f2b1e14db5b527d3efe563f193bfa40e76b1ee6b605c4f9d41292363602790f3dc25234a50f33614cfe2b0d9b883590b8bea65352797e7c16384f79fda028bc3c89c556b5d071dd593663338fc71dbc248561f4a4ab4efeaf6562a84c281f391596a47613b5f5929375f04ec03dac12175b7c50b04e9077cefdbf7d9a314761b7e8be503a89d366609ace10ab8a464daaa9f4f9e378cf1518b4c7a6f2e50c12d9bfef36a9239b2671ec3e9110d157691701f9f8056d5f7dad538b8191d37b9b20945c4da44751cb111102cd66b5eba7fde7f0f4c8fd7dc933060207a0c89c516d549b85baab66abae66b950a0158384d3b7bacacb9832fcef32d23e563e3b0ec92d1fee0564774a703ea3dbd15ec387093f6f1b26ea2bcda5f958aac556a896ecde03bdf9af7a0943ddd8ada82b07d6f087dfe27df59965e974d3eafe339cfb288f4febc01108a404871b462c4d4f72dd105158e7ad564f3481ad3b7ff2ed9321cb78b7db10f296b7ead1b624bfa0b35f5c9f1bd0a9e7db069005f277c9610520781c34afe7238c5c2e9eecba50cb3339b31bc1dfce0f3be450c1abfe517e1583e7da45f3828ddf6c1b1c8daed46086aa8672a6aa159ea621a3025ba804115df286b624f3b4c33bb4823b068f9df40b8d662e241602ebea41623d630ac86e08a794c0f97f3d5d6b35141858866ee7955d017d900417b0566e26836eaafa031c9d878bd14e612e0b19d7fc2d7ee8948693af001e2c907a85096db73ebbca9a45bf7b2ecc5a43bfef191531fc8ab7820fc07cde0a2763146686dcb5d64b3461c816046fbc4d5c858d17e76fbc3ee1356b1111c599d5bd2ea1cdfc7e967a5db84e9efb252db43a2b944e8bc0c7777a32d4fe40b12ebda00ac7a94a2107b99dcedd76b290442b040a34d9319da17aac5a19c4c6cb6fae2e6339c5aca79c8de30d07bdff0ad09250ac6971488351731c0ea29ae5dc7ef142803c45cec468b5cd0d751d4efd865c9fa8311c11f2c398551628b96ed66772842b913973ffd538d7ffabf44cb768ade9694c850f72e9ed511618b19c8da4714e52751ffcba0a3e9380c1544c3727b39f3d2242acb8933f01641a1d967f913eaededb5fa5588d01f984b51af0fda5667e5c8c960c3a1ef3a771982cb06ff6c9d70df3f51c1cd1c52609f0635c0298b58d0fc2cc3f2d55ecceb93580d1cf3b547f5975c0ea26c6fb7af0ff983100cafd4d089edf71d74ff43ee5c28e0e174b17df07d08da735851d20101fb202fdabde38aa4ea481f7c933c074bf6556940e3ac46af4a8ac1c9bd416a882a814b18b80b6d267c0e0f3d3eadc56ea180f57f17ee8a0e0ea1f84024460b02f6e139cb88fe4d838271685e82855816cd2bc6ace2f447aaec122046a8dfa5b37a0d6a3864e951088bfd860b926030a395f0f0d9737bd254d9c47bb713a6c6699008be18126ff2ebf913c8968de9e1a2a47c7f3e13d51465fc645086198505e56a1d3bb734601ea935d9aabe82bf505111c481413a751689defd36f44e761b0192ceda9ee33274342070d74a23facbc66f1e1ed06b065e47de94faed750efeb56bd0ba31e9c828b724cbc18a4ae8f0183ae984f2c5b78d2110b97af93198f83a43dbcda718fd6cf21e6bea4c03da02fd19b910d250ef29e302a5a5843fe95898ac4d412e16ac05281dc18695a7d0a81ba936ead8748ae57a0633f776e31a22bf4e63d3c0c2ba97cee6caae6fb7d7735ae6f1f415a599aac8282481e3f86f633f81e620095d23a7854e05fc37e16e7131ffe6c4551b5b1ced6356775ee9d330bc83869e09fe7e32696951f982e8d480f017edd0ad3c3a73b738e55a43e36eb143779454d5081e5836270b909a1b6af7818c5783a2df8719323075d70e4bf2aa1fa5dd3b1c1fd119eedac61bd5d95fd7a61b5ba911b3c869c623fc217b236c06d11b32909a1a6ee88272aa1e3edd9b50908ed3d9de1cc7b5eea17a449199e33451b74ab3db6abb705681d46b5a33a8b28b055acb2a4499dc9c43d039069e64790932e9d2ac2b31db56a7058b04411b7ca095c93106761c335136c02de64d56e0919eb9339aad5514c37123b8f6cac1665b902fe8954ec337a0996a230041c8e96e8b16dcb1f9203e85104791252fffab6984eb3713b5a3c2e2100fcfb9795bf6abc33b0f8c50888198fb7283b5fcbf31e23d8905b5e8888c410b51922dd8f3d787d141b959ab79cdf638a133dcc94b758e6f3e3137d95fc9444857423969b12e619ee69fe88c209f953fc671796e7ca6300096b6be87f225e3a3468d3f7cafc967aed973cb81a6b452e9ec82af65150eab5d8a70b46f3ec4d4e6c33027b3e380caadca8b0e3e3b60ebc85c38c750ea344616488bfe5081354f43c8d8a9c04eaa5559dfe9be5cb8ce0d1d2b1a6d015a3ad81741ca4da28979b9eba1e300033fd0e8715ffb1aceaec3582d084a68df4d6f2b7b23bc09423a76258cec2cea9fc2fbba276dd6f192bbb5460c83a626ea44b60317abf93d912303313ab5cbc11e789857a6d6195dbfbacbe0a396a5779a11779fd2ae037417460297dcf2e966c02f6e80561159c8708047731bb9c159f54c5ece89d5575ef34631f62aba952c4c3c7b07749f478e5b70d5074a348f33a7eaf31e58633bbb43a91df2fba7155b4caf3929c69ea0b53cca5b8f45acd966140dafd1457f86a005f56dfd383430761e1658763fb26f88c2c764fbe0775d4b92ab650d12317d5a95577da1519f5a74b9fb09ea235164abcf6a6000155f9eb209a7e4c5a0f2e1ad86b68ee1f93ea64dc9183b461aa7dbd4ac9b1bfc6409d0b09b63d06fbc4b3e17e2748d74d271a9d44c039f26663f0f16b4b2810809e8465093524df104f2881b9b6f57f926359a349b535df8ecfa48146f7c79ba46b5ba0cec9b293e10d7dc8f69e31c02a0c18ce2ce7ab316591638b0d92c1973bb85e9a438367b0eb03ea6988ba820e0dd3eca0312eeaae9e56687508f21db423dbbefc52be7960fe2aba2fd221e52f51709fe088f9e86c65957ef9c33d54219657f5d121a8e8176a2cc44993db91b66e0e7caa269fb858122fed93229c3fb96ae6c1109b193a4b7b470ea38d88c0bbd4322b0c6fcb11d03e3b21a098b24fcad67d318b8f1503b0a70da0ffc9de55e0346928f1b51d30f83af14be63543b1968de8bee0b52c7b388d09b5c4b03717002bf943194941c2e8e2a47596c53436055c10b48face8059a57ee22d5f97e9f1c4d0d292169f3da797d0fea0e4c4597c65244092ab9ec63b653ab737faadd936655c29b5cd4cbd739a8e1bf2ab2e3d4b390aeb3a5c302da63e3a051f7aeb4f41a66fe870896723e0a26c8730494430fe3d747355a457d8e1b285de94287392630607f98d0e3db43f3ce5fc0952a7fe0f068bbc818829f73e69746cdbf6d2466d2f0c4ee62d31790ee7880c84b519752c2720a241cfeeb8ba1f568a5dcc786bca165133985d463c9b1946fbff45b9bd8355f1c26658a1ffdf65771f6d6db2a927e8548d3e55582a89f1a9118f3cc6f974a3a02ff8a318f1b4550335c4c468c228419d1ef1fc21bb4df33b40142f12786d507a1cdfc440091940bfa791eeb3c0f4b1f51b8002e5c86a8cf6d38decca07fa07246f84abbe7403489ab29c27ab534b7593ca9e6bb3ca1c461d168be485c9c5aa6f3cea41211d2d3fe5bc33d52fbba21dbaa4cf866fcf440c6d392bd43d7c575b8eb63903dba524e594f4a2cbb8ac3a24731eb7e0f7a5c1ceaccdf2f3a4fd4ca9bbb206799966e25014c28b6335c400afd808af4ff2dd0d977fbd2da522fbca28b4f5f32e53bc87cf163e95006d4a660965eab564ae8992af75eddadcfe43bdf7d240f8b444ec4c7dc4f9f921641ca2aa6fefdae5f728b628cd56bba132f4b28d67b19f48d3e9a13cbdfdbabce5e250658b7ac2629eae72d753ec67ee986458c6bdbe28b38fc662f2742578fcab1e25b0833ae3dc855d1d0cf2d9b12d13b07e6c950dd4716320d2eb66f6c02bd2280b4099b38ae68ece07b26d5925f052c4bc19f171c5e1237752ecd179619f55f5cc853e90c18e6d5fab47773f28872880117328f3af8e16c974b2fe9a98c3ce2f31282e20ccc841734cf5e435e9771525015e6515ba46a7331b0c85e4b8a0dceb52a8d3718f43371cf1707c176da99080fd0b9b0264df7d990b479c9f3818f474922a01257f5a42445ef4464677e9416b87da8cbb8f1d3d804c188e0a065e6f5159b5f16f4f367884293279ce4ca12f63133e56e167f4ed25922a95995d8de79023cedc5deed0c1e2c1293942a2c43212098117dd3aa11b58cdd951a1b8d05a528aba0a461b6ef01aefb9ee736b32aa3e741782e98385dc54c2942c503763c63b98d2e9c3633cabed127c0ce633971546cbbb60925693e833231ae8321d9eb28b065938f37de7ac617a9e2cf5987407c35646a21e55119786905aff192dec582d42069ea8f6955681467b968c8762cbb8365597b2dc8b4c54cbd7b8706d94ca50aaa528f3716e00c379382311c94e6aa285b1e5cdb2a060544cd73caffc9d6542aea7b05a98c4aec1a57870c86365854bc020d03a295b0f7739f3f8f91220858b8ffae9349c86c30f5ef8e680fdbb4bbc0b056807d8e89d6ae43df4f53182652002fb36f6316ac1fabd01e7b33e8089a1c8d8b4cf7c328d49a1e767de53101ea82b7f6bcd31e93abdf833b73c8eb724085a5cfaf30a505b3c98b4a3e794cf4f5cd8d3f75ddf7abe928d8fead8017a6888c8f084891c47164d29d069b7a3197975ac572632f4e5425b0a77074020a5f31b41b40751a6fdbe0f53eeb3a5e243923d83d97185faea6eb4838334a036419cd689d714632a59b6396cbd7266a8598ad708d00912995b5954072920ee70b059767a9c26eee4a4e563a05aa194a12f443727b452b75c2ff00babc4165537151d76b5c7ab5fe8af9e23749403198c3194c663ee51ad027ace4c7d1e39e260275596d9e500a37b43b9ee1bd4ddaf31da96ae54ee76f74b0ff59eeb504562aed203623badfdabd5aef3dd3259a11fcc22f51bdbc9fe3429ce86ec4df83defb7948b9682a82afaea7f7976d6863dcd9aee187dbe4bbc4a3982e4747f1282f088c422628b3fc56f42bca040cd13194865f91a8c47a54e6359de29e76663231c8be53b82f6b42460e4103e00346c28b0207af87dc55c0a12c0a718adc942522ed88c82065506b3051bc73f3148bfe36c140c8d25a9739a779fc646d8b579a3a5fdbda0568269626fa6718e7c7eff6b4e7d334b6fcfa39f94d681065ff1dd404a08b8f29a7dd9d2a7c8e3a690669add44419f425f8d4470a1f54f20e49f1b108a7c57f9cb1bfba12e385ecf8a24359e97773a87f03bf2e882118c0733164ef696fd9c7d1c503aac3997ab544276180041f00414b219ebf886708460a945b3220475517eb54cbc04278f2935b0e036f140104d100b817bdcc771ad8ec87fbd073b88d69a138326439522c6fdc8a26407b472ede4355dc", 0x1000, 0x1}], 0x20042, &(0x7f0000002580)={[{'vfat\x00'}, {'vfat\x00'}, {'vfat\x00'}, {}], [{@permit_directio}, {@subj_type={'subj_type', 0x3d, 'vfat\x00'}}, {@subj_user={'subj_user', 0x3d, 'vfat\x00'}}, {@seclabel}, {@smackfstransmute={'smackfstransmute', 0x3d, 'vfat\x00'}}, {@fowner_eq={'fowner', 0x3d, 0xffffffffffffffff}}, {@subj_role}]}) fallocate(r1, 0x10, 0x0, 0x8800000) faccessat2(r0, &(0x7f0000002e00)='./file0\x00', 0x100, 0x1300) 15:42:04 executing program 4: ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000000)={0x7, 'erspan0\x00', {0x1}, 0x1ff}) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x541800, 0x0) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8, 0x6) r1 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_FALLOCATE={0x11, 0x5, 0x0, @fd=r0, 0x266, 0x0, 0x1, 0x0, 0x1, {0x0, r1}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(r0, 0xc0189377, &(0x7f0000000140)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xd507, 0x4}}, './file0\x00'}) sendmsg$NL80211_CMD_LEAVE_OCB(r2, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x14001420}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, 0x0, 0x420, 0x70bd26, 0x25dfdbff, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x24008840) sendmsg$TIPC_NL_NAME_TABLE_GET(r2, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x804}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0xb0, 0x0, 0x400, 0x70bd27, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0x48, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x7}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @rand_addr=0x64010100}}, {0x14, 0x2, @in={0x2, 0x4e22, @rand_addr=0x64010100}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}, @TIPC_NLA_SOCK={0x10, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}]}, @TIPC_NLA_LINK={0x38, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2f}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x80}, 0x1) r3 = syz_io_uring_setup(0x2d1f, &(0x7f0000000400)={0x0, 0xe17, 0x8, 0x3, 0x2a8, 0x0, r2}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000480)=0x0, &(0x7f00000004c0)) syz_io_uring_submit(r4, 0x0, &(0x7f0000000500)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x8, 0x0, 0x0, 0x0, {0x5311}}, 0x8) sendmsg$NL80211_CMD_SET_POWER_SAVE(r0, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x20, 0x0, 0x400, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x6e, 0x3f}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x20) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000640), 0x101000, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r2, 0xc018937e, &(0x7f0000000680)={{0x1, 0x1, 0x18, r5, @out_args}, './file1\x00'}) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000700), r0) sendmsg$NL80211_CMD_START_SCHED_SCAN(r0, &(0x7f00000007c0)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x3c, r6, 0x300, 0x70bd25, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x4, 0x3}}}}, [@NL80211_ATTR_SCHED_SCAN_INTERVAL={0x8, 0x77, 0xffffffff}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x2400}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x20040005) r7 = open_tree(r0, &(0x7f0000000800)='./file1\x00', 0x800) sendmsg$IPCTNL_MSG_CT_NEW(r7, &(0x7f0000000900)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x1c, 0x0, 0x1, 0xe324270ac9220508, 0x0, 0x0, {0x3, 0x0, 0xa}, [@CTA_ID={0x8, 0xc, 0x1, 0x0, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x200d8084}, 0x40081) r8 = syz_open_dev$mouse(&(0x7f0000000b00), 0x100, 0x109401) syz_genetlink_get_family_id$smc(&(0x7f0000000940), r8) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r2, 0xc0189373, &(0x7f0000000b40)={{0x1, 0x1, 0x18, r3, {0x2}}, './file0\x00'}) 15:42:04 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 15:42:04 executing program 7: r0 = syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r2, &(0x7f0000000140)={0x37}, 0x14) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000400)={{{@in6=@mcast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in6=@mcast2}}, &(0x7f0000000180)=0xe8) getresgid(&(0x7f0000000b80), &(0x7f0000000bc0), &(0x7f0000000c00)=0x0) setregid(r4, 0x0) fchown(r2, r3, r4) r5 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) name_to_handle_at(r6, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@FILEID_NILFS_WITH_PARENT={0x20, 0x62, {0xffffffffffffffff, 0x7f, 0x100, 0x9, 0xffffffffffffffff}}, &(0x7f00000000c0), 0x400) keyctl$chown(0x4, r5, 0x0, 0xee00) r7 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r7, &(0x7f0000000140)={0x37}, 0x14) statx(r7, &(0x7f0000000140)='./file0\x00', 0x100, 0x80, &(0x7f0000000300)) 15:42:04 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) syz_io_uring_setup(0x3ca, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0x40305839, &(0x7f0000000080)=ANY=[]) pwrite64(r0, &(0x7f0000000140)="87", 0x1, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) pwrite64(r1, &(0x7f0000000000)='y', 0x8800, 0x0) 15:42:04 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f800002000400045", 0x19, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:42:04 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x5c3881, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) 15:42:04 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) (fail_nth: 18) [ 674.162583] FAULT_INJECTION: forcing a failure. 15:42:04 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) [ 674.162583] name failslab, interval 1, probability 0, space 0, times 0 [ 674.165726] CPU: 1 PID: 7138 Comm: syz-executor.2 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 674.167967] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 674.170561] Call Trace: [ 674.171155] [ 674.171702] dump_stack_lvl+0x8b/0xb3 [ 674.172541] should_fail.cold+0x5/0xa [ 674.173304] ? bpf_prog_store_orig_filter+0x7b/0x1e0 [ 674.174357] should_failslab+0x5/0x10 [ 674.175362] kmem_cache_alloc_trace+0x55/0x3c0 [ 674.176437] bpf_prog_store_orig_filter+0x7b/0x1e0 [ 674.177460] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 674.178572] __get_filter+0x1ec/0x2c0 [ 674.179353] sk_attach_filter+0x1e/0x380 [ 674.180197] tun_attach.isra.0+0xb8a/0x15f0 [ 674.181085] ? rcu_read_lock_sched_held+0xd/0x70 [ 674.182256] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 674.183481] ? full_name_hash+0x11c/0x180 [ 674.184331] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 674.185397] ? selinux_tun_dev_open+0x168/0x1b0 [ 674.186317] __tun_chr_ioctl+0x1701/0x3f10 [ 674.187146] ? tun_attach.isra.0+0x15f0/0x15f0 [ 674.188052] ? __x64_sys_ioctl+0x97/0x210 [ 674.188869] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 674.189950] ? tun_chr_compat_ioctl+0x30/0x30 [ 674.190825] __x64_sys_ioctl+0x196/0x210 [ 674.191628] do_syscall_64+0x3b/0x90 [ 674.192367] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 674.193372] RIP: 0033:0x7f2849393b19 15:42:04 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) [ 674.194090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 674.197868] RSP: 002b:00007f2846909188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 15:42:04 executing program 1: syz_emit_ethernet(0x3e, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbbc6dd60dd02a600082c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa210000000008907848ede6f064f08d78dbbc8f5aa6be8d488d64ea3b856a8d0a4eacd5a2acdfccece5c17d5d9895fd02206de56d32775521d4d384989f898a3005228c0da8777300a1749efe952bfea032f51c0809907f765e8014ee02a2a2dd"], 0x0) [ 674.199363] RAX: ffffffffffffffda RBX: 00007f28494a6f60 RCX: 00007f2849393b19 [ 674.200864] RDX: 0000000020000000 RSI: 00000000400454ca RDI: 0000000000000003 [ 674.202255] RBP: 00007f28469091d0 R08: 0000000000000000 R09: 0000000000000000 [ 674.203670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 674.205058] R13: 00007ffe11164b5f R14: 00007f2846909300 R15: 0000000000022000 [ 674.206456] [ 674.215491] loop5: detected capacity change from 0 to 260 [ 674.225722] FAT-fs (loop5): bogus number of FAT sectors [ 674.226970] FAT-fs (loop5): Can't find a valid FAT filesystem 15:42:04 executing program 6: openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) 15:42:04 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000003c0)=ANY=[@ANYBLOB="1c0000001e0069"], 0x1c}], 0x1}, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000000)=0x1, 0x4) ioctl$HIDIOCGFIELDINFO(0xffffffffffffffff, 0xc038480a, &(0x7f0000000040)={0x3, 0x100, 0x9, 0x2, 0x4, 0x0, 0x400, 0x0, 0x5, 0x8001, 0x1, 0x5, 0x6b3, 0xc5b77}) read(r0, &(0x7f00000001c0)=""/133, 0x85) 15:42:04 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NLBL_MGMT_C_ADDDEF(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)={0x30, 0x0, 0x0, 0x0, 0x0, {}, [@NLBL_MGMT_A_PROTOCOL={0x8}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x30}}, 0x0) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="5c000000e1c75a0b618e1937ea9e3ea2057bbb401e99de30f65e6e00000000000000000000002000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="3d00330050800000ffffffffffff080211000000505050505050"], 0x5c}}, 0x0) 15:42:04 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559b", 0x1d, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:42:04 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x24, 0x0, 0x101, 0x0, 0xfffffffc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x2f}]}, 0x24}}, 0x0) [ 674.385451] loop5: detected capacity change from 0 to 260 [ 674.393284] FAT-fs (loop5): bogus number of FAT sectors [ 674.394425] FAT-fs (loop5): Can't find a valid FAT filesystem [ 683.826762] 9pnet_fd: Insufficient options for proto=fd [ 683.828213] loop5: detected capacity change from 0 to 260 15:42:14 executing program 1: r0 = syz_io_uring_setup(0x9, &(0x7f0000000000), &(0x7f0000ff2000/0xe000)=nil, &(0x7f0000fff000/0x1000)=nil, 0x0, 0x0) r1 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x2000002, 0x810, r0, 0x8000000) r2 = mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000000, 0x1010, r0, 0x10000000) syz_io_uring_submit(r1, r2, &(0x7f0000000140)=@IORING_OP_WRITEV={0x2, 0x3, 0x6000, @fd=r0, 0x7, &(0x7f0000000100)=[{&(0x7f0000000300)="5d378ba4d0874d018b7b8756c61b96b8f10ce567484ef4a7799ed59857ba8ee858ae32167f5d04e305004864cd7d8fc07fe6447cf402104f5504ce145917c0019c57b6ab90419ddf8e6c80a4901ec3682cdae3093df1b48ec89ad630123128941fa0848a3a8479c7d6d41e2989683bbef80bc2d290f3cd869713adf4f759a37f38b1601b88283ebb92dcc6a1906054e1c220939778961c9697000d2a8303aa67953e840cfb355f0f1ac644d15aa88101e3325fc2c3232900298ae6295fba911ddbc2bfe450b0cbe50012fa3f1612704126a970d4890389864213fa9577757e9837c19ff2b10ad03405bb8b291b84d8c7bda6261c95e4fb61c82ba76c1fe16bdb9b95d7ace9a679af3e1efaae1e0c02fcbee988a2ad385582e3d019ba8e50175aef83e4df2ce5fedff99b0c69e663dd2d5bd05f0c1995f77b2cf73067fde7c197179556258617fd45a7b9af5b59cb00e605ea0898ef32dc805c0468a710ccb49a18becc21bd37b232ebfef064608f227117163ebbf47c2075b5889784597bfc0aa43a1781d87aebb9f4f89c4c12d162736c1db32b601b10b9a9b5088c246748a979b3667ecda7e49e357448fb1173679af40d1a419b55dc1d9c6354a8bc962dec8fee810c9866d009cc1670a7a7bc53461bdee22ccabde3423b22e7cec3aeb2f9cb57af926097ab00fa42b46f34750aaa96d8f4940eb91360b37b1a0c3e09867b6a9adf87cf92e609e1e907dc5a2a1eea6919802be654fc1e9232e3f1b65019429b784b7e85ea688318722347326a9ed46bc9eedd44390f25e5d74c7191404c1abd311840fbe617d5aac5753c307340f10678ebe1307c1494901331609e9c0f5e1e908fd9203d3468fbe45a2fc2a685a5a6fe25156fb2df2bd1c097471eee777a1f4a2dbe19f85f2576feed6401e93b7bf0e9b60b84e8ca41bdc20df663d2d2fecb23c9446dfdfb9f252a5a99aae7cf75835cbca46f8136ad380ca55a2d3907873b799855c5151db2f2ba8ddd11f75426f751c0120065ec671d790a67014b3b8bf87bf96b550979751f01c3782f1890751a5eee27297d2d4301086d3772dedc9fe91be4f0c96dc82e26f84d75b4bf0b6aaeca5da3aaf8921094c8136697eb48faad28fed0dcb23afd318c72fa04269140ec0b4dd4810f71aa9612079abcb102d6950bbc9fe7146e15e1710168f56a070ac1e44dad25f747df015131951e9c4edb86dd25d487a92b52b38bc14f6ca198ce48a7323c1175bf1739159ee97fda0074298bdd52fa6e91d8c7dd2a7eabfc1cd34a7f56465311748c1da665ea4cc3805310470e3d23812e71fb6c1d67c164b9d7e9d4bbb8764a7e57a48ed16a665f82e833507e7adb22b421ab287005ea4fab1f9d7a348cd1e58ad23b893fe7580d01f8600fd3998cec1ee060bac61c3864bfa8a8aca75a8666c2222b288ee7df77c1092881dcbbcf0e1b63b749047faada79d1ad035c8045a68b65927ba10a0be2ab9a582fd6f6097b025f26046fbb22ea3163d88f54c98ec0f4761f195b35a9b61f5d979b9dae6c2d0f6bed4a813c0fc75b99ae8a9fca58fb752291fc7d3f717ce672a5a06b1d3f0c0129c9082e8bc03d87b7f507080c2984c8bd85977c789f85e434479326b8267af8d78a5d5cd1541dae6c3e1868228c0a9477b0144ebbbef816da0562c0522d6ae61e5192e3965d8cb486ccfb283fb93716be842cccbc04d0c2d76778aedcf6aab3793cffbe9410eb0529e65965ee2cba4e85e243708ef461caca69ca384e85310b00d028ee40d09489f2e1161b5782562ddca36eb02aef0b638bcb72f015588105e84c86c139cfafec4566e5254c3d06bb546f5da431b9b261b54a4659219563587d201f58b2015f08a3ec1842d75bf6e21fd8306c71075e762adfd2faa9d207361477e2928a4d392c3abc86c3c72c997011735a82f31aec6644b4927a6938212a9c1ade7132fe7ce6953c03431616d21c95f1dc6fc576083734e0f4d7e5be6381f94af791819e31c5d03f9468a8c797248ee991f7198257f34477fab74f37fa2075e8b17c4426c603d8be5310e549754ae77082270132ac683b64f1cfb0e9e58ac949457c395d9d9f0a7f9ab4c051b5c2ed8fdae83e6e11602eb4c4ac5f5cbe9316620cc11c8a10351549bf118b5ff9bd28a636133a0451e7993aef543ed9b0c72849c1d5718ea8e34c60872b675fd6d9a9761ef0279851972095e55f016ff127677cdf628e8164d2ff2f7fd22a071f3594075f07b1bf035868b2bfb1cec37ad643da9f4da5d5c6061fd6872c8110942a623c05ca71020f4354bb994193d647fc285a77d92dce94bd14481012c00fc487bc17bbe87c14aa173fc413f94d911832429a619892b0a86c10c334bd66a5b3d9a113a62d3a38be8e5d6cdd43d4d5d70312d96bcd07e0def0a1cf17c5104bac1cb17166f0eec10c38a9782a7050f24a9e13f09e0ee73fb9645d426cfef834b1a20f60c6bd1cbe41d1e79ea553da3a498c4c4aebac3c5b1d7e9e461ce7386af135442ab1c78014a1ea3a7709123ef645180fbb8acc71c7b8d8b395622e0e75ef6e4c55167dda4251804bc40e632111125015a835b201139d7a7e79fad38bbbbd760aaaed6e56f04c2e3bc967cd585c131f06bcf5a0d74549f6397fcd173324f1567ab28ac93cb03852d291c79c8402157c76e8fe3e9921ef54aa39e0e57f99919b6c85ffa992df3049075aa132a8236841a7dc6f6eeadc1c4d035806ea554374380b7307d29ff126d24be3bede906ddbc75183a5307b7464f84ae32fa46f6e45e8766c5c5ee8f44622a4344981fe3275483790e299ef6ba8a174acbc4186220ee090f0606484f076ee44521a52bd5cb6abed07f2475c4d8412107b064d1b725fd876de41042f944f62f599fe6c1e338a661ef5a7f6ee461879a98e88ef5bb3402d8892e38cff1d30f33ca5651217f3ffb9b792d24fdb77e25b00e678ceb4d6d4ffdff09173201374cc2e43255a304a4fd3d9166c0af966266178fbdbf32c511a3cc63cd030a4292ce23029d30bf0e3ec1aa03b88fc58e59484b259bc2efb5bdbbff395d926d7ebb90fe98f99e15470c0f9184ce78d2bf7b22f78872dcb3ac759fc4806e3202eee348500c309d5aed01ab812aac0aca866f745a9d21040ee25983d04574e17338ab7b9b3e325c27ab76b6d43ee46892d7db15b6ab5470991c2b93160f3785fad9a82e76687a60ad39f55507bf188f3152c5c87b2781080f7703657be93342d7f1bdce27eedbfdb22f37571b2e1ac49e40d84f1310d5e0eb7cb503bd885e695b7fa7fc1f2d3fed8e1a652541e27a0cacbb9818e36a9a35e47c9960f1a7d50ef0e1d48c9f9a5395308fe62214acb9ccece3e9113134b2a5ec4218093fe8bdeec1f9b5160d9820d1ae9726a29f7510941f85d01e0789358e181e052386fb6b9623fa965df49c1bcdd400eabf1682847da3974663789e462259d12e7caa306ba3e7e7725edf9df5485274de75fb93ea6bb6677e56d04cdda3df99f27946a9d74fd5de0b8c9d6706e954204a10f250296e83823de61f394c9a45b0c52d7f24298d9695dc6b9b50be7ef2df903600ecf61633bcae8853f6d72fc4e48d760c482c428e43bffa86b7057a0eed33888db63c4afa1e41327c6ae912e4968dbecdd0e40953d2b2f29267a8e5d402d1487cbbb1ed5005f9bf46eaf1584fbf086e3447e8c24bb42a7c5e050fb60bafd7483160cc5ac3d9230594500f355c568d6d9ff8bd0cb621ea087ac11b749924e889f89a581cc333715faee617269ce2aa0f3bbdadd095f28503d86dda570d5819909ca420594d9210565c6c18f71b3140e8ae1fa9b68eeae40957aaf3e926fede5c1e11010b4a5a4d89ee9d4d381d74189ae9c896f4be4935a1597d8d9cb21e6b9c7cff29acde2f2656b23929f6af01ec495a4ff286dd3f233c8f18c761e151c056b23dad0c4d01b8c3e40e3d721b686f64c67f1f08f526f50e849494220cc6800ea0b852f6d8edb81a97a7bb146c586113cdf297af839599dc70aeb700ce5b4d51fdb24976d12ef879ade6d841f1ffa5e747a441acc6f8346027c14b9e823504102d4cd72a15117ca593ef0d0f3d1f15432164b3a45c81975ae4604db16483bd989baacd5b5d8e710d1940b206f14e28a60246f3a38c6b3f808ceed39530f207ebf1a5ba5a8c2e0b686e6293bed396b91b4871b3113b222eaff0bff159870163558567ec96aa680c154e0a50e03b4f080e34cbffc3050f605b120f6eebdf3416b80ffa6cb68a8e573d2a8efba5bac731f297d8854d97748d1ae2ce06fdf789b102dbeebda62e23a29bcac53b11430fce7a972de184f3bf609851e9568ff6f9ee6b08b0eac570637dd55b623863cc0f3fd6a887f828d4d47a5571ae911f44b6795363e7612b31b18bb915cd490cc19388cc86273fe00cad9a83da5c65cb219235b6d44dca856975708866fee100731fbb0058599f656dc51c035ca9691bec6097a2f96dbfadc29db403b5cd832257e2427b797fa4112e10811364c2369609c296a561b42443b9862a766b7e47234439603c33da78060eb6aa697d7e18af6eaaeeea7c14cc76ea6e27b2f00fe55db0047ef35e426492b8947076e6598eea0513c8f0988ce8b306765f1f4129260bde79434265bddaf2a91f922faaf4e5f8fdc467dea6b821d2efa7cae9770bc5123f48726f1275954c81023cfa46ceae6210115bec9ba8393bef31494f25af2164040f84c833afa5990ea604d742e8fefa82379bacd5d224d657fb3b3c9eab95401120ffc393666e3e6a54ee0ac1dd2f2a5e91fa4afa23337ce1c5717e9207de813390f6fc25e356bfac6e74051cfb20fdd7031e6bc8ab40685315dfa3ab17bdc5645d746595911d33435c7a34b27cde517da544402db2e68540168a2f0a3d142885bfb9ee59a360fb4bedf64247b70cd96848498d891af48d178b5c3e587a7d45ce83fe105f2fb918f871b91c233dc159d16d9d0aae1b9db221399199c7a85070383dc9db378c30752e3606ebfe14ce66fdd66534f820085710a47800923eb3c99fb6efa04059c95d050e57cba978654c23929df7d6ff0c4fa48d277af4a7aed9b1282f90b88b6b3e3b4f9c6b4e949af0a81ac794c29056301765e32f664e9eb9b1b42a23756b1fcc4ae5162e0a95a99cc9d233cba2510c8c520cf0b8c00cfe622a1d1c8168ebb8273c425dc367e887c57b11fc0fad00b8c7132a43df67556eecfd06d9c6e3c0d4154ccd7b51424c26f28bedb0e84d06bc4ee4cf1580020b79afe4f661ca676d92f322daaa548b6ff845bacb668e3c1428da60cc765d4138c78fe91358a1d728706252238ea8e7b19669b65626f77e0edd7bb6bc856ee9a660193c23e9067a523cbbc2a24cf66bfe3e6a32ced32b9f6bdff9fb58bc725a354802906e12a91f6026170dbb1df57ebaee22647e915bb51cd0b3bb2cc157cb9ed615509295fc3a3b91c4e425040dc47381b3fd8a18b82d914e71a49a6edd9474906969eb6d2d429d82ff4fa9958e245c478c7e1982c0eba73e0f7415de9d39cfb7d8d54c414641479d8d9e8ef747776e7f1e838609a8299217976885817372895c9bd50fda2faf52a9c77d280186b8665fe11488b3af9918972c00880a09fce78c48237bb1444ebb351693d2c9e76d3125c841df315bfd9aea84c894593c5c59f12bd6b1c78c7182c3d538e4d1934862269e82f77f214d2790c38831d739b0a5870ac73acbcc888b4210d830f147ebb7f7ddbe806406c950d78cd25cd147338016b419fcbd3ccf00572bd7f19af4296", 