:56:50 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = epoll_create1(0x0) epoll_wait(r1, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000cd8ff4)) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000007000)) epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:50 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x3f00000000000000]}]}) 2018/05/04 10:56:50 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:50 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x0, 0xd1e1ff7f00000000]}) [ 802.234370] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 802.247301] binder: 8887:8889 unknown command 1077240593 [ 802.265228] binder: 8882:8891 transaction failed 29189/-22, size 0-0 line 2856 [ 802.271783] binder: 8887:8889 ioctl c0306201 20000040 returned -22 [ 802.307184] FAULT_INJECTION: forcing a failure. [ 802.307184] name failslab, interval 1, probability 0, space 0, times 0 [ 802.316253] binder: 8887:8889 unknown command 1077240593 [ 802.318681] CPU: 1 PID: 8894 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 802.331232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 802.332099] binder: 8887:8889 ioctl c0306201 20000040 returned -22 [ 802.340587] Call Trace: [ 802.340616] dump_stack+0x1b9/0x294 [ 802.340637] ? dump_stack_print_info.cold.2+0x52/0x52 [ 802.340654] ? __lock_is_held+0xb5/0x140 [ 802.340671] ? __account_cfs_rq_runtime+0x600/0x600 [ 802.340692] should_fail.cold.4+0xa/0x1a [ 802.340714] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 802.376600] ? graph_lock+0x170/0x170 [ 802.380413] ? print_usage_bug+0xc0/0xc0 [ 802.384485] ? find_held_lock+0x36/0x1c0 [ 802.388560] ? __lock_is_held+0xb5/0x140 [ 802.392638] ? check_same_owner+0x320/0x320 [ 802.396973] ? rcu_note_context_switch+0x710/0x710 [ 802.401919] __should_failslab+0x124/0x180 [ 802.406171] should_failslab+0x9/0x14 [ 802.409981] kmem_cache_alloc+0x2af/0x760 [ 802.414140] ? find_held_lock+0x36/0x1c0 [ 802.418215] __d_alloc+0xc0/0xd30 [ 802.421678] ? shrink_dcache_for_umount+0x290/0x290 [ 802.426709] ? __lock_acquire+0x7f5/0x5140 [ 802.430955] ? rcu_is_watching+0x85/0x140 [ 802.435123] ? debug_check_no_locks_freed+0x310/0x310 [ 802.440330] ? graph_lock+0x170/0x170 [ 802.444145] ? find_held_lock+0x36/0x1c0 [ 802.448222] d_alloc+0x8e/0x370 [ 802.451525] ? print_usage_bug+0xc0/0xc0 2018/05/04 10:56:50 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x7a00, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:50 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0xf0ffffff00000000, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 802.455598] ? __d_alloc+0xd30/0xd30 [ 802.459331] d_alloc_parallel+0x152/0x1e80 [ 802.463573] ? kobject_uevent+0x1f/0x30 [ 802.467556] ? graph_lock+0x170/0x170 [ 802.471367] ? __lock_acquire+0x7f5/0x5140 [ 802.475619] ? __d_lookup_rcu+0xa80/0xa80 [ 802.479771] ? print_usage_bug+0xc0/0xc0 [ 802.483852] ? find_held_lock+0x36/0x1c0 [ 802.487933] ? lock_downgrade+0x8e0/0x8e0 [ 802.492100] ? mark_held_locks+0xc9/0x160 [ 802.496262] ? __raw_spin_lock_init+0x1c/0x100 [ 802.500854] ? trace_hardirqs_on_caller+0x421/0x5c0 2018/05/04 10:56:50 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x0, 0x2f0f0020]}) [ 802.505887] ? __lockdep_init_map+0x105/0x590 [ 802.510396] ? __lockdep_init_map+0x105/0x590 [ 802.514909] ? lockdep_init_map+0x9/0x10 [ 802.518985] ? __init_waitqueue_head+0x96/0x140 [ 802.523669] ? init_wait_entry+0x1b0/0x1b0 [ 802.527913] ? d_alloc_parallel+0x1e80/0x1e80 [ 802.532429] ? lock_release+0xa10/0xa10 [ 802.536422] ? graph_lock+0x170/0x170 [ 802.540238] __lookup_slow+0x1e6/0x540 [ 802.544142] ? vfs_unlink+0x510/0x510 [ 802.547956] ? d_lookup+0x219/0x330 [ 802.551607] lookup_one_len+0x1c7/0x210 2018/05/04 10:56:50 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x0, 0x20000f2f]}) [ 802.555598] ? lookup_one_len_unlocked+0xf0/0xf0 [ 802.560364] ? down_write+0x87/0x120 [ 802.564091] ? start_creating+0xb1/0x200 [ 802.568164] ? down_read+0x1b0/0x1b0 [ 802.571885] ? mntput+0x74/0xa0 [ 802.575172] ? simple_pin_fs+0xa4/0x190 [ 802.579160] start_creating+0xc6/0x200 [ 802.583064] debugfs_create_dir+0x23/0x3c0 [ 802.587312] bdi_register_va.part.10+0x318/0x970 [ 802.592078] ? cgwb_kill+0x630/0x630 [ 802.595807] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 802.601358] ? bdi_init+0x416/0x510 [ 802.605002] ? wb_init+0x9e0/0x9e0 2018/05/04 10:56:50 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x0, 0x7ffff000]}) [ 802.608550] ? bdi_alloc_node+0x67/0xe0 [ 802.612528] ? bdi_alloc_node+0x67/0xe0 [ 802.616513] ? rcu_read_lock_sched_held+0x108/0x120 [ 802.621541] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 802.626851] ? _raw_spin_unlock+0x22/0x30 [ 802.631015] bdi_register_va+0x68/0x80 [ 802.634915] super_setup_bdi_name+0x123/0x220 [ 802.639416] ? kill_block_super+0x100/0x100 [ 802.643754] ? kmem_cache_alloc_trace+0x616/0x780 [ 802.648610] ? match_wildcard+0x3c0/0x3c0 [ 802.652775] ? trace_hardirqs_on+0xd/0x10 [ 802.656938] fuse_fill_super+0xe6e/0x1e20 [ 802.661102] ? fuse_get_root_inode+0x190/0x190 [ 802.665701] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 802.670736] ? kasan_check_read+0x11/0x20 [ 802.674895] ? cap_capable+0x1f9/0x260 [ 802.678802] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 802.680521] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 802.684346] ? security_capable+0x99/0xc0 [ 802.684367] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 802.684385] ? ns_capable_common+0x13f/0x170 2018/05/04 10:56:50 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x0, 0xe80]}) [ 802.684404] ? get_anon_bdev+0x2f0/0x2f0 [ 802.711088] ? sget+0x113/0x150 [ 802.714388] ? fuse_get_root_inode+0x190/0x190 [ 802.718982] mount_nodev+0x6b/0x110 [ 802.722621] fuse_mount+0x2c/0x40 [ 802.726090] mount_fs+0xae/0x328 [ 802.729472] vfs_kern_mount.part.34+0xd4/0x4d0 [ 802.734068] ? may_umount+0xb0/0xb0 [ 802.737710] ? _raw_read_unlock+0x22/0x30 [ 802.741866] ? __get_fs_type+0x97/0xc0 [ 802.745769] do_mount+0x564/0x3070 [ 802.749322] ? do_raw_spin_unlock+0x9e/0x2e0 [ 802.753746] ? copy_mount_string+0x40/0x40 2018/05/04 10:56:50 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x200000000000000, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 802.757989] ? rcu_pm_notify+0xc0/0xc0 [ 802.761895] ? copy_mount_options+0x5f/0x380 [ 802.766315] ? rcu_read_lock_sched_held+0x108/0x120 [ 802.771353] ? kmem_cache_alloc_trace+0x616/0x780 [ 802.776226] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 802.781797] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 802.787347] ? copy_mount_options+0x285/0x380 [ 802.791880] ksys_mount+0x12d/0x140 [ 802.795613] __x64_sys_mount+0xbe/0x150 [ 802.796271] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 802.799594] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 802.799615] do_syscall_64+0x1b1/0x800 [ 802.799630] ? finish_task_switch+0x1ca/0x810 [ 802.799648] ? syscall_return_slowpath+0x5c0/0x5c0 [ 802.799665] ? syscall_return_slowpath+0x30f/0x5c0 [ 802.799685] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 802.799704] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 802.799723] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 802.799733] RIP: 0033:0x455979 [ 802.799745] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 802.857765] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 802.865045] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 802.872324] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 802.873246] binder: 8900:8906 transaction failed 29189/-22, size 0-0 line 2856 [ 802.879599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 802.879608] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:51 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0xf00, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:51 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x0, 0x2f0f002000000000]}) 2018/05/04 10:56:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) prctl$void(0x3f) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$TIOCMSET(r1, 0x5418, &(0x7f0000000240)=0xff) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0xffffffffffffffff, 0x3, 0x1, 0x200, &(0x7f0000000080)=[0x0], 0x1}, 0x20) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffff9c, 0x84, 0x7c, &(0x7f0000000100)={0x0, 0x800}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000180)=@sack_info={r3, 0x8}, &(0x7f00000001c0)=0xc) 2018/05/04 10:56:51 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x6c00, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:51 executing program 2 (fault-call:3 fault-nth:76): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:51 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:51 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xfdfdffff00000000]}]}) 2018/05/04 10:56:51 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(0xffffffffffffffff, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:51 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x0, 0x4001000000000000]}) [ 803.379458] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 803.394498] binder: 8928:8930 transaction failed 29189/-22, size 0-0 line 2856 [ 803.412924] QAT: Invalid ioctl [ 803.423107] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:56:51 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x34000, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 803.431818] binder: 8928:8930 transaction failed 29189/-22, size 0-0 line 2856 [ 803.441927] QAT: Invalid ioctl [ 803.447084] binder: 8927:8931 transaction failed 29189/-22, size 0-0 line 2856 [ 803.466564] binder: undelivered TRANSACTION_ERROR: 29189 [ 803.481217] FAULT_INJECTION: forcing a failure. [ 803.481217] name failslab, interval 1, probability 0, space 0, times 0 [ 803.492733] CPU: 0 PID: 8932 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 803.499926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 803.509288] Call Trace: [ 803.511889] dump_stack+0x1b9/0x294 [ 803.515524] ? dump_stack_print_info.cold.2+0x52/0x52 [ 803.520736] should_fail.cold.4+0xa/0x1a [ 803.524823] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 803.529938] ? __lock_acquire+0x7f5/0x5140 [ 803.534179] ? __lock_acquire+0x7f5/0x5140 [ 803.538424] ? graph_lock+0x170/0x170 [ 803.542236] ? kasan_kmalloc+0xc4/0xe0 [ 803.546133] ? kasan_slab_alloc+0x12/0x20 [ 803.550301] ? find_held_lock+0x36/0x1c0 [ 803.554370] ? __lock_is_held+0xb5/0x140 [ 803.558443] ? check_same_owner+0x320/0x320 [ 803.562766] ? print_usage_bug+0xc0/0xc0 [ 803.566843] ? rcu_note_context_switch+0x710/0x710 [ 803.571779] __should_failslab+0x124/0x180 [ 803.576023] should_failslab+0x9/0x14 [ 803.579831] kmem_cache_alloc+0x2af/0x760 [ 803.583998] __d_alloc+0xc0/0xd30 [ 803.587468] ? __lock_acquire+0x7f5/0x5140 [ 803.591711] ? graph_lock+0x170/0x170 [ 803.595518] ? shrink_dcache_for_umount+0x290/0x290 [ 803.600555] ? debug_check_no_locks_freed+0x310/0x310 [ 803.605746] ? print_usage_bug+0xc0/0xc0 [ 803.609813] ? __lock_is_held+0xb5/0x140 [ 803.613880] ? __account_cfs_rq_runtime+0x600/0x600 [ 803.618923] d_alloc+0x8e/0x370 [ 803.622212] ? __d_alloc+0xd30/0xd30 [ 803.625939] d_alloc_parallel+0x152/0x1e80 [ 803.630184] ? graph_lock+0x170/0x170 [ 803.633991] ? __lock_acquire+0x7f5/0x5140 [ 803.638229] ? print_usage_bug+0xc0/0xc0 [ 803.642302] ? __d_lookup_rcu+0xa80/0xa80 [ 803.646455] ? print_usage_bug+0xc0/0xc0 [ 803.650521] ? find_held_lock+0x36/0x1c0 [ 803.654599] ? lock_downgrade+0x8e0/0x8e0 [ 803.658757] ? mark_held_locks+0xc9/0x160 [ 803.662911] ? __raw_spin_lock_init+0x1c/0x100 [ 803.667498] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 803.672520] ? __lockdep_init_map+0x105/0x590 [ 803.677019] ? __lockdep_init_map+0x105/0x590 [ 803.681518] ? lockdep_init_map+0x9/0x10 [ 803.685587] ? __init_waitqueue_head+0x96/0x140 [ 803.690261] ? init_wait_entry+0x1b0/0x1b0 [ 803.694497] ? d_alloc_parallel+0x1e80/0x1e80 [ 803.699090] ? lock_release+0xa10/0xa10 [ 803.703072] __lookup_slow+0x1e6/0x540 [ 803.706965] ? vfs_unlink+0x510/0x510 [ 803.710772] ? d_lookup+0x219/0x330 [ 803.714419] lookup_one_len+0x1c7/0x210 [ 803.718399] ? lookup_one_len_unlocked+0xf0/0xf0 [ 803.723163] ? down_write+0x87/0x120 [ 803.726880] ? start_creating+0xb1/0x200 [ 803.730944] ? down_read+0x1b0/0x1b0 [ 803.734661] ? mntput+0x74/0xa0 [ 803.737943] ? simple_pin_fs+0xa4/0x190 [ 803.741926] start_creating+0xc6/0x200 [ 803.745832] __debugfs_create_file+0x63/0x400 [ 803.750339] debugfs_create_file+0x57/0x70 [ 803.754585] bdi_register_va.part.10+0x365/0x970 [ 803.759345] ? cgwb_kill+0x630/0x630 [ 803.763067] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 803.768606] ? bdi_init+0x416/0x510 [ 803.772238] ? wb_init+0x9e0/0x9e0 [ 803.775781] ? bdi_alloc_node+0x67/0xe0 [ 803.779763] ? bdi_alloc_node+0x67/0xe0 [ 803.783748] ? rcu_read_lock_sched_held+0x108/0x120 [ 803.788774] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 803.794067] ? _raw_spin_unlock+0x22/0x30 [ 803.798224] bdi_register_va+0x68/0x80 [ 803.802119] super_setup_bdi_name+0x123/0x220 [ 803.806622] ? kill_block_super+0x100/0x100 [ 803.810950] ? kmem_cache_alloc_trace+0x616/0x780 [ 803.815805] ? match_wildcard+0x3c0/0x3c0 [ 803.819961] ? trace_hardirqs_on+0xd/0x10 [ 803.824121] fuse_fill_super+0xe6e/0x1e20 [ 803.828280] ? fuse_get_root_inode+0x190/0x190 [ 803.832867] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 803.837895] ? kasan_check_read+0x11/0x20 [ 803.842049] ? cap_capable+0x1f9/0x260 [ 803.845949] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 803.851493] ? security_capable+0x99/0xc0 [ 803.855653] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 803.861197] ? ns_capable_common+0x13f/0x170 [ 803.865613] ? get_anon_bdev+0x2f0/0x2f0 [ 803.869679] ? sget+0x113/0x150 [ 803.872967] ? fuse_get_root_inode+0x190/0x190 [ 803.877553] mount_nodev+0x6b/0x110 [ 803.881188] fuse_mount+0x2c/0x40 [ 803.884643] mount_fs+0xae/0x328 [ 803.888017] vfs_kern_mount.part.34+0xd4/0x4d0 [ 803.892605] ? may_umount+0xb0/0xb0 [ 803.896236] ? _raw_read_unlock+0x22/0x30 [ 803.900386] ? __get_fs_type+0x97/0xc0 [ 803.904282] do_mount+0x564/0x3070 [ 803.907832] ? copy_mount_string+0x40/0x40 [ 803.912070] ? rcu_pm_notify+0xc0/0xc0 [ 803.915971] ? copy_mount_options+0x5f/0x380 [ 803.920385] ? rcu_read_lock_sched_held+0x108/0x120 [ 803.925408] ? kmem_cache_alloc_trace+0x616/0x780 [ 803.930265] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 803.935812] ? copy_mount_options+0x285/0x380 [ 803.940331] ksys_mount+0x12d/0x140 [ 803.943968] __x64_sys_mount+0xbe/0x150 [ 803.947948] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 803.952974] do_syscall_64+0x1b1/0x800 [ 803.956871] ? finish_task_switch+0x1ca/0x810 [ 803.961375] ? syscall_return_slowpath+0x5c0/0x5c0 [ 803.966313] ? syscall_return_slowpath+0x30f/0x5c0 [ 803.971250] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 803.976625] ? trace_hardirqs_off_thunk+0x1a/0x1c 2018/05/04 10:56:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000040)=0x0) r2 = getpid() r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cuse\x00', 0x0, 0x0) kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, r0, &(0x7f00000000c0)={r3, r0, 0xb8}) syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x800) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 2018/05/04 10:56:51 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x7a, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:51 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x0, 0x800e0000]}) [ 803.981477] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 803.986666] RIP: 0033:0x455979 [ 803.989855] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 803.997567] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 804.004836] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 804.012105] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 804.019383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 804.026655] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 2018/05/04 10:56:52 executing program 2 (fault-call:3 fault-nth:77): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:52 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x0, 0x800e]}) 2018/05/04 10:56:52 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x6c, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) [ 804.072977] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 804.102786] binder: 8942:8947 transaction failed 29189/-22, size 0-0 line 2856 2018/05/04 10:56:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x80400, 0x0) ioctl$sock_inet_tcp_SIOCOUTQNSD(r1, 0x894b, &(0x7f00000000c0)) 2018/05/04 10:56:52 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x400000000000000, 0x0, &(0x7f0000011f9d)}) [ 804.186147] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 804.211792] FAULT_INJECTION: forcing a failure. [ 804.211792] name failslab, interval 1, probability 0, space 0, times 0 [ 804.223112] CPU: 0 PID: 8954 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 2018/05/04 10:56:52 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x0, 0x4001]}) 2018/05/04 10:56:52 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) [ 804.227550] binder: 8957:8958 transaction failed 29189/-22, size 0-0 line 2856 [ 804.230302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 804.230308] Call Trace: [ 804.230331] dump_stack+0x1b9/0x294 [ 804.230353] ? dump_stack_print_info.cold.2+0x52/0x52 [ 804.230371] ? graph_lock+0x170/0x170 [ 804.230390] should_fail.cold.4+0xa/0x1a [ 804.230410] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 804.262315] binder: undelivered TRANSACTION_ERROR: 29189 [ 804.266340] ? graph_lock+0x170/0x170 [ 804.266356] ? lock_downgrade+0x8e0/0x8e0 [ 804.266377] ? find_held_lock+0x36/0x1c0 [ 804.266396] ? __lock_is_held+0xb5/0x140 [ 804.266421] ? check_same_owner+0x320/0x320 [ 804.266440] ? rcu_note_context_switch+0x710/0x710 [ 804.266461] __should_failslab+0x124/0x180 [ 804.307348] should_failslab+0x9/0x14 [ 804.311163] kmem_cache_alloc+0x2af/0x760 [ 804.315325] ? kasan_check_write+0x14/0x20 [ 804.319568] ? do_raw_spin_lock+0xc1/0x200 [ 804.323823] __fuse_request_alloc+0x27/0xf0 [ 804.328155] fuse_request_alloc+0x18/0x20 [ 804.332310] fuse_fill_super+0x124e/0x1e20 [ 804.333732] binder: 8957:8958 transaction failed 29189/-22, size 0-0 line 2856 [ 804.336554] ? fuse_get_root_inode+0x190/0x190 [ 804.336574] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 804.336594] ? kasan_check_read+0x11/0x20 [ 804.336613] ? cap_capable+0x1f9/0x260 [ 804.336635] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 804.336655] ? security_capable+0x99/0xc0 [ 804.354968] binder: 8960:8968 transaction failed 29189/-22, size 0-0 line 2856 [ 804.357716] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 804.357739] ? ns_capable_common+0x13f/0x170 [ 804.357758] ? get_anon_bdev+0x2f0/0x2f0 [ 804.357771] ? sget+0x113/0x150 [ 804.357788] ? fuse_get_root_inode+0x190/0x190 [ 804.357805] mount_nodev+0x6b/0x110 [ 804.404102] fuse_mount+0x2c/0x40 [ 804.407567] mount_fs+0xae/0x328 [ 804.410940] vfs_kern_mount.part.34+0xd4/0x4d0 [ 804.416296] ? may_umount+0xb0/0xb0 [ 804.419919] ? _raw_read_unlock+0x22/0x30 [ 804.424056] ? __get_fs_type+0x97/0xc0 [ 804.427936] do_mount+0x564/0x3070 [ 804.431479] ? copy_mount_string+0x40/0x40 [ 804.435702] ? rcu_pm_notify+0xc0/0xc0 [ 804.439600] ? copy_mount_options+0x5f/0x380 [ 804.443997] ? rcu_read_lock_sched_held+0x108/0x120 [ 804.449007] ? kmem_cache_alloc_trace+0x616/0x780 [ 804.453847] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 804.459374] ? _copy_from_user+0xdf/0x150 [ 804.463521] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 804.469050] ? copy_mount_options+0x285/0x380 [ 804.473540] ksys_mount+0x12d/0x140 [ 804.477157] __x64_sys_mount+0xbe/0x150 [ 804.481122] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 804.486131] do_syscall_64+0x1b1/0x800 [ 804.490010] ? finish_task_switch+0x1ca/0x810 [ 