0x1000}, {&(0x7f0000000080)}, {&(0x7f0000001300)="bb413fd3d9269f9667febf0aca6628ef08b7e35d9357448e4959ce8a782fd9d4417c7fdb2fe75becba624f3b9e1c75550446e167ca7bb765cf252db9e4fdf20654d5ae4a3a3c7aa27cce815d7436dc9d31ab504331dcbd178059f1bdb7b733418454d97421ab609fbef26482036a316b23394d052e6f4f0d0180d89f4a69ca4acbff582b12d505767d5471001954ebc390ab8d4d20116a604afa674562a574763a55b479723948b89f46ba35fe56e60aa37b5c226d71667c124e41f6c4dd2c1749d3a59e6ff8cb438f8a75f13956cce62e2113ced90f3832985e7a802e8781308c344da36effdc103435567dcd4104acb646c540a577ca15cb73bc5d18f707ae940f7dab7f85e4eec2ce0e6f7b3b38bc2d434764f612102e1280655b702dd5a0d0f68f9ec95bae3229af5a624db6bf407964483c0654b7c2ab9d49f3688b4e2e4bc245811c5642dc0923a657bfc52783fd57361f26eb1bd18d2ab0a7a55d4b97effeb68bf6fdf13ad06eba47c6e116f6e53d7027b771eb3de6f60da45aa5f6b4443820684ed45d28544a866e3e013b9e73a42e4d26ab2ee7bb41cd39e2b280fa7d048c848f7dfa3dfd4678f49926bad88ab42e8d6261adbf2f8637a26d5ef068a4c5f5d2aac6899da5a717fe47c27f260c736f1d71f01036c9f489873ac590c677b794d4d659b0d8001022fcb8e99bc61c4086b7e09a9d52e34791da9bc157c48665ee11caeb0b90da6a8579c93470cfc7c14dd13acc9e1975e538f69ff32d4d8fa6507fe71485ac386af011ce1ce99d2984189d21d8702ceea82d364a53f72cd686dd1561d3682afaad098a92335e1b1e51340200360685727a0dab055e80e2c53c2a1045c68282d04d357a0ecd4d544fd25b49e23a8c3b939ff833769fb558736519a00f125da69f3632abc0d0fafbfa259febe3063a2c4d81046a6c3007907422ef6989a04eaab63d9e416fbe50b1a5cd48bd614d957b96ee032faccd683f2c64294f39c2006bb194093b0c9fc914a2f1ca2441f9d38a1e7d466267110c4b25659f82f376668e8a3af5a2db268821720505b4e641bafbd2675685a22c5fd61bd0b9f8f028533c999d7c8f3081cbfb3fe2875b8330671ede1c614a56f54bbaa26d60bdc9050f2da4ead7724c6bd95c6ea374298f20461d0bb2eb1e98504d75d17628869cfde9a5614426fa774f00ad729bc7838d2ce8349eb60b21829ae1f32b9cfdb487e424c95381ea89e73e1bad260ca1212256f4940235a8a5a8e36e1d4ade7024a5906cb5eaee0145e936e02ebdbca11ff4c7d40944e9299a360efe46bd3fa6bb4226e34450f4d8c33093b404e7ab411555a472dbd566e5439fbb563faf5b593ebb538866e95135ca11c2c44e7d9d8be0c124ffe762be3864e003530d4cc35919f89e2228d5a4ec8563a3b07ff054b2c52e215e22cf5874d7555b200526fe899532e17eb7414b5cf0ac5d04ea8a495e1c599de783c3d140eaed21ea6fc035b432210cce0dc5f61ba80cd61b572e128ad1adda3bd9212d721237dd32511303774b833ff9462e2eafa308341669b5572d08203a50ccecf21fc1bccf13861361ad916e99bcc39e2430d456f36aa9b5786d378026fe99ae8c77897c158baa54768c8936a7032cfff24777c1918097a2627c92fd16bc5a5e18244c99e062b6b59ad103f35df1cfb64e73bcce952a1d97f242a7f148ab56bf5ea0de22b076794112bb87dbd72742280ae1f311ec0fa6110ba53c79488e1b05e285ac6ac61b37b3963e9bf31fcb9f1d9469f834dafe4e33ecaf3d2033cb70aada0f58b56b3424a1dfbe3c667dcc145f6d99e396a50dc5d36ebceae2c85d15a6447a08bd149c314eb39997de5a099917cc0c4d8ab7368d618b59f62bf597ec8a0c5882ba182241bdce957d471368c61416d04e38bfffa55619b85e8c3d3accae84b351d0680a313a6f501e307477ea6a69824f4387ca53699abd30c2d6b79be0ff6e87caa1ae0d161535373c8f53a28485fec4f55671fa4dc9a01ba97cc50edeeb11dfc70f07520dcae91890e6bb1e9f84139c9b998ed5527c1d5f2fdc919085c170f657b08955b994a6ca8b1611ffd7a9e7871d3e5e9c86e334dedecf6c2a78d1af89d67f0a5a84822f4acde5fd790a07286ee24af5d8f354b63362c8280f88472fa0073320bb8ddaa7f16303781c64839d3feb6a701bd0e3f513e0d858a17a44b1389eede4bd212cad783d6a2e4767dc0f8ccb816219cfda935abcde416b575031ed50ddc48350bba552954d1d6d917691bc266a9812967093c49ea636371e88ee25aa59c525a3e0aeea3f0bf47b170b755faed553957b998baabb18f73bbbaa5370712df78b881eccdf3d90e37d92fba87a5ee6f9dc1fa0e7e212776975cff79835a227a785fdc514235aa3c3f33c8d8f1a14dd79bdaa3bd30a53e1b3a710be46cf6caf20a136ff0e8cf9eca030b4b696c6eac1593ecd27cb26f089b0c08b4f33639ca8e9b212126c6a86e1fc6b1cc048711a5717adbd00152d6089405b912e54c24f4400ab72c557aa915497df5dfc04fd363151b8aed081993a0e59377a0461c0f061e3b22e8c6bd0ea081b81ac5c38c325ae93f6c8c66826c0cb86332aec887952e6b916b00d758679877e5f00c14966c84e2cf86f00f8c58561bec847a0cf47285a8f3af254acfa416bba96a5b76b85cab71f999360ca90b29d219ac0921333744b07a24914316a04c5b10f08c8f7dd27a8bb5817e214f8d4d57d6e89eb7d62938028b6abb51d2ff67a3e7d8ca045d1f5a1ccfe9eb523a160956f7278efdf5f821f0fb42cfa59037ecbcb1d10930e8a5737028a3cf430d062b0878030223e606799ce6f54025f08b6442c3545891428ba0da3367cb22d16e74befda572ea0108122a92478a619a6131ba8dfe0a4cbef5cdd1952278f25878623e41da1cef35baec0870b4c559a0daf4b0d31e1618c7efe4ffe6995626a49a0563293525ce50e4230091879f810360cbe45903b525b6ac348bead6a6741d74fa29706a72f625099e909b9d317f25cc8fe7d224be5e0bab198765f1ee7678dd2990c35db57f00a73af7540c640d908fbe1e48877cf1edfb5d765d67cdd6eed494631095f39b647bbec2b0b14bd34aa46f2420fe51ba7a4cd2c93be263f79bcd52cb25c057ac5ef2abbc670de4da063ac5511867dee4f8e35d5b58a4db8a4151b760687c8640380b74ec38ba808d36d61462d1a7bd89c9c476076ee103be471801fb9fc2cdebfb6506293a0fc90d688b9ab3f2c68e648b4eefadf54604bb06d87c6c3b99e2774379e7d7f5052361c1e73265398d33894de1d07ff5433187b8b97600b998114c52827e702107b01cdf12b9cc24f539bcd006559ddc6198f2671bf4c1ad6bf8f15aaafc4f33073c211d22be681f503ac2d9982eaa1b88955b12c6b2236f727ada6d11c954aa5ec89b75295ed1bb892131a16b807a63e072f679ad481140e75ff4971c56eed15e4f264e875c7a631cba89f7e96e7e59b0c0d82ba0b04ba8ab0b462cffe5d668513d339ba2790c25814710090a74a555ad1a9de5300cef0d2189121c3d93c78fe9f7e23a9dacd850e50bf412a2873a7da6dbd01a742dfb5b705f93b301d6f1721a32e6adbecbe9d469c71afb5571c6031562032371d281db81b4845cbd3fdae0b4fb94e2f3853e4d44cacb1cb6ea107bc4482067fcffba683ba1198fb77eb775357922032d0c3955122953d7f36ca1e7ec3a918b53d1a77197ef4ac4f220f7e556d3335398d682cfb7b8b7f7188c8171bc0984a97f50f0323c3f607db5909f6ed0d2462617779541758b32ca4201afee00856d358a9c8816e1477215d46c12020371865735819125061d0690db9841c587d25cab38a0dce4d602df93967a0a1b8b2fe694bb888270570906f136875bd846d7b600b5434c59daf057b733f1c8b1b9aaab1d934e55767a23670d69a3f13f5db0e6c6cef0bd6e5470607fc17537ebb97a167479a85ee9ad2ac9d085cb02e3e601ceb40079e1ba3c06161da701e8d3e7ff684df8c2faf9ba66bd67aa18888fcc4f4ce6aa53fdbac384f2d691a312db0c417f067c5fc15215c57aee05cedda878f3c03a15289c0c12fe24c8de1c96b1b0f9931d1607c46e0ffc6a89a490263dfa01ea1bd005021cb22f0c21eee08196a51ddb7bdbe48a8d75b57d424e2585e290689b0fac18312d52c1ddb538c222b7ae1d548fef56c17d50ae27887b724883aaf5d8925c073f0d1e0767b18d2acb48f1a8ef8f6990c03d2f98dc77c2408582b0d642ad46dee7f4eb216618ba8b31aa90e25cef5f96fed57b1ca1b347ae65b924a0145855b49f3cc67eba735458855f7e73ff6e234953ca18ee7849de4fcef8bc81a5c734c54109e4e347c9c66c236411199d713d0caf63014c0f10924c5785ee75d4984ad7d01c72cc72eb0b71987287ae79da9372b4d2b6c797a55dcc10c9a6ec6bf33467bb31a1a9787cb4f740e7db6fa17ef5ff0d05c33df97a3a942fbc13b41d04ffa7e34622845927c98f80eb398ef4dda11e4246d78d3bb31bff6c45eec575c86b964cc62e8f4534c105aacb6bb27bc80be56d4356a699d121eaba0ef24f98a85196c8595c9b6319b97367af56de496168dec6e6b5c5fe703e1eac875286526ed069d30c6c9016820861af6654f70c5a24ec206d801debb81a6a7932200e27d77be7bdd01cfd32762f59a0692aaaf759e9e6d99559dd1f861b962e0d21db2f281f003e39dcf8820ec3d85b4a289326514fb735a802fbe48e5112347a3bd72a52b479667a63590343125afe1130999377e6a04e5a3fe9d9ec9efca0e6236e7548db50e119532747691a95b7da43cd60d59b8351586c7b8a0e47b7db26e9aa13a1e8e7b9390be95b908c237807ab8bf205d7ea919dbceffc0340521f4d2a7675af319ed905cbda53cd563eda68975ddbf2283ce8628b996d4b039eae13bf2bfc80e097e180417b6f67fdc89c6af8955cbeb01604d855c72507b9dfb151b130fa29767aeb7905c1f7dd60bfb541953e022e435ae748b1e9e264b79e443fdefff6a8625609732f6dc3248a4d22275f848e072e3d550e7e4485ade877dd4b5ef34d435118f3f79cb18e9cb0d6ef2fb6115a88c8ef3d5dd2a970444f496b0c206b407d3037bc10d979149f1982ccc55c88b689e9b34ee187051c4ae1880412b144f1e92c75dd04c8ea6d3e45244c2f6a22dca8822f1b0a07cb7115a8d98e646be984959aec9d364ba445406a7b2bfc40771b40be985aba851b09eddce3a9668d80244cedb807146a3fdaf784d8d496eba4411911f6619fdd638fa18976f87144f3510069d37e9a1bf416223244768983509af28ffd9db4be3ae5aa0c1d74b02f159a4c56936c375cbeeefe873abaeae0a61e9b47c8b1b2f6417513dcccf594171af66dc4902105c8072ea36a5259aff24ab7f28dcfa95019c93ef50f344c1466f82cdfadf696b1a9d16e4f1140173429a864a612180fb9cd9b31bcbb5d6e41a608703af29bfb99ede93b78b5febfc0032cb5655950953c2eb5213f0992c4ecc38460326197936bdeb98b4b9481e13ecdb8aedbd0061b36e1d87078c463217e0a895afba8c068f80289ca34fdf423a707823ad45cc0849032202296629ee567c36ad9dfca1502be03885e2c48caf4d9f020f80aed2c02370e341c69f425cef7f560ed1c69f30fb4b714dc9a3731414c4ea5d8fc83bb3bdb1596025dea1d7b6023970283da3926a99e09db61cd8415203c212b7236f831191748c22f40a677e5515645402a10de8d8d4a0edb42a7358cf", 0x1000}], 0x3, 0x0, 0x1, {0x2}}, 0x3) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="28000000180001"], 0x28}}, 0x0) 15:42:14 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x24, 0x0, 0x101, 0x0, 0xfffffffc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x2f}]}, 0x24}}, 0x0) 15:42:14 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x24, 0x0, 0x101, 0x0, 0xfffffffc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x2f}]}, 0x24}}, 0x0) 15:42:14 executing program 4: sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) clone3(&(0x7f0000000640)={0x123363500, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) mount$9p_fd(0x20000000, &(0x7f0000000240)='./file0\x00', &(0x7f00000025c0), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB="2c7702516f3d00", @ANYRESHEX=r1, @ANYBLOB='$dfltuid=', @ANYRESHEX=0xee01]) 15:42:14 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559b", 0x1d, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:42:14 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000040), 0x6400, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) 15:42:14 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) (fail_nth: 19) 15:42:14 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = io_uring_setup(0x454c, &(0x7f0000000240)) io_uring_register$IORING_REGISTER_FILES_UPDATE(r2, 0x11, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0) [ 683.834223] FAT-fs (loop5): bogus number of FAT sectors [ 683.834797] FAT-fs (loop5): Can't find a valid FAT filesystem [ 683.836408] 9pnet_fd: Insufficient options for proto=fd [ 683.858426] FAULT_INJECTION: forcing a failure. [ 683.858426] name failslab, interval 1, probability 0, space 0, times 0 [ 683.861053] CPU: 1 PID: 7207 Comm: syz-executor.2 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 683.863149] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 683.865626] Call Trace: [ 683.866176] 15:42:14 executing program 4: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file1\x00', 0x80000, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="4b1cba1866b81fc0a3806b7334c83377f4f07fc1977f97c7a60fb95c088d757fef112b0c68e4d8a29d79ba84eb4906d3a33544265710d811f83ba26959de6225cd50a49d6fd689b54b6d7f37dd04afaabfb6969f231cd5a2a3a7c13833d3a8a114493ef884aa91439a0a0893b6b49f59859095956880b77d3da5fa2a2c5a4a86def05aa7a01362d94c28b062a08102e92954f37824d306f9292e0939d3aeef5ddc1a47557d54541ce74f5946a161e257ff8d3afa1b9f501d4a9ec28e6c285cd9ad3ea931182eaa01c4f66634265d927b6a88ba61fe07ab3322f6e7", 0xdb, 0x7}, {&(0x7f00000005c0)="73bad003703eb4329360455fb55c838702a44625e5a0baefdf055ecbe3b7706d216cedc45f274f8cab2c9a6467daa24aade6ede4509205153134ca25a6de7c4f2ffc08395abd5ead10a8a092a92fedac6d11a7f1c782748d06221526047080962a89c332cf2437064eced466ee43763423a2eea94297e278aa9356fe2986ace997fb0f3ae94f529cb1fb341469ef071998b46f7322bebff7627076af4da782d76509d03c99ecd11f825fffaf81c017e9154ce4a26a9a40510e50e800a676d447798187f75a4b73a8690720afa6930c4a428229899e32f6fbd0a814aa468c09b9162582192b9cf6d4c8d7655f80fba700edb3458232d8524dabf5014de3c17583f5ce930a81c1b6f4947f991a441570dd964a96614cac6bcd00acb9e1962d9673d61cad89f401dfac622a3828f7b15053490ab33d23ba1eb7f5254c55bd6c66a7fc8540ea3643e6723c03bd70af78e379b982dca5936e6e433772469b2fd5d7d8651a3c6fbc2c71a05b51561d60fc02dd28c2217121a3bd728978336d423960314d895a0d6ae5184decde5b89751e762baa2e7aa6028f5e0bf9ba88a9945801332600984715c0377a7c4eba7c82f0ddc6febc1aa94e92277388dc3e62d54f10bc8784236e58b507bf88ec5498ab662d6ae69d9d5d99fdf334e09cdac950bbdc4b43c62dbacd393cff8e875db303cc1c9e4f7ea639976942f1fef432afe65eec02a78ec7a75b7e0003af4c7703370d1569fb19a29904aaefbf2d672e8978202fb833139feb7e34fbc413a10d9b3995bad16ef2bcfda63fa0a13bce539502a4eff98561395e3ee8b184eb1c82dfd127f52108fb8dec1e583acdc780bf2a7a027257348a854de348a001a37cd2fbf8b35dda7cab3f220f761b50a6b91c39d5d06a244a158780997130699f24dc9a47e4830e183a6eab9f6ffa4981b7040168f16da628b368d564613d6fb3994c32d881056e44cdf25fca8a4d3e9c9175beed03860850c2efe9cd859876425c432ca54b84345e762e65053b2db152deea7e1e584fc466f6d887acec9aa52f14b144b858d47400b33950788c309f6f0436aa5a85a482a81fbb3f256888c550fea4b36ffd48014e8c3131419ccf0f53984d1e7a0b548fea8311fce5775258c74e17d41c846b713b5c9d3d1d742fcc6c274c5428424fd0f6f00be79a9d136978a02ed390a9a4dcadcbe36b3691355c7aec6a66a147abeaf09c050eadd44dce4d619b033febe009a2caecd2fa4f15a1ad5d5e68288f2633f72a353423ee227e7bdee213ea2524b42ffd52ab3bb728268eec799907ae8b80935925a4ee86e1374c3f27b37a4c6b27280558fc43d2a474e1fa347c08b0596a89813cae8c3b2aa88ff2afd5bbf0e0afca7133108d8bf822ee75c98565067dd1bdb883984a1d891a90ae68609c9584f9f2e19cda160bf7935fb8bd459cba8bfa7598fa4f10b007aced2981b89b374ca23fc2c90ad24ddb10a28f60790280b9d08671fa8ae6495c58fba830f884a8763b2d88e0aafad8ac32f4a2176790f9d0ae3869166b765a73be53cadb4f2045e09e4f9c2aa351dc8e125eaa5014327cab4c6b75723fea3794e5a9f2f0a174b7b0a70392350ab89d947b367cea13236ea3141d41b56a06f6132943bbf997fee2609425b328db73c48f5d4dce73e5b8d91fa915685b9193ec3c134211cc4bc1fccf947b204643fc2854a9b70b69a2b6eca39fb2ae533c44e4d448f1b3f52c2f658ad616c9a34b25a78bd162ac2b84a626142ac452f2cd82bdf49846ca0f1169e914950b2b64230845660bd294afd0520a3bacac5bb6013c537aab2daceb96c7a228d0c867f8c4d95deea33e62e86ebc213f9c642eac96906bc31e6ce5bb06c586b41846b4d6ffc514fbaf37e5264f50d36cdc31060f8d97957ddb47a6e6d0bf656ed06171b98ef8a7f9e2c3897435d5c4c788be0bdc500cd9a1df10025ec0127a7ef9d89ca6b4dbba46e87df6116aacc8479b2a148f1b810bf55bc94d5006988fdfdf70ba7ed3de36c280518f0f22d94db35685319bc278862d08fe7ba2038e5cb6cd75f9d49123c949b700ad776e926ce7c030812ef4184af7a20a520ea88d97f6456a9f804d8b5a8581a6501c1ebb569981014bfdc73a472607af45c015aacada432717fd2e84aae38385c06417bff569a7ef31cf52aaea7cb34afa482a1cbd3263b20557f9d3e1c85ca56128f347210cb2510416840004067d95ed37a45f9cd10a0e983f3922898db293366b200c425772d1ca4d211d4f2e8b5d9f46c3e4d4cd5fbdcee026988e28dd9405eb838a4b60e3695cc0c93eff53e60c44420f6d2166074b8715af9de8e9436e707b6040cc4a056bd3278cfd38124290aeee9513220475230bbf89f32d3eeafee0b5e100683d17488725f52d52f5164a2cde3067baeb03f3afd5ec9f07988bb34e8fd4803aa92142e739bfc9b8aff2aaf04eec254213ea52668be791adc52e1ef466321631ab1387200987439e83c83da0e71a011cebbf352927708bcaa573d5232a78efca74f0ac83a9901ac1be2694510b25148f89e4c83575cc7bfe9333bfb39cff17c05ce51205419bdea729ba109b8e5858d1f7237bf4503b2c8cd56829c172deca73c6955c0165c2f71721d37da347d50921d8639e35ed5566845a00200d7098ce20817abb73cf1c7a123a55897f9bb225b31b284b62219a272da29249f5b3fe31adbecb36f71ea61a61065629297741e7f5e491ba41d3eda0f9e74928b7fe3f687fff367b3398561e71098590e4b074466e399f8902151d9c2634b8a0bf62b3f42f42a90fd0ffe1c541e6a88e110ea24fff3481bee99c157910a02ce8bb5bfbb56dde3effe1810df387098e7b6ffbfec1f6101cce06f3e7be061fd4574dc2c167b57270f0d0eca0f6b9d3a4ee7727b9d5a598e9e98015cc5a6478bed30cbf9d92fb4fba66f72a8d1772a09e86cd5c2a970d06c6849252cdf56329d00a2cba4aaff253f86e78bb8a83539385aeead71da8a4b7eeac592fea6cda9aa694e1ba07ca73c9c7946e87983fe337a5fa69378d550183347f126da3fd426fe0b7b273e2d332656c2d62e7229e2dab38808199129b02b7cc647530402fa713998d944a83833e68b55b0763f03ccf8445e96e7be31436dfbc045c5930e5474e9e8b7c683bc0a752a3fc4acb541df00d41fce3cecfd55b368e31247f9dc9af8554190a724f6e9a049f55e5759a4d8c5231dbd7506e1eb9e20249bf6b753b3271076f3050fb67ff0e59a3f3fb2039b31c6a01367d297b53b86620c6bd8ba78f4586f27e4ba8f37ec6dbd1233fde84095723af22f8e5e0a6e6a121f1dfbb3bdca0bf92ec00725b43208de68d1a966c792c6771f247bb669ab1882296e9475529c669a8d962c6e81d94637155ea49ab2a002ff8a007ce96545891fd093b0396d217f65997694e4db2e69639c1ae4c4a27fd7f7b460bcbb4cb55e0617d9d14ae7396d5f9f25f6486629814ceca372857507b903cd46a53a45ca206ea495cca7497d0a5535906490396b09a30d479d343209dd81e262f8eeedbcf9e051ee4f382bf825637b0e1007c93276c854fca99ffcf06af7d904b5945522bbee129d3169335d57ae8da16b9ee1eef5d35e21689e745b802ec20a5976aa09f975bb91198476e6bbd2963e97259befdc83620a783cd8d38d39801209ba728ff85c46d38b9ee25363fde0a1ead52bee4e583a3ffd342446b1c2e8eebc2696c5fee94da75d89c8b4d84b433b4af70d90ba1590e36e00028cdb5e0cf92376b80067ee4862245ae24e9d43bb83d99c9e60fbe892797527537719dc4b5c1005c53786b298c8fa4b073f808ac3590babd07c4c4591d08216741f944bfd01007083d50446efdb4a402f2f71072f7dc34c76d24377572e19badac3ccb0f8be65c4b87ca2fad9e777716b200548a910903c05348fc00ed4083202df703d8d0c27d0334608be2b690fa4012699343c714cf98ad0886c545190fe6187abfe864bd2befcedaf4b98f12fcd136e3437e545b653fbd449ce2270e2e8955b067a0f833bfce8f4c2eecb5be713252e151de0b518f35acc8556b3a088545415612172f793c6734c02ea5ee193a05b44cdb4d7e8a52c277c603e290fbaf8bb9f64fba325d3002293f2c68169ade6f45afc0332c7786b5325cd7a22465a74e054898f7349d1e3faf8830b068e3d32f16f6048ac5281d437ce15ff94322fb1ddcda69fbf3f1f7556f8fe65a42645d4a2eaaa11d2196f8249da0c29a584760cf0321f0b079c572891fff2241b075786ec4a2956278da340e321d04f15beac19e13317c9b955dbece1634aa7a9e01eef7b702f1f5373449df9b482e561adee84abca3a667ad1bb92b3ab4f3d0220f8ea6b6bece18efadc0c1a0680bc83262551c6e0e016aade349410e5b49bac61b90ee0cace71782f9b052f5fbd27eb74ebd4139015fe2296497e1606ba97e3e519bbb1bbb3fec2ee9675b5691f510bb780080bdb638fcf316f5f3620f22bcf428421ef6761fb2a4a5b6ee00f1754c0f99676ba71948c254c71faeb5b72045dadd53cc844526a315e1f0dc24950bd4af3b25179b33259276879189a36b75396f1bbf876b608f9dafa262d06110e9f49122648618e38b71b05901792b1c8549bd9df585b8d85da9ed128f5998de8849d903ebb0df62674a24793688869d469080ff9a35971cdeb22b501bc593db8ec782bf6930f0fbc1c1063e3d862fe0b62b0abee1da42cc159d43e2e22650712966b1bebc3ae382cd59ff4bf9478bd015aa3fa979071cc3989373b1a49d8a0b5b37fb493bbee60f84b8dafffce4b381de880eb18fd0aacc4526f6f8fd44eae731ef984e37b435daa4a3a959d935354b4a8522b849366300348d575955b237fff14acb23b198cf5e1718e66373453b2fde2b0b81ccba4df9f75314e3fccb770b235b4e60229523965d561c5248249c523bfaedea41d9637681a41dc84a0950a64d05341ea7797dba1bc2fadfa58b108d79ff8f6f92aa35d916b8e9370e34d503bea9ae64ecfbcd50cf91460b523fe1c98ef12cac3202a7e3ed2c7241bdb269e69689b37c1c77100117d1a323a58a557935d02be00a97db9119e358fe63db27f27b0f726b8de4fc337c8f63b66b022672b3dadb2a2c80dd78e5463334592b648fc1719401488d39995e2ef03180bbd23486f939e941f2c0d705bbed23de982de1d7f866f6fc4c735134f342af2437f9ddb753fe26f4ee7303f393516a1a799e41137de878d4b845656ae270a19a640d81b9b8655b11be44b776991196b669410dad9679c8c205bcacdc21b8abc45d37218961acea1b3d5062838b4084ad9fb69262f772ed6afe909c7274ba12bbad197263412e773d9eef9d6cbf67b1cea67d85da8899f6db3ac47e9c6a8008e5c4ebf549998602317140f4f3e47236e876d5ed9d3d2d52c3ce35cc7663b404cb601ddf1f05a5730387d8a09ec67405f4079b3e6ec7f39067237b6703ca3c5a778ef8ac3b38ad68f046bd59dc6aa2f31004e0afbc8cddc7da0ce344c309bf69bce0c8ab2042702f37dfa9174b8a7e0bf7139660fb09b9a21a31ee81990bfa2aaa0e78e40de2b747d03f1889ef78d624d675a923436911ba61d870405df3de4ab1a649b4eb5326617ff17cdef8de93153f257069b8b402a11af7cdc96f51990e7b69eb1f96bb4809986dd201d3d21ab5f0af44681021b0e49e5118f5062ce41ab9e3ea011785afbc24ceffc429cace10c4f2ac0bbc2e64e0100cfd07b65323dbf70ad55cb1e50966b12933bcd2b04d7dd45ccf0f51", 0x1000, 0x80}], 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="98082952d5743bd4193453e1dd65d4832676900b24f13d0256386704e59f86602474ea1e258d0fd38745797e3afee7dcf8a4af6e273bd30c4addd913814fcd08e4aab1ba89eb87fd8b4cd8892915d6f3579ecd53af0a136a032d5188b58fcd27862efa196c14310c791582d19d9843d688a8668a9bd7db90493b2d18cd18599c36773a"]) getdents(r0, &(0x7f00000004c0)=""/195, 0xc3) r1 = syz_open_dev$vcsa(&(0x7f0000000280), 0xd40, 0x101000) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r2, 0x0) mount$9p_fd(0x0, &(0x7f0000000300)='\x00', &(0x7f0000000340), 0x1000, &(0x7f0000000380)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@cachetag={'cachetag', 0x3d, '/dev/vcsa#\x00'}}, {@cache_fscache}, {@version_u}, {@nodevmap}, {@nodevmap}, {@access_client}, {@privport}, {}], [{@subj_role={'subj_role', 0x3d, '.&$'}}, {@euid_lt={'euid<', r2}}, {@dont_measure}]}}) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r1, 0x40106614, &(0x7f00000002c0)) [ 683.866658] dump_stack_lvl+0x8b/0xb3 [ 683.867747] should_fail.cold+0x5/0xa [ 683.868620] ? create_object.isra.0+0x3a/0xa20 [ 683.869641] should_failslab+0x5/0x10 [ 683.870468] kmem_cache_alloc+0x5b/0x480 [ 683.871363] create_object.isra.0+0x3a/0xa20 [ 683.872363] ? kasan_unpoison+0x23/0x50 [ 683.873247] kmem_cache_alloc_trace+0x22e/0x3c0 [ 683.874272] bpf_prog_store_orig_filter+0x7b/0x1e0 [ 683.875344] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 683.876619] __get_filter+0x1ec/0x2c0 [ 683.877461] sk_attach_filter+0x1e/0x380 [ 683.878362] tun_attach.isra.0+0xb8a/0x15f0 [ 683.879311] ? rcu_read_lock_sched_held+0xd/0x70 [ 683.880355] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 683.881552] ? full_name_hash+0x11c/0x180 [ 683.882472] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 683.883668] ? selinux_tun_dev_open+0x168/0x1b0 [ 683.884679] __tun_chr_ioctl+0x1701/0x3f10 [ 683.885584] ? tun_attach.isra.0+0x15f0/0x15f0 [ 683.886578] ? __x64_sys_ioctl+0x97/0x210 [ 683.887467] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 683.888667] ? tun_chr_compat_ioctl+0x30/0x30 [ 683.889635] __x64_sys_ioctl+0x196/0x210 [ 683.890517] do_syscall_64+0x3b/0x90 [ 683.891345] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 683.891372] RIP: 0033:0x7f2849393b19 [ 683.891391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 15:42:14 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = dup(r0) bind$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r2, &(0x7f0000000140)={0x37}, 0x14) sendmsg$IPCTNL_MSG_EXP_GET(r2, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0xac, 0x1, 0x2, 0x201, 0x0, 0x0, {0x7, 0x0, 0x2}, [@CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0x4}, @CTA_EXPECT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x2}, @CTA_EXPECT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x3}, @CTA_EXPECT_ID={0x8}, @CTA_EXPECT_MASK={0x30, 0x3, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x37}}, {0x14, 0x4, @rand_addr=' \x01\x00'}}}]}, @CTA_EXPECT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x1}, @CTA_EXPECT_TUPLE={0x40, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @private=0xa010102}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}]}]}, 0xac}, 0x1, 0x0, 0x0, 0x810}, 0x8) 15:42:14 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="84000000", @ANYRES16=r2, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r1, @ANYBLOB="6700330080800000ffffffffffff080211000000505050505050000000000000000000000000000000000000000001018003"], 0x84}}, 0x0) sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x70, 0x0, 0x400, 0x70bd27, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_SERVICE={0x5c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x20}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x6a}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x36}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e24}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x1}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@multicast2}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x40004}, 0x805) 15:42:14 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559b", 0x1d, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:42:14 executing program 7: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x38, r1, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x200000c0}, 0x0) r2 = syz_open_dev$loop(&(0x7f0000000000), 0x1, 0x141001) ioctl$LOOP_CHANGE_FD(r2, 0x4c06, 0xffffffffffffffff) [ 683.891413] RSP: 002b:00007f2846909188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 683.891437] RAX: ffffffffffffffda RBX: 00007f28494a6f60 RCX: 00007f2849393b19 [ 683.891454] RDX: 0000000020000000 RSI: 00000000400454ca RDI: 0000000000000003 [ 683.891468] RBP: 00007f28469091d0 R08: 0000000000000000 R09: 0000000000000000 [ 683.891483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 683.891497] R13: 00007ffe11164b5f R14: 00007f2846909300 R15: 0000000000022000 [ 683.891521] [ 683.912657] loop5: detected capacity change from 0 to 260 15:42:14 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x24, 0x0, 0x101, 0x0, 0xfffffffc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x2f}]}, 0x24}}, 0x0) [ 683.928681] FAT-fs (loop5): bogus number of FAT sectors [ 683.928692] FAT-fs (loop5): Can't find a valid FAT filesystem 15:42:14 executing program 0: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="6d706f6c3d627b6e64226d6f64653d30303030303030303030308ce29c3030303030303030303030302c00"]) 15:42:14 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba333", 0x1f, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:42:14 executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) r0 = socket$inet_icmp(0x2, 0x2, 0x1) fallocate(r0, 0x28, 0xd85f, 0x1f) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') ioctl$FICLONE(r1, 0x40049409, 0xffffffffffffffff) open_by_handle_at(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="02009037059e988b34312c00d59e00"/29], 0x0) [ 683.998243] loop5: detected capacity change from 0 to 260 [ 683.998814] tmpfs: Bad value for 'mpol' 15:42:14 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) setns(r1, 0x8000000) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r2, &(0x7f0000000140)={0x37}, 0x14) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r3, &(0x7f0000000140)={0x37}, 0x14) fsconfig$FSCONFIG_SET_FD(r2, 0x5, &(0x7f0000000080)='&[]\x00', 0x0, r3) [ 684.013219] tmpfs: Bad value for 'mpol' [ 684.014726] FAT-fs (loop5): bogus number of FAT sectors [ 684.015552] FAT-fs (loop5): Can't find a valid FAT filesystem 15:42:14 executing program 7: perf_event_open$cgroup(&(0x7f00000000c0)={0x2, 0x80, 0x9b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f736698fa1b00080801000240004000f801", 0x17}, {0x0, 0x0, 0x17ff}], 0x0, &(0x7f0000010d00)) getdents64(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') r1 = syz_mount_image$nfs4(&(0x7f0000000080), &(0x7f0000000180)='./file0\x00', 0x0, 0x1, &(0x7f0000000240)=[{&(0x7f00000001c0)="c96817476f3e0aa862e61a4b4a9d1038ab11507bab3489482908d467111593a80b75a219", 0x24, 0x7fffffff}], 0x1018c22, &(0x7f0000000280)={[{'{n'}, {'${'}, {'&}'}, {'.\\'}], [{@smackfsfloor={'smackfsfloor', 0x3d, 'vfat\x00'}}, {@euid_eq}, {@seclabel}, {@pcr={'pcr', 0x3d, 0xb}}, {@uid_lt={'uid<', 0xee01}}, {@audit}]}) faccessat2(r1, &(0x7f0000000300)='./file0\x00', 0x4, 0x300) write$P9_RMKNOD(r0, &(0x7f0000000140)={0x37}, 0x14) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000040)='\x00') r2 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r2, &(0x7f0000000140)={0x37}, 0x14) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000340)={0x5, {{0xa, 0x4e23, 0x4, @ipv4={'\x00', '\xff\xff', @empty}, 0xac}}, {{0xa, 0x4e21, 0x200, @empty, 0x46}}}, 0x108) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) [ 684.050872] loop7: detected capacity change from 0 to 23 [ 698.981403] loop1: detected capacity change from 0 to 511 [ 698.982402] loop5: detected capacity change from 0 to 260 15:42:29 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r0, &(0x7f0000000640)=[{&(0x7f00000000c0)="91", 0x1}], 0x1, 0x8000000, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x200001, 0x48) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r3, &(0x7f0000000140)={0x37}, 0x14) socketpair(0xb, 0x6, 0x6, &(0x7f0000000080)={0xffffffffffffffff}) recvmmsg(r4, &(0x7f0000005dc0)=[{{&(0x7f00000001c0)=@l2tp6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000240)=""/99, 0x63}, {&(0x7f00000002c0)=""/98, 0x62}], 0x2, &(0x7f0000000380)=""/154, 0x9a}, 0x9}, {{&(0x7f0000000440)=@pppol2tpv3, 0x80, &(0x7f0000001980)=[{&(0x7f00000004c0)=""/81, 0x51}, {&(0x7f0000000540)=""/45, 0x2d}, {&(0x7f0000000680)=""/230, 0xe6}, {&(0x7f0000000580)=""/154, 0x9a}, {&(0x7f0000000780)=""/67, 0x43}, {&(0x7f0000000800)=""/111, 0x6f}, {&(0x7f0000000880)=""/202, 0xca}, {&(0x7f0000000980)=""/4096, 0x1000}], 0x8, &(0x7f0000001a00)=""/4096, 0x1000}, 0x1}, {{0x0, 0x0, &(0x7f0000002cc0)=[{&(0x7f0000002a00)=""/223, 0xdf}, {&(0x7f0000002b00)=""/140, 0x8c}, {&(0x7f0000002bc0)=""/218, 0xda}], 0x3, &(0x7f0000002d00)=""/138, 0x8a}, 0x2}, {{&(0x7f0000002dc0)=@l2tp, 0x80, &(0x7f00000031c0)=[{&(0x7f0000002e40)=""/97, 0x61}, {&(0x7f0000002ec0)=""/179, 0xb3}, {&(0x7f0000002f80)=""/234, 0xea}, {&(0x7f0000003080)=""/215, 0xd7}, {&(0x7f0000003180)=""/57, 0x39}], 0x5, &(0x7f0000003240)=""/177, 0xb1}, 0x9}, {{&(0x7f0000003300)=@in6={0xa, 0x0, 0x0, @initdev}, 0x80, &(0x7f0000003480)=[{&(0x7f0000003380)=""/162, 0xa2}, {&(0x7f0000003440)=""/33, 0x21}], 0x2, &(0x7f00000034c0)=""/55, 0x37}, 0x9}, {{&(0x7f0000003500)=@caif, 0x80, &(0x7f0000003940)=[{&(0x7f0000003580)}, {&(0x7f00000035c0)=""/164, 0xa4}, {&(0x7f0000003680)=""/185, 0xb9}, {&(0x7f0000003740)=""/28, 0x1c}, {&(0x7f0000003780)=""/177, 0xb1}, {&(0x7f0000003840)=""/195, 0xc3}], 0x6, &(0x7f00000039c0)=""/201, 0xc9}, 0x6}, {{&(0x7f0000003ac0)=@in={0x2, 0x0, @loopback}, 0x80, &(0x7f0000005c80)=[{&(0x7f0000003b40)=""/140, 0x8c}, {&(0x7f0000003c00)=""/128, 0x80}, {&(0x7f0000003c80)=""/4096, 0x1000}, {&(0x7f0000004c80)=""/4096, 0x1000}], 0x4, &(0x7f0000005cc0)=""/253, 0xfd}, 0x3}], 0x7, 0x2040, &(0x7f0000005f80)) mknodat(r3, &(0x7f0000000180)='./file1\x00', 0x8200, 0x8000000) sendfile(r2, r1, 0x0, 0x1400000000) 15:42:29 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x24, r1, 0x0, 0x0, 0xfffffffc, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x2f}]}, 0x24}}, 0x0) 15:42:29 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) syz_genetlink_get_family_id$fou(&(0x7f0000000040), r1) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) 15:42:29 executing program 1: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x3fffc, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000e2f4655fe2f4655f0100ffff53ef010001000000e1f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000000040)="ed41000000100000e1f4655fe2f4655fe2f4655f000000000000040108294eaee4e5b00909da28458e", 0x29, 0x4200}], 0x0, &(0x7f0000013a00)) 15:42:29 executing program 4: r0 = clone3(&(0x7f0000000580)={0x40040300, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r1 = gettid() r2 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) clone3(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0], 0x8}, 0x58) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000001780)={0x0, 0x0}) r4 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) clone3(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0], 0x8}, 0x58) r5 = gettid() clone3(&(0x7f0000001800)={0x200100, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140), {0x3}, &(0x7f0000000180)=""/35, 0x23, &(0x7f00000001c0)=""/223, &(0x7f00000017c0)=[r0, r1, r2, r3, r0, r4, r5], 0x7}, 0x58) r6 = syz_open_dev$vcsu(&(0x7f0000000080), 0x1, 0x0) perf_event_open$cgroup(&(0x7f0000000000)={0x2, 0x80, 0x1f, 0x3f, 0x5, 0x1, 0x0, 0x4, 0x4000, 0x352875dcf643d2a1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x5, 0x4, @perf_config_ext={0x1, 0x8}, 0x204, 0x6, 0xff, 0x6, 0x20, 0x0, 0x1, 0x0, 0x800000, 0x0, 0x5}, 0xffffffffffffffff, 0x10, r6, 0x1) 15:42:29 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) (fail_nth: 20) 15:42:29 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba333", 0x1f, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:42:29 executing program 0: syz_mount_image$vfat(0x0, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/bus/snd_seq', 0x0, 0x0) r1 = epoll_create1(0x0) close(r1) r2 = syz_io_uring_setup(0x1, &(0x7f0000000000), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x100010, r2, 0x8000000) syz_io_uring_setup(0x4eff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r8, 0x80, &(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @private1}}, 0x0) syz_io_uring_submit(r5, r7, &(0x7f00000000c0)=@IORING_OP_POLL_REMOVE={0x7, 0x2, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1}, 0x2) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) [ 698.985556] EXT4-fs (loop1): bad geometry: block count 64 exceeds size of device (63 blocks) [ 698.994978] loop1: detected capacity change from 0 to 511 [ 698.998216] EXT4-fs (loop1): bad geometry: block count 64 exceeds size of device (63 blocks) [ 699.014848] FAULT_INJECTION: forcing a failure. [ 699.014848] name failslab, interval 1, probability 0, space 0, times 0 [ 699.017241] CPU: 1 PID: 7265 Comm: syz-executor.2 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 699.019227] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 699.021581] Call Trace: [ 699.022113] [ 699.022572] dump_stack_lvl+0x8b/0xb3 [ 699.023379] should_fail.cold+0x5/0xa [ 699.024198] should_failslab+0x5/0x10 [ 699.024988] __kmalloc_track_caller+0x79/0x420 [ 699.025940] ? bpf_prog_store_orig_filter+0x103/0x1e0 [ 699.027005] ? rcu_read_lock_sched_held+0xd/0x70 [ 699.028002] kmemdup+0x23/0x50 [ 699.028670] bpf_prog_store_orig_filter+0x103/0x1e0 [ 699.029703] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 699.030845] __get_filter+0x1ec/0x2c0 [ 699.031642] sk_attach_filter+0x1e/0x380 [ 699.032505] tun_attach.isra.0+0xb8a/0x15f0 [ 699.033400] ? rcu_read_lock_sched_held+0xd/0x70 [ 699.034381] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 699.035522] ? full_name_hash+0x11c/0x180 [ 699.036410] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 699.037559] ? selinux_tun_dev_open+0x168/0x1b0 [ 699.038536] __tun_chr_ioctl+0x1701/0x3f10 [ 699.039429] ? tun_attach.isra.0+0x15f0/0x15f0 [ 699.040394] ? __x64_sys_ioctl+0x97/0x210 [ 699.041256] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 699.042408] ? tun_chr_compat_ioctl+0x30/0x30 [ 699.043353] __x64_sys_ioctl+0x196/0x210 [ 699.044218] do_syscall_64+0x3b/0x90 [ 699.045006] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 699.046070] RIP: 0033:0x7f2849393b19 [ 699.046837] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 699.050470] RSP: 002b:00007f2846909188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 699.051951] RAX: ffffffffffffffda RBX: 00007f28494a6f60 RCX: 00007f2849393b19 [ 699.053323] RDX: 0000000020000000 RSI: 00000000400454ca RDI: 0000000000000003 [ 699.054688] RBP: 00007f28469091d0 R08: 0000000000000000 R09: 0000000000000000 [ 699.056065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 699.057432] R13: 00007ffe11164b5f R14: 00007f2846909300 R15: 0000000000022000 [ 699.058807] [ 699.071232] FAT-fs (loop5): bogus number of FAT sectors [ 699.072336] FAT-fs (loop5): Can't find a valid FAT filesystem 15:42:29 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="1bf7ffe800000000020001"], 0x1c}}, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, r2, {0xee01, 0xee01}}, './file1\x00'}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0x88, r4, 0x100, 0x70bd27, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x1, 0x5c}}}}, [@NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x2]}, @NL80211_ATTR_FRAME={0x3c, 0x33, @deauth={@with_ht={{{0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1}, {0x7f}, @broadcast, @device_a, @random="7fc62e774b2e", {0x1, 0x3}}, @ver_80211n={0x0, 0x1, 0x3, 0x0, 0x0, 0x3, 0x1, 0x0, 0x1}}, 0x1b, @val={0x8c, 0x18, {0xf89, "5d8dede0c37c", @long="b2674d5534e6b67c1958bab5ecdcdea3"}}}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0xe, 0xcd, [0x634, 0xfff, 0x6, 0xfa93, 0x7]}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_DURATION={0x8, 0x57, 0xd92}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x8}]]}, 0x88}, 0x1, 0x0, 0x0, 0x881}, 0x4) write$P9_RREADLINK(r2, &(0x7f0000000000)=ANY=[], 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r5, 0x40286608, &(0x7f0000000480)) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) 15:42:29 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x24, r1, 0x0, 0x0, 0xfffffffc, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x2f}]}, 0x24}}, 0x0) 15:42:29 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba333", 0x1f, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) [ 699.141905] loop5: detected capacity change from 0 to 260 [ 699.148161] FAT-fs (loop5): bogus number of FAT sectors [ 699.148745] FAT-fs (loop5): Can't find a valid FAT filesystem [ 699.153871] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 699.193562] EXT4-fs warning (device sda): verify_group_input:136: Cannot add at group 0 (only 16 groups) [ 699.242066] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 15:42:40 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x24, r1, 0x0, 0x0, 0xfffffffc, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x2f}]}, 0x24}}, 0x0) 15:42:40 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r0, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {0x7fffffff}}, './file0\x00'}) ioctl$LOOP_SET_FD(r1, 0x4c00, r0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x110, r0, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) 15:42:40 executing program 0: syz_mount_image$vfat(0x0, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/bus/snd_seq', 0x0, 0x0) r1 = epoll_create1(0x0) close(r1) r2 = syz_io_uring_setup(0x1, &(0x7f0000000000), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x100010, r2, 0x8000000) syz_io_uring_setup(0x4eff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r8, 0x80, &(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @private1}}, 0x0) syz_io_uring_submit(r5, r7, &(0x7f00000000c0)=@IORING_OP_POLL_REMOVE={0x7, 0x2, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1}, 0x2) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 15:42:40 executing program 4: r0 = clone3(&(0x7f0000000580)={0x40040300, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r1 = gettid() r2 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) clone3(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0], 0x8}, 0x58) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000001780)={0x0, 0x0}) r4 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) clone3(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0], 0x8}, 0x58) r5 = gettid() clone3(&(0x7f0000001800)={0x200100, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140), {0x3}, &(0x7f0000000180)=""/35, 0x23, &(0x7f00000001c0)=""/223, &(0x7f00000017c0)=[r0, r1, r2, r3, r0, r4, r5], 0x7}, 0x58) r6 = syz_open_dev$vcsu(&(0x7f0000000080), 0x1, 0x0) perf_event_open$cgroup(&(0x7f0000000000)={0x2, 0x80, 0x1f, 0x3f, 0x5, 0x1, 0x0, 0x4, 0x4000, 0x352875dcf643d2a1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x5, 0x4, @perf_config_ext={0x1, 0x8}, 0x204, 0x6, 0xff, 0x6, 0x20, 0x0, 0x1, 0x0, 0x800000, 0x0, 0x5}, 0xffffffffffffffff, 0x10, r6, 0x1) 15:42:40 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba33307", 0x20, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:42:40 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) (fail_nth: 21) 15:42:40 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="1bf7ffe800000000020001"], 0x1c}}, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, r2, {0xee01, 0xee01}}, './file1\x00'}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0x88, r4, 0x100, 0x70bd27, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x1, 0x5c}}}}, [@NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x2]}, @NL80211_ATTR_FRAME={0x3c, 0x33, @deauth={@with_ht={{{0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1}, {0x7f}, @broadcast, @device_a, @random="7fc62e774b2e", {0x1, 0x3}}, @ver_80211n={0x0, 0x1, 0x3, 0x0, 0x0, 0x3, 0x1, 0x0, 0x1}}, 0x1b, @val={0x8c, 0x18, {0xf89, "5d8dede0c37c", @long="b2674d5534e6b67c1958bab5ecdcdea3"}}}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0xe, 0xcd, [0x634, 0xfff, 0x6, 0xfa93, 0x7]}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_DURATION={0x8, 0x57, 0xd92}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x8}]]}, 0x88}, 0x1, 0x0, 0x0, 0x881}, 0x4) write$P9_RREADLINK(r2, &(0x7f0000000000)=ANY=[], 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r5, 0x40286608, &(0x7f0000000480)) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) 15:42:40 executing program 7: r0 = perf_event_open(&(0x7f00000038c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x9) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') r2 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r2, &(0x7f0000000140)={0x37}, 0x14) preadv(r2, &(0x7f0000000100)=[{&(0x7f0000000080)=""/114, 0x72}, {&(0x7f0000000180)=""/93, 0x5d}, {}, {&(0x7f0000000200)=""/102, 0x66}], 0x4, 0x7, 0x51) write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) syz_io_uring_setup(0x4fa5, &(0x7f000000a400)={0x0, 0x0, 0x2, 0x1000000, 0x0, 0x0, r1}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2403, 0x0) [ 710.435986] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 710.438868] FAULT_INJECTION: forcing a failure. [ 710.438868] name failslab, interval 1, probability 0, space 0, times 0 [ 710.440117] CPU: 0 PID: 7307 Comm: syz-executor.2 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 710.441157] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 710.442379] Call Trace: [ 710.442652] [ 710.442893] dump_stack_lvl+0x8b/0xb3 [ 710.443318] should_fail.cold+0x5/0xa [ 710.443749] ? create_object.isra.0+0x3a/0xa20 [ 710.444258] should_failslab+0x5/0x10 [ 710.444671] kmem_cache_alloc+0x5b/0x480 [ 710.445123] create_object.isra.0+0x3a/0xa20 [ 710.445611] ? kasan_unpoison+0x23/0x50 [ 710.446047] __kmalloc_track_caller+0x25e/0x420 [ 710.446552] ? bpf_prog_store_orig_filter+0x103/0x1e0 [ 710.447125] kmemdup+0x23/0x50 [ 710.447470] bpf_prog_store_orig_filter+0x103/0x1e0 [ 710.448015] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 710.448620] __get_filter+0x1ec/0x2c0 [ 710.449045] sk_attach_filter+0x1e/0x380 [ 710.449483] tun_attach.isra.0+0xb8a/0x15f0 [ 710.449959] ? rcu_read_lock_sched_held+0xd/0x70 [ 710.450484] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 710.451095] ? full_name_hash+0x11c/0x180 [ 710.451548] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 710.452148] ? selinux_tun_dev_open+0x168/0x1b0 [ 710.452661] __tun_chr_ioctl+0x1701/0x3f10 [ 710.453134] ? tun_attach.isra.0+0x15f0/0x15f0 [ 710.453646] ? __x64_sys_ioctl+0x97/0x210 [ 710.454113] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 710.454723] ? tun_chr_compat_ioctl+0x30/0x30 [ 710.455231] __x64_sys_ioctl+0x196/0x210 [ 710.455666] do_syscall_64+0x3b/0x90 [ 710.456089] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 710.456653] RIP: 0033:0x7f2849393b19 [ 710.457065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 710.459095] RSP: 002b:00007f2846909188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 710.459935] RAX: ffffffffffffffda RBX: 00007f28494a6f60 RCX: 00007f2849393b19 [ 710.460751] RDX: 0000000020000000 RSI: 00000000400454ca RDI: 0000000000000003 [ 710.461541] RBP: 00007f28469091d0 R08: 0000000000000000 R09: 0000000000000000 [ 710.462336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 710.463139] R13: 00007ffe11164b5f R14: 00007f2846909300 R15: 0000000000022000 [ 710.463926] [ 710.464829] loop5: detected capacity change from 0 to 260 [ 710.470521] FAT-fs (loop5): bogus number of FAT sectors [ 710.471160] FAT-fs (loop5): Can't find a valid FAT filesystem [ 710.502135] EXT4-fs warning (device sda): verify_group_input:136: Cannot add at group 0 (only 16 groups) 15:42:41 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba33307", 0x20, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:42:41 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x24, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x2f}]}, 0x24}}, 0x0) [ 710.530975] loop5: detected capacity change from 0 to 260 [ 710.556259] FAT-fs (loop5): bogus number of FAT sectors [ 710.557397] FAT-fs (loop5): Can't find a valid FAT filesystem [ 710.563623] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 710.577466] EXT4-fs warning (device sda): verify_group_input:136: Cannot add at group 0 (only 16 groups) [ 710.578563] FAULT_INJECTION: forcing a failure. [ 710.578563] name failslab, interval 1, probability 0, space 0, times 0 [ 710.580955] CPU: 1 PID: 7322 Comm: syz-executor.2 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 710.582891] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 710.585190] Call Trace: [ 710.585709] [ 710.586159] dump_stack_lvl+0x8b/0xb3 [ 710.586950] should_fail.cold+0x5/0xa [ 710.587714] ? kvmalloc_node+0x97/0x100 [ 710.588522] should_failslab+0x5/0x10 [ 710.589283] __kmalloc_node+0x76/0x470 [ 710.590069] kvmalloc_node+0x97/0x100 [ 710.590850] tun_attach.isra.0+0x7df/0x15f0 [ 710.591718] ? rcu_read_lock_sched_held+0xd/0x70 [ 710.592681] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 710.593786] ? full_name_hash+0x11c/0x180 [ 710.594636] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 710.595741] ? selinux_tun_dev_open+0x168/0x1b0 [ 710.596691] __tun_chr_ioctl+0x1701/0x3f10 [ 710.597538] ? tun_attach.isra.0+0x15f0/0x15f0 [ 710.598472] ? __x64_sys_ioctl+0x97/0x210 [ 710.599310] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 710.600425] ? tun_chr_compat_ioctl+0x30/0x30 [ 710.601331] __x64_sys_ioctl+0x196/0x210 [ 710.602174] do_syscall_64+0x3b/0x90 [ 710.602935] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 710.603960] RIP: 0033:0x7f2849393b19 [ 710.604722] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 710.608332] RSP: 002b:00007f2846909188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 710.609857] RAX: ffffffffffffffda RBX: 00007f28494a6f60 RCX: 00007f2849393b19 [ 710.611275] RDX: 0000000020000000 RSI: 00000000400454ca RDI: 0000000000000003 [ 710.612682] RBP: 00007f28469091d0 R08: 0000000000000000 R09: 0000000000000000 [ 710.614084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 710.615479] R13: 00007ffe11164b5f R14: 00007f2846909300 R15: 0000000000022000 [ 710.616897] 15:42:41 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="1bf7ffe800000000020001"], 0x1c}}, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, r2, {0xee01, 0xee01}}, './file1\x00'}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0x88, r4, 0x100, 0x70bd27, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x1, 0x5c}}}}, [@NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x2]}, @NL80211_ATTR_FRAME={0x3c, 0x33, @deauth={@with_ht={{{0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1}, {0x7f}, @broadcast, @device_a, @random="7fc62e774b2e", {0x1, 0x3}}, @ver_80211n={0x0, 0x1, 0x3, 0x0, 0x0, 0x3, 0x1, 0x0, 0x1}}, 0x1b, @val={0x8c, 0x18, {0xf89, "5d8dede0c37c", @long="b2674d5534e6b67c1958bab5ecdcdea3"}}}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0xe, 0xcd, [0x634, 0xfff, 0x6, 0xfa93, 0x7]}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_DURATION={0x8, 0x57, 0xd92}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x8}]]}, 0x88}, 0x1, 0x0, 0x0, 0x881}, 0x4) write$P9_RREADLINK(r2, &(0x7f0000000000)=ANY=[], 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r5, 0x40286608, &(0x7f0000000480)) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) 15:42:41 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) (fail_nth: 22) 15:42:41 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000040)={r0, 0xe113, 0x401, 0xffffffffffff7ffe}) 15:42:41 executing program 7: r0 = clone3(&(0x7f0000000580)={0x40040300, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r1 = gettid() r2 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) clone3(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0], 0x8}, 0x58) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000001780)={0x0, 0x0}) r4 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) clone3(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0], 0x8}, 0x58) r5 = gettid() clone3(&(0x7f0000001800)={0x200100, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140), {0x3}, &(0x7f0000000180)=""/35, 0x23, &(0x7f00000001c0)=""/223, &(0x7f00000017c0)=[r0, r1, r2, r3, r0, r4, r5], 0x7}, 0x58) r6 = syz_open_dev$vcsu(&(0x7f0000000080), 0x1, 0x0) perf_event_open$cgroup(&(0x7f0000000000)={0x2, 0x80, 0x1f, 0x3f, 0x5, 0x1, 0x0, 0x4, 0x4000, 0x352875dcf643d2a1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x5, 0x4, @perf_config_ext={0x1, 0x8}, 0x204, 0x6, 0xff, 0x6, 0x20, 0x0, 0x1, 0x0, 0x800000, 0x0, 0x5}, 0xffffffffffffffff, 0x10, r6, 0x1) 15:42:41 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba33307", 0x20, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:42:41 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x24, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x2f}]}, 0x24}}, 0x0) 15:42:41 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="1bf7ffe800000000020001"], 0x1c}}, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, r2, {0xee01, 0xee01}}, './file1\x00'}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0x88, r4, 0x100, 0x70bd27, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x1, 0x5c}}}}, [@NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x2]}, @NL80211_ATTR_FRAME={0x3c, 0x33, @deauth={@with_ht={{{0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1}, {0x7f}, @broadcast, @device_a, @random="7fc62e774b2e", {0x1, 0x3}}, @ver_80211n={0x0, 0x1, 0x3, 0x0, 0x0, 0x3, 0x1, 0x0, 0x1}}, 0x1b, @val={0x8c, 0x18, {0xf89, "5d8dede0c37c", @long="b2674d5534e6b67c1958bab5ecdcdea3"}}}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0xe, 0xcd, [0x634, 0xfff, 0x6, 0xfa93, 0x7]}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_DURATION={0x8, 0x57, 0xd92}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x8}]]}, 0x88}, 0x1, 0x0, 0x0, 0x881}, 0x4) write$P9_RREADLINK(r2, &(0x7f0000000000)=ANY=[], 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r5, 0x40286608, &(0x7f0000000480)) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) [ 710.711655] loop5: detected capacity change from 0 to 260 15:42:41 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) (fail_nth: 23) [ 710.722020] FAT-fs (loop5): bogus number of FAT sectors [ 710.722713] FAT-fs (loop5): Can't find a valid FAT filesystem [ 710.766229] FAULT_INJECTION: forcing a failure. [ 710.766229] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 710.767610] CPU: 0 PID: 7337 Comm: syz-executor.2 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 710.768658] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 710.769894] Call Trace: [ 710.770184] [ 710.770425] dump_stack_lvl+0x8b/0xb3 [ 710.770851] should_fail.cold+0x5/0xa [ 710.771265] ? rwlock_bug.part.0+0x90/0x90 [ 710.771733] prepare_alloc_pages+0x17b/0x500 [ 710.772226] ? do_raw_spin_unlock+0x4f/0x210 [ 710.772700] __alloc_pages+0x131/0x4e0 [ 710.773128] ? __alloc_pages_slowpath.constprop.0+0x1f10/0x1f10 [ 710.773785] ? lock_downgrade+0x6d0/0x6d0 [ 710.774244] ? lock_acquire+0x41c/0x4d0 [ 710.774673] ? rcu_read_lock_sched_held+0xd/0x70 [ 710.775186] ? lock_release+0x505/0x6f0 [ 710.775613] ? lock_release+0x6f0/0x6f0 [ 710.776041] ? __slab_alloc.constprop.0+0x45/0x80 [ 710.776571] alloc_pages+0x1a0/0x2f0 [ 710.776978] allocate_slab+0x22d/0x300 [ 710.777402] ___slab_alloc+0x913/0xee0 [ 710.777829] ? kvmalloc_node+0x97/0x100 [ 710.778273] ? lock_downgrade+0x6d0/0x6d0 [ 710.778730] ? rcu_read_lock_sched_held+0xd/0x70 [ 710.779249] ? kvmalloc_node+0x97/0x100 [ 710.779678] ? kvmalloc_node+0x97/0x100 [ 710.780128] __slab_alloc.constprop.0+0x45/0x80 [ 710.780645] __kmalloc_node+0x18f/0x470 [ 710.781079] kvmalloc_node+0x97/0x100 [ 710.781488] tun_attach.isra.0+0x7df/0x15f0 [ 710.781981] ? rcu_read_lock_sched_held+0xd/0x70 [ 710.782503] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 710.783117] ? full_name_hash+0x11c/0x180 [ 710.783584] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 710.784206] ? selinux_tun_dev_open+0x168/0x1b0 [ 710.784725] __tun_chr_ioctl+0x1701/0x3f10 [ 710.785196] ? tun_attach.isra.0+0x15f0/0x15f0 [ 710.785708] ? __x64_sys_ioctl+0x97/0x210 [ 710.786169] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 710.786773] ? tun_chr_compat_ioctl+0x30/0x30 [ 710.787277] __x64_sys_ioctl+0x196/0x210 [ 710.787733] do_syscall_64+0x3b/0x90 [ 710.788168] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 710.788753] RIP: 0033:0x7f2849393b19 [ 710.789161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 710.791188] RSP: 002b:00007f2846909188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 710.792035] RAX: ffffffffffffffda RBX: 00007f28494a6f60 RCX: 00007f2849393b19 [ 710.792843] RDX: 0000000020000000 RSI: 00000000400454ca RDI: 0000000000000003 [ 710.793628] RBP: 00007f28469091d0 R08: 0000000000000000 R09: 0000000000000000 [ 710.794429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 710.795220] R13: 00007ffe11164b5f R14: 00007f2846909300 R15: 0000000000022000 [ 710.796017] [ 710.798381] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 710.830146] EXT4-fs warning (device sda): verify_group_input:136: Cannot add at group 0 (only 16 groups) [ 722.722207] loop5: detected capacity change from 0 to 260 15:42:53 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x2c, 0x14, 0x1, 0x201, 0x0, 0x0, {}, [@nested={0x18, 0x19, 0x0, 0x1, [@typed={0x14, 0x0, 0x0, 0x0, @ipv6=@loopback}]}]}, 0x2c}}, 0x0) 15:42:53 executing program 4: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000200)=0x14) write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r2, &(0x7f0000000140)={0x37}, 0x14) write$P9_RXATTRCREATE(r2, &(0x7f0000000380)={0x7, 0x21, 0x1}, 0x7) writev(r1, &(0x7f0000000180)=[{&(0x7f0000000080)="0ecd027c11461aca3559284dd714cd28a73c43491ba14eccc38265f8d472b506fc22aec6776fb9cdd537191073113ea55833d8c3d362bdef68026a09f136a11ca4c3b4e80f012a1c22bc1a963c71b6e258ce10292dfe46858037127c5afdc21906b1245800aaabcbcbb33c7bb3e90e0e9b884aa9fa9f55276cbee5f0814ac332550fdae313feccee7c6e287b84a787913e3829c997353091ac3a2c9340c2f8a89a841444d2e777109c4f59af87030950fcdaba4edbeca8d1293848aca803332bad367bb70f133292c7615e0e", 0xcc}], 0x1) r3 = open$dir(&(0x7f0000000340)='./file0\x00', 0x40, 0x8) r4 = getegid() fchown(r3, 0xee01, r4) ioctl$TIOCL_SETSEL(r0, 0x560f, &(0x7f0000000040)={0x2, {0x2, 0x0, 0x8040, 0x4, 0x8, 0xf}}) r5 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r5, &(0x7f0000000140)={0x37}, 0x14) ioctl$TIOCSTI(r5, 0x5412, &(0x7f00000003c0)) r6 = dup(r0) write$P9_RFLUSH(r6, &(0x7f00000001c0)={0x7, 0x6d, 0x4}, 0x7) r7 = dup3(r0, r6, 0x80000) sendto(r7, &(0x7f0000000240)="c1b0fc0e51fea6b72b554f7141d48d3108d499cffe4619c3de5801db42383c07fc8a49db87bde510955c8f482a039c3521caa5b3b1e1f5d5677820fbfe41b3b5b838f0b6878a6fc55a116c0ca197ea2d24abca3bfa4757d4088e", 0x5a, 0x22000840, &(0x7f00000002c0)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x0, 0x0, 0x1, 0x1}}, 0x80) 15:42:53 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x24, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x2f}]}, 0x24}}, 0x0) 15:42:53 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="1bf7ffe800000000020001"], 0x1c}}, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, r2, {0xee01, 0xee01}}, './file1\x00'}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0x88, r4, 0x100, 0x70bd27, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x1, 0x5c}}}}, [@NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x2]}, @NL80211_ATTR_FRAME={0x3c, 0x33, @deauth={@with_ht={{{0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1}, {0x7f}, @broadcast, @device_a, @random="7fc62e774b2e", {0x1, 0x3}}, @ver_80211n={0x0, 0x1, 0x3, 0x0, 0x0, 0x3, 0x1, 0x0, 0x1}}, 0x1b, @val={0x8c, 0x18, {0xf89, "5d8dede0c37c", @long="b2674d5534e6b67c1958bab5ecdcdea3"}}}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0xe, 0xcd, [0x634, 0xfff, 0x6, 0xfa93, 0x7]}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_DURATION={0x8, 0x57, 0xd92}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x8}]]}, 0x88}, 0x1, 0x0, 0x0, 0x881}, 0x4) write$P9_RREADLINK(r2, &(0x7f0000000000)=ANY=[], 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r5, 0x40286608, &(0x7f0000000480)) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) 15:42:53 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:42:53 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) (fail_nth: 24) 15:42:53 executing program 7: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r0, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x102000, &(0x7f0000000200)={'trans=unix,', {[{@cache_loose}, {@version_L}, {@nodevmap}, {@version_9p2000}, {@access_user}, {@version_L}, {@aname={'aname', 0x3d, '\'!\\(!\\['}}, {@debug={'debug', 0x3d, 0x8000}}, {@aname={'aname', 0x3d, 'uid'}}], [{@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@measure}, {@euid_gt={'euid>', r0}}, {@subj_role={'subj_role', 0x3d, '.[{(&'}}, {@obj_role={'obj_role', 0x3d, ']^(}3\xd7$%'}}, {@seclabel}, {@defcontext={'defcontext', 0x3d, 'system_u'}}]}}) r1 = openat$sr(0xffffffffffffff9c, &(0x7f00000003c0), 0x400, 0x0) connect$unix(r1, &(0x7f0000000400)=@abs={0x1, 0x0, 0x4e24}, 0x6e) setxattr$security_capability(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340), &(0x7f0000000380)=@v1={0x1000000, [{0x1ff, 0x4}]}, 0xc, 0x2) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0) syz_mount_image$tmpfs(&(0x7f00000000c0), &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x20, &(0x7f00000028c0)={[{}]}) 15:42:53 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r2, &(0x7f0000000140)={0x37}, 0x14) io_submit(0x0, 0x3, &(0x7f00000002c0)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x6, 0xfd1, 0xffffffffffffffff, &(0x7f0000000040)="d752065f7a24f79a562f11e907b79685c32ee0c0a4aa6aa48230e3767a048d409735d561537c010ede2ca764c3061d4303780bc1ce3eebd81b11df931e0754b7b1178d8a88defe6be6f571228c8b6ccb702d8fa95f456099f7145c6d4af11b56af922a1080cd668979c4daca9852be00ea127d57bac0b457aac0efb7c8523d830dfd048d906cfeac9d4ce0f167d72fbfab3d7d015a18f790754af56f867a52e3480a1862b0b8d04a2ae8c48e47d53af0b9e36a2684828941daa7418e8a6f60ae3e20a2d5a6913e961afb0325bd0d3a2381922a20b1e59b1eb1db", 0xda, 0x1000, 0x0, 0x3}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x5, r0, &(0x7f0000000180)="539dfdd7ec2d9ed8ed875c3892cb173615841dd1896bffa00389af35aba85a5ae55d46f6f2407f421360eabc96cb82c4af72e9995c0541406f414a535e5af3bc4f776922b42234aabb045c09214a6b368197619b5af367302ef92c771d5bca", 0x5f, 0x7fff, 0x0, 0x1, r1}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x2, r2, &(0x7f0000000240)="b4290fc1e4beb83816f3e63e2bf53ebbbd", 0x11, 0x7ff, 0x0, 0x1}]) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) [ 722.734012] FAT-fs (loop5): bogus number of reserved sectors [ 722.734649] FAT-fs (loop5): Can't find a valid FAT filesystem [ 722.745593] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 722.750408] FAULT_INJECTION: forcing a failure. [ 722.750408] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 722.751646] CPU: 1 PID: 7356 Comm: syz-executor.2 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 722.752660] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 722.753846] Call Trace: [ 722.753850] [ 722.753854] dump_stack_lvl+0x8b/0xb3 [ 722.753876] should_fail.cold+0x5/0xa [ 722.753893] _copy_to_user+0x2a/0x140 [ 722.753908] __tun_chr_ioctl+0x1970/0x3f10 [ 722.753923] ? tun_attach.isra.0+0x15f0/0x15f0 15:42:53 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:42:53 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x24, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x2f}]}, 0x24}}, 0x0) [ 722.753939] ? __x64_sys_ioctl+0x97/0x210 [ 722.753954] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 722.753970] ? tun_chr_compat_ioctl+0x30/0x30 [ 722.753983] __x64_sys_ioctl+0x196/0x210 15:42:53 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) (fail_nth: 25) [ 722.753996] do_syscall_64+0x3b/0x90 [ 722.754014] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 722.754027] RIP: 0033:0x7f2849393b19 [ 722.754037] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 722.754048] RSP: 002b:00007f2846909188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 722.754060] RAX: ffffffffffffffda RBX: 00007f28494a6f60 RCX: 00007f2849393b19 [ 722.754068] RDX: 0000000020000000 RSI: 00000000400454ca RDI: 0000000000000003 [ 722.754075] RBP: 00007f28469091d0 R08: 0000000000000000 R09: 0000000000000000 [ 722.754083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 722.754090] R13: 00007ffe11164b5f R14: 00007f2846909300 R15: 0000000000022000 [ 722.754102] [ 722.787944] EXT4-fs warning (device sda): verify_group_input:136: Cannot add at group 0 (only 16 groups) [ 722.806954] I/O error, dev loop5, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 722.806993] Buffer I/O error on dev loop5, logical block 1, async page read [ 722.807070] I/O error, dev loop5, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 15:42:53 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:42:53 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000001000), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000001c0)={0x53, 0x0, 0x6, 0x0, @scatter={0x2, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)=""/151, 0x97}, {&(0x7f0000000000)=""/63, 0x3f}]}, &(0x7f0000000080)="94faf0cf251a", 0x0, 0x401, 0x0, 0x8000000, 0x0}) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$AUTOFS_IOC_PROTOSUBVER(r1, 0x80049367, &(0x7f0000000180)) [ 722.807095] Buffer I/O error on dev loop5, logical block 2, async page read [ 722.807139] I/O error, dev loop5, sector 3 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 722.807164] Buffer I/O error on dev loop5, logical block 3, async page read [ 722.807207] I/O error, dev loop5, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 722.807232] Buffer I/O error on dev loop5, logical block 4, async page read [ 722.807275] I/O error, dev loop5, sector 5 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 15:42:53 executing program 7: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCETHTOOL(r0, 0x89b0, &(0x7f0000000040)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_channels={0x0, 0x0, 0xfffffffe}}) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') r2 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r2, &(0x7f0000000140)={0x37}, 0x14) symlinkat(&(0x7f0000000100)='./file0\x00', r2, &(0x7f0000000180)='./file0\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) getsockopt$sock_buf(r1, 0x1, 0x37, &(0x7f0000000080)=""/14, &(0x7f00000000c0)=0xfffffffffffffe7c) [ 722.807300] Buffer I/O error on dev loop5, logical block 5, async page read [ 722.807342] I/O error, dev loop5, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 722.807367] Buffer I/O error on dev loop5, logical block 6, async page read [ 722.807411] I/O error, dev loop5, sector 7 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 722.807435] Buffer