804.494497] ? syscall_return_slowpath+0x5c0/0x5c0 [ 804.499424] ? syscall_return_slowpath+0x30f/0x5c0 [ 804.504345] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 804.509699] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 804.514538] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 804.519809] RIP: 0033:0x455979 [ 804.522986] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 804.530686] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 804.537944] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 804.545198] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 804.552453] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 804.559727] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 804.570049] binder: undelivered TRANSACTION_ERROR: 29189 2018/05/04 10:56:53 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x60, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:53 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x0, 0x140]}) 2018/05/04 10:56:53 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000080)='/dev/admmidi#\x00', 0x1000, 0x200000) getsockopt$inet_pktinfo(0xffffffffffffff9c, 0x0, 0x8, &(0x7f0000002680)={0x0, @dev, @multicast1}, &(0x7f00000026c0)=0xc) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000002700)={'bcsf0\x00', r1}) r2 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r2, 0x40046208, 0x0) 2018/05/04 10:56:53 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x6c000000, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:53 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000fcbff7)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000fc2000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4008ae61, &(0x7f0000000240)=@ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x17000000]}]}) 2018/05/04 10:56:53 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(r2, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:53 executing program 4: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = epoll_create1(0x0) epoll_wait(r2, &(0x7f0000000040)=[{}], 0x1, 0x8000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000cd8ff4)) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000007000)) epoll_wait(0xffffffffffffffff, &(0x7f0000000000)=[{}], 0x1, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) 2018/05/04 10:56:53 executing program 2 (fault-call:3 fault-nth:78): mkdir(&(0x7f0000cb3ff8)='./file0\x00', 0x0) chdir(&(0x7f0000cd2ff8)='./file0\x00') syz_fuseblk_mount(&(0x7f00000012c0)='../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_fuse_mount(&(0x7f0000000100)='../file0\x00', 0xc000, 0x0, 0x0, 0x0, 0x0) 2018/05/04 10:56:53 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x0, 0x20000100]}) [ 805.165469] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 805.185630] binder: 8981:8984 transaction failed 29189/-22, size 0-0 line 2856 [ 805.199782] binder: 8976:8987 transaction failed 29189/-22, size 0-0 line 2856 [ 805.214469] FAULT_INJECTION: forcing a failure. [ 805.214469] name failslab, interval 1, probability 0, space 0, times 0 [ 805.225849] CPU: 1 PID: 8985 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 805.239409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 805.248765] Call Trace: [ 805.251362] dump_stack+0x1b9/0x294 [ 805.255004] ? dump_stack_print_info.cold.2+0x52/0x52 [ 805.260205] ? finish_task_switch+0x1ca/0x810 [ 805.264705] ? finish_task_switch+0x182/0x810 [ 805.269213] should_fail.cold.4+0xa/0x1a [ 805.273293] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 805.278416] ? __schedule+0x809/0x1e30 [ 805.282323] ? __sched_text_start+0x8/0x8 [ 805.286487] ? find_held_lock+0x36/0x1c0 [ 805.290570] ? __lock_is_held+0xb5/0x140 [ 805.294657] ? check_same_owner+0x320/0x320 [ 805.298989] ? make_kgid+0x23/0x30 [ 805.302545] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 805.308097] __should_failslab+0x124/0x180 [ 805.312353] should_failslab+0x9/0x14 [ 805.316213] kmem_cache_alloc+0x2af/0x760 [ 805.320382] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 805.325003] ? kasan_check_write+0x14/0x20 [ 805.329249] ? do_raw_spin_lock+0xc1/0x200 [ 805.333500] __d_alloc+0xc0/0xd30 [ 805.336967] ? fuse_iget+0x1dd/0x820 [ 805.337415] binder: undelivered TRANSACTION_ERROR: 29189 [ 805.340711] ? shrink_dcache_for_umount+0x290/0x290 [ 805.340734] ? fuse_change_attributes+0x810/0x810 [ 805.340754] ? _raw_spin_unlock+0x22/0x30 [ 805.340775] ? fuse_get_root_inode+0x121/0x190 [ 805.364769] ? fuse_iget+0x820/0x820 [ 805.368544] d_make_root+0x42/0x90 [ 805.372104] fuse_fill_super+0x120e/0x1e20 [ 805.376362] ? fuse_get_root_inode+0x190/0x190 [ 805.380966] ? __alloc_pages_slowpath+0x2db0/0x2db0 [ 805.385996] ? kasan_check_read+0x11/0x20 [ 805.390159] ? cap_capable+0x1f9/0x260 [ 805.394066] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 805.394960] binder: 8981:8991 transaction failed 29189/-22, size 0-0 line 2856 [ 805.399611] ? security_capable+0x99/0xc0 [ 805.399633] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 