I/O error on dev loop5, logical block 7, async page read [ 722.823328] loop5: detected capacity change from 0 to 260 15:42:53 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$TIOCGICOUNT(r0, 0x545d, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) [ 722.854221] FAT-fs (loop5): bogus number of reserved sectors [ 722.854246] FAT-fs (loop5): Can't find a valid FAT filesystem [ 722.890138] FAULT_INJECTION: forcing a failure. [ 722.890138] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 722.890158] CPU: 1 PID: 7380 Comm: syz-executor.2 Tainted: G B 5.17.0-rc5-next-20220225 #1 15:42:53 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000140)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, 0x80, &(0x7f00000006c0)=[{&(0x7f0000000340)=""/177, 0xb1}, {&(0x7f0000000400)=""/138, 0x8a}, {&(0x7f00000004c0)=""/228, 0xe4}, {&(0x7f00000001c0)=""/95, 0x5f}, {&(0x7f0000000280)=""/91, 0x5b}, {&(0x7f00000005c0)=""/200, 0xc8}], 0x6, &(0x7f0000000740)=""/152, 0x98}, 0x40000022) syz_mount_image$tmpfs(0x0, &(0x7f0000000880)='./file1/file0\x00', 0x1, 0x0, 0x0, 0x0, 0x0) rmdir(&(0x7f0000000300)='./file1/file0\x00') stat(&(0x7f0000000080)='./file1\x00', &(0x7f0000000800)) [ 722.890171] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 722.890180] Call Trace: [ 722.890183] [ 722.890187] dump_stack_lvl+0x8b/0xb3 [ 722.890210] should_fail.cold+0x5/0xa [ 722.890225] _copy_to_user+0x2a/0x140 [ 722.890242] simple_read_from_buffer+0xcc/0x160 [ 722.890258] proc_fail_nth_read+0x194/0x220 [ 722.890279] ? proc_exe_link+0x1d0/0x1d0 [ 722.890296] ? security_file_permission+0xb1/0xd0 [ 722.890313] ? proc_exe_link+0x1d0/0x1d0 [ 722.890330] vfs_read+0x1f0/0x5e0 [ 722.890346] ksys_read+0x12d/0x250 [ 722.890361] ? __ia32_sys_pwrite64+0x230/0x230 [ 722.890377] ? fpregs_restore_userregs+0x164/0x380 [ 722.890392] ? syscall_enter_from_user_mode+0x1d/0x50 [ 722.890407] do_syscall_64+0x3b/0x90 [ 722.890425] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 722.890437] RIP: 0033:0x7f284934669c [ 722.890446] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 722.890457] RSP: 002b:00007f2846909170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 722.890469] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f284934669c [ 722.890476] RDX: 000000000000000f RSI: 00007f28469091e0 RDI: 0000000000000004 [ 722.890483] RBP: 00007f28469091d0 R08: 0000000000000000 R09: 0000000000000000 [ 722.890490] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 722.890497] R13: 00007ffe11164b5f R14: 00007f2846909300 R15: 0000000000022000 [ 722.890509] 15:43:02 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x448221, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) ioctl$CDROMREADRAW(r0, 0x5314, &(0x7f0000000040)={0x0, 0x7f, 0x2, 0x7, 0x5, 0x7}) 15:43:02 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) (fail_nth: 1) [ 732.013793] FAULT_INJECTION: forcing a failure. [ 732.013793] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 732.015522] CPU: 1 PID: 7398 Comm: syz-executor.3 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 732.016892] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 732.018610] Call Trace: [ 732.018996] [ 732.019332] dump_stack_lvl+0x8b/0xb3 [ 732.019919] should_fail.cold+0x5/0xa [ 732.020504] _copy_from_user+0x2a/0x170 [ 732.021114] __copy_msghdr_from_user+0x91/0x4b0 [ 732.021816] ? __ia32_sys_shutdown+0x70/0x70 [ 732.022483] ? putname+0xfe/0x140 [ 732.023011] ? putname+0xfe/0x140 [ 732.023536] ? kasan_save_stack+0x2e/0x40 [ 732.024170] ? kasan_save_stack+0x1e/0x40 [ 732.024794] ? kasan_set_track+0x21/0x30 [ 732.025337] ? kasan_set_free_info+0x20/0x30 [ 732.025805] ? __kasan_slab_free+0x108/0x170 [ 732.026245] ? kmem_cache_free+0xe0/0x420 [ 732.026692] ? putname+0xfe/0x140 [ 732.027043] ? do_sys_openat2+0x153/0x4d0 [ 732.027456] ? __x64_sys_openat+0x13f/0x1f0 [ 732.027885] ? do_syscall_64+0x3b/0x90 [ 732.028282] sendmsg_copy_msghdr+0xa1/0x160 [ 732.028741] ? __ia32_sys_recvmmsg+0x260/0x260 [ 732.029197] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 732.029778] ? _kstrtoull+0x13f/0x1f0 [ 732.030173] ? _parse_integer+0x30/0x30 [ 732.030590] ? rcu_read_lock_sched_held+0xd/0x70 [ 732.031062] ? lock_release+0x505/0x6f0 [ 732.031477] ? __might_fault+0xd1/0x170 [ 732.031904] ? lock_downgrade+0x6d0/0x6d0 [ 732.032338] ? rcu_read_lock_sched_held+0xd/0x70 [ 732.032856] ___sys_sendmsg+0xc6/0x170 [ 732.033259] ? sendmsg_copy_msghdr+0x160/0x160 [ 732.033742] ? lock_release+0x505/0x6f0 [ 732.034168] ? __fget_files+0x26b/0x470 [ 732.034600] ? lock_downgrade+0x6d0/0x6d0 [ 732.035044] ? rcu_read_lock_sched_held+0xd/0x70 [ 732.035551] ? lock_release+0x505/0x6f0 [ 732.035973] ? ksys_write+0x212/0x250 [ 732.036381] ? lock_downgrade+0x6d0/0x6d0 [ 732.036835] ? __fget_files+0x28d/0x470 [ 732.037259] ? __fget_light+0xea/0x280 [ 732.037673] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 732.038210] __sys_sendmsg+0xe5/0x1b0 [ 732.038623] ? __sys_sendmsg_sock+0x30/0x30 [ 732.039050] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 732.039637] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 732.040173] ? fput+0x2a/0x50 [ 732.040515] ? ksys_write+0x1a5/0x250 [ 732.040933] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 732.041450] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 732.041970] ? syscall_enter_from_user_mode+0x1d/0x50 [ 732.042510] ? trace_hardirqs_on+0x5b/0x190 [ 732.042935] do_syscall_64+0x3b/0x90 [ 732.043298] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 732.043793] RIP: 0033:0x7f4663eeeb19 [ 732.044153] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 732.045923] RSP: 002b:00007f4661464188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 732.046652] RAX: ffffffffffffffda RBX: 00007f4664001f60 RCX: 00007f4663eeeb19 [ 732.047332] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 732.048012] RBP: 00007f46614641d0 R08: 0000000000000000 R09: 0000000000000000 [ 732.048695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 732.049390] R13: 00007ffd9490a3cf R14: 00007f4661464300 R15: 0000000000022000 [ 732.050100] 15:43:02 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:43:02 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_DISALLOCATE(r0, 0x5608) ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f0000000400)={0x1, 0x1, 0x16, 0x20, 0x1c5}) 15:43:02 executing program 4: ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, &(0x7f0000000000)=0x1f) syz_emit_ethernet(0x46, &(0x7f0000001400)={@multicast, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '#\x00\b', 0x10, 0x2c, 0x0, @empty, @local, {[], {0x0, 0xfffc, 0x10, 0x0, @opaque="44e67c344da1a96c"}}}}}}, 0x0) 15:43:02 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:43:02 executing program 7: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x80, 0x194) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r2, &(0x7f0000000140)={0x37}, 0x14) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_EPOLL_CTL=@mod={0x1d, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000300)={0x40000010}, r2, 0x3, 0x0, 0x1}, 0x34eb) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc0189379, &(0x7f0000000200)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) ioctl$BTRFS_IOC_DEFRAG_RANGE(r1, 0x40309410, &(0x7f0000000240)={0x35, 0x4, 0x1, 0x7, 0x1, [0x401, 0x0, 0x400, 0xc1d]}) r4 = pidfd_getfd(r3, r0, 0x0) r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x300000b, 0x20010, r1, 0x10000000) r6 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r6, &(0x7f0000000140)={0x37}, 0x14) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x24000) syz_io_uring_submit(0x0, r5, &(0x7f00000001c0)=@IORING_OP_FILES_UPDATE={0x14, 0x5, 0x0, 0x0, 0x8000, &(0x7f0000000180)=[0xffffffffffffffff, r0, r0, r6, r7, r4], 0x6}, 0xffffffff) connect$inet6(r1, &(0x7f00000015c0)={0xa, 0x0, 0x0, @loopback, 0x2}, 0x1c) r8 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000000)={'batadv_slave_0\x00', &(0x7f00000002c0)=ANY=[@ANYRESDEC=r8]}) sendmmsg$inet6(r0, &(0x7f0000002580)=[{{&(0x7f00000013c0)={0xa, 0x0, 0x0, @remote, 0xfffffffc}, 0x1c, &(0x7f0000000140)=[{&(0x7f0000000080)="99fa1e4fe5004ecc6452", 0xa}], 0x1}}], 0x1, 0x0) r9 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r9, &(0x7f0000000140)={0x37}, 0x14) ioctl$F2FS_IOC_SET_PIN_FILE(r9, 0x4004f50d, &(0x7f00000000c0)=0x1) 15:43:02 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)={0x30, r1, 0xd0b, 0x0, 0x0, {}, [@ETHTOOL_A_RINGS_RX_MINI={0x8, 0xa, 0xf7d}, @ETHTOOL_A_RINGS_TX={0x8, 0x9, 0x8}, @ETHTOOL_A_RINGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x30}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000340)={'ip6tnl0\x00', &(0x7f00000002c0)={'syztnl0\x00', r3, 0x29, 0x3, 0x80, 0x596, 0x0, @loopback, @empty, 0x1, 0x8, 0x710, 0x9c}}) sendmsg$ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f00000004c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000480)={&(0x7f0000000380)={0xe0, r1, 0xc10, 0x70bd29, 0x25dfdbfd, {}, [@ETHTOOL_A_PAUSE_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @ETHTOOL_A_PAUSE_TX={0x5}, @ETHTOOL_A_PAUSE_AUTONEG={0x5}, @ETHTOOL_A_PAUSE_HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @ETHTOOL_A_PAUSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}]}, @ETHTOOL_A_PAUSE_AUTONEG={0x5, 0x2, 0x1}, @ETHTOOL_A_PAUSE_RX={0x5, 0x3, 0x1}, @ETHTOOL_A_PAUSE_TX={0x5, 0x4, 0x1}, @ETHTOOL_A_PAUSE_HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}]}, 0xe0}, 0x1, 0x0, 0x0, 0x20044010}, 0x20004090) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x48, 0x0, 0xc00, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x15}}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x36df1c5a}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x7}]}, 0x48}}, 0x4001) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x10000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020101000240008000f801002000400000000000000000008000294e4252f153595a4b414c4c4552202046415431322020200e1fbe5b7cac22c0740b56b40ebb0700cd105eebf032e4cd16cd19ebfe54686973206973206e6f74206120626f6f7461626c65206469736b2e2020506c6561736520696e73657274206120626f6f7461626c6520666c6f70707920616e640d0a707265737320616e79206b657920746f2074727920616761696e202e2e2e200d0a00", 0xc0}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aaf8ffff00f0ff056000ffffff09a0000bc0000de0000f000111200113400115600117800119f0ffff0f00"/96, 0x60, 0x1e0}, {&(0x7f0000010200)="f8ffff00f0ff056000ffffff09a0000bc0000de0000f000111200113400115600117800119f0ffff0f00"/64, 0x40, 0x400}, {&(0x7f0000010300)="53595a4b414c4c45522020080000e880325132510000e880325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020201000a7e870325132510000e870325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c45312020202020202000a7e870325132510000e870325107000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c45322020202020202000a7e870325132510000e870325108002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c2000a7e870325132510000e87032511a0064000000", 0x120, 0x600}, {&(0x7f0000010500)="2e202020202020202020201000a7e870325132510000e87032510300000000002e2e2020202020202020201000a7e870325132510000e870325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c45302020202020202000a7e870325132510000e870325104001a040000", 0x80, 0x1000}, {&(0x7f0000010600)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x1200}, {&(0x7f0000010b00)='syzkallers\x00'/32, 0x20, 0x1800}, {&(0x7f0000010c00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x3e00}], 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="5a19fb394b00dd90f90b8904d77a55"]) 15:43:02 executing program 6: openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r0, &(0x7f0000000140)={0x37}, 0x14) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r0, 0xc0189373, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {0x6}}, './file0\x00'}) ioctl$CDROMMULTISESSION(r1, 0x5312, 0x0) 15:43:02 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x2, &(0x7f0000000000)={'rose0\x00'}) 15:43:02 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) 15:43:02 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) write$binfmt_misc(r0, 0x0, 0x33fe0) 15:43:02 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) (fail_nth: 2) 15:43:02 executing program 7: sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="1e000008", @ANYRES16=0x0, @ANYBLOB="000000000000000000008900000008000300", @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x4}}, './file0\x00'}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r3) sendmsg$IEEE802154_LLSEC_DEL_KEY(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x28, r5, 0x103, 0x0, 0x0, {}, [@IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x1}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}]}, 0x28}}, 0x0) sendmsg$IEEE802154_LLSEC_ADD_KEY(r2, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x94, r5, 0x2, 0x70bd29, 0x25dfdbfd, {}, [@IEEE802154_ATTR_LLSEC_KEY_USAGE_COMMANDS={0x24, 0x32, "9d549acbf4b0e563bd3289c3bba185bfa0b53767d544db04aee6f189ff6ba7ea"}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xfffe}, @IEEE802154_ATTR_LLSEC_KEY_USAGE_COMMANDS={0x24, 0x32, "75de6d15b4f05376282f2ec1accd6371aa48e8784c4683c6c288f5bd50d0a7db"}, @IEEE802154_ATTR_PAN_ID={0x6}, @IEEE802154_ATTR_LLSEC_KEY_USAGE_FRAME_TYPES={0x5, 0x31, 0x3f}, @IEEE802154_ATTR_LLSEC_KEY_USAGE_FRAME_TYPES={0x5, 0x31, 0xfa}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}]}, 0x94}, 0x1, 0x0, 0x0, 0x40010}, 0x20000001) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r7, @ANYBLOB="0a0034000202020202010000009254e37a3db6be455593dcd388880026006c09000077b6f3176e83d848f4b2098ae8a41e7b51194b8f0bca40a9b576abc1f9abe58d09f1d04f3221adb46687a554091419d0466100dd2380fd51b123a5552abd1c8c9eedc0ed03d1c89537337883e42144209dcbee072c14aa1a0d09deb74e69f61a27792c0cfbeaafe07fe87f00"/153], 0x30}}, 0x0) sendmsg$NL80211_CMD_STOP_P2P_DEVICE(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, 0x0, 0x200, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r7}, @val={0xc, 0x99, {0x8001, 0x80}}}}, ["", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x2404c080) socket$inet_udp(0x2, 0x2, 0x0) r8 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r8, 0x8914, &(0x7f0000000000)={'lo\x00'}) bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random="94031c855deb"}, 0x14) [ 732.065840] loop5: detected capacity change from 0 to 260 [ 732.120699] FAT-fs (loop5): bogus number of reserved sectors [ 732.120722] FAT-fs (loop5): Can't find a valid FAT filesystem [ 732.177397] FAULT_INJECTION: forcing a failure. [ 732.177397] name fail_usercopy, interval 1, probability 0, space 0, times 0 15:43:02 executing program 4: ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f512, &(0x7f0000000140)) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYRESDEC=r0], 0x20}, 0x1, 0x0, 0x0, 0x4000080}, 0x0) sendmsg$AUDIT_TTY_SET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x18, 0x3f9, 0x200, 0x70bd27, 0x25dfdbfc, {0x1, 0x1}}, 0x18}, 0x1, 0x0, 0x0, 0x20000800}, 0x4080) [ 732.177418] CPU: 1 PID: 7431 Comm: syz-executor.3 Tainted: G B 5.17.0-rc5-next-20220225 #1 15:43:02 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, 0x0) [ 732.177432] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 732.177440] Call Trace: [ 732.177444] [ 732.177449] dump_stack_lvl+0x8b/0xb3 [ 732.177471] should_fail.cold+0x5/0xa [ 732.177487] _copy_from_user+0x2a/0x170 [ 732.177503] iovec_from_user+0x236/0x3c0 [ 732.177514] ? _copy_from_user+0xf2/0x170 [ 732.177528] __import_iovec+0x64/0x5c0 [ 732.177540] import_iovec+0x83/0xb0 [ 732.177552] sendmsg_copy_msghdr+0x12d/0x160 [ 732.177567] ? __ia32_sys_recvmmsg+0x260/0x260 [ 732.177579] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 732.177597] ? _parse_integer+0x30/0x30 [ 732.177611] ? rcu_read_lock_sched_held+0xd/0x70 [ 732.177625] ? lock_release+0x505/0x6f0 [ 732.177639] ? __might_fault+0xd1/0x170 [ 732.177657] ? lock_downgrade+0x6d0/0x6d0 [ 732.177673] ? rcu_read_lock_sched_held+0xd/0x70 [ 732.177686] ___sys_sendmsg+0xc6/0x170 [ 732.177699] ? sendmsg_copy_msghdr+0x160/0x160 [ 732.177712] ? lock_release+0x505/0x6f0 [ 732.177724] ? __fget_files+0x26b/0x470 [ 732.177737] ? lock_downgrade+0x6d0/0x6d0 [ 732.177749] ? rcu_read_lock_sched_held+0xd/0x70 [ 732.177762] ? lock_release+0x505/0x6f0 [ 732.177774] ? ksys_write+0x212/0x250 [ 732.177790] ? lock_downgrade+0x6d0/0x6d0 [ 732.177804] ? __fget_files+0x28d/0x470 [ 732.177818] ? __fget_light+0xea/0x280 [ 732.177829] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 732.177845] __sys_sendmsg+0xe5/0x1b0 [ 732.177857] ? __sys_sendmsg_sock+0x30/0x30 [ 732.177869] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 732.177885] ? fput+0x2a/0x50 [ 732.177899] ? ksys_write+0x1a5/0x250 [ 732.177915] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 732.177929] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 732.177944] ? syscall_enter_from_user_mode+0x1d/0x50 [ 732.177958] ? trace_hardirqs_on+0x5b/0x190 [ 732.177978] do_syscall_64+0x3b/0x90 [ 732.177996] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 732.178008] RIP: 0033:0x7f4663eeeb19 [ 732.178017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 732.178028] RSP: 002b:00007f4661464188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 732.178040] RAX: ffffffffffffffda RBX: 00007f4664001f60 RCX: 00007f4663eeeb19 [ 732.178048] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 732.178055] RBP: 00007f46614641d0 R08: 0000000000000000 R09: 0000000000000000 [ 732.178062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 732.178069] R13: 00007ffd9490a3cf R14: 00007f4661464300 R15: 0000000000022000 [ 732.178081] [ 732.229388] loop5: detected capacity change from 0 to 260 [ 732.265469] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.7'. [ 732.266319] device lo left promiscuous mode [ 732.278509] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.7'. 15:43:12 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x4b47, &(0x7f0000000000)={'rose0\x00'}) [ 742.220696] loop5: detected capacity change from 0 to 260 [ 742.227861] FAULT_INJECTION: forcing a failure. [ 742.227861] name failslab, interval 1, probability 0, space 0, times 0 [ 742.229068] CPU: 0 PID: 7461 Comm: syz-executor.3 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 742.230086] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 742.231269] Call Trace: [ 742.231535] [ 742.231764] dump_stack_lvl+0x8b/0xb3 [ 742.232176] should_fail.cold+0x5/0xa [ 742.232605] ? __alloc_skb+0x211/0x340 [ 742.233024] should_failslab+0x5/0x10 [ 742.233423] kmem_cache_alloc_node+0x55/0x490 [ 742.233893] __alloc_skb+0x211/0x340 [ 742.234290] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 742.234866] netlink_sendmsg+0x98d/0xdf0 [ 742.235314] ? netlink_unicast+0x7f0/0x7f0 [ 742.235760] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 742.236349] ? netlink_unicast+0x7f0/0x7f0 [ 742.236800] sock_sendmsg+0x150/0x190 [ 742.237224] ____sys_sendmsg+0x709/0x870 15:43:12 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_DISALLOCATE(r0, 0x5608) ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f0000000400)={0x1, 0x1, 0x16, 0x20, 0x1c5}) 15:43:12 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$CDROMVOLREAD(r0, 0x5313, &(0x7f00000000c0)) 15:43:12 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, 0x0) 15:43:12 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r0, &(0x7f0000000200)=[{&(0x7f0000000140)="84", 0x1}], 0x1, 0x8000000, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') r3 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f00000002c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/custom0\x00', 0x0, 0x0) syz_open_dev$rtc(&(0x7f0000000180), 0xffffffff00000001, 0x80000) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1, {0x4}}, './file1\x00'}) sendfile(r4, r2, 0x0, 0xfffffffffffffffc) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4442, 0x0) ioctl$DVD_AUTH(r2, 0x5390, &(0x7f0000000080)=@lsasf) fallocate(r5, 0x8, 0x0, 0x8000000) 15:43:12 executing program 4: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/locks\x00', 0x0, 0x0) ioctl$BLKRRPART(r0, 0x125f, 0x0) 15:43:12 executing program 7: sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="1e000008", @ANYRES16=0x0, @ANYBLOB="000000000000000000008900000008000300", @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x4}}, './file0\x00'}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r3) sendmsg$IEEE802154_LLSEC_DEL_KEY(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x28, r5, 0x103, 0x0, 0x0, {}, [@IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x1}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}]}, 0x28}}, 0x0) sendmsg$IEEE802154_LLSEC_ADD_KEY(r2, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x94, r5, 0x2, 0x70bd29, 0x25dfdbfd, {}, [@IEEE802154_ATTR_LLSEC_KEY_USAGE_COMMANDS={0x24, 0x32, "9d549acbf4b0e563bd3289c3bba185bfa0b53767d544db04aee6f189ff6ba7ea"}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xfffe}, @IEEE802154_ATTR_LLSEC_KEY_USAGE_COMMANDS={0x24, 0x32, "75de6d15b4f05376282f2ec1accd6371aa48e8784c4683c6c288f5bd50d0a7db"}, @IEEE802154_ATTR_PAN_ID={0x6}, @IEEE802154_ATTR_LLSEC_KEY_USAGE_FRAME_TYPES={0x5, 0x31, 0x3f}, @IEEE802154_ATTR_LLSEC_KEY_USAGE_FRAME_TYPES={0x5, 0x31, 0xfa}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}]}, 0x94}, 0x1, 0x0, 0x0, 0x40010}, 0x20000001) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r7, @ANYBLOB="0a0034000202020202010000009254e37a3db6be455593dcd388880026006c09000077b6f3176e83d848f4b2098ae8a41e7b51194b8f0bca40a9b576abc1f9abe58d09f1d04f3221adb46687a554091419d0466100dd2380fd51b123a5552abd1c8c9eedc0ed03d1c89537337883e42144209dcbee072c14aa1a0d09deb74e69f61a27792c0cfbeaafe07fe87f00"/153], 0x30}}, 0x0) sendmsg$NL80211_CMD_STOP_P2P_DEVICE(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, 0x0, 0x200, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r7}, @val={0xc, 0x99, {0x8001, 0x80}}}}, ["", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x2404c080) socket$inet_udp(0x2, 0x2, 0x0) r8 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r8, 0x8914, &(0x7f0000000000)={'lo\x00'}) bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random="94031c855deb"}, 0x14) 15:43:12 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) (fail_nth: 3) [ 742.237666] ? kernel_sendmsg+0x50/0x50 [ 742.238338] ? __ia32_sys_recvmmsg+0x260/0x260 [ 742.238833] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 742.239426] ? _parse_integer+0x30/0x30 [ 742.239863] ? rcu_read_lock_sched_held+0xd/0x70 [ 742.240382] ? lock_release+0x505/0x6f0 [ 742.240824] ? __might_fault+0xd1/0x170 [ 742.241260] ? lock_downgrade+0x6d0/0x6d0 [ 742.241698] ___sys_sendmsg+0xf3/0x170 [ 742.242118] ? sendmsg_copy_msghdr+0x160/0x160 [ 742.242605] ? lock_release+0x505/0x6f0 [ 742.243036] ? lock_downgrade+0x6d0/0x6d0 [ 742.243490] ? rcu_read_lock_sched_held+0xd/0x70 [ 742.243995] ? lock_release+0x505/0x6f0 [ 742.244007] ? ksys_write+0x212/0x250 [ 742.244023] ? lock_downgrade+0x6d0/0x6d0 [ 742.244038] ? __fget_files+0x28d/0x470 15:43:12 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x4b49, &(0x7f0000000000)={'rose0\x00'}) [ 742.244052] ? __fget_light+0xea/0x280 [ 742.244064] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 15:43:12 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, 0x0) [ 742.244080] __sys_sendmsg+0xe5/0x1b0 [ 742.244092] ? __sys_sendmsg_sock+0x30/0x30 [ 742.244104] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 742.244122] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 742.244136] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 742.244150] ? syscall_enter_from_user_mode+0x1d/0x50 [ 742.244164] ? trace_hardirqs_on+0x5b/0x190 [ 742.244184] do_syscall_64+0x3b/0x90 [ 742.244200] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 742.244213] RIP: 0033:0x7f4663eeeb19 [ 742.244222] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 742.244233] RSP: 002b:00007f4661464188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 742.244246] RAX: ffffffffffffffda RBX: 00007f4664001f60 RCX: 00007f4663eeeb19 [ 742.244254] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 742.244261] RBP: 00007f46614641d0 R08: 0000000000000000 R09: 0000000000000000 [ 742.244267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 742.244274] R13: 00007ffd9490a3cf R14: 00007f4661464300 R15: 0000000000022000 [ 742.244286] [ 742.266157] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.7'. [ 742.297776] loop5: detected capacity change from 0 to 260 15:43:12 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_DISALLOCATE(r0, 0x5608) ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f0000000400)={0x1, 0x1, 0x16, 0x20, 0x1c5}) 15:43:12 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x541b, &(0x7f0000000000)={'rose0\x00'}) 15:43:12 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) (fail_nth: 4) 15:43:12 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x5421, &(0x7f0000000000)={'rose0\x00'}) 15:43:12 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) r1 = openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000680), 0x2, 0x0) lseek(r1, 0xfffffffffffffc00, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) io_submit(r2, 0x1, &(0x7f0000000300)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0}]) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r5, &(0x7f0000000140)={0x37}, 0x14) r6 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') io_setup(0x6, &(0x7f0000000400)) syz_open_procfs(0x0, &(0x7f0000000440)='gid_map\x00') write$P9_RMKNOD(r6, &(0x7f0000000140)={0x37}, 0x14) r7 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r8 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r8, &(0x7f0000000140)={0x37}, 0x14) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r8, 0x81f8943c, &(0x7f0000000480)) fcntl$F_SET_RW_HINT(r7, 0x40c, &(0x7f00000003c0)=0x2) io_submit(r2, 0x2, &(0x7f00000002c0)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0xff, r4, &(0x7f00000007c0)="b5876bdec568259e283f244fdb8eca277fe25711497adb84848e3473efc39fd1afbdf7d1c800007031de1fa7b83aff65351adf081eae23a12aa82bc02380a42d76bb9ad558af308be06287e380f035f48023b95766b27e85cf574c787512036fb7051662833c8f70932110d39b7ea7ee997c53da871ee391606ed4aa4b8af5a682ff0f0000871c5522ea07757a7af278ab81a8f60dc5bfe3bc521b6a378057c08119e9be368a2e91afc9cfd052706eb0e425fd9ea280516cc04d98d03f2a9ccd60935de7f3acafae2790574f70191bc5099ac821d9d0120db3fc4b26f8ead7f9258da9a6b80fc24e92cd83adf45c63e400002d286213f5f885a5a23e0a6ce5cf57fe33fb51146d412cdbed1dac4da654cc71bf39e63397b1b306fc1937a2a378ee6728cb42e85987818ed7b3a359b0f61f3280462c8998851594d64ed7754fe31c70541778ddcb99c68a230fab4bcd9abe6840d86551edea", 0x158, 0x81e, 0x0, 0x2, r5}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x8, 0x40, r0, &(0x7f00000001c0)="c1403784960f039f91cd897193e50d6061df3889e2265c9ec6013471e74b23cc6de2dbfce05491f47e61d08a889efde1698359fe46b69946b8b7e0e9b477d4aa0b02000000000000003871a6e0d8c328bb53f5f58bd17a1be0f6a7e29762a2359e2ba372774868d828859c2a133ff77f0ec0038e7139684a1b871e94452fd02228d1766900307a42033366d45e4b75149f697d1389c5e1b39bfe3c26e984eef3", 0xa0, 0x9, 0x0, 0x0, r6}]) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) 15:43:12 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) (fail_nth: 5) 15:43:12 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)) [ 742.367606] FAULT_INJECTION: forcing a failure. [ 742.367606] name failslab, interval 1, probability 0, space 0, times 0 [ 742.367628] CPU: 0 PID: 7484 Comm: syz-executor.3 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 742.367641] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 742.367649] Call Trace: [ 742.367653] [ 742.367657] dump_stack_lvl+0x8b/0xb3 [ 742.367680] should_fail.cold+0x5/0xa [ 742.367695] ? create_object.isra.0+0x3a/0xa20 [ 742.367714] should_failslab+0x5/0x10 [ 742.367726] kmem_cache_alloc+0x5b/0x480 [ 742.367741] create_object.isra.0+0x3a/0xa20 [ 742.367758] ? kasan_unpoison+0x23/0x50 [ 742.367776] kmem_cache_alloc_node+0x248/0x490 [ 742.367790] __alloc_skb+0x211/0x340 [ 742.367809] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 742.367827] netlink_sendmsg+0x98d/0xdf0 [ 742.367840] ? netlink_unicast+0x7f0/0x7f0 [ 742.367853] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 742.367868] ? netlink_unicast+0x7f0/0x7f0 [ 742.367879] sock_sendmsg+0x150/0x190 [ 742.367897] ____sys_sendmsg+0x709/0x870 [ 742.367919] ? kernel_sendmsg+0x50/0x50 [ 742.367936] ? __ia32_sys_recvmmsg+0x260/0x260 [ 742.367948] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 742.367964] ? _parse_integer+0x30/0x30 [ 742.367979] ? rcu_read_lock_sched_held+0xd/0x70 [ 742.367993] ? lock_release+0x505/0x6f0 [ 742.368007] ? __might_fault+0xd1/0x170 [ 742.368023] ? lock_downgrade+0x6d0/0x6d0 [ 742.368036] ___sys_sendmsg+0xf3/0x170 [ 742.368049] ? sendmsg_copy_msghdr+0x160/0x160 [ 742.368061] ? lock_release+0x505/0x6f0 [ 742.368074] ? lock_downgrade+0x6d0/0x6d0 [ 742.368087] ? rcu_read_lock_sched_held+0xd/0x70 [ 742.368099] ? lock_release+0x505/0x6f0 [ 742.368111] ? ksys_write+0x212/0x250 [ 742.368126] ? lock_downgrade+0x6d0/0x6d0 [ 742.368140] ? __fget_files+0x28d/0x470 [ 742.368154] ? __fget_light+0xea/0x280 [ 742.368165] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 742.368182] __sys_sendmsg+0xe5/0x1b0 [ 742.368193] ? __sys_sendmsg_sock+0x30/0x30 [ 742.368205] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 742.368223] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 742.368237] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 742.368252] ? syscall_enter_from_user_mode+0x1d/0x50 [ 742.368265] ? trace_hardirqs_on+0x5b/0x190 [ 742.368285] do_syscall_64+0x3b/0x90 [ 742.368302] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 742.368314] RIP: 0033:0x7f4663eeeb19 [ 742.368323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 742.368334] RSP: 002b:00007f4661464188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 742.368347] RAX: ffffffffffffffda RBX: 00007f4664001f60 RCX: 00007f4663eeeb19 [ 742.368355] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 742.368362] RBP: 00007f46614641d0 R08: 0000000000000000 R09: 0000000000000000 [ 742.368369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 742.368376] R13: 00007ffd9490a3cf R14: 00007f4661464300 R15: 0000000000022000 [ 742.368387] [ 742.422510] FAULT_INJECTION: forcing a failure. [ 742.422510] name failslab, interval 1, probability 0, space 0, times 0 [ 742.422530] CPU: 0 PID: 7495 Comm: syz-executor.3 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 742.422544] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 742.422552] Call Trace: [ 742.422555] [ 742.422559] dump_stack_lvl+0x8b/0xb3 [ 742.422582] should_fail.cold+0x5/0xa [ 742.422598] should_failslab+0x5/0x10 [ 742.422610] __kmalloc_node_track_caller+0x7e/0x440 [ 742.422629] ? netlink_sendmsg+0x98d/0xdf0 [ 742.422643] __alloc_skb+0xe3/0x340 [ 742.422662] netlink_sendmsg+0x98d/0xdf0 [ 742.422674] ? netlink_unicast+0x7f0/0x7f0 [ 742.422687] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 742.422703] ? netlink_unicast+0x7f0/0x7f0 [ 742.422714] sock_sendmsg+0x150/0x190 [ 742.422731] ____sys_sendmsg+0x709/0x870 [ 742.422750] ? kernel_sendmsg+0x50/0x50 [ 742.422767] ? __ia32_sys_recvmmsg+0x260/0x260 [ 742.422779] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 742.422794] ? _parse_integer+0x30/0x30 [ 742.422810] ? rcu_read_lock_sched_held+0xd/0x70 [ 742.422824] ? lock_release+0x505/0x6f0 [ 742.422838] ? __might_fault+0xd1/0x170 [ 742.422857] ? lock_downgrade+0x6d0/0x6d0 [ 742.422872] ___sys_sendmsg+0xf3/0x170 [ 742.422884] ? sendmsg_copy_msghdr+0x160/0x160 [ 742.422897] ? lock_release+0x505/0x6f0 [ 742.422909] ? lock_downgrade+0x6d0/0x6d0 [ 742.422922] ? rcu_read_lock_sched_held+0xd/0x70 [ 742.422935] ? lock_release+0x505/0x6f0 [ 742.422947] ? ksys_write+0x212/0x250 [ 742.422962] ? lock_downgrade+0x6d0/0x6d0 [ 742.422976] ? __fget_files+0x28d/0x470 [ 742.422991] ? __fget_light+0xea/0x280 [ 742.423002] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 742.423018] __sys_sendmsg+0xe5/0x1b0 [ 742.423030] ? __sys_sendmsg_sock+0x30/0x30 [ 742.423041] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 742.423059] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 742.423073] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 742.423088] ? syscall_enter_from_user_mode+0x1d/0x50 [ 742.423101] ? trace_hardirqs_on+0x5b/0x190 [ 742.423121] do_syscall_64+0x3b/0x90 [ 742.423138] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 742.423150] RIP: 0033:0x7f4663eeeb19 [ 742.423158] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 742.423170] RSP: 002b:00007f4661464188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 742.423182] RAX: ffffffffffffffda RBX: 00007f4664001f60 RCX: 00007f4663eeeb19 [ 742.423190] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 742.423197] RBP: 00007f46614641d0 R08: 0000000000000000 R09: 0000000000000000 [ 742.423204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 742.423211] R13: 00007ffd9490a3cf R14: 00007f4661464300 R15: 0000000000022000 [ 742.423222] [ 742.442479] loop5: detected capacity change from 0 to 260 [ 742.450200] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:43:13 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_emit_ethernet(0x2e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaa03aa7000c24d86a70800460000200000000000eb8f78ac1414000a0101028302000000009078ac141400"], 0x0) 15:43:13 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x5450, &(0x7f0000000000)={'rose0\x00'}) 15:43:13 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) (fail_nth: 6) 15:43:13 executing program 0: mkdir(&(0x7f0000003b80)='./file0\x00', 0xcc142d1502f486bf) setxattr$incfs_metadata(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, 0x0, 0x0) stat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)) lgetxattr(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)=@known='user.incfs.metadata\x00', 0x0, 0x0) 15:43:13 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) r1 = dup2(r0, r0) ioctl$F2FS_IOC_DEFRAGMENT(r1, 0xc010f508, &(0x7f00000002c0)={0x9}) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {0x101}}, './file0\x00'}) ioctl$INCFS_IOC_CREATE_FILE(r2, 0xc058671e, &(0x7f0000000240)={{}, {0x6ba2}, 0xa8, 0x0, 0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)="b321efc7d23984749badebc54130385f9ed0c9dfac73fd301481423b88385c1111af9da19669fccf342dc9714f0a0243d9873c38a399f33668ff2f585bdbfef6560d09878d62a44a5e4681e72ac1ac1eaa1780f9af4252d0ff8e6839be90a41c", 0x60, 0x0, &(0x7f0000000180)={0x2, 0x6d, {0x0, 0xc, 0x3d, "8084c071c2a0e696102085145326317c88a0558e12f8b36d755a5f08a73b1b35737fafbc4a82773838fa980f109e2ee1c9bfa6ff5ff273868306e0685c", 0x23, "79e6b8060a2fda2d9b1ddc723f1fc63e48dc084056926e5bade5a4a851a6a3ac6aa0b1"}, 0x33, "91e369e41cebc8062ffddfb695a36b639121192d11d5a6fad9e5e0098e0bdf795cd7e429368c0310c3f00b3ce4c2a6d3e7695e"}, 0xac}) 15:43:13 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)) [ 742.773370] loop5: detected capacity change from 0 to 260 15:43:13 executing program 0: syz_usb_connect$uac1(0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write(r0, &(0x7f0000000080)="01", 0x20000081) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'sit0\x00'}) syz_usb_connect$cdc_ncm(0x4, 0x7e, &(0x7f0000000000)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6c, 0x2, 0x1, 0x81, 0x20, 0x8, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xa, 0x24, 0x6, 0x0, 0x1, "daed38ba0a"}, {0x5, 0x24, 0x0, 0x40}, {0xd, 0x24, 0xf, 0x1, 0xeb0, 0xabd, 0x1, 0x5f}, {0x6, 0x24, 0x1a, 0x5}, [@acm={0x4, 0x24, 0x2, 0x4}, @dmm={0x7, 0x24, 0x14, 0x2, 0x2}]}, {{0x9, 0x5, 0x81, 0x3, 0x40, 0x3, 0x4, 0x85}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x40, 0x7f, 0x7, 0x5}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x6, 0x1f, 0x56}}}}}}}]}}, &(0x7f0000000600)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x110, 0x4, 0xff, 0x4, 0x0, 0x3}, 0x2c, &(0x7f0000000240)={0x5, 0xf, 0x2c, 0x2, [@ext_cap={0x7, 0x10, 0x2, 0x0, 0x5, 0x9, 0x7f}, @ssp_cap={0x20, 0x10, 0xa, 0xe0, 0x5, 0x100, 0xff0f, 0x1, [0x3f00, 0x0, 0xf, 0xff0000, 0xc0c0]}]}, 0x5, [{0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x145d}}, {0x67, &(0x7f00000002c0)=@string={0x67, 0x3, "b4a900783b8b0874796464e9502f7f5f0e7789bb4843e36153aef1b54191efa1bd56f969ee7d6d85a19963c4da50c91ea0c52715b0b17e3abaac97498c3b992e637eeda990a814c9114ba64e2b2d29812de4f2d0d2085d271a6931beba7e8388b0c7966c2a"}}, {0x50, &(0x7f0000000380)=@string={0x50, 0x3, "770b7555851f77406bf2fa93f11bf01c86c870d7e55fd12b0a1ee2a4e98a10864b1898a13df7dac4927f7ec894a3abe126fe3bf7f28065a4c60fbfdd2d06357c4940f2c9de3404d49fd37d998455"}}, {0xd5, &(0x7f0000000400)=@string={0xd5, 0x3, "83128c7b61ab16de3dc9baf87b42f1c6c91e784b48ecb81f0b946558d8ab9da33aa1577a8373f65eeeb778d483bcad1c3c59582ba0e27e6bee621d897846f5a090c7223a4bae05d63c21677e533bc9bcced3cc8a7d4a8fdd45b298376ce584a8327d480ebf610576ef1737a82fbb0350f40b346ece14e4bbc86ba540acfa8c7e44206bb5bafa40ce9685404338fd622557bf5d244037e5b179c242bfd35ef69ef7a659b81371d3566c1b7143eeb8949a52107e2a7ef74fc3fb433689e7ebb3c8d0e0a21b151f4bc8fee3a31aa6a4d9fe202480"}}, {0xc5, &(0x7f0000000500)=@string={0xc5, 0x3, "5b633596a50bd2691b1da2e70c246c0fa588e4da303864a39bfd99a5bc0ded932587a9bbf5f1c1351835959b1f54ddac62f1d3a746d42dcb4cc098c8baf160b5f4f7737898e344b311205159840d09f6c5a0552e14541613de1289bbb850fc44f74f6032398395edbc45ee89308b694dd5eda3b7dfe864c85bd573229b96644477894960f5c77da3e2d1e50e6063f54b73968dac3fba22d67f704964f61f7f2b4bebbdc334bf9d90d96c2ccb9f1756da68d06fad38b14f41d121e9c8a8f7fb49e5f775"}}]}) recvfrom(0xffffffffffffffff, &(0x7f0000000140)=""/247, 0xf7, 0x0, 0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) sendfile(r0, r0, 0x0, 0x1d59dfe9) [ 742.787477] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) [ 742.795962] FAULT_INJECTION: forcing a failure. [ 742.795962] name failslab, interval 1, probability 0, space 0, times 0 [ 742.795996] CPU: 0 PID: 7508 Comm: syz-executor.3 Tainted: G B 5.17.0-rc5-next-20220225 #1 15:43:13 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x5451, &(0x7f0000000000)={'rose0\x00'}) 15:43:13 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)) [ 742.796021] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 742.796036] Call Trace: [ 742.796041] [ 742.796048] dump_stack_lvl+0x8b/0xb3 [ 742.796085] should_fail.cold+0x5/0xa [ 742.796113] ? create_object.isra.0+0x3a/0xa20 [ 742.796148] should_failslab+0x5/0x10 [ 742.796167] kmem_cache_alloc+0x5b/0x480 [ 742.796195] create_object.isra.0+0x3a/0xa20 [ 742.796226] ? kasan_unpoison+0x23/0x50 [ 742.796260] __kmalloc_node_track_caller+0x269/0x440 [ 742.796285] ? netlink_sendmsg+0x98d/0xdf0 [ 742.796310] __alloc_skb+0xe3/0x340 [ 742.796350] netlink_sendmsg+0x98d/0xdf0 [ 742.796373] ? netlink_unicast+0x7f0/0x7f0 [ 742.796396] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 742.796425] ? netlink_unicast+0x7f0/0x7f0 [ 742.796445] sock_sendmsg+0x150/0x190 [ 742.796479] ____sys_sendmsg+0x709/0x870 [ 742.796513] ? kernel_sendmsg+0x50/0x50 [ 742.796544] ? __ia32_sys_recvmmsg+0x260/0x260 [ 742.796567] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 742.796620] ? _parse_integer+0x30/0x30 [ 742.796647] ? rcu_read_lock_sched_held+0xd/0x70 [ 742.796671] ? lock_release+0x505/0x6f0 [ 742.796695] ? __might_fault+0xd1/0x170 [ 742.796725] ? lock_downgrade+0x6d0/0x6d0 [ 742.796750] ___sys_sendmsg+0xf3/0x170 [ 742.796773] ? sendmsg_copy_msghdr+0x160/0x160 [ 742.796796] ? lock_release+0x505/0x6f0 [ 742.796820] ? lock_downgrade+0x6d0/0x6d0 [ 742.796844] ? rcu_read_lock_sched_held+0xd/0x70 [ 742.796867] ? lock_release+0x505/0x6f0 [ 742.796890] ? ksys_write+0x212/0x250 [ 742.796917] ? lock_downgrade+0x6d0/0x6d0 [ 742.796948] ? __fget_files+0x28d/0x470 [ 742.796974] ? __fget_light+0xea/0x280 [ 742.796995] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 742.797025] __sys_sendmsg+0xe5/0x1b0 [ 742.797046] ? __sys_sendmsg_sock+0x30/0x30 [ 742.797068] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 742.797102] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 742.797127] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 742.797154] ? syscall_enter_from_user_mode+0x1d/0x50 [ 742.797178] ? trace_hardirqs_on+0x5b/0x190 [ 742.797213] do_syscall_64+0x3b/0x90 [ 742.797244] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 742.797267] RIP: 0033:0x7f4663eeeb19 [ 742.797282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 742.797303] RSP: 002b:00007f4661464188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 742.797325] RAX: ffffffffffffffda RBX: 00007f4664001f60 RCX: 00007f4663eeeb19 [ 742.797340] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 742.797352] RBP: 00007f46614641d0 R08: 0000000000000000 R09: 0000000000000000 [ 742.797365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 742.797378] R13: 00007ffd9490a3cf R14: 00007f4661464300 R15: 0000000000022000 [ 742.797399] [ 742.917362] loop5: detected capacity change from 0 to 260 [ 742.925983] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:43:24 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f00000003c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$RTC_WIE_ON(r1, 0x700f) fstat(r0, &(0x7f0000000040)) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@local, @in=@dev}}, {{@in=@multicast1}, 0x0, @in=@private}}, &(0x7f0000000240)=0xe8) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000140)={0x37}, 0x14) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000029bd7000fd5bdf250200000008000108000600ac1414aa"], 0x2c}, 0x1, 0x0, 0x0, 0x40005}, 0x10) setresuid(0x0, r2, 0x0) r3 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) clone3(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0], 0x8}, 0x58) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7, r3}) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') fadvise64(0xffffffffffffffff, 0x8, 0x7, 0x3) write$P9_RMKNOD(r4, &(0x7f0000000140)={0x37}, 0x14) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x20010, &(0x7f0000000a00)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB="2c76657273696f6e3d1970323030302e752c6d73697a653d3078303030303030303030303030303030302c63616368657461673d2f6465762f737230002c736d61636b6673666c6f6f723d2f6465762f737230002c6f626a5f747970653d5d2c666f776e65723e47257538f2b4fde37397ec3c2c80f0cd1135865bbee353b26a3b0eedcc4e45d6755bddddefaf8ea58ed469f9a0b6c322e4e2b688e6ac069edef19091cf85550af9469f9163f9514f283606f50dcbcf86c6a65e7c856804194bdd1c19cae5881dac6892d800797c53e2dbb422de673bb756cd25985e1d82fdd722669814273a5a1159aff138035459dde7a882049f706c34736182eb30279ccc715fcdf4bc22a2ea0f5f323a1f56fc0a5a083591dc28c4fafbd82bc7fd44b78fe0a3e728819bb7d45d8133928da086fdbd78c9faf4fb9284925b1f2cd30b2078ea848a567e5eb5cd0e7ae46db90a174e2cdc22050089039f4efb910f6aac08f8c2e21cedb1d3d14b8dfb4e56f21b836887cf24739d6ccc59589e317a4c0113580545246c53964948ce8ca3cffbe22d45e853fe61fd33710df8d084421353209ed06d2e68479e8e02df6a45585ab1c6e373dd8918870f", @ANYRESHEX=r4, @ANYBLOB="992ea84b9c9b62c5444c3a814206d1e1ed6a40d92cfb608edb61f4623ab2877777b6b7f38612eb2f607d374969e98aad399d1beaf5548580b35844e2db9f3350e0166b8fcf27170eafe68991be17b9652b5193fc4e19738721fca8545a91b15265d84faf0032a0bc7aab2127e5183b44", @ANYRESDEC=r2, @ANYBLOB=',fsname=/dev/sr0\x00,appraise,appraise,appraise_type=imasig,\x00']) [ 754.273002] FAULT_INJECTION: forcing a failure. [ 754.273002] name failslab, interval 1, probability 0, space 0, times 0 [ 754.274428] CPU: 0 PID: 7545 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 754.275473] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 754.276682] Call Trace: [ 754.276973] [ 754.277212] dump_stack_lvl+0x8b/0xb3 [ 754.277622] should_fail.cold+0x5/0xa [ 754.278029] ? __do_sys_memfd_create+0xac/0x4f0 [ 754.278522] should_failslab+0x5/0x10 [ 754.278918] __kmalloc+0x72/0x440 [ 754.279292] __do_sys_memfd_create+0xac/0x4f0 [ 754.279771] do_syscall_64+0x3b/0x90 [ 754.280166] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 754.280709] RIP: 0033:0x7f01cb928b19 [ 754.281124] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 754.283079] RSP: 002b:00007f01c8e9df48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 754.283871] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f01cb928b19 [ 754.284632] RDX: 0000000000020800 RSI: 0000000000000000 RDI: 00007f01cb9820fb [ 754.285385] RBP: 0000000000000002 R08: 0000000000010400 R09: ffffffffffffffff [ 754.286130] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000008100000 [ 754.286873] R13: 0000000020000040 R14: 0000000000020800 R15: 0000000020000140 [ 754.287627] 15:43:24 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) (fail_nth: 7) 15:43:24 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket(0x2b, 0xa, 0x6bb) sendmsg$AUDIT_TTY_GET(r1, &(0x7f0000000200)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000a000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x10, 0x3f8, 0x8, 0x70bd29, 0x25dfdbfc, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x8001}, 0x8) sendmsg$IPCTNL_MSG_CT_GET_DYING(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x14, 0x6, 0x1, 0x101, 0x0, 0x0, {0x0, 0x0, 0x7}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40008c0}, 0x24000020) sendmsg$nl_xfrm(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="c00000001b0001000000000000000000e000000100"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="00000000000000000000000000000000000000000000000000400000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b5000000000000aca61d21ba8f9f990bbac99a11da184e116c325de8473f3dc62c0028e36bcd90d55df88ab8f75def1fcd5f20488f27d8951df2c0cf1382539cab22ed9aee5adb65abdb2be3853e98338d323fa47973dc4d499a8784dd01e727f63eb9189fb7ee53edbb39115cbca7a76edfa6"], 0xc0}}, 0x0) 15:43:24 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) truncate(&(0x7f0000000040)='./file1\x00', 0x8000) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) pwrite64(r0, &(0x7f0000000200)='x', 0x1, 0x0) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) fallocate(r2, 0x5, 0x0, 0x4f) pwrite64(r2, &(0x7f0000000400)="c0", 0x1, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000000)={0x0, r1}) 15:43:24 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x5452, &(0x7f0000000000)={'rose0\x00'}) 15:43:24 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 1) 15:43:24 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r0, &(0x7f0000000640)=[{&(0x7f00000000c0)="91", 0x1}], 0x1, 0x8000000, 0x0) r1 = socket$inet6(0xa, 0x801, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') ioctl$EXT4_IOC_GROUP_ADD(r3, 0x40286608, &(0x7f0000000240)={0x5, 0x2, 0x0, 0x176, 0x81, 0x5}) write$P9_RMKNOD(r5, &(0x7f0000000140)={0x37}, 0x14) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) r7 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000280), 0x208c00, 0x0) fsetxattr$security_ima(r7, &(0x7f00000002c0), &(0x7f0000000300)=@v1={0x2, "d7"}, 0x2, 0x0) r8 = socket$packet(0x11, 0x2, 0x300) r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000380), r6) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x6c, r9, 0x2, 0x5364, 0x25dfdbfc, {}, [@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}, @pci={{0x8}, {0x11}}]}, 0xc5}, 0x1, 0x0, 0x0, 0x4000}, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$ETHTOOL_MSG_RINGS_SET(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="a337fbfe553e7e53251a4eaedeb6edd9", @ANYRES16=r4, @ANYBLOB="0b0d00000000000000001000000008000a007d0f000008000900080000000c00018008000100", @ANYRES32=r10, @ANYBLOB="250b48ba547501559282e2d2f4685c85eb5d0dbf399c134425850100ceb4ca9e8916970f428a613e379bbe750433109973c1b060dd254111494039fca0beccbc"], 0x30}, 0x1, 0x0, 0x0, 0x400d4}, 0x0) recvfrom(r5, &(0x7f0000000140)=""/245, 0xf5, 0x20000041, &(0x7f0000000000)=@xdp={0x2c, 0xb, r10, 0x2e}, 0x80) sendfile(r4, r2, 0x0, 0x1400000000) close_range(r1, 0xffffffffffffffff, 0x0) 15:43:24 executing program 0: syz_usb_connect$uac1(0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write(r0, &(0x7f0000000080)="01", 0x20000081) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'sit0\x00'}) syz_usb_connect$cdc_ncm(0x4, 0x7e, &(0x7f0000000000)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6c, 0x2, 0x1, 0x81, 0x20, 0x8, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xa, 0x24, 0x6, 0x0, 0x1, "daed38ba0a"}, {0x5, 0x24, 0x0, 0x40}, {0xd, 0x24, 0xf, 0x1, 0xeb0, 0xabd, 0x1, 0x5f}, {0x6, 0x24, 0x1a, 0x5}, [@acm={0x4, 0x24, 0x2, 0x4}, @dmm={0x7, 0x24, 0x14, 0x2, 0x2}]}, {{0x9, 0x5, 0x81, 0x3, 0x40, 0x3, 0x4, 0x85}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x40, 0x7f, 0x7, 0x5}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x6, 0x1f, 0x56}}}}}}}]}}, &(0x7f0000000600)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x110, 0x4, 0xff, 0x4, 0x0, 0x3}, 0x2c, &(0x7f0000000240)={0x5, 0xf, 0x2c, 0x2, [@ext_cap={0x7, 0x10, 0x2, 0x0, 0x5, 0x9, 0x7f}, @ssp_cap={0x20, 0x10, 0xa, 0xe0, 0x5, 0x100, 0xff0f, 0x1, [0x3f00, 0x0, 0xf, 0xff0000, 0xc0c0]}]}, 0x5, [{0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x145d}}, {0x67, &(0x7f00000002c0)=@string={0x67, 0x3, "b4a900783b8b0874796464e9502f7f5f0e7789bb4843e36153aef1b54191efa1bd56f969ee7d6d85a19963c4da50c91ea0c52715b0b17e3abaac97498c3b992e637eeda990a814c9114ba64e2b2d29812de4f2d0d2085d271a6931beba7e8388b0c7966c2a"}}, {0x50, &(0x7f0000000380)=@string={0x50, 0x3, "770b7555851f77406bf2fa93f11bf01c86c870d7e55fd12b0a1ee2a4e98a10864b1898a13df7dac4927f7ec894a3abe126fe3bf7f28065a4c60fbfdd2d06357c4940f2c9de3404d49fd37d998455"}}, {0xd5, &(0x7f0000000400)=@string={0xd5, 0x3, "83128c7b61ab16de3dc9baf87b42f1c6c91e784b48ecb81f0b946558d8ab9da33aa1577a8373f65eeeb778d483bcad1c3c59582ba0e27e6bee621d897846f5a090c7223a4bae05d63c21677e533bc9bcced3cc8a7d4a8fdd45b298376ce584a8327d480ebf610576ef1737a82fbb0350f40b346ece14e4bbc86ba540acfa8c7e44206bb5bafa40ce9685404338fd622557bf5d244037e5b179c242bfd35ef69ef7a659b81371d3566c1b7143eeb8949a52107e2a7ef74fc3fb433689e7ebb3c8d0e0a21b151f4bc8fee3a31aa6a4d9fe202480"}}, {0xc5, &(0x7f0000000500)=@string={0xc5, 0x3, "5b633596a50bd2691b1da2e70c246c0fa588e4da303864a39bfd99a5bc0ded932587a9bbf5f1c1351835959b1f54ddac62f1d3a746d42dcb4cc098c8baf160b5f4f7737898e344b311205159840d09f6c5a0552e14541613de1289bbb850fc44f74f6032398395edbc45ee89308b694dd5eda3b7dfe864c85bd573229b96644477894960f5c77da3e2d1e50e6063f54b73968dac3fba22d67f704964f61f7f2b4bebbdc334bf9d90d96c2ccb9f1756da68d06fad38b14f41d121e9c8a8f7fb49e5f775"}}]}) recvfrom(0xffffffffffffffff, &(0x7f0000000140)=""/247, 0xf7, 0x0, 0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) sendfile(r0, r0, 0x0, 0x1d59dfe9) [ 754.298159] FAULT_INJECTION: forcing a failure. [ 754.298159] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 754.300504] CPU: 1 PID: 7533 Comm: syz-executor.3 Tainted: G B 5.17.0-rc5-next-20220225 #1 15:43:24 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 2) [ 754.302431] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 754.304825] Call Trace: [ 754.305343] [ 754.305796] dump_stack_lvl+0x8b/0xb3 [ 754.306573] should_fail.cold+0x5/0xa [ 754.307329] _copy_from_iter+0x37d/0x14c0 [ 754.308167] ? _copy_from_iter_nocache+0x1490/0x1490 [ 754.309199] ? rcu_read_lock_sched_held+0xd/0x70 [ 754.310147] ? memset+0x20/0x40 [ 754.310809] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 754.311901] ? __virt_addr_valid+0xe9/0x310 [ 754.312773] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 754.313862] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 754.314853] ? __check_object_size+0x1b5/0x4e0 [ 754.315763] netlink_sendmsg+0x86b/0xdf0 [ 754.316566] ? netlink_unicast+0x7f0/0x7f0 [ 754.317414] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 754.318507] ? netlink_unicast+0x7f0/0x7f0 [ 754.319342] sock_sendmsg+0x150/0x190 [ 754.320103] ____sys_sendmsg+0x709/0x870 [ 754.320929] ? kernel_sendmsg+0x50/0x50 [ 754.321725] ? __ia32_sys_recvmmsg+0x260/0x260 [ 754.321861] FAULT_INJECTION: forcing a failure. [ 754.321861] name failslab, interval 1, probability 0, space 0, times 0 [ 754.322627] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 754.324903] ? _parse_integer+0x30/0x30 [ 754.325688] ? rcu_read_lock_sched_held+0xd/0x70 [ 754.326624] ? lock_release+0x505/0x6f0 [ 754.327427] ? __might_fault+0xd1/0x170 [ 754.328219] ? lock_downgrade+0x6d0/0x6d0 [ 754.329061] ___sys_sendmsg+0xf3/0x170 [ 754.329832] ? sendmsg_copy_msghdr+0x160/0x160 [ 754.330729] ? lock_release+0x505/0x6f0 [ 754.331511] ? lock_downgrade+0x6d0/0x6d0 [ 754.332331] ? rcu_read_lock_sched_held+0xd/0x70 [ 754.333269] ? lock_release+0x505/0x6f0 [ 754.334054] ? ksys_write+0x212/0x250 [ 754.334807] ? lock_downgrade+0x6d0/0x6d0 [ 754.335623] ? __fget_files+0x28d/0x470 [ 754.336407] ? __fget_light+0xea/0x280 [ 754.337178] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 754.338265] __sys_sendmsg+0xe5/0x1b0 [ 754.339015] ? __sys_sendmsg_sock+0x30/0x30 [ 754.339867] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 754.340972] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 754.341957] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 754.343014] ? syscall_enter_from_user_mode+0x1d/0x50 [ 754.344028] ? trace_hardirqs_on+0x5b/0x190 [ 754.344889] do_syscall_64+0x3b/0x90 [ 754.345630] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 754.346644] RIP: 0033:0x7f4663eeeb19 [ 754.347364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 754.350969] RSP: 002b:00007f4661464188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 754.352447] RAX: ffffffffffffffda RBX: 00007f4664001f60 RCX: 00007f4663eeeb19 [ 754.353834] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 754.355219] RBP: 00007f46614641d0 R08: 0000000000000000 R09: 0000000000000000 [ 754.356603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 754.358028] R13: 00007ffd9490a3cf R14: 00007f4661464300 R15: 0000000000022000 [ 754.359422] [ 754.359872] CPU: 0 PID: 7548 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 754.360939] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 754.362173] Call Trace: [ 754.362458] [ 754.362702] dump_stack_lvl+0x8b/0xb3 [ 754.363136] should_fail.cold+0x5/0xa [ 754.363554] ? create_object.isra.0+0x3a/0xa20 [ 754.364064] should_failslab+0x5/0x10 [ 754.364479] kmem_cache_alloc+0x5b/0x480 [ 754.364944] create_object.isra.0+0x3a/0xa20 [ 754.365414] ? kasan_unpoison+0x23/0x50 [ 754.365856] __kmalloc+0x25b/0x440 [ 754.366237] __do_sys_memfd_create+0xac/0x4f0 [ 754.366738] do_syscall_64+0x3b/0x90 [ 754.367135] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 754.367709] RIP: 0033:0x7f01cb928b19 [ 754.368097] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 754.370137] RSP: 002b:00007f01c8e9df48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 754.370930] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f01cb928b19 [ 754.371722] RDX: 0000000000020800 RSI: 0000000000000000 RDI: 00007f01cb9820fb [ 754.372494] RBP: 0000000000000002 R08: 0000000000010400 R09: ffffffffffffffff [ 754.373282] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000008100000 [ 754.374053] R13: 0000000020000040 R14: 0000000000020800 R15: 0000000020000140 [ 754.374831] 15:43:24 executing program 1: chdir(&(0x7f0000000080)='./file0\x00') setxattr$incfs_size(&(0x7f0000000980)='./file0\x00', &(0x7f00000009c0), &(0x7f0000000a00)=0x80000001, 0x8, 0x3) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file2\x00', 0x4) setxattr$security_capability(&(0x7f0000000a40)='./file0\x00', &(0x7f0000000a80), &(0x7f0000000ac0)=@v2={0x2000000, [{0x8000, 0xfffffe01}, {0x2, 0x8}]}, 0x14, 0x1) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r1 = openat(r0, &(0x7f0000000000)='./file0\x00', 0x10082, 0x80) pwritev(r0, &(0x7f00000001c0)=[{&(0x7f0000000300)="9b", 0x1}], 0x12a7, 0x8000001, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) sendfile(0xffffffffffffffff, r1, &(0x7f0000000140)=0x24d, 0x8001) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x7fffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r4, &(0x7f0000000140)={0x37}, 0x14) recvmmsg(r4, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000180)=""/26, 0x1a}, {&(0x7f0000000340)=""/193, 0xc1}, {&(0x7f0000000440)=""/250, 0xfa}, {&(0x7f0000000540)=""/224, 0xe0}, {&(0x7f0000000240)=""/23, 0x17}, {&(0x7f0000000640)=""/218, 0xda}, {&(0x7f0000000740)=""/148, 0x94}, {&(0x7f0000000800)=""/232, 0xe8}], 0x8}, 0x4}], 0x1, 0x2000, &(0x7f0000000940)) 15:43:24 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x5460, &(0x7f0000000000)={'rose0\x00'}) 15:43:25 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r0, &(0x7f0000000640)=[{&(0x7f00000000c0)="91", 0x1}], 0x1, 0x8000000, 0x0) r1 = socket$inet6(0xa, 0x801, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') ioctl$EXT4_IOC_GROUP_ADD(r3, 0x40286608, &(0x7f0000000240)={0x5, 0x2, 0x0, 0x176, 0x81, 0x5}) write$P9_RMKNOD(r5, &(0x7f0000000140)={0x37}, 0x14) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) r7 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000280), 0x208c00, 0x0) fsetxattr$security_ima(r7, &(0x7f00000002c0), &(0x7f0000000300)=@v1={0x2, "d7"}, 0x2, 0x0) r8 = socket$packet(0x11, 0x2, 0x300) r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000380), r6) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x6c, r9, 0x2, 0x5364, 0x25dfdbfc, {}, [@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}, @pci={{0x8}, {0x11}}]}, 0xc5}, 0x1, 0x0, 0x0, 0x4000}, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$ETHTOOL_MSG_RINGS_SET(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="a337fbfe553e7e53251a4eaedeb6edd9", @ANYRES16=r4, @ANYBLOB="0b0d00000000000000001000000008000a007d0f000008000900080000000c00018008000100", @ANYRES32=r10, @ANYBLOB="250b48ba547501559282e2d2f4685c85eb5d0dbf399c134425850100ceb4ca9e8916970f428a613e379bbe750433109973c1b060dd254111494039fca0beccbc"], 0x30}, 0x1, 0x0, 0x0, 0x400d4}, 0x0) recvfrom(r5, &(0x7f0000000140)=""/245, 0xf5, 0x20000041, &(0x7f0000000000)=@xdp={0x2c, 0xb, r10, 0x2e}, 0x80) sendfile(r4, r2, 0x0, 0x1400000000) close_range(r1, 0xffffffffffffffff, 0x0) 15:43:25 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r0, &(0x7f0000000140)={0x37}, 0x14) close(r0) syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_MGMT_C_LISTDEF(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="84000000", @ANYRES16=0x0, @ANYBLOB="002828bd7000fddbdf250600000008000800ac14140a140005000000000000000000000000000000000008000c00010000000d0001006e6c3830323135340000000008000200030000000d0001006e6c3830323135340000000006000b000300000008000700e000000214000500ff020000000000000000000000000001"], 0x84}, 0x1, 0x0, 0x0, 0xc1}, 0x20002010) 15:43:25 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r0, &(0x7f0000000640)=[{&(0x7f00000000c0)="91", 0x1}], 0x1, 0x8000000, 0x0) r1 = socket$inet6(0xa, 0x801, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') ioctl$EXT4_IOC_GROUP_ADD(r3, 0x40286608, &(0x7f0000000240)={0x5, 0x2, 0x0, 0x176, 0x81, 0x5}) write$P9_RMKNOD(r5, &(0x7f0000000140)={0x37}, 