805.399648] ? ns_capable_common+0x13f/0x170 [ 805.399666] ? get_anon_bdev+0x2f0/0x2f0 [ 805.399680] ? sget+0x113/0x150 [ 805.399699] ? fuse_get_root_inode+0x190/0x190 [ 805.399713] mount_nodev+0x6b/0x110 [ 805.399726] fuse_mount+0x2c/0x40 [ 805.399739] mount_fs+0xae/0x328 [ 805.399758] vfs_kern_mount.part.34+0xd4/0x4d0 [ 805.448092] ? may_umount+0xb0/0xb0 [ 805.451732] ? _raw_read_unlock+0x22/0x30 [ 805.455885] ? __get_fs_type+0x97/0xc0 [ 805.459782] do_mount+0x564/0x3070 [ 805.463334] ? copy_mount_string+0x40/0x40 [ 805.467580] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 805.472342] ? retint_kernel+0x10/0x10 [ 805.476238] ? copy_mount_options+0x1e3/0x380 [ 805.480743] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 805.486292] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 805.491922] ? copy_mount_options+0x285/0x380 [ 805.496425] ksys_mount+0x12d/0x140 [ 805.500061] __x64_sys_mount+0xbe/0x150 [ 805.504041] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 805.509066] do_syscall_64+0x1b1/0x800 [ 805.512960] ? finish_task_switch+0x1ca/0x810 [ 805.517465] ? syscall_return_slowpath+0x5c0/0x5c0 [ 805.522402] ? syscall_return_slowpath+0x30f/0x5c0 [ 805.527344] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 805.532729] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 805.537600] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 805.542802] RIP: 0033:0x455979 [ 805.545996] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 805.553722] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 2018/05/04 10:56:53 executing program 0: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x6000000000000000, 0x0, &(0x7f0000011f9d)}) 2018/05/04 10:56:53 executing program 6: syz_emit_ethernet(0xfffffffffffffeee, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "64b697", 0x30, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, @mcast2={0xff, 0x2, [], 0x1}, {[], @icmpv6=@param_prob={0xffffff89, 0x0, 0x0, 0x0, {0x0, 0x6, "9f1b19", 0x0, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}}}}}}}}, &(0x7f0000000180)={0x0, 0x4, [0x0, 0xe2f, 0x0, 0x7fffe1d1]}) 2018/05/04 10:56:53 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000480)={&(0x7f0000000080)={0x10}, 0x370, &(0x7f0000000300)={&(0x7f0000000000)={0x2fb, 0x8000027, 0x1ff307543bf68163, 0x2900000000000000, 0x0, {0x5}}, 0x325}, 0x1}, 0x0) 2018/05/04 10:56:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f000000cff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000011f9d)}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) pipe2(&(0x7f0000000080)={0xffffffffffffffff}, 0x0) bind$ipx(r1, &(0x7f00000000c0)={0x4, 0x3, 0x7fffffff, "0c291660eedc"}, 0x10) [ 805.561176] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 805.568458] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 805.575737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 805.577617] binder: 8993:8995 transaction failed 29189/-22, size 0-0 line 2856 [ 805.583010] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 805.591233] netlink: 743 bytes leftover after parsing attributes in process `syz-executor3'. [ 805.603507] binder: undelivered TRANSACTION_ERROR: 29189 [ 805.617498] ================================================================== [ 805.624913] BUG: KASAN: use-after-free in __lock_acquire+0x3888/0x5140 [ 805.631591] Read of size 8 at addr ffff8801d74d4308 by task syz-executor2/8985 [ 805.638944] [ 805.640578] CPU: 1 PID: 8985 Comm: syz-executor2 Not tainted 4.17.0-rc3+ #32 [ 805.647761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 805.657113] Call Trace: [ 805.659715] dump_stack+0x1b9/0x294 [ 805.663348] ? dump_stack_print_info.cold.2+0x52/0x52 [ 805.668539] ? printk+0x9e/0xba [ 805.671821] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 805.676582] ? kasan_check_write+0x14/0x20 [ 805.680819] print_address_description+0x6c/0x20b [ 805.685664] ? __lock_acquire+0x3888/0x5140 [ 805.689991] kasan_report.cold.7+0x242/0x2fe [ 805.694416] __asan_report_load8_noabort+0x14/0x20 [ 805.699353] __lock_acquire+0x3888/0x5140 [ 805.703506] ? lock_downgrade+0x8e0/0x8e0 [ 805.707661] ? kasan_check_read+0x11/0x20 [ 805.711809] ? rcu_is_watching+0x85/0x140 [ 805.715963] ? debug_check_no_locks_freed+0x310/0x310 [ 805.721155] ? is_bpf_text_address+0xd7/0x170 [ 805.725651] ? kernel_text_address+0x79/0xf0 [ 805.730065] ? __unwind_start+0x166/0x330 [ 805.734215] ? __kernel_text_address+0xd/0x40 [ 805.738718] ? unwind_get_return_address+0x61/0xa0 [ 805.743647] ? __save_stack_trace+0x7e/0xd0 [ 805.747971] ? save_stack+0xa9/0xd0 [ 805.751600] ? save_stack+0x43/0xd0 [ 805.755232] ? __kasan_slab_free+0x11a/0x170 [ 805.759643] ? kasan_slab_free+0xe/0x10 [ 805.763618] ? kfree+0xd9/0x260 [ 805.766897] ? unregister_shrinker+0x216/0x3a0 [ 805.771484] ? deactivate_locked_super+0x70/0x100 [ 805.776325] ? mount_nodev+0xfa/0x110 [ 805.780145] ? fuse_mount+0x2c/0x40 [ 805.783856] ? mount_fs+0xae/0x328 [ 805.787395] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 805.790082] binder: 8998:8999 transaction failed 29189/-22, size 0-0 line 2856 [ 805.792149] ? do_mount+0x564/0x3070 [ 805.792162] ? ksys_mount+0x12d/0x140 [ 805.792176] ? graph_lock+0x170/0x170 [ 805.792192] ? kasan_check_read+0x11/0x20 [ 805.792206] ? do_raw_spin_unlock+0x9e/0x2e0 [ 805.792218] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 805.792234] ? print_usage_bug+0xc0/0xc0 [ 805.807815] binder: undelivered TRANSACTION_ERROR: 29189 [ 805.810863] ? kasan_check_write+0x14/0x20 [ 805.810879] ? do_raw_spin_lock+0xc1/0x200 [ 805.810894] lock_acquire+0x1dc/0x520 [ 805.810928] ? fuse_kill_sb_anon+0x50/0xb0 [ 805.810941] ? lock_release+0xa10/0xa10 [ 805.810960] ? check_same_owner+0x320/0x320 [ 805.810975] ? quarantine_put+0xeb/0x190 [ 805.828062] binder: 8998:8999 transaction failed 29189/-22, size 0-0 line 2856 [ 805.828133] ? rcu_note_context_switch+0x710/0x710 [ 805.874566] ? __might_sleep+0x95/0x190 [ 805.874677] binder: undelivered TRANSACTION_ERROR: 29189 [ 805.878539] down_write+0x87/0x120 [ 805.878554] ? fuse_kill_sb_anon+0x50/0xb0 [ 805.878567] ? down_read+0x1b0/0x1b0 [ 805.878583] ? perf_trace_mm_vmscan_writepage+0x750/0x750 [ 805.878597] fuse_kill_sb_anon+0x50/0xb0 [ 805.878612] deactivate_locked_super+0x97/0x100 [ 805.878626] ? fuse_get_root_inode+0x190/0x190 [ 805.878638] mount_nodev+0xfa/0x110 [ 805.878651] fuse_mount+0x2c/0x40 [ 805.878663] mount_fs+0xae/0x328 [ 805.878679] vfs_kern_mount.part.34+0xd4/0x4d0 [ 805.929379] ? may_umount+0xb0/0xb0 [ 805.933016] ? _raw_read_unlock+0x22/0x30 [ 805.937175] ? __get_fs_type+0x97/0xc0 [ 805.941071] do_mount+0x564/0x3070 [ 805.944629] ? copy_mount_string+0x40/0x40 [ 805.945214] binder: 9002:9003 transaction failed 29189/-22, size 0-0 line 2856 [ 805.948869] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 805.948885] ? retint_kernel+0x10/0x10 [ 805.948900] ? copy_mount_options+0x1e3/0x380 [ 805.948919] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 805.948933] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 805.948945] ? copy_mount_options+0x285/0x380 [ 805.948959] ksys_mount+0x12d/0x140 [ 805.948973] __x64_sys_mount+0xbe/0x150 [ 805.948986] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 805.949003] do_syscall_64+0x1b1/0x800 [ 806.001359] ? finish_task_switch+0x1ca/0x810 [ 806.005840] ? syscall_return_slowpath+0x5c0/0x5c0 [ 806.010752] ? syscall_return_slowpath+0x30f/0x5c0 [ 806.015668] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 806.021032] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 806.025861] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 806.031037] RIP: 0033:0x455979 [ 806.034219] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 806.041911] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 806.049164] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 806.056418] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 806.063672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 806.070924] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 806.078180] [ 806.079789] Allocated by task 8985: [ 806.083406] save_stack+0x43/0xd0 [ 806.086843] kasan_kmalloc+0xc4/0xe0 [ 806.090540] kmem_cache_alloc_trace+0x152/0x780 [ 806.095193] fuse_fill_super+0xc92/0x1e20 [ 806.099325] mount_nodev+0x6b/0x110 [ 806.102932] fuse_mount+0x2c/0x40 [ 806.106369] mount_fs+0xae/0x328 [ 806.109715] vfs_kern_mount.part.34+0xd4/0x4d0 [ 806.114278] do_mount+0x564/0x3070 [ 806.117820] ksys_mount+0x12d/0x140 [ 806.121429] __x64_sys_mount+0xbe/0x150 [ 806.125385] do_syscall_64+0x1b1/0x800 [ 806.129256] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 806.134421] [ 806.136031] Freed by task 8997: [ 806.139297] save_stack+0x43/0xd0 [ 806.142731] __kasan_slab_free+0x11a/0x170 [ 806.146950] kasan_slab_free+0xe/0x10 [ 806.150731] kfree+0xd9/0x260 [ 806.153822] rcu_process_callbacks+0xa69/0x15f0 [ 806.158476] __do_softirq+0x2e0/0xaf5 [ 806.162254] [ 806.163866] The buggy address belongs to the object at ffff8801d74d4040 [ 806.163866] which belongs to the cache kmalloc-1024 of size 1024 [ 806.176681] The buggy address is located 712 bytes inside of [ 806.176681] 1024-byte region [ffff8801d74d4040, ffff8801d74d4440) [ 806.188622] The buggy address belongs to the page: [ 806.193534] page:ffffea00075d3500 count:1 mapcount:0 mapping:ffff8801d74d4040 index:0x0 compound_mapcount: 0 [ 806.203482] flags: 0x2fffc0000008100(slab|head) [ 806.208147] raw: 02fffc0000008100 ffff8801d74d4040 0000000000000000 0000000100000007 [ 806.216018] raw: ffffea00075a0fa0 ffffea0006c712a0 ffff8801da800ac0 0000000000000000 [ 806.223880] page dumped because: kasan: bad access detected [ 806.229567] [ 806.231174] Memory state around the buggy address: [ 806.236094] ffff8801d74d4200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 806.243437] ffff8801d74d4280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 806.250776] >ffff8801d74d4300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 