0x14) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) r7 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000280), 0x208c00, 0x0) fsetxattr$security_ima(r7, &(0x7f00000002c0), &(0x7f0000000300)=@v1={0x2, "d7"}, 0x2, 0x0) r8 = socket$packet(0x11, 0x2, 0x300) r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000380), r6) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x6c, r9, 0x2, 0x5364, 0x25dfdbfc, {}, [@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}, @pci={{0x8}, {0x11}}]}, 0xc5}, 0x1, 0x0, 0x0, 0x4000}, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$ETHTOOL_MSG_RINGS_SET(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="a337fbfe553e7e53251a4eaedeb6edd9", @ANYRES16=r4, @ANYBLOB="0b0d00000000000000001000000008000a007d0f000008000900080000000c00018008000100", @ANYRES32=r10, @ANYBLOB="250b48ba547501559282e2d2f4685c85eb5d0dbf399c134425850100ceb4ca9e8916970f428a613e379bbe750433109973c1b060dd254111494039fca0beccbc"], 0x30}, 0x1, 0x0, 0x0, 0x400d4}, 0x0) recvfrom(r5, &(0x7f0000000140)=""/245, 0xf5, 0x20000041, &(0x7f0000000000)=@xdp={0x2c, 0xb, r10, 0x2e}, 0x80) sendfile(r4, r2, 0x0, 0x1400000000) close_range(r1, 0xffffffffffffffff, 0x0) [ 754.573582] loop5: detected capacity change from 0 to 260 15:43:25 executing program 4: r0 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x1c, r0, 0x100, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x14}, 0x1) openat$sr(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0) 15:43:25 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x40049409, &(0x7f0000000000)={'rose0\x00'}) [ 754.616136] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:43:36 executing program 0: openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_print_times', 0x0, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') write$P9_RREADDIR(r0, &(0x7f0000000080)=ANY=[@ANYRESDEC], 0xb) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040), 0x503080, 0x0) ioctl$KDSIGACCEPT(r1, 0x4b4e, 0x2e) 15:43:36 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x40086602, &(0x7f0000000000)={'rose0\x00'}) 15:43:36 executing program 7: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r0, &(0x7f0000000640)=[{&(0x7f00000000c0)="91", 0x1}], 0x1, 0x8000000, 0x0) r1 = socket$inet6(0xa, 0x801, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') ioctl$EXT4_IOC_GROUP_ADD(r3, 0x40286608, &(0x7f0000000240)={0x5, 0x2, 0x0, 0x176, 0x81, 0x5}) write$P9_RMKNOD(r5, &(0x7f0000000140)={0x37}, 0x14) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) r7 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000280), 0x208c00, 0x0) fsetxattr$security_ima(r7, &(0x7f00000002c0), &(0x7f0000000300)=@v1={0x2, "d7"}, 0x2, 0x0) r8 = socket$packet(0x11, 0x2, 0x300) r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000380), r6) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x6c, r9, 0x2, 0x5364, 0x25dfdbfc, {}, [@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}, @pci={{0x8}, {0x11}}]}, 0xc5}, 0x1, 0x0, 0x0, 0x4000}, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$ETHTOOL_MSG_RINGS_SET(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="a337fbfe553e7e53251a4eaedeb6edd9", @ANYRES16=r4, @ANYBLOB="0b0d00000000000000001000000008000a007d0f000008000900080000000c00018008000100", @ANYRES32=r10, @ANYBLOB="250b48ba547501559282e2d2f4685c85eb5d0dbf399c134425850100ceb4ca9e8916970f428a613e379bbe750433109973c1b060dd254111494039fca0beccbc"], 0x30}, 0x1, 0x0, 0x0, 0x400d4}, 0x0) recvfrom(r5, &(0x7f0000000140)=""/245, 0xf5, 0x20000041, &(0x7f0000000000)=@xdp={0x2c, 0xb, r10, 0x2e}, 0x80) sendfile(r4, r2, 0x0, 0x1400000000) close_range(r1, 0xffffffffffffffff, 0x0) 15:43:36 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 3) 15:43:36 executing program 6: r0 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f736689254300080120000400004000f8000020004000030000000000000001", 0x25}, {0x0, 0x0, 0x10000}], 0x2800012, &(0x7f0000011200)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') sendmsg(0xffffffffffffffff, 0x0, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f00000003c0)='./file1\x00', 0x4042, 0x0) pwrite64(r1, &(0x7f0000000000)='y', 0x8800, 0x4c) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwritev(r2, &(0x7f0000000640)=[{&(0x7f00000002c0)="19", 0x1}], 0x1, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1/file0\x00', 0x3a1843, 0x38) sendfile(r2, r2, 0x0, 0xffffffff000) ioctl$AUTOFS_DEV_IOCTL_READY(r2, 0xc0189376, &(0x7f0000000340)=ANY=[@ANYBLOB="010000ff7f000000e7ff0000", @ANYRES32=0xffffffffffffffff, @ANYBLOB="052f66296c65304600000000000000007a666d3f9bd9c98ee3e12d61cf0d1f23241a917dfa30657ec554012169136d509378ff04bc633f5a276cf106d7ce9e9e45169990f1b21939"]) openat(r3, &(0x7f0000000180)='./file0\x00', 0x101000, 0x20) r4 = openat$sr(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$CDROMMULTISESSION(r4, 0x5312, 0x0) ioctl$CDROM_SELECT_SPEED(r4, 0x5322, 0x7) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x98980, 0x2) r6 = openat$null(0xffffffffffffff9c, &(0x7f0000000500), 0x200080, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') io_uring_register$IORING_REGISTER_FILES(r4, 0x2, &(0x7f0000000540)=[0xffffffffffffffff, r6, r0, r3, r7], 0x5) symlinkat(&(0x7f00000001c0)='./file0\x00', r5, &(0x7f0000000280)='./file0\x00') ioctl$BTRFS_IOC_QGROUP_LIMIT(r4, 0x8030942b, &(0x7f0000000040)={0x200000000000009, {0x0, 0x2c, 0x3ff, 0x2, 0x5}}) 15:43:36 executing program 1: clone3(&(0x7f0000001fc0)={0x160022100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000001f80)=[0x0], 0x1}, 0x58) r0 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) clone3(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0], 0x8}, 0x58) r1 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) clone3(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0], 0x8}, 0x58) clone3(&(0x7f0000000280)={0x80800000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x12}, &(0x7f00000000c0)=""/93, 0x5d, &(0x7f0000000140)=""/228, &(0x7f0000000240)=[r0, r1], 0x2}, 0x58) [ 765.941557] FAULT_INJECTION: forcing a failure. [ 765.941557] name failslab, interval 1, probability 0, space 0, times 0 [ 765.942780] CPU: 0 PID: 7599 Comm: syz-executor.3 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 765.943835] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 765.944577] loop6: detected capacity change from 0 to 256 [ 765.945057] Call Trace: [ 765.945063] [ 765.945068] dump_stack_lvl+0x8b/0xb3 [ 765.947120] should_fail.cold+0x5/0xa [ 765.947524] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xd7/0x290 [ 765.948214] should_failslab+0x5/0x10 [ 765.948619] __kmalloc+0x72/0x440 [ 765.948996] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 765.949609] genl_family_rcv_msg_attrs_parse.constprop.0+0xd7/0x290 [ 765.950280] genl_family_rcv_msg_doit+0xda/0x330 [ 765.950791] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 765.951483] ? __stack_depot_save+0x35/0x450 [ 765.951978] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 765.952571] ? cap_capable+0x1eb/0x250 [ 765.952993] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 765.953571] ? security_capable+0x95/0xc0 [ 765.954008] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 765.954596] ? ns_capable+0xd9/0x100 [ 765.954995] genl_rcv_msg+0x33c/0x5a0 [ 765.955403] ? genl_get_cmd+0x480/0x480 [ 765.955820] ? nl80211_register_mgmt+0x470/0x470 [ 765.956336] ? lock_release+0x6f0/0x6f0 [ 765.956755] ? rcu_read_lock_sched_held+0xd/0x70 [ 765.957274] netlink_rcv_skb+0x14b/0x430 [ 765.957699] ? genl_get_cmd+0x480/0x480 [ 765.958120] ? netlink_ack+0xa80/0xa80 [ 765.958539] ? netlink_deliver_tap+0x1b2/0xc30 [ 765.959019] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 765.959544] ? is_vmalloc_addr+0x7b/0xb0 [ 765.959982] genl_rcv+0x24/0x40 [ 765.960329] netlink_unicast+0x540/0x7f0 [ 765.960756] ? netlink_attachskb+0x880/0x880 [ 765.961237] ? __virt_addr_valid+0xe9/0x310 [ 765.961704] netlink_sendmsg+0x904/0xdf0 [ 765.962141] ? netlink_unicast+0x7f0/0x7f0 [ 765.962613] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 765.963194] ? netlink_unicast+0x7f0/0x7f0 [ 765.963640] sock_sendmsg+0x150/0x190 [ 765.964049] ____sys_sendmsg+0x709/0x870 [ 765.964486] ? kernel_sendmsg+0x50/0x50 [ 765.964913] ? __ia32_sys_recvmmsg+0x260/0x260 [ 765.965411] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 765.965411] FAULT_INJECTION: forcing a failure. [ 765.965411] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 765.966002] ? _parse_integer+0x30/0x30 [ 765.966019] ? rcu_read_lock_sched_held+0xd/0x70 [ 765.966032] ? lock_release+0x505/0x6f0 [ 765.969607] ? __might_fault+0xd1/0x170 [ 765.970050] ? lock_downgrade+0x6d0/0x6d0 [ 765.970486] ___sys_sendmsg+0xf3/0x170 [ 765.970900] ? sendmsg_copy_msghdr+0x160/0x160 [ 765.971379] ? lock_release+0x505/0x6f0 [ 765.971799] ? lock_downgrade+0x6d0/0x6d0 [ 765.972236] ? rcu_read_lock_sched_held+0xd/0x70 [ 765.972735] ? lock_release+0x505/0x6f0 [ 765.973161] ? ksys_write+0x212/0x250 [ 765.973574] ? lock_downgrade+0x6d0/0x6d0 [ 765.974021] ? __fget_files+0x28d/0x470 [ 765.974444] ? __fget_light+0xea/0x280 [ 765.974858] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 765.975438] __sys_sendmsg+0xe5/0x1b0 [ 765.975848] ? __sys_sendmsg_sock+0x30/0x30 [ 765.976305] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 765.976890] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 765.977446] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 765.978028] ? syscall_enter_from_user_mode+0x1d/0x50 [ 765.978592] ? trace_hardirqs_on+0x5b/0x190 [ 765.979053] do_syscall_64+0x3b/0x90 [ 765.979460] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 765.980012] RIP: 0033:0x7f4663eeeb19 [ 765.980409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 765.982362] RSP: 002b:00007f4661464188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 765.983158] RAX: ffffffffffffffda RBX: 00007f4664001f60 RCX: 00007f4663eeeb19 [ 765.983918] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 765.984674] RBP: 00007f46614641d0 R08: 0000000000000000 R09: 0000000000000000 [ 765.985459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 765.986242] R13: 00007ffd9490a3cf R14: 00007f4661464300 R15: 0000000000022000 [ 765.987032] [ 765.987295] CPU: 1 PID: 7604 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 765.989429] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 765.991630] Call Trace: [ 765.992127] [ 765.992563] dump_stack_lvl+0x8b/0xb3 [ 765.993336] should_fail.cold+0x5/0xa [ 765.994087] _copy_from_user+0x2a/0x170 [ 765.994865] __do_sys_memfd_create+0xff/0x4f0 [ 765.995756] do_syscall_64+0x3b/0x90 [ 765.996492] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 765.997502] RIP: 0033:0x7f01cb928b19 [ 765.998215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 766.001849] RSP: 002b:00007f01c8e9df48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 766.003318] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f01cb928b19 [ 766.004710] RDX: 0000000000020800 RSI: 0000000000000000 RDI: 00007f01cb9820fb [ 766.006111] RBP: 0000000000000002 R08: 0000000000010400 R09: ffffffffffffffff [ 766.007494] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000008100000 [ 766.008878] R13: 0000000020000040 R14: 0000000000020800 R15: 0000000020000140 [ 766.010272] 15:43:36 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) (fail_nth: 8) 15:43:36 executing program 4: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) clone3(&(0x7f0000000640)={0x123363500, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r2 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) clone3(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0], 0x8}, 0x58) r3 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) write$P9_RLOCK(r1, &(0x7f00000001c0)={0x8, 0x35, 0x1, 0x1}, 0x8) clone3(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0], 0x8}, 0x58) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r4, &(0x7f0000000140)={0x37}, 0x14) clone3(&(0x7f00000003c0)={0x10000000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000140), {0x2}, &(0x7f0000000280), 0x0, &(0x7f00000002c0)=""/159, &(0x7f0000000380)=[r2, r3], 0x2, {r4}}, 0x58) mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f00000025c0), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="7472616e6f3d0fa6995ec7fdcd1bdec7c159c7b82140d5eccc0cd3138731f7c91e869f87a3e69c587fb7fbb83335ce6002dde8552d5cc8388e0e3db5f478ee418a3f6adaf773ad8319f411bce4a8b16b6154692faae4b4a9d1fef92ee6c87561201684d1136b63750778be1894d9c9b2b50500"/125, @ANYRESHEX=r0, @ANYBLOB="2c77664d0691e9832d39e107c525105b0b6f3d", @ANYRESHEX=r1, @ANYBLOB=',version=9p2000,afid=0x0000000000000004,\x00']) getdents64(0xffffffffffffffff, &(0x7f0000000180)=""/12, 0xc) openat$cdrom(0xffffffffffffff9c, &(0x7f0000000080), 0x48800, 0x0) [ 766.020144] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:43:36 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x40087602, &(0x7f0000000000)={'rose0\x00'}) [ 766.195077] FAT-fs (loop6): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:43:47 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 4) 15:43:47 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f00000003c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$RTC_WIE_ON(r1, 0x700f) fstat(r0, &(0x7f0000000040)) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@local, @in=@dev}}, {{@in=@multicast1}, 0x0, @in=@private}}, &(0x7f0000000240)=0xe8) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000140)={0x37}, 0x14) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000029bd7000fd5bdf250200000008000108000600ac1414aa"], 0x2c}, 0x1, 0x0, 0x0, 0x40005}, 0x10) setresuid(0x0, r2, 0x0) r3 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) clone3(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0], 0x8}, 0x58) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7, r3}) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') fadvise64(0xffffffffffffffff, 0x8, 0x7, 0x3) write$P9_RMKNOD(r4, &(0x7f0000000140)={0x37}, 0x14) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x20010, &(0x7f0000000a00)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB="2c76657273696f6e3d1970323030302e752c6d73697a653d3078303030303030303030303030303030302c63616368657461673d2f6465762f737230002c736d61636b6673666c6f6f723d2f6465762f737230002c6f626a5f747970653d5d2c666f776e65723e47257538f2b4fde37397ec3c2c80f0cd1135865bbee353b26a3b0eedcc4e45d6755bddddefaf8ea58ed469f9a0b6c322e4e2b688e6ac069edef19091cf85550af9469f9163f9514f283606f50dcbcf86c6a65e7c856804194bdd1c19cae5881dac6892d800797c53e2dbb422de673bb756cd25985e1d82fdd722669814273a5a1159aff138035459dde7a882049f706c34736182eb30279ccc715fcdf4bc22a2ea0f5f323a1f56fc0a5a083591dc28c4fafbd82bc7fd44b78fe0a3e728819bb7d45d8133928da086fdbd78c9faf4fb9284925b1f2cd30b2078ea848a567e5eb5cd0e7ae46db90a174e2cdc22050089039f4efb910f6aac08f8c2e21cedb1d3d14b8dfb4e56f21b836887cf24739d6ccc59589e317a4c0113580545246c53964948ce8ca3cffbe22d45e853fe61fd33710df8d084421353209ed06d2e68479e8e02df6a45585ab1c6e373dd8918870f", @ANYRESHEX=r4, @ANYBLOB="992ea84b9c9b62c5444c3a814206d1e1ed6a40d92cfb608edb61f4623ab2877777b6b7f38612eb2f607d374969e98aad399d1beaf5548580b35844e2db9f3350e0166b8fcf27170eafe68991be17b9652b5193fc4e19738721fca8545a91b15265d84faf0032a0bc7aab2127e5183b44", @ANYRESDEC=r2, @ANYBLOB=',fsname=/dev/sr0\x00,appraise,appraise,appraise_type=imasig,\x00']) 15:43:47 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) (fail_nth: 9) 15:43:47 executing program 4: syz_emit_ethernet(0x6e, &(0x7f0000000180)={@local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "2ddc20", 0x38, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, {[], @dest_unreach={0x1, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "8bbd12", 0x0, 0x88, 0x0, @private2, @mcast1, [], "b19093b70ad62e94"}}}}}}}, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000140)=0x0) ptrace$setopts(0x4206, r0, 0x6, 0x0) syz_emit_ethernet(0xc1, &(0x7f0000000000)={@empty, @broadcast, @val={@val={0x9100, 0x2}, {0x8100, 0x6, 0x0, 0x3}}, {@generic={0x88f5, "076b162497091cc5947b71c290bc9c72bf6cda92c4ae144425642f8b0cbbd375d093f1f44a20306460e6d7b0586e85bc434c79a6ba11204f8ce87930fa2ac2ec74edf55a7118fe1dd4e031c96908b268387cc3eb90c24e38065c7e67f1f2dbb96be604abc9159b2819c7c47423496365f463f5b389a0bb7311697b1b660249e3a7268f5973d8e5b62aa8722fa6a2926cdc98ef5418906c1baac9a90b8910f199c90a5ff3a01f5d0dd2b28f"}}}, &(0x7f0000000100)={0x0, 0x4, [0x4d7, 0xaf8, 0xa9, 0xe56]}) 15:43:47 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x401c5820, &(0x7f0000000000)={'rose0\x00'}) 15:43:47 executing program 6: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/bus/input/devices\x00', 0x0, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x1, {0x80, 0x3}}, 0x14) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') r2 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r2, &(0x7f0000000140)={0x37}, 0x14) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r3, &(0x7f0000000140)={0x37}, 0x14) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f00000000c0)=0x0) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000540), 0x40, 0x0) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000140)={0x37}, 0x14) ftruncate(0xffffffffffffffff, 0x6) ioctl$BTRFS_IOC_RM_DEV_V2(r5, 0x5000943a, &(0x7f0000000600)={{}, r4, 0x0, @inherit={0x68, &(0x7f0000000580)={0x0, 0x4, 0x0, 0x8e8e, {0x10, 0x2, 0x80000000, 0x10001}, [0x1000, 0x0, 0xda, 0x80]}}, @devid}) ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f0000000240)={{r3}, r4, 0x14, @inherit={0x80, &(0x7f00000001c0)={0x1, 0x7, 0x40, 0x4, {0x0, 0x5, 0xb9, 0xace, 0x8}, [0x2, 0x4e, 0x6, 0x1f, 0x1, 0x4, 0x80000000]}}, @name="ab5661a4964c3cb21147c2795fed669de60bfee7cf604f461a0587000861ce66910b1a0b49c3574249491d612ae5cbdfdb2f1498ac901db40f8073a1b397c80d070171deae99049fd1d86fedc3cea5edbc9f9b846eca16e66d17e698ebc734e8227da8b4dca2d8290c96bedf50eb029d801e6e71b07c0f88a02c4947249aae3284c72f9a80d287cfb5212eb2def94ef49e7c5b22cc711103e0065a4db2c3612d79623195df9f6965c6b1deab972970106d5318be030430e67d86a8d75ff4781c0a11e80669b352254457de03c8884f3eba2983576d479cc7325dd01f366016588544349f27aa601821d1f2336342e9ce789b4920c7e10e8ffbfa67b83ac587b82a6e3447a9270f3bfdc0077f6b1996adfcd4e58af889ec074be7af2181d195dfb87e9fde012d39fef0759e4ad2cc76472c76f0044df1bd60ae9b09bbe48060d0c9ebff8e6bf76d66c0490418fbe9a0c3df02fecbb2c060e3489b4e586907db87744871a4bf82bdf59e4aace005b2a06209c12dcfa00238501758c718ea5c295df52402a0b1f5870ec83033fa34d1b5231259a180692b57aff64dbb181c270e5f5040fdf869dd34374054895061ad5c917b7f3ba307a1097e8108c52569e3b52c3bdb101b3b6e561a65c2227549c50cb39a9c484bf3291b528a30a0af269e8275bb8cd2d3e1bf4184a428c1ffd2f2fa1d37a7f91d79b404c9dd63ece95db09a361319b83ccf4e1d4d89ef8c860386507352115bed246f22f5d9ffd043717289a5e299052584111d78150e88d3eea5616889c8a8e4cbe8a9dcd67c0263c70245ce6656ca1b6fafdfba5cabe99d0fddc0f1fc9a36297d09b0da528f75c1eedb934b1a40a79418ef72712a0b15ad45d0a4c292732f41040fc9d7fa254ab441d419316e23cc7792f845819934baf1fdb53c058d0abcaf31cea9978e3cd2e792fcdebd2584374f196dca2888653b7ee6c214cbffecc46cc380c4a24e26ed751895957e0e23331845e0cb16153fe715116c80364aa94cc1974bf7f747af0a470ff8f7907ac937c81d7bf8d074b8e37fa9759220f116ae9e44f3c2228bff7674c2341f7380693dd9bde319ca7bbc0f8413cdc0078a2cd8bb4000349ad332c6eb7b7ba35a853a17c4a17694664cb80398ccc1b143ce65f0736c21d94fd5e52dbf3404fee6acbe67cf8e2c01cbaec9b065a5b1d0be69b07791fd7e3fdab4c46324639696eb6030e2e0518c44ae9a590fe1db85899020ffcaa01e04f6be59da2c977edbb05d403251316f3e0dba4c99701c80b81c46a75f281a694f59f31da3f09f725e8506f08c9827a69e356ae09254cdd033c0bebf234fea10795012c3d6bda585c2498914709184ee807562ecfb07f228b8f89f403cf2d41a7e30e36fdd58d1723ac9765a4d4afeb61f59bf287aa93e19c51c0aea1c4aa0f3752aef1e2fd1ffa7b8d4e361ef0f177c782a0376154fd7221fc59bf2bb0c447bc6629ad241e27868c9fafbe29b47142a971a995df6a710b0872f3df7ce860bedbdc91e97ed672a364e366dcfa038d232aea67d7897e500b12e22368da6dce18492f5df2e9bb30d1640e8e4d822ec46e01bcbc8c9404b67aab30ae8fcbb1e065073811eae6b9d8154642a6b2925244fb13b7c0ccde1ad1a3de0433926e9161d19181be4364efc371fc686829c727b97ca480ab69e0641ff7c324f82a027b51531577987f9565443a9647fdaff67b868d982ea7b1dd98403762a84dbfc43b19693b8576f8836af48c742e967c30db485cd5fffca1729cf5687af3f578016fc7bcd5fb6e8fbfa613c3af782418f226c630ebe9db25459adb7c1bc83d4cf265bd297401b7929638b676cb79ed4be26d4522447dd77daba57f3e5e9ff45a42e5cde5f218f6148673eb709a817aa072e96a386e68d3dd77a6c119fc96f28837e3f7dc5f4d0317dee0ba735d1a1a39fca8099c49d5d719b3d1fc6dbd6477311b0de2d4714b69ffa902bc6e24e0e9023147fbf7de4daced7b1036a4306a8f8d01a9891708b8b52f1fba0e21f3bc6f0f88db8a5491ae3c9ade7b4a2e9f084f033130478160923bf7b022ba496131eafb3830807a2750514e0093830c832f49fdaca07d66cd04143554a7003df2687c50e4d7420d4a072a408f8533000e38891c6eb281dd526531c6d08c941b40db52fe3183da31a02c9977b50c8316ffbb64164df0c7cdc5ed1618912ff337a0b45984461aa4a530da307753056b3206557de11b1faeed0542a4c55328bca2daf5f5993ef2d13feb8e1b7dcf2a6577c25b201c652ce8a18b1d5ac6da87a14c974acd0179396bbf6f0f74746ccc52dc7fa6c935fab0efb6026382fb37db6888fd5d1290e58c408c561ad1396a2a1dc4e128c055ea91f6d7d460371bc3fdb3ab87973779808ecca3f170803e9d6fb521041725396d46f3d373efa126560f5cae2d1d55d121f5ae494e1d1ecffc76ad658a1fb1a6ad289587a2494b37f7e8a8c95f29e1ec5ff19b912e9dc0e250365ade32260adae246a8e39ef84a8f3053073f6876625044282f265dfdcf223ae084574038f5656992e6efa9489c3edcf937196eed5b5a91c47e6ffc7daef3a0d16755dffe642dbf6f73d02ab7c2b3d24791ef50acd1aebc537c74ecf1f4275248812796c06df708f6bfa73b5a0dcb23d2ee14fff66412332b5dd49b6632a061b603cd04d487cf773652efc116a21abd13432e565cf2bb933fd32433d9e12e90b719b718f1b76586b37232a54c3f67bd459aa8466bc9333f54da6530b84dbeb29507a0428a1f7f6d785b1bf104885f1f57e3024b1e4121e166d33db94b0954f8527d0a12945e60df04da1f84a81cb7c2b8e4d2466311f2fea91063c54f26b6483e8cd923deb6e385d908a449e3cce09c6e584e9a912583b67c9b4a91cb93290a8a71a647b78993808ba99fb889e58f54e539e5892b343d95ea0d1e4ffa86acc25005ba48a8eb080b0f3b3b7400b3039aa10f59be5c4f5905017ccde744f852491557a027e9b930514e20ceea1ec8d4b3e663c202e9ce9f8ad3385fc3d4c1b2c7a6f9edc0541ca2030af923b1b17ed3c054edb4715e58cdea1bdb93b9f18df51028555983d44e1ddb421ce876d89f44575d59f4ad1e9ae66857e35dc0b0c9fe8212bd6cf376883e60280665729b7f184663d1aefb0f9b98a8c937ca2b7578e52b723452b914443bd2d12ce5a13c46413060db7a67353543fd2f91203a65e176d1d07dc5fb06b8fc84e570f4d40c5aeaa40bda14706b583772428cfa14da225a50419f5c65cfca92caaa501f3a32e1e93857389ec39d88ab993ed4e7acc759e1f5f24ab4054ad1d1562b61af579b328e857b2954e42a853af9969069d944e31339e58f317fb937319fbdf50bb631d438b55044b0168a3a0d5880648ecca930f3c5384db40af85f282271c2d1a86003aebc0eb058db2bbeae76717ae59160a51fa527aacda2e58c183d5dfc064b8cb5604cb207b5f655730a6157b6f9da6b0ff18cd874f0b50b1593ed180f2eb7de8bedc17027bd535788bb59bdfc91cbb53be0ce4a20d67372df02df0ba8f8d0cd8036087e909abfbbdfe77bb5f560cf926ae6f84a17f47c1e9abbf76f62466c69dd9ecc7c88c421b449f8515f5aa1ad11bb1d7fbbbc1c9e9fdab5bfdd6e8dfead3931a24353da7ab6e1bc09ade8096a3397ea3bb5614b33120e67b0635e699fc98f2caadac48127173dc08a769f36fe8e518abd02545d239b1e1b03f24aea4d96257f71923429c2a53cfdbe3af886d7595aeec326f68c77902dca8902101d18b23885d8ff2dd6ef3f35e5123f8002dc2f0cd60eb1b90901b623b9ada1bceef654644fc0a4716929e23e8119aa2bd34b43df0e7594522f9fbf95d44892269108933fb3e7f0aa77ea83aa90671567d2f379915384cb6de80160099bc652d1be433a88fc35bbfe9234dc40b92eaa9f52ea5eb2a05e5dc8246efdc9bb29889e7c496ed6b234523ec50307050313eacd230736686fb179d97c3aa9e2aa1057c4cd3d2c39f171515aa72c2a38838ee79799f3778264b3e6a61cfebef2c48d26939935a084c84b173fd87068560b87519388cf7140610d2890bf87d013c2b5fb6b6343597905869716c4b87bd2806d90fc6fb46ff085c110fe99e99d3807980e4a22c9c9429335fbc5ba29f04bb6f96df9cce462a42e8813b32321b1108c1083eee7ae0ebd82512816ad2396e12d504e1b9623d9679e355fe5f1126123de4f1ea5e2052f7c945eba5478b9c9bcfe54ad10f34a4986f4fc35a4a57039bbdd1229e7103307184d5245143913c01e701d3148731ef85a3e23e0899187b0f47e171aa0dadfafbeff526603be79d1f83b02d08278e74950639ab952f3d0189ae21b230984f1831429dfd9273cc3c3654c581cf98082790d084ba227de1a0b3d078f27e0685783ad8ad3547155c8cea66e8a8287532b90878d12630babe71b245d7ae9980ff2ad000ced85ecc273c1d8652200ad0884fe76e8b142a3a5649331926dcc1eeb0cfda1a2c914eb6940cb4931b57007b46651a37e58a746f8dc38580c2a47c79986738f5ef94ca4da4a6f819b02afcadd65ff896a84b5753a4831a1f51fab38693c5948e9306979b8965f5ed20937958d3b600e3fbb5546cc08d78445f074ca39a572df6ff41a1c83e4b62ece0ca23cc34f3fed270f1b4e15ef3789cc21da103ed773382ae2a549a383b6421e1842edfc2ebeae2483b495936e0fa640cd29719b0c270d485445313d777ab8f1f782f60cfe82d698e54dc138acdd5f3baf39cb4ccb0b6542b44a345cba5ac45ba22e8adab71a340be8ab78d0539279cfe728fec0b20252cbef51381ea2fc1e4838481caf365b0cb186c6f2176c667bf8cce6ddea24beffe84a1be9dfdf9d16b089f55612629f5265896f21ea28338fd66849193d64eb19fe95887fb7512233df6dbdd0970ad6e49c779a0c3cba5e2237866e130e36def51001ab7a3db62ac20f860c0afcd92cdf09fa2f035345ce66e6e0535a5f467df3443b711f70bc549e8da3fa31aeac59a15783a74d4e44f5423f51eb89eac1fcc23e4f15b871bcd054da0a3d7044083f117d7ac8966c14b784812cce24e31b9b530ceee82d5f6d2afe0aedee1ccbd4932bf98e08fab1673357cb2bee93390416d038ee0976d508bb5d7c6ce7bcea35154999234debcc1daed8eb7653096a7a76098671ec59e2b25bcd7ca07991e61a1265fd75325508273dde296b41cd1e224a84dc9abdf3c5dad1b2c405b667505331b74b9a61ea03db1c94a5d86a6dbda6002a35b9fac4faa8cea20a58ffac34ddfc783c61912466d2757fbec905cdc3341ad3c212545c800e82c354482376980cadc7b652b550dec0e7bd2fdba4f717ea7acfa82ee588541e9f001c66e807c0b0f9fc4beb7269ebb91460b8c56b83c8223ba8aaa4288197add69044ef1cc8efda5b6756e3c45000b35ec5748542a6ac9d511851e6e4713cbb63999db8b24b504329db0e5225a43636f160fe7fa817c24ea40310139a9cdf6795f1547d68a1d278f13def443c2f661c82777f568d16846d7d402c3e7cf17f726fbce12e545f2829289a9d4b178fc7f2689c8aa61204ae0d175aca32a66fdc82e03fc5bc515ebba108e36a2a5bf6a0933a0d520dd0f3326bc8747b85dece946eaf7836d4633524c7da1c02d132cb188d128e892357b05e4730b8578d99bfd752f0cdb7f6e5a4f41e30cc5"}) write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) r6 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r6, &(0x7f0000000180)={0xfffffc8a, 0x13, 0x0, {0x0, 0x1000000, 0xfffffffffffffffd}}, 0x14) write$P9_RMKDIR(r6, &(0x7f0000000100)={0x14, 0x49, 0x2, {0x0, 0x2, 0x5}}, 0x14) ioctl$AUTOFS_IOC_READY(r1, 0x9360, 0x8) r7 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x373a01, 0x0) ioctl$CDROMMULTISESSION(r7, 0x5312, 0x0) 15:43:47 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r1 = creat(&(0x7f0000000040)='./file1\x00', 0x0) pwrite64(r1, &(0x7f0000000080)="a4", 0x1, 0x7fff) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) pwritev(r0, &(0x7f0000002fc0)=[{&(0x7f0000002ac0)='t', 0x1}], 0x1, 0x0, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x802, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r4, 0xc0189372, &(0x7f0000000180)={{0x1, 0x1, 0x18, r5}, './file1\x00'}) sendfile(r3, r4, 0x0, 0x100000001) r6 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r6, &(0x7f0000000140)={0x37}, 0x14) r7 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r7, &(0x7f0000000140)={0x37}, 0x14) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file0\x00', 0x16b0c0, 0xe523aee9726fee37) sendfile(r2, r0, 0x0, 0xfffffdf2) 15:43:47 executing program 1: clone3(&(0x7f0000001fc0)={0x160022100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000001f80)=[0x0], 0x1}, 0x58) r0 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) clone3(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0], 0x8}, 0x58) r1 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) clone3(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0], 0x8}, 0x58) clone3(&(0x7f0000000280)={0x80800000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x12}, &(0x7f00000000c0)=""/93, 0x5d, &(0x7f0000000140)=""/228, &(0x7f0000000240)=[r0, r1], 0x2}, 0x58) 15:43:47 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x4020940d, &(0x7f0000000000)={'rose0\x00'}) [ 777.410089] FAULT_INJECTION: forcing a failure. [ 777.410089] name failslab, interval 1, probability 0, space 0, times 0 [ 777.411335] CPU: 1 PID: 7641 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 777.412350] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 777.413556] Call Trace: [ 777.413828] [ 777.414068] dump_stack_lvl+0x8b/0xb3 [ 777.414477] should_fail.cold+0x5/0xa [ 777.414885] ? shmem_alloc_inode+0x18/0x40 [ 777.415341] should_failslab+0x5/0x10 [ 777.415738] kmem_cache_alloc+0x5b/0x480 [ 777.416171] ? shmem_destroy_inode+0x70/0x70 [ 777.416642] shmem_alloc_inode+0x18/0x40 [ 777.417080] ? shmem_destroy_inode+0x70/0x70 [ 777.417564] alloc_inode+0x63/0x230 [ 777.417955] new_inode+0x23/0x240 [ 777.418324] shmem_get_inode+0x18b/0xd20 [ 777.418756] __shmem_file_setup+0xb8/0x310 [ 777.419210] __do_sys_memfd_create+0x1c6/0x4f0 [ 777.419694] do_syscall_64+0x3b/0x90 [ 777.420091] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 777.420637] RIP: 0033:0x7f01cb928b19 [ 777.421025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 777.423079] RSP: 002b:00007f01c8e9df48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 777.423865] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f01cb928b19 [ 777.424603] RDX: 0000000000020800 RSI: 0000000000000000 RDI: 00007f01cb9820fb [ 777.425035] FAULT_INJECTION: forcing a failure. [ 777.425035] name failslab, interval 1, probability 0, space 0, times 0 [ 777.425353] RBP: 0000000000000002 R08: 0000000000010400 R09: ffffffffffffffff [ 777.425363] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000008100000 [ 777.425370] R13: 0000000020000040 R14: 0000000000020800 R15: 0000000020000140 [ 777.425383] [ 777.430325] CPU: 0 PID: 7646 Comm: syz-executor.3 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 