806.258114] ^ [ 806.261721] ffff8801d74d4380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 806.269780] ffff8801d74d4400: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 806.277120] ================================================================== [ 806.284460] Disabling lock debugging due to kernel taint [ 806.289892] Kernel panic - not syncing: panic_on_warn set ... [ 806.289892] [ 806.297250] CPU: 1 PID: 8985 Comm: syz-executor2 Tainted: G B 4.17.0-rc3+ #32 [ 806.305809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 806.315234] Call Trace: [ 806.317816] dump_stack+0x1b9/0x294 [ 806.321433] ? dump_stack_print_info.cold.2+0x52/0x52 [ 806.326611] ? lock_downgrade+0x8e0/0x8e0 [ 806.330746] ? vprintk_default+0x28/0x30 [ 806.334794] ? __lock_acquire+0x3790/0x5140 [ 806.339103] panic+0x22f/0x4de [ 806.342282] ? add_taint.cold.5+0x16/0x16 [ 806.346414] ? add_taint.cold.5+0x5/0x16 [ 806.350462] ? do_raw_spin_unlock+0x9e/0x2e0 [ 806.354856] ? __lock_acquire+0x3888/0x5140 [ 806.359162] kasan_end_report+0x47/0x4f [ 806.363118] kasan_report.cold.7+0x76/0x2fe [ 806.367428] __asan_report_load8_noabort+0x14/0x20 [ 806.372354] __lock_acquire+0x3888/0x5140 [ 806.376487] ? lock_downgrade+0x8e0/0x8e0 [ 806.380632] ? kasan_check_read+0x11/0x20 [ 806.384767] ? rcu_is_watching+0x85/0x140 [ 806.388904] ? debug_check_no_locks_freed+0x310/0x310 [ 806.394089] ? is_bpf_text_address+0xd7/0x170 [ 806.398570] ? kernel_text_address+0x79/0xf0 [ 806.402968] ? __unwind_start+0x166/0x330 [ 806.407100] ? __kernel_text_address+0xd/0x40 [ 806.411583] ? unwind_get_return_address+0x61/0xa0 [ 806.416500] ? __save_stack_trace+0x7e/0xd0 [ 806.420819] ? save_stack+0xa9/0xd0 [ 806.424435] ? save_stack+0x43/0xd0 [ 806.428046] ? __kasan_slab_free+0x11a/0x170 [ 806.432444] ? kasan_slab_free+0xe/0x10 [ 806.436403] ? kfree+0xd9/0x260 [ 806.439665] ? unregister_shrinker+0x216/0x3a0 [ 806.444243] ? deactivate_locked_super+0x70/0x100 [ 806.449087] ? mount_nodev+0xfa/0x110 [ 806.452876] ? fuse_mount+0x2c/0x40 [ 806.456486] ? mount_fs+0xae/0x328 [ 806.460025] ? vfs_kern_mount.part.34+0xd4/0x4d0 [ 806.464765] ? do_mount+0x564/0x3070 [ 806.468465] ? ksys_mount+0x12d/0x140 [ 806.472251] ? graph_lock+0x170/0x170 [ 806.476049] ? kasan_check_read+0x11/0x20 [ 806.480191] ? do_raw_spin_unlock+0x9e/0x2e0 [ 806.484593] ? do_raw_spin_trylock+0x1b0/0x1b0 [ 806.489164] ? print_usage_bug+0xc0/0xc0 [ 806.493211] ? kasan_check_write+0x14/0x20 [ 806.497430] ? do_raw_spin_lock+0xc1/0x200 [ 806.501651] lock_acquire+0x1dc/0x520 [ 806.505437] ? fuse_kill_sb_anon+0x50/0xb0 [ 806.509656] ? lock_release+0xa10/0xa10 [ 806.513618] ? check_same_owner+0x320/0x320 [ 806.517924] ? quarantine_put+0xeb/0x190 [ 806.521977] ? rcu_note_context_switch+0x710/0x710 [ 806.526893] ? __might_sleep+0x95/0x190 [ 806.530852] down_write+0x87/0x120 [ 806.534390] ? fuse_kill_sb_anon+0x50/0xb0 [ 806.538608] ? down_read+0x1b0/0x1b0 [ 806.542321] ? perf_trace_mm_vmscan_writepage+0x750/0x750 [ 806.547844] fuse_kill_sb_anon+0x50/0xb0 [ 806.551905] deactivate_locked_super+0x97/0x100 [ 806.556566] ? fuse_get_root_inode+0x190/0x190 [ 806.561135] mount_nodev+0xfa/0x110 [ 806.564749] fuse_mount+0x2c/0x40 [ 806.568190] mount_fs+0xae/0x328 [ 806.571543] vfs_kern_mount.part.34+0xd4/0x4d0 [ 806.576111] ? may_umount+0xb0/0xb0 [ 806.579724] ? _raw_read_unlock+0x22/0x30 [ 806.583857] ? __get_fs_type+0x97/0xc0 [ 806.587732] do_mount+0x564/0x3070 [ 806.591260] ? copy_mount_string+0x40/0x40 [ 806.595486] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 806.600232] ? retint_kernel+0x10/0x10 [ 806.604110] ? copy_mount_options+0x1e3/0x380 [ 806.608593] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 806.614120] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 806.619645] ? copy_mount_options+0x285/0x380 [ 806.624125] ksys_mount+0x12d/0x140 [ 806.627737] __x64_sys_mount+0xbe/0x150 [ 806.631795] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 806.636799] do_syscall_64+0x1b1/0x800 [ 806.640680] ? finish_task_switch+0x1ca/0x810 [ 806.645163] ? syscall_return_slowpath+0x5c0/0x5c0 [ 806.650088] ? syscall_return_slowpath+0x30f/0x5c0 [ 806.655007] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 806.660361] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 806.665193] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 806.670376] RIP: 0033:0x455979 [ 806.673548] RSP: 002b:00007fb75655d808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 806.681242] RAX: ffffffffffffffda RBX: 0000000000000015 RCX: 0000000000455979 [ 806.688497] RDX: 00000000004c15cc RSI: 0000000020000100 RDI: 00000000004dd5c5 [ 806.695750] RBP: 0000000000000000 R08: 00007fb75655d820 R09: 0000000000000000 [ 806.703004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 806.710262] R13: 0000000020000100 R14: 0000000000000000 R15: 0000000000000000 [ 806.717992] Dumping ftrace buffer: [ 806.721518] (ftrace buffer empty) [ 806.725207] Kernel Offset: disabled [ 806.728812] Rebooting in 86400 seconds..