777.432553] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 777.435253] Call Trace: [ 777.435830] [ 777.436333] dump_stack_lvl+0x8b/0xb3 [ 777.437241] should_fail.cold+0x5/0xa [ 777.438113] ? create_object.isra.0+0x3a/0xa20 15:43:47 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x80086601, &(0x7f0000000000)={'rose0\x00'}) [ 777.439159] should_failslab+0x5/0x10 [ 777.440121] kmem_cache_alloc+0x5b/0x480 [ 777.441044] ? __is_insn_slot_addr+0x144/0x250 [ 777.442099] create_object.isra.0+0x3a/0xa20 [ 777.443102] ? kasan_unpoison+0x23/0x50 [ 777.444016] __kmalloc+0x25b/0x440 [ 777.444823] genl_family_rcv_msg_attrs_parse.constprop.0+0xd7/0x290 [ 777.446300] genl_family_rcv_msg_doit+0xda/0x330 [ 777.447365] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 777.448854] ? __stack_depot_save+0x35/0x450 [ 777.449879] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 777.451123] ? cap_capable+0x1eb/0x250 [ 777.452014] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 777.453432] ? security_capable+0x95/0xc0 [ 777.454452] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 777.455773] ? ns_capable+0xd9/0x100 [ 777.456680] genl_rcv_msg+0x33c/0x5a0 [ 777.457639] ? genl_get_cmd+0x480/0x480 [ 777.458519] ? nl80211_register_mgmt+0x470/0x470 [ 777.459554] ? lock_release+0x6f0/0x6f0 [ 777.460412] ? rcu_read_lock_sched_held+0xd/0x70 [ 777.461444] netlink_rcv_skb+0x14b/0x430 [ 777.462320] ? genl_get_cmd+0x480/0x480 [ 777.463178] ? netlink_ack+0xa80/0xa80 [ 777.464015] ? netlink_deliver_tap+0x1b2/0xc30 [ 777.464993] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 777.466076] ? is_vmalloc_addr+0x7b/0xb0 [ 777.466964] genl_rcv+0x24/0x40 [ 777.467672] netlink_unicast+0x540/0x7f0 [ 777.468548] ? netlink_attachskb+0x880/0x880 [ 777.469511] ? __virt_addr_valid+0xe9/0x310 [ 777.470452] netlink_sendmsg+0x904/0xdf0 [ 777.471328] ? netlink_unicast+0x7f0/0x7f0 [ 777.472243] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 777.473435] ? netlink_unicast+0x7f0/0x7f0 [ 777.474341] sock_sendmsg+0x150/0x190 [ 777.475173] ____sys_sendmsg+0x709/0x870 [ 777.476058] ? kernel_sendmsg+0x50/0x50 [ 777.476924] ? __ia32_sys_recvmmsg+0x260/0x260 [ 777.477914] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 777.479100] ? _parse_integer+0x30/0x30 [ 777.479959] ? rcu_read_lock_sched_held+0xd/0x70 [ 777.480977] ? lock_release+0x505/0x6f0 [ 777.481846] ? __might_fault+0xd1/0x170 [ 777.482711] ? lock_downgrade+0x6d0/0x6d0 [ 777.483604] ___sys_sendmsg+0xf3/0x170 [ 777.484444] ? sendmsg_copy_msghdr+0x160/0x160 [ 777.485446] ? lock_release+0x505/0x6f0 [ 777.486306] ? lock_downgrade+0x6d0/0x6d0 [ 777.487200] ? rcu_read_lock_sched_held+0xd/0x70 [ 777.488221] ? lock_release+0x505/0x6f0 [ 777.489078] ? ksys_write+0x212/0x250 [ 777.489929] ? lock_downgrade+0x6d0/0x6d0 [ 777.490826] ? __fget_files+0x28d/0x470 15:43:47 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x80087601, &(0x7f0000000000)={'rose0\x00'}) 15:43:48 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x801c581f, &(0x7f0000000000)={'rose0\x00'}) [ 777.491688] ? __fget_light+0xea/0x280 [ 777.492610] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 777.493810] __sys_sendmsg+0xe5/0x1b0 [ 777.494633] ? __sys_sendmsg_sock+0x30/0x30 [ 777.495559] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 777.496751] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 777.497833] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 777.498986] ? syscall_enter_from_user_mode+0x1d/0x50 [ 777.500097] ? trace_hardirqs_on+0x5b/0x190 [ 777.501038] do_syscall_64+0x3b/0x90 [ 777.501871] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 777.502985] RIP: 0033:0x7f4663eeeb19 [ 777.503783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 777.507753] RSP: 002b:00007f4661464188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 777.509397] RAX: ffffffffffffffda RBX: 00007f4664001f60 RCX: 00007f4663eeeb19 [ 777.510935] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 777.512467] RBP: 00007f46614641d0 R08: 0000000000000000 R09: 0000000000000000 [ 777.514024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 777.515554] R13: 00007ffd9490a3cf R14: 00007f4661464300 R15: 0000000000022000 [ 777.517101] 15:43:48 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 5) 15:43:48 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0xc0045878, &(0x7f0000000000)={'rose0\x00'}) 15:43:48 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x242a42, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) 15:43:48 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0xc0045878, &(0x7f0000000000)={'rose0\x00'}) [ 777.618544] FAULT_INJECTION: forcing a failure. [ 777.618544] name failslab, interval 1, probability 0, space 0, times 0 [ 777.619801] CPU: 1 PID: 7668 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 777.620835] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 777.622068] Call Trace: [ 777.622339] [ 777.622583] dump_stack_lvl+0x8b/0xb3 [ 777.623001] should_fail.cold+0x5/0xa [ 777.623412] ? create_object.isra.0+0x3a/0xa20 [ 777.623923] should_failslab+0x5/0x10 [ 777.624330] kmem_cache_alloc+0x5b/0x480 [ 777.624766] create_object.isra.0+0x3a/0xa20 [ 777.625237] ? kasan_unpoison+0x23/0x50 [ 777.625669] kmem_cache_alloc+0x239/0x480 [ 777.626100] ? shmem_destroy_inode+0x70/0x70 [ 777.626589] shmem_alloc_inode+0x18/0x40 [ 777.627011] ? shmem_destroy_inode+0x70/0x70 [ 777.627475] alloc_inode+0x63/0x230 [ 777.627858] new_inode+0x23/0x240 [ 777.628233] shmem_get_inode+0x18b/0xd20 [ 777.628661] __shmem_file_setup+0xb8/0x310 [ 777.629134] __do_sys_memfd_create+0x1c6/0x4f0 [ 777.629629] do_syscall_64+0x3b/0x90 [ 777.630028] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 777.630568] RIP: 0033:0x7f01cb928b19 [ 777.630961] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 777.632916] RSP: 002b:00007f01c8e9df48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 777.633743] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f01cb928b19 [ 777.634512] RDX: 0000000000020800 RSI: 0000000000000000 RDI: 00007f01cb9820fb [ 777.635276] RBP: 0000000000000002 R08: 0000000000010400 R09: ffffffffffffffff [ 777.636017] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000008100000 [ 777.636789] R13: 0000000020000040 R14: 0000000000020800 R15: 0000000020000140 [ 777.637568] 15:43:48 executing program 4: r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x7}, ["", "", "", "", "", ""]}, 0x14}}, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) mlock(&(0x7f0000ffa000/0x2000)=nil, 0x2000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CCA_MODE(r1, 0x0, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = accept$unix(r0, &(0x7f0000000380), &(0x7f0000000300)=0x6e) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000c00)={0xc0, 0x0, &(0x7f0000000b00)=[@increfs={0x40046304, 0x3}, @clear_death={0x400c630f, 0x3}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000880)=ANY=[@ANYBLOB="8561646600000000010000000000000002000000000000001b00000000000000852a6273000000000300000000000000000000000000770a1100000200"/75], &(0x7f0000000900)={0x0, 0x20, 0x38}}}, @dead_binder_done, @acquire, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000a40)={@ptr={0x70742a85, 0x0, &(0x7f0000000940)=""/66, 0x42, 0x1, 0x24}, @ptr={0x70742a85, 0x1, &(0x7f00000009c0)=""/106, 0x6a, 0x0, 0x2f}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000ac0)={0x0, 0x28, 0x50}}}, @register_looper], 0x0, 0x0, &(0x7f0000000bc0)}) vmsplice(r4, &(0x7f0000000840)=[{&(0x7f0000000400)="6639a66d4a4d70ae5b89077c2fe5d512b955370555dfbba934d9c7f75dcdd380c8a631d642490421495b57beaf881d345128ab46878cac29a398af7c1a859c34b9f4a49ac6145ac7e4afa612a1d074fdd9a0fa2f56881f757d0822", 0x5b}, {&(0x7f0000000640)="165c25efaed55845004819d67b471b4d85429f2326192d56994cfc0e6848928780c69116c068b523df6acaca0a970ef3a41bc5ee66c5e5be82477d1bb6196697e7ba400dc2aeac5a1609c75d559a918fb474e40d0b689fcba79e3d1ac3d8ce0363a0f18a307bc449566961ed8cc8b31ea17e46429a94bdda6c82998cf14407d3befe6b7c14fae2f0ae95caa6d413f2a3bbd631d9b61c60124074654fb0212cf7eaa230a4ca8db5f4897f367df48ffd73e8af07c8605755c69084589ffb73652e20c5466655d9bef1486c2fb9d8f0f7af443d3297dcc3d4bce3af835196cc7161427d5fa529a3d81aaba8892ce8dffb519c2fb4b1554a4dde7172", 0xfa}, {&(0x7f0000000480)="6cbe22cc9071e40b72380567bd493401df7a1e0ac264245423df2902eeef6d61be1f4865214e85facc80437ce8aba30f5d163e8e7d257ea1801ed776937666f730ea57f68750adb3e071f804efeed260294a0418efc7916fb4d976340928b550820369e97d9434cfaf9f2ca460b14c7504ff2d84f22961b9bf975aa8780b9d7f14f9a22b6b363b3134872df91c76b804f0d57f10847811a6cefae9fa96a433a16638a3efdad8ff965b341839244b", 0xae}, {&(0x7f0000000740)="81e1a07373072accdd9562f12b3911066f72a686d95477b5bc156154a3ec5bc1d513317dd816eebb14ae4c4b33c15b4bbf2f232fcf8e136e8318b63804603dde7e239cae5d02b5315e0543cc5aff9314aae4ac03685a1f9f98bd8ccdfc0134de51943486e6a9ea6152f4af9c96102b5eac4d9fd26995fb966de34a4c49462c10463d7db749facb81582d6d1f805b1f2ae2b3724772c9186795789f5b431c7899015f54cf284bdc0969906e82f7100a6b2461613dde7667c8fad9bf4edfa4fd6bcf89ab89a1bb4efc053978a16f1a95088b80f316", 0xd4}], 0x4, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x8000, 0x3, &(0x7f0000ff6000/0x8000)=nil) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r3, &(0x7f00000002c0)={&(0x7f0000000240), 0xc, &(0x7f0000000280)={&(0x7f0000000540)={0xe4, 0x0, 0x2, 0x70bd2c, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'netpci0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0xa}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @remote}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @mcast1}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:auditd_log_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x27, 0x7, 'system_u:object_r:modules_dep_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x20, 0x7, 'system_u:object_r:cert_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast2}]}, 0xe4}, 0x1, 0x0, 0x0, 0x180}, 0x0) mlock2(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x1) sendmsg$NL802154_CMD_SET_TX_POWER(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000}, 0x2c, &(0x7f00000001c0)={&(0x7f0000000180)={0x3c, r2, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_TX_POWER={0x8, 0xb, 0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x1) [ 777.674558] loop5: detected capacity change from 0 to 260 [ 777.698492] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:43:57 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f00000003c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$RTC_WIE_ON(r1, 0x700f) fstat(r0, &(0x7f0000000040)) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@local, @in=@dev}}, {{@in=@multicast1}, 0x0, @in=@private}}, &(0x7f0000000240)=0xe8) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000140)={0x37}, 0x14) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000029bd7000fd5bdf250200000008000108000600ac1414aa"], 0x2c}, 0x1, 0x0, 0x0, 0x40005}, 0x10) setresuid(0x0, r2, 0x0) r3 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) clone3(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0], 0x8}, 0x58) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7, r3}) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') fadvise64(0xffffffffffffffff, 0x8, 0x7, 0x3) write$P9_RMKNOD(r4, &(0x7f0000000140)={0x37}, 0x14) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x20010, &(0x7f0000000a00)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB="2c76657273696f6e3d1970323030302e752c6d73697a653d3078303030303030303030303030303030302c63616368657461673d2f6465762f737230002c736d61636b6673666c6f6f723d2f6465762f737230002c6f626a5f747970653d5d2c666f776e65723e47257538f2b4fde37397ec3c2c80f0cd1135865bbee353b26a3b0eedcc4e45d6755bddddefaf8ea58ed469f9a0b6c322e4e2b688e6ac069edef19091cf85550af9469f9163f9514f283606f50dcbcf86c6a65e7c856804194bdd1c19cae5881dac6892d800797c53e2dbb422de673bb756cd25985e1d82fdd722669814273a5a1159aff138035459dde7a882049f706c34736182eb30279ccc715fcdf4bc22a2ea0f5f323a1f56fc0a5a083591dc28c4fafbd82bc7fd44b78fe0a3e728819bb7d45d8133928da086fdbd78c9faf4fb9284925b1f2cd30b2078ea848a567e5eb5cd0e7ae46db90a174e2cdc22050089039f4efb910f6aac08f8c2e21cedb1d3d14b8dfb4e56f21b836887cf24739d6ccc59589e317a4c0113580545246c53964948ce8ca3cffbe22d45e853fe61fd33710df8d084421353209ed06d2e68479e8e02df6a45585ab1c6e373dd8918870f", @ANYRESHEX=r4, @ANYBLOB="992ea84b9c9b62c5444c3a814206d1e1ed6a40d92cfb608edb61f4623ab2877777b6b7f38612eb2f607d374969e98aad399d1beaf5548580b35844e2db9f3350e0166b8fcf27170eafe68991be17b9652b5193fc4e19738721fca8545a91b15265d84faf0032a0bc7aab2127e5183b44", @ANYRESDEC=r2, @ANYBLOB=',fsname=/dev/sr0\x00,appraise,appraise,appraise_type=imasig,\x00']) 15:43:57 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) r1 = socket$inet6(0xa, 0x3, 0x100) fsetxattr$trusted_overlay_opaque(r1, &(0x7f0000000040), &(0x7f0000000080), 0x2, 0x3) 15:43:57 executing program 0: listxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)=""/31, 0x1f) r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_SECURITY(r0, 0x0, 0x1, &(0x7f0000000040)=0x2, 0x4) getsockopt$WPAN_SECURITY(r0, 0x0, 0x1, 0x0, &(0x7f00000003c0)) getresuid(&(0x7f0000000e40), &(0x7f0000000e80), &(0x7f0000000ec0)=0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000f00)={{0x1, 0x1, 0x18, r0, @out_args}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000f40)={{0x1, 0x1, 0x18, r0, {0x0, 0xee01}}, './file0\x00'}) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000140)={0x37}, 0x14) r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000f80), 0x18240, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r5, &(0x7f0000000140)={0x37}, 0x14) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000fc0)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r7, &(0x7f0000000140)={0x37}, 0x14) preadv(0xffffffffffffffff, &(0x7f0000000c40)=[{&(0x7f0000000180)=""/163, 0xa3}, {&(0x7f0000000300)=""/146, 0x92}, {&(0x7f0000000400)=""/7, 0x7}, {&(0x7f0000000440)=""/10, 0xa}, {&(0x7f0000000480)=""/185, 0xb9}, {&(0x7f0000000540)=""/91, 0x5b}, {&(0x7f00000005c0)=""/225, 0xe1}, {&(0x7f00000006c0)=""/166, 0xa6}, {&(0x7f0000000780)=""/244, 0xf4}], 0x9, 0x3, 0x3) r8 = openat$full(0xffffffffffffff9c, &(0x7f0000001000), 0x20000, 0x0) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r9, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000001040)={{0x1, 0x1, 0x18, r0, {0x0, 0xee01}}, './file0\x00'}) sendmsg$unix(0xffffffffffffffff, &(0x7f0000001200)={&(0x7f0000000880)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000000c00)=[{&(0x7f0000000900)="99d12faf40d4724ada77eac9f16978d13c79c852f7746949e270e43347d88782cfd2e97b73aca34ee33c509d777530ea186b54545cfa036a4d38f55af2f626f82631f319265fa9d4f481c829870aef22f5f1fc6d5ba9fe25972d94f9c42cb0c9940da48e5651d5cb68c70e7961653b8465cbc76d23ad51d943995a3a47ae07aea8943ea5ad21f4dc1971710641d9280dc8581dfe538c79f0b9ad2b148c3d5129552f0d62df66e5d6539d", 0xaa}, {&(0x7f00000009c0)="4a29e5a334bdb345497d4d7a1c4c8d76712844e076300707336282a4dac69d57cc61ff80d1078b670d7df15e52ab192c9ac589623fe084eac8a4e80cc316906a7ed169f1bd05b2ec7054b43a262519072a99995924e4c9fd0c0c16e1b5fcace29ed58684d06f521585c2bb3b5ec0ae2174db40efa892a2d672baef779116ae8d9f9a18075e44d9caf2b0df75ecee08689cc45eaeddc819944bcaf42bac1cc8448bfaa40532b019ac0d293a1e0d46d0d12391be0dbd4132a7612762", 0xbb}, {&(0x7f0000000a80)="04f34b4a62136134124abda1f0355bd9d7c106fb58efb85059676b9aa8013d60db06b0b8cee44913cc5b3b4bbb333c751a6825c160afa523943a4aaa58aa34ec829a8a5ddb07046b60fbbdf7fcf64886c523fef4a7e18ed99a6be687f6051b22eef508768d52def9fc76c132e2edf77bb337923ad4b10eb0", 0x78}, {&(0x7f0000000b00)="6f430c1468041590dfc38acf64d7582fd0fb322831352eee6df2942269b7d8384cd0f7f6f23fc313d167a12e78067608fed23fc8b9d806eb991a8bd8987e75868a25e952c291b4fe327274250dee74e11a66c22d7c598a5b4ac1104e01076a5d2f9a1f233c0b0dbaf7b1bb0277d45348b5de8d8e02d60a7c35947635e2f0ed1e5804b209d638394af5cd37d60f39a611aa0ad305a7c0dc7ace1935fcdda8bfee0b842d85f8504cf2f113c3440dad546bd6e8e0f79852d22da9df00d763392b0510403dfc66fd245747b651ab137e3e396f41863e2db1ae4a54f1e9ab93c2b1d1", 0xe0}], 0x4, &(0x7f0000001080)=[@rights={{0x24, 0x1, 0x1, [r0, r0, 0xffffffffffffffff, 0xffffffffffffffff, r0]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r0]}}, @rights={{0x2c, 0x1, 0x1, [r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r0, r0, r0, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r0]}}, @rights={{0x18, 0x1, 0x1, [r0, r0]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, r1, 0xee00}}}, @rights={{0x2c, 0x1, 0x1, [r2, r0, r3, 0xffffffffffffffff, r4, r5, r0]}}, @rights={{0x28, 0x1, 0x1, [r0, r6, r7, r0, r8, r0]}}, @cred={{0x1c, 0x1, 0x2, {0x0, r9, r10}}}], 0x160, 0x4040000}, 0x1) 15:43:57 executing program 1: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) clone3(&(0x7f0000000640)={0x123363500, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) mount$9p_fd(0x0, &(0x7f0000000000)='./file0/../file0\x00', &(0x7f00000025c0), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB="2c7766646e6f3d8861a5596ea591b2622f956e0e7073b1f06ee751084c84f2244fcfb8451aab5782f7cf28a70fe33dd16ab2891c630129c7c52aaa9191d1ad7cb1f833bce8b13d9bc57d070af72c2ed6ff95a27a38405d09826d078185fdbf385808fb67d8f22e50a49d57a65b70d5662d33f58f55740702044cbcaec056532c5b96868adf000000008edb1b311046cee7ea9caa5a19f212a5f130d6a20a30ee6e668d937471a81390", @ANYRESHEX=r1, @ANYBLOB=',uname=9p\x00,noextend,access=client,\x00']) 15:43:57 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) (fail_nth: 10) 15:43:57 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 6) 15:43:57 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0xc0189436, &(0x7f0000000000)={'rose0\x00'}) 15:43:57 executing program 4: r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x7}, ["", "", "", "", "", ""]}, 0x14}}, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) mlock(&(0x7f0000ffa000/0x2000)=nil, 0x2000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CCA_MODE(r1, 0x0, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = accept$unix(r0, &(0x7f0000000380), &(0x7f0000000300)=0x6e) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000c00)={0xc0, 0x0, &(0x7f0000000b00)=[@increfs={0x40046304, 0x3}, @clear_death={0x400c630f, 0x3}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000880)=ANY=[@ANYBLOB="8561646600000000010000000000000002000000000000001b00000000000000852a6273000000000300000000000000000000000000770a1100000200"/75], &(0x7f0000000900)={0x0, 0x20, 0x38}}}, @dead_binder_done, @acquire, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000a40)={@ptr={0x70742a85, 0x0, &(0x7f0000000940)=""/66, 0x42, 0x1, 0x24}, @ptr={0x70742a85, 0x1, &(0x7f00000009c0)=""/106, 0x6a, 0x0, 0x2f}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000ac0)={0x0, 0x28, 0x50}}}, @register_looper], 0x0, 0x0, &(0x7f0000000bc0)}) vmsplice(r4, &(0x7f0000000840)=[{&(0x7f0000000400)="6639a66d4a4d70ae5b89077c2fe5d512b955370555dfbba934d9c7f75dcdd380c8a631d642490421495b57beaf881d345128ab46878cac29a398af7c1a859c34b9f4a49ac6145ac7e4afa612a1d074fdd9a0fa2f56881f757d0822", 0x5b}, {&(0x7f0000000640)="165c25efaed55845004819d67b471b4d85429f2326192d56994cfc0e6848928780c69116c068b523df6acaca0a970ef3a41bc5ee66c5e5be82477d1bb6196697e7ba400dc2aeac5a1609c75d559a918fb474e40d0b689fcba79e3d1ac3d8ce0363a0f18a307bc449566961ed8cc8b31ea17e46429a94bdda6c82998cf14407d3befe6b7c14fae2f0ae95caa6d413f2a3bbd631d9b61c60124074654fb0212cf7eaa230a4ca8db5f4897f367df48ffd73e8af07c8605755c69084589ffb73652e20c5466655d9bef1486c2fb9d8f0f7af443d3297dcc3d4bce3af835196cc7161427d5fa529a3d81aaba8892ce8dffb519c2fb4b1554a4dde7172", 0xfa}, {&(0x7f0000000480)="6cbe22cc9071e40b72380567bd493401df7a1e0ac264245423df2902eeef6d61be1f4865214e85facc80437ce8aba30f5d163e8e7d257ea1801ed776937666f730ea57f68750adb3e071f804efeed260294a0418efc7916fb4d976340928b550820369e97d9434cfaf9f2ca460b14c7504ff2d84f22961b9bf975aa8780b9d7f14f9a22b6b363b3134872df91c76b804f0d57f10847811a6cefae9fa96a433a16638a3efdad8ff965b341839244b", 0xae}, {&(0x7f0000000740)="81e1a07373072accdd9562f12b3911066f72a686d95477b5bc156154a3ec5bc1d513317dd816eebb14ae4c4b33c15b4bbf2f232fcf8e136e8318b63804603dde7e239cae5d02b5315e0543cc5aff9314aae4ac03685a1f9f98bd8ccdfc0134de51943486e6a9ea6152f4af9c96102b5eac4d9fd26995fb966de34a4c49462c10463d7db749facb81582d6d1f805b1f2ae2b3724772c9186795789f5b431c7899015f54cf284bdc0969906e82f7100a6b2461613dde7667c8fad9bf4edfa4fd6bcf89ab89a1bb4efc053978a16f1a95088b80f316", 0xd4}], 0x4, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x8000, 0x3, &(0x7f0000ff6000/0x8000)=nil) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r3, &(0x7f00000002c0)={&(0x7f0000000240), 0xc, &(0x7f0000000280)={&(0x7f0000000540)={0xe4, 0x0, 0x2, 0x70bd2c, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'netpci0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0xa}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @remote}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @mcast1}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:auditd_log_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x27, 0x7, 'system_u:object_r:modules_dep_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x20, 0x7, 'system_u:object_r:cert_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast2}]}, 0xe4}, 0x1, 0x0, 0x0, 0x180}, 0x0) mlock2(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x1) sendmsg$NL802154_CMD_SET_TX_POWER(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000}, 0x2c, &(0x7f00000001c0)={&(0x7f0000000180)={0x3c, r2, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_TX_POWER={0x8, 0xb, 0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x1) [ 787.445806] FAULT_INJECTION: forcing a failure. [ 787.445806] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 787.446811] FAULT_INJECTION: forcing a failure. [ 787.446811] name failslab, interval 1, probability 0, space 0, times 0 [ 787.448336] CPU: 0 PID: 7688 Comm: syz-executor.3 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 787.451533] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 787.453959] Call Trace: [ 787.454501] [ 787.454973] dump_stack_lvl+0x8b/0xb3 [ 787.455798] should_fail.cold+0x5/0xa [ 787.456615] _copy_to_user+0x2a/0x140 [ 787.457449] simple_read_from_buffer+0xcc/0x160 [ 787.458458] proc_fail_nth_read+0x194/0x220 [ 787.459394] ? proc_exe_link+0x1d0/0x1d0 [ 787.460272] ? security_file_permission+0xb1/0xd0 [ 787.461317] ? proc_exe_link+0x1d0/0x1d0 [ 787.462193] vfs_read+0x1f0/0x5e0 [ 787.462942] ksys_read+0x12d/0x250 [ 787.463706] ? __ia32_sys_pwrite64+0x230/0x230 [ 787.464680] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 787.465764] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 787.466900] ? syscall_enter_from_user_mode+0x1d/0x50 [ 787.468003] do_syscall_64+0x3b/0x90 [ 787.468801] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 787.469909] RIP: 0033:0x7f4663ea169c [ 787.470689] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 787.474619] RSP: 002b:00007f4661464170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 787.476244] RAX: ffffffffffffffda RBX: 000000000000001c RCX: 00007f4663ea169c [ 787.477768] RDX: 000000000000000f RSI: 00007f46614641e0 RDI: 0000000000000005 [ 787.479273] RBP: 00007f46614641d0 R08: 0000000000000000 R09: 0000000000000000 [ 787.480773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 787.482284] R13: 00007ffd9490a3cf R14: 00007f4661464300 R15: 0000000000022000 [ 787.483801] [ 787.484294] CPU: 1 PID: 7696 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 787.485319] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 787.486518] Call Trace: [ 787.486792] [ 787.487032] dump_stack_lvl+0x8b/0xb3 [ 787.487440] should_fail.cold+0x5/0xa [ 787.487851] ? security_inode_alloc+0x34/0x160 [ 787.488336] should_failslab+0x5/0x10 [ 787.488739] kmem_cache_alloc+0x5b/0x480 [ 787.489172] security_inode_alloc+0x34/0x160 [ 787.489646] inode_init_always+0x52e/0xc50 [ 787.490100] alloc_inode+0x84/0x230 [ 787.490541] new_inode+0x23/0x240 [ 787.491024] shmem_get_inode+0x18b/0xd20 [ 787.491126] 9pnet_fd: Insufficient options for proto=fd [ 787.491578] __shmem_file_setup+0xb8/0x310 [ 787.491614] __do_sys_memfd_create+0x1c6/0x4f0 [ 787.491643] do_syscall_64+0x3b/0x90 [ 787.491668] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 787.491688] RIP: 0033:0x7f01cb928b19 [ 787.491701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 787.491718] RSP: 002b:00007f01c8e9df48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 787.491736] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f01cb928b19 [ 787.491749] RDX: 0000000000020800 RSI: 0000000000000000 RDI: 00007f01cb9820fb [ 787.491760] RBP: 0000000000000002 R08: 0000000000010400 R09: ffffffffffffffff [ 787.491771] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000008100000 [ 787.491781] R13: 0000000020000040 R14: 0000000000020800 R15: 0000000020000140 [ 787.491800] [ 787.527255] 9pnet_fd: Insufficient options for proto=fd 15:44:08 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f00000003c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$RTC_WIE_ON(r1, 0x700f) fstat(r0, &(0x7f0000000040)) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@local, @in=@dev}}, {{@in=@multicast1}, 0x0, @in=@private}}, &(0x7f0000000240)=0xe8) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000140)={0x37}, 0x14) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000029bd7000fd5bdf250200000008000108000600ac1414aa"], 0x2c}, 0x1, 0x0, 0x0, 0x40005}, 0x10) setresuid(0x0, r2, 0x0) r3 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) clone3(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0], 0x8}, 0x58) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7, r3}) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') fadvise64(0xffffffffffffffff, 0x8, 0x7, 0x3) write$P9_RMKNOD(r4, &(0x7f0000000140)={0x37}, 0x14) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x20010, &(0x7f0000000a00)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB="2c76657273696f6e3d1970323030302e752c6d73697a653d3078303030303030303030303030303030302c63616368657461673d2f6465762f737230002c736d61636b6673666c6f6f723d2f6465762f737230002c6f626a5f747970653d5d2c666f776e65723e47257538f2b4fde37397ec3c2c80f0cd1135865bbee353b26a3b0eedcc4e45d6755bddddefaf8ea58ed469f9a0b6c322e4e2b688e6ac069edef19091cf85550af9469f9163f9514f283606f50dcbcf86c6a65e7c856804194bdd1c19cae5881dac6892d800797c53e2dbb422de673bb756cd25985e1d82fdd722669814273a5a1159aff138035459dde7a882049f706c34736182eb30279ccc715fcdf4bc22a2ea0f5f323a1f56fc0a5a083591dc28c4fafbd82bc7fd44b78fe0a3e728819bb7d45d8133928da086fdbd78c9faf4fb9284925b1f2cd30b2078ea848a567e5eb5cd0e7ae46db90a174e2cdc22050089039f4efb910f6aac08f8c2e21cedb1d3d14b8dfb4e56f21b836887cf24739d6ccc59589e317a4c0113580545246c53964948ce8ca3cffbe22d45e853fe61fd33710df8d084421353209ed06d2e68479e8e02df6a45585ab1c6e373dd8918870f", @ANYRESHEX=r4, @ANYBLOB="992ea84b9c9b62c5444c3a814206d1e1ed6a40d92cfb608edb61f4623ab2877777b6b7f38612eb2f607d374969e98aad399d1beaf5548580b35844e2db9f3350e0166b8fcf27170eafe68991be17b9652b5193fc4e19738721fca8545a91b15265d84faf0032a0bc7aab2127e5183b44", @ANYRESDEC=r2, @ANYBLOB=',fsname=/dev/sr0\x00,appraise,appraise,appraise_type=imasig,\x00']) 15:44:08 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0xc020660b, &(0x7f0000000000)={'rose0\x00'}) 15:44:08 executing program 1: r0 = syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="2000000080000000060000006a0000000f000000000000000100000001000000004000000040000020000000d5f4655fd6f4655f0100ffff53ef", 0x3a, 0x400}, {&(0x7f0000010400)="02", 0x1, 0x800}, {&(0x7f0000012700)='s', 0x1, 0x805}], 0x0, &(0x7f0000012c00)) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x8000, &(0x7f0000000280)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@access_client}], [{@measure}, {@subj_user={'subj_user', 0x3d, '!!}\x9d^{&)/.'}}, {@appraise_type}, {@dont_appraise}, {@subj_user={'subj_user', 0x3d, 'ext4\x00'}}]}}) 15:44:08 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:44:08 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r0, &(0x7f0000000140)={0x37}, 0x14) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r0, 0x8982, &(0x7f0000000000)={0x6, 'vcan0\x00', {0xd0}, 0x7fff}) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r1, &(0x7f000000c340)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)={0x14, 0x26, 0xe21, 0x0, 0x0, "", [@typed={0x4}]}, 0x14}], 0x1}, 0x0) 15:44:08 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 7) [ 798.044514] FAULT_INJECTION: forcing a failure. [ 798.044514] name failslab, interval 1, probability 0, space 0, times 0 15:44:08 executing program 4: r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x7}, ["", "", "", "", "", ""]}, 0x14}}, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) mlock(&(0x7f0000ffa000/0x2000)=nil, 0x2000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CCA_MODE(r1, 0x0, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = accept$unix(r0, &(0x7f0000000380), &(0x7f0000000300)=0x6e) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000c00)={0xc0, 0x0, &(0x7f0000000b00)=[@increfs={0x40046304, 0x3}, @clear_death={0x400c630f, 0x3}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000880)=ANY=[@ANYBLOB="8561646600000000010000000000000002000000000000001b00000000000000852a6273000000000300000000000000000000000000770a1100000200"/75], &(0x7f0000000900)={0x0, 0x20, 0x38}}}, @dead_binder_done, @acquire, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000a40)={@ptr={0x70742a85, 0x0, &(0x7f0000000940)=""/66, 0x42, 0x1, 0x24}, @ptr={0x70742a85, 0x1, &(0x7f00000009c0)=""/106, 0x6a, 0x0, 0x2f}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000ac0)={0x0, 0x28, 0x50}}}, @register_looper], 0x0, 0x0, &(0x7f0000000bc0)}) vmsplice(r4, &(0x7f0000000840)=[{&(0x7f0000000400)="6639a66d4a4d70ae5b89077c2fe5d512b955370555dfbba934d9c7f75dcdd380c8a631d642490421495b57beaf881d345128ab46878cac29a398af7c1a859c34b9f4a49ac6145ac7e4afa612a1d074fdd9a0fa2f56881f757d0822", 0x5b}, {&(0x7f0000000640)="165c25efaed55845004819d67b471b4d85429f2326192d56994cfc0e6848928780c69116c068b523df6acaca0a970ef3a41bc5ee66c5e5be82477d1bb6196697e7ba400dc2aeac5a1609c75d559a918fb474e40d0b689fcba79e3d1ac3d8ce0363a0f18a307bc449566961ed8cc8b31ea17e46429a94bdda6c82998cf14407d3befe6b7c14fae2f0ae95caa6d413f2a3bbd631d9b61c60124074654fb0212cf7eaa230a4ca8db5f4897f367df48ffd73e8af07c8605755c69084589ffb73652e20c5466655d9bef1486c2fb9d8f0f7af443d3297dcc3d4bce3af835196cc7161427d5fa529a3d81aaba8892ce8dffb519c2fb4b1554a4dde7172", 0xfa}, {&(0x7f0000000480)="6cbe22cc9071e40b72380567bd493401df7a1e0ac264245423df2902eeef6d61be1f4865214e85facc80437ce8aba30f5d163e8e7d257ea1801ed776937666f730ea57f68750adb3e071f804efeed260294a0418efc7916fb4d976340928b550820369e97d9434cfaf9f2ca460b14c7504ff2d84f22961b9bf975aa8780b9d7f14f9a22b6b363b3134872df91c76b804f0d57f10847811a6cefae9fa96a433a16638a3efdad8ff965b341839244b", 0xae}, {&(0x7f0000000740)="81e1a07373072accdd9562f12b3911066f72a686d95477b5bc156154a3ec5bc1d513317dd816eebb14ae4c4b33c15b4bbf2f232fcf8e136e8318b63804603dde7e239cae5d02b5315e0543cc5aff9314aae4ac03685a1f9f98bd8ccdfc0134de51943486e6a9ea6152f4af9c96102b5eac4d9fd26995fb966de34a4c49462c10463d7db749facb81582d6d1f805b1f2ae2b3724772c9186795789f5b431c7899015f54cf284bdc0969906e82f7100a6b2461613dde7667c8fad9bf4edfa4fd6bcf89ab89a1bb4efc053978a16f1a95088b80f316", 0xd4}], 0x4, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x8000, 0x3, &(0x7f0000ff6000/0x8000)=nil) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r3, &(0x7f00000002c0)={&(0x7f0000000240), 0xc, &(0x7f0000000280)={&(0x7f0000000540)={0xe4, 0x0, 0x2, 0x70bd2c, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'netpci0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0xa}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @remote}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @mcast1}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:auditd_log_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x27, 0x7, 'system_u:object_r:modules_dep_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x20, 0x7, 'system_u:object_r:cert_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast2}]}, 0xe4}, 0x1, 0x0, 0x0, 0x180}, 0x0) mlock2(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x1) sendmsg$NL802154_CMD_SET_TX_POWER(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000}, 0x2c, &(0x7f00000001c0)={&(0x7f0000000180)={0x3c, r2, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_TX_POWER={0x8, 0xb, 0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x1) [ 798.047303] CPU: 1 PID: 7714 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 798.049703] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 798.051930] Call Trace: [ 798.052423] 15:44:08 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40301, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r2, 0x0) r3 = getegid() ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f0000000080)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {r2, r3}}, '.\x00'}) ioctl$CDROM_DEBUG(r0, 0x5330, 0x1) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r4, &(0x7f0000000140)={0x37}, 0x14) getresgid(&(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000180)) fcntl$F_GET_FILE_RW_HINT(r4, 0x40d, &(0x7f0000000040)) [ 798.052864] dump_stack_lvl+0x8b/0xb3 [ 798.053709] should_fail.cold+0x5/0xa [ 798.054471] ? create_object.isra.0+0x3a/0xa20 [ 798.055380] should_failslab+0x5/0x10 [ 798.056123] kmem_cache_alloc+0x5b/0x480 [ 798.056932] create_object.isra.0+0x3a/0xa20 [ 798.057527] loop1: detected capacity change from 0 to 512 [ 798.057827] ? kasan_unpoison+0x23/0x50 [ 798.059231] kmem_cache_alloc+0x239/0x480 [ 798.060053] security_inode_alloc+0x34/0x160 [ 798.060922] inode_init_always+0x52e/0xc50 [ 798.061799] alloc_inode+0x84/0x230 [ 798.062523] new_inode+0x23/0x240 [ 798.063219] shmem_get_inode+0x18b/0xd20 [ 798.064028] __shmem_file_setup+0xb8/0x310 [ 798.064870] __do_sys_memfd_create+0x1c6/0x4f0 [ 798.065791] do_syscall_64+0x3b/0x90 [ 798.066527] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 798.067530] RIP: 0033:0x7f01cb928b19 [ 798.068249] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 798.071840] RSP: 002b:00007f01c8e9df48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 798.073323] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f01cb928b19 [ 798.074717] RDX: 0000000000020800 RSI: 0000000000000000 RDI: 00007f01cb9820fb [ 798.076105] RBP: 0000000000000002 R08: 0000000000010400 R09: ffffffffffffffff [ 798.077502] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000008100000 [ 798.078889] R13: 0000000020000040 R14: 0000000000020800 R15: 0000000020000140 [ 798.080282] [ 798.081060] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 not in group (block 29440)! [ 798.082176] EXT4-fs (loop1): group descriptors corrupted! [ 798.100580] 9pnet_fd: Insufficient options for proto=fd [ 798.104398] loop1: detected capacity change from 0 to 512 [ 798.115435] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 not in group (block 29440)! [ 798.116456] EXT4-fs (loop1): group descriptors corrupted! 15:44:08 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:44:08 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:44:08 executing program 4: r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x7}, ["", "", "", "", "", ""]}, 0x14}}, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) mlock(&(0x7f0000ffa000/0x2000)=nil, 0x2000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CCA_MODE(r1, 0x0, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = accept$unix(r0, &(0x7f0000000380), &(0x7f0000000300)=0x6e) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000c00)={0xc0, 0x0, &(0x7f0000000b00)=[@increfs={0x40046304, 0x3}, @clear_death={0x400c630f, 0x3}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000880)=ANY=[@ANYBLOB="8561646600000000010000000000000002000000000000001b00000000000000852a6273000000000300000000000000000000000000770a1100000200"/75], &(0x7f0000000900)={0x0, 0x20, 0x38}}}, @dead_binder_done, @acquire, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000a40)={@ptr={0x70742a85, 0x0, &(0x7f0000000940)=""/66, 0x42, 0x1, 0x24}, @ptr={0x70742a85, 0x1, &(0x7f00000009c0)=""/106, 0x6a, 0x0, 0x2f}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000ac0)={0x0, 0x28, 0x50}}}, @register_looper], 0x0, 0x0, &(0x7f0000000bc0)}) vmsplice(r4, &(0x7f0000000840)=[{&(0x7f0000000400)="6639a66d4a4d70ae5b89077c2fe5d512b955370555dfbba934d9c7f75dcdd380c8a631d642490421495b57beaf881d345128ab46878cac29a398af7c1a859c34b9f4a49ac6145ac7e4afa612a1d074fdd9a0fa2f56881f757d0822", 0x5b}, {&(0x7f0000000640)="165c25efaed55845004819d67b471b4d85429f2326192d56994cfc0e6848928780c69116c068b523df6acaca0a970ef3a41bc5ee66c5e5be82477d1bb6196697e7ba400dc2aeac5a1609c75d559a918fb474e40d0b689fcba79e3d1ac3d8ce0363a0f18a307bc449566961ed8cc8b31ea17e46429a94bdda6c82998cf14407d3befe6b7c14fae2f0ae95caa6d413f2a3bbd631d9b61c60124074654fb0212cf7eaa230a4ca8db5f4897f367df48ffd73e8af07c8605755c69084589ffb73652e20c5466655d9bef1486c2fb9d8f0f7af443d3297dcc3d4bce3af835196cc7161427d5fa529a3d81aaba8892ce8dffb519c2fb4b1554a4dde7172", 0xfa}, {&(0x7f0000000480)="6cbe22cc9071e40b72380567bd493401df7a1e0ac264245423df2902eeef6d61be1f4865214e85facc80437ce8aba30f5d163e8e7d257ea1801ed776937666f730ea57f68750adb3e071f804efeed260294a0418efc7916fb4d976340928b550820369e97d9434cfaf9f2ca460b14c7504ff2d84f22961b9bf975aa8780b9d7f14f9a22b6b363b3134872df91c76b804f0d57f10847811a6cefae9fa96a433a16638a3efdad8ff965b341839244b", 0xae}, {&(0x7f0000000740)="81e1a07373072accdd9562f12b3911066f72a686d95477b5bc156154a3ec5bc1d513317dd816eebb14ae4c4b33c15b4bbf2f232fcf8e136e8318b63804603dde7e239cae5d02b5315e0543cc5aff9314aae4ac03685a1f9f98bd8ccdfc0134de51943486e6a9ea6152f4af9c96102b5eac4d9fd26995fb966de34a4c49462c10463d7db749facb81582d6d1f805b1f2ae2b3724772c9186795789f5b431c7899015f54cf284bdc0969906e82f7100a6b2461613dde7667c8fad9bf4edfa4fd6bcf89ab89a1bb4efc053978a16f1a95088b80f316", 0xd4}], 0x4, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x8000, 0x3, &(0x7f0000ff6000/0x8000)=nil) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r3, &(0x7f00000002c0)={&(0x7f0000000240), 0xc, &(0x7f0000000280)={&(0x7f0000000540)={0xe4, 0x0, 0x2, 0x70bd2c, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'netpci0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0xa}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @remote}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @mcast1}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:auditd_log_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x27, 0x7, 'system_u:object_r:modules_dep_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x20, 0x7, 'system_u:object_r:cert_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast2}]}, 0xe4}, 0x1, 0x0, 0x0, 0x180}, 0x0) mlock2(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x1) sendmsg$NL802154_CMD_SET_TX_POWER(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000}, 0x2c, &(0x7f00000001c0)={&(0x7f0000000180)={0x3c, r2, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_TX_POWER={0x8, 0xb, 0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x1) 15:44:08 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, @in_args={0x4}}, './file0\x00'}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=@newae={0x48, 0x1e, 0x10, 0x70bd2c, 0x25dfdbfb, {{@in=@local, 0x4d3, 0x2, 0x3c}, @in6=@loopback, 0xffffffff, 0x3506}, [@XFRMA_IF_ID={0x8, 0x1f, r2}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x840) r3 = dup(r0) sendmsg$nl_xfrm(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="f800000016000100000000000000000000000000000000000000000000000000ffffffff00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="7f0000010000000000000000000000000000000033"], 0xf8}}, 0x0) sendmsg$nl_xfrm(r3, &(0x7f0000000fc0)={0x0, 0x0, &(0x7f0000000f80)={&(0x7f0000006b00)=ANY=[@ANYBLOB="681100001c0001"], 0x1168}}, 0x0) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r3, 0x6628) 15:44:08 executing program 0: r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil) shmget(0x1, 0x4000, 0x1000, &(0x7f0000ffc000/0x4000)=nil) r1 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ff4000/0x3000)=nil) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ffa000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ffc000/0x2000)=nil, 0x4000) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x0) mlock2(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) mlock2(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0) mbind(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x1, &(0x7f0000000040), 0x4, 0x4) mlock2(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x0) mremap(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x3000, 0x2, &(0x7f0000ff6000/0x3000)=nil) shmat(r0, &(0x7f0000ff9000/0x4000)=nil, 0x6000) mbind(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, &(0x7f0000000000), 0x3, 0x2) 15:44:08 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x2, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 798.249718] netlink: 4436 bytes leftover after parsing attributes in process `syz-executor.1'. 15:44:08 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) r1 = openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000100), 0x2, 0x0) ioctl$BTRFS_IOC_START_SYNC(r1, 0x80089418, &(0x7f0000000140)) ioctl$EVIOCGSND(r0, 0x8040451a, &(0x7f0000000040)=""/137) 15:44:08 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 798.317461] loop5: detected capacity change from 0 to 260 [ 798.321660] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) [ 798.336599] netlink: 4436 bytes leftover after parsing attributes in process `syz-executor.1'. 15:44:19 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f00000003c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$RTC_WIE_ON(r1, 0x700f) fstat(r0, &(0x7f0000000040)) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@local, @in=@dev}}, {{@in=@multicast1}, 0x0, @in=@private}}, &(0x7f0000000240)=0xe8) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000140)={0x37}, 0x14) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000029bd7000fd5bdf250200000008000108000600ac1414aa"], 0x2c}, 0x1, 0x0, 0x0, 0x40005}, 0x10) setresuid(0x0, r2, 0x0) r3 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) clone3(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0], 0x8}, 0x58) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7, r3}) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') fadvise64(0xffffffffffffffff, 0x8, 0x7, 0x3) write$P9_RMKNOD(r4, &(0x7f0000000140)={0x37}, 0x14) 15:44:19 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x4, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:44:19 executing program 2: ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000080)={0x7, 0x1000, 0x1, 0xc600, 0x6, "7f2585fc585a1eb4e8b9ccd5496bb05ad2a732"}) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:44:19 executing program 4: r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x7}, ["", "", "", "", "", ""]}, 0x14}}, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) mlock(&(0x7f0000ffa000/0x2000)=nil, 0x2000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CCA_MODE(r1, 0x0, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = accept$unix(r0, &(0x7f0000000380), &(0x7f0000000300)=0x6e) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000c00)={0xc0, 0x0, &(0x7f0000000b00)=[@increfs={0x40046304, 0x3}, @clear_death={0x400c630f, 0x3}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000880)=ANY=[@ANYBLOB="8561646600000000010000000000000002000000000000001b00000000000000852a6273000000000300000000000000000000000000770a1100000200"/75], &(0x7f0000000900)={0x0, 0x20, 0x38}}}, @dead_binder_done, @acquire, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000a40)={@ptr={0x70742a85, 0x0, &(0x7f0000000940)=""/66, 0x42, 0x1, 0x24}, @ptr={0x70742a85, 0x1, &(0x7f00000009c0)=""/106, 0x6a, 0x0, 0x2f}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000ac0)={0x0, 0x28, 0x50}}}, @register_looper], 0x0, 0x0, &(0x7f0000000bc0)}) vmsplice(r3, &(0x7f0000000840)=[{&(0x7f0000000400)="6639a66d4a4d70ae5b89077c2fe5d512b955370555dfbba934d9c7f75dcdd380c8a631d642490421495b57beaf881d345128ab46878cac29a398af7c1a859c34b9f4a49ac6145ac7e4afa612a1d074fdd9a0fa2f56881f757d0822", 0x5b}, {&(0x7f0000000640)="165c25efaed55845004819d67b471b4d85429f2326192d56994cfc0e6848928780c69116c068b523df6acaca0a970ef3a41bc5ee66c5e5be82477d1bb6196697e7ba400dc2aeac5a1609c75d559a918fb474e40d0b689fcba79e3d1ac3d8ce0363a0f18a307bc449566961ed8cc8b31ea17e46429a94bdda6c82998cf14407d3befe6b7c14fae2f0ae95caa6d413f2a3bbd631d9b61c60124074654fb0212cf7eaa230a4ca8db5f4897f367df48ffd73e8af07c8605755c69084589ffb73652e20c5466655d9bef1486c2fb9d8f0f7af443d3297dcc3d4bce3af835196cc7161427d5fa529a3d81aaba8892ce8dffb519c2fb4b1554a4dde7172", 0xfa}, {&(0x7f0000000480)="6cbe22cc9071e40b72380567bd493401df7a1e0ac264245423df2902eeef6d61be1f4865214e85facc80437ce8aba30f5d163e8e7d257ea1801ed776937666f730ea57f68750adb3e071f804efeed260294a0418efc7916fb4d976340928b550820369e97d9434cfaf9f2ca460b14c7504ff2d84f22961b9bf975aa8780b9d7f14f9a22b6b363b3134872df91c76b804f0d57f10847811a6cefae9fa96a433a16638a3efdad8ff965b341839244b", 0xae}, {&(0x7f0000000740)="81e1a07373072accdd9562f12b3911066f72a686d95477b5bc156154a3ec5bc1d513317dd816eebb14ae4c4b33c15b4bbf2f232fcf8e136e8318b63804603dde7e239cae5d02b5315e0543cc5aff9314aae4ac03685a1f9f98bd8ccdfc0134de51943486e6a9ea6152f4af9c96102b5eac4d9fd26995fb966de34a4c49462c10463d7db749facb81582d6d1f805b1f2ae2b3724772c9186795789f5b431c7899015f54cf284bdc0969906e82f7100a6b2461613dde7667c8fad9bf4edfa4fd6bcf89ab89a1bb4efc053978a16f1a95088b80f316", 0xd4}], 0x4, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x8000, 0x3, &(0x7f0000ff6000/0x8000)=nil) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r2, &(0x7f00000002c0)={&(0x7f0000000240), 0xc, &(0x7f0000000280)={&(0x7f0000000540)={0xe4, 0x0, 0x2, 0x70bd2c, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'netpci0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0xa}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @remote}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @mcast1}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:auditd_log_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x27, 0x7, 'system_u:object_r:modules_dep_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x20, 0x7, 'system_u:object_r:cert_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast2}]}, 0xe4}, 0x1, 0x0, 0x0, 0x180}, 0x0) mlock2(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x1) 15:44:19 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 8) 15:44:19 executing program 0: r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil) shmget(0x1, 0x4000, 0x1000, &(0x7f0000ffc000/0x4000)=nil) r1 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ff4000/0x3000)=nil) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ffa000/0x4000)=nil, 0x4000) shmat(r1, &(0x7f0000ffc000/0x2000)=nil, 0x4000) mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x0) mlock2(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) mlock2(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0) mbind(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x1, &(0x7f0000000040), 0x4, 0x4) mlock2(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x0) mremap(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x3000, 0x2, &(0x7f0000ff6000/0x3000)=nil) shmat(r0, &(0x7f0000ff9000/0x4000)=nil, 0x6000) mbind(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, &(0x7f0000000000), 0x3, 0x2) 15:44:19 executing program 1: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000080)=ANY=[]) chdir(&(0x7f0000000140)='./file0\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) write$P9_RMKNOD(r1, &(0x7f0000000140)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) r2 = openat(r0, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(r3, &(0x7f0000001180)=ANY=[], 0x220) fspick(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) truncate(&(0x7f0000000040)='./file1\x00', 0x80) sendfile(r3, r2, 0x0, 0xfffffded) 15:44:19 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x400, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:44:19 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x6c801, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) getpeername$unix(r1, &(0x7f00000000c0)=@abs, &(0x7f0000000140)=0x6e) r2 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) r3 = clone3(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0], 0x8}, 0x58) fcntl$lock(r1, 0x7, &(0x7f0000000180)={0x2, 0x1, 0x10001, 0x4, r2}) r4 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) clone3(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0], 0x8}, 0x58) r5 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) clone3(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0], 0x8}, 0x58) r6 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r6, &(0x7f0000000140)={0x37}, 0x14) clone3(&(0x7f0000000400)={0x200000000, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f0000000240), {0x34}, &(0x7f0000000280)=""/10, 0xa, &(0x7f00000002c0)=""/252, &(0x7f00000003c0)=[r4, r5, r3], 0x3, {r6}}, 0x58) ioctl$AUTOFS_IOC_ASKUMOUNT(r0, 0x80049370, &(0x7f0000000040)) ioctl$CDROMSUBCHNL(0xffffffffffffffff, 0x530b, &(0x7f0000000480)={0x3, 0x4, 0x0, 0x0, 0x1, 0xce, @msf={0x6, 0xf0, 0x5}, @lba=0xffffffb5}) ioctl$CDROM_MEDIA_CHANGED(r0, 0x5325, 0x1) [ 809.328154] FAULT_INJECTION: forcing a failure. [ 809.328154] name failslab, interval 1, probability 0, space 0, times 0 [ 809.329378] CPU: 1 PID: 7789 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 809.330415] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 809.331594] Call Trace: [ 809.331860] [ 809.332093] dump_stack_lvl+0x8b/0xb3 [ 809.332511] should_fail.cold+0x5/0xa [ 809.332915] ? __d_alloc+0x2a/0x990 [ 809.333303] should_failslab+0x5/0x10 [ 809.333704] kmem_cache_alloc+0x5b/0x480 [ 809.334145] __d_alloc+0x2a/0x990 [ 809.334513] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 809.335098] d_alloc_pseudo+0x19/0x70 [ 809.335359] loop1: detected capacity change from 0 to 40 [ 809.335497] alloc_file_pseudo+0xce/0x250 [ 809.337056] ? alloc_file+0x590/0x590 [ 809.337455] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 809.338043] ? shmem_get_inode+0x622/0xd20 [ 809.338516] __shmem_file_setup+0x144/0x310 [ 809.338972] __do_sys_memfd_create+0x1c6/0x4f0 [ 809.339486] do_syscall_64+0x3b/0x90 [ 809.339882] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 809.340452] RIP: 0033:0x7f01cb928b19 [ 809.340832] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 809.342890] RSP: 002b:00007f01c8e9df48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 809.343731] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f01cb928b19 [ 809.344515] RDX: 0000000000020800 RSI: 0000000000000000 RDI: 00007f01cb9820fb [ 809.345311] RBP: 0000000000000002 R08: 0000000000010400 R09: ffffffffffffffff [ 809.346106] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000008100000 [ 809.346882] R13: 0000000020000040 R14: 0000000000020800 R15: 0000000020000140 [ 809.347670] 15:44:19 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000080)=0x2) 15:44:19 executing program 4: r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x7}, ["", "", "", "", "", ""]}, 0x14}}, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) mlock(&(0x7f0000ffa000/0x2000)=nil, 0x2000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CCA_MODE(r1, 0x0, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = accept$unix(r0, &(0x7f0000000380), &(0x7f0000000300)=0x6e) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000c00)={0xc0, 0x0, &(0x7f0000000b00)=[@increfs={0x40046304, 0x3}, @clear_death={0x400c630f, 0x3}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000880)=ANY=[@ANYBLOB="8561646600000000010000000000000002000000000000001b00000000000000852a6273000000000300000000000000000000000000770a1100000200"/75], &(0x7f0000000900)={0x0, 0x20, 0x38}}}, @dead_binder_done, @acquire, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000a40)={@ptr={0x70742a85, 0x0, &(0x7f0000000940)=""/66, 0x42, 0x1, 0x24}, @ptr={0x70742a85, 0x1, &(0x7f00000009c0)=""/106, 0x6a, 0x0, 0x2f}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000ac0)={0x0, 0x28, 0x50}}}, @register_looper], 0x0, 0x0, &(0x7f0000000bc0)}) vmsplice(r3, &(0x7f0000000840)=[{&(0x7f0000000400)="6639a66d4a4d70ae5b89077c2fe5d512b955370555dfbba934d9c7f75dcdd380c8a631d642490421495b57beaf881d345128ab46878cac29a398af7c1a859c34b9f4a49ac6145ac7e4afa612a1d074fdd9a0fa2f56881f757d0822", 0x5b}, {&(0x7f0000000640)="165c25efaed55845004819d67b471b4d85429f2326192d56994cfc0e6848928780c69116c068b523df6acaca0a970ef3a41bc5ee66c5e5be82477d1bb6196697e7ba400dc2aeac5a1609c75d559a918fb474e40d0b689fcba79e3d1ac3d8ce0363a0f18a307bc449566961ed8cc8b31ea17e46429a94bdda6c82998cf14407d3befe6b7c14fae2f0ae95caa6d413f2a3bbd631d9b61c60124074654fb0212cf7eaa230a4ca8db5f4897f367df48ffd73e8af07c8605755c69084589ffb73652e20c5466655d9bef1486c2fb9d8f0f7af443d3297dcc3d4bce3af835196cc7161427d5fa529a3d81aaba8892ce8dffb519c2fb4b1554a4dde7172", 0xfa}, {&(0x7f0000000480)="6cbe22cc9071e40b72380567bd493401df7a1e0ac264245423df2902eeef6d61be1f4865214e85facc80437ce8aba30f5d163e8e7d257ea1801ed776937666f730ea57f68750adb3e071f804efeed260294a0418efc7916fb4d976340928b550820369e97d9434cfaf9f2ca460b14c7504ff2d84f22961b9bf975aa8780b9d7f14f9a22b6b363b3134872df91c76b804f0d57f10847811a6cefae9fa96a433a16638a3efdad8ff965b341839244b", 0xae}, {&(0x7f0000000740)="81e1a07373072accdd9562f12b3911066f72a686d95477b5bc156154a3ec5bc1d513317dd816eebb14ae4c4b33c15b4bbf2f232fcf8e136e8318b63804603dde7e239cae5d02b5315e0543cc5aff9314aae4ac03685a1f9f98bd8ccdfc0134de51943486e6a9ea6152f4af9c96102b5eac4d9fd26995fb966de34a4c49462c10463d7db749facb81582d6d1f805b1f2ae2b3724772c9186795789f5b431c7899015f54cf284bdc0969906e82f7100a6b2461613dde7667c8fad9bf4edfa4fd6bcf89ab89a1bb4efc053978a16f1a95088b80f316", 0xd4}], 0x4, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x8000, 0x3, &(0x7f0000ff6000/0x8000)=nil) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r2, &(0x7f00000002c0)={&(0x7f0000000240), 0xc, &(0x7f0000000280)={&(0x7f0000000540)={0xe4, 0x0, 0x2, 0x70bd2c, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'netpci0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0xa}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @remote}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @mcast1}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:auditd_log_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x27, 0x7, 'system_u:object_r:modules_dep_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x20, 0x7, 'system_u:object_r:cert_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast2}]}, 0xe4}, 0x1, 0x0, 0x0, 0x180}, 0x0) 15:44:19 executing program 2: syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r0, &(0x7f0000000140)={0x37}, 0x14) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ipvlan0\x00'}) 15:44:20 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x5, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:44:20 executing program 4: r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x7}, ["", "", "", "", "", ""]}, 0x14}}, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) mlock(&(0x7f0000ffa000/0x2000)=nil, 0x2000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CCA_MODE(r1, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = accept$unix(r0, &(0x7f0000000380), &(0x7f0000000300)=0x6e) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000c00)={0xc0, 0x0, &(0x7f0000000b00)=[@increfs={0x40046304, 0x3}, @clear_death={0x400c630f, 0x3}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000880)=ANY=[@ANYBLOB="8561646600000000010000000000000002000000000000001b00000000000000852a6273000000000300000000000000000000000000770a1100000200"/75], &(0x7f0000000900)={0x0, 0x20, 0x38}}}, @dead_binder_done, @acquire, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000a40)={@ptr={0x70742a85, 0x0, &(0x7f0000000940)=""/66, 0x42, 0x1, 0x24}, @ptr={0x70742a85, 0x1, &(0x7f00000009c0)=""/106, 0x6a, 0x0, 0x2f}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000ac0)={0x0, 0x28, 0x50}}}, @register_looper], 0x0, 0x0, &(0x7f0000000bc0)}) vmsplice(r2, &(0x7f0000000840)=[{&(0x7f0000000400)="6639a66d4a4d70ae5b89077c2fe5d512b955370555dfbba934d9c7f75dcdd380c8a631d642490421495b57beaf881d345128ab46878cac29a398af7c1a859c34b9f4a49ac6145ac7e4afa612a1d074fdd9a0fa2f56881f757d0822", 0x5b}, {&(0x7f0000000640)="165c25efaed55845004819d67b471b4d85429f2326192d56994cfc0e6848928780c69116c068b523df6acaca0a970ef3a41bc5ee66c5e5be82477d1bb6196697e7ba400dc2aeac5a1609c75d559a918fb474e40d0b689fcba79e3d1ac3d8ce0363a0f18a307bc449566961ed8cc8b31ea17e46429a94bdda6c82998cf14407d3befe6b7c14fae2f0ae95caa6d413f2a3bbd631d9b61c60124074654fb0212cf7eaa230a4ca8db5f4897f367df48ffd73e8af07c8605755c69084589ffb73652e20c5466655d9bef1486c2fb9d8f0f7af443d3297dcc3d4bce3af835196cc7161427d5fa529a3d81aaba8892ce8dffb519c2fb4b1554a4dde7172", 0xfa}, {&(0x7f0000000480)="6cbe22cc9071e40b72380567bd493401df7a1e0ac264245423df2902eeef6d61be1f4865214e85facc80437ce8aba30f5d163e8e7d257ea1801ed776937666f730ea57f68750adb3e071f804efeed260294a0418efc7916fb4d976340928b550820369e97d9434cfaf9f2ca460b14c7504ff2d84f22961b9bf975aa8780b9d7f14f9a22b6b363b3134872df91c76b804f0d57f10847811a6cefae9fa96a433a16638a3efdad8ff965b341839244b", 0xae}, {&(0x7f0000000740)="81e1a07373072accdd9562f12b3911066f72a686d95477b5bc156154a3ec5bc1d513317dd816eebb14ae4c4b33c15b4bbf2f232fcf8e136e8318b63804603dde7e239cae5d02b5315e0543cc5aff9314aae4ac03685a1f9f98bd8ccdfc0134de51943486e6a9ea6152f4af9c96102b5eac4d9fd26995fb966de34a4c49462c10463d7db749facb81582d6d1f805b1f2ae2b3724772c9186795789f5b431c7899015f54cf284bdc0969906e82f7100a6b2461613dde7667c8fad9bf4edfa4fd6bcf89ab89a1bb4efc053978a16f1a95088b80f316", 0xd4}], 0x4, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x8000, 0x3, &(0x7f0000ff6000/0x8000)=nil) 15:44:20 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 9) 15:44:20 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) pwrite64(r1, &(0x7f0000000080)="53b0a71d9fae4a022e1d7825915374d3440df0218d1331e875e1a5d49c6898ce7eed8e0285", 0x25, 0x4) [ 809.574518] FAULT_INJECTION: forcing a failure. [ 809.574518] name failslab, interval 1, probability 0, space 0, times 0 [ 809.577060] CPU: 0 PID: 7816 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 809.579155] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 809.581610] Call Trace: [ 809.582162] [ 809.582638] dump_stack_lvl+0x8b/0xb3 [ 809.583475] should_fail.cold+0x5/0xa [ 809.584299] ? create_object.isra.0+0x3a/0xa20 [ 809.585297] should_failslab+0x5/0x10 [ 809.586128] kmem_cache_alloc+0x5b/0x480 [ 809.587008] create_object.isra.0+0x3a/0xa20 [ 809.587962] ? kasan_unpoison+0x23/0x50 [ 809.588829] kmem_cache_alloc+0x239/0x480 [ 809.589748] __d_alloc+0x2a/0x990 15:44:20 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f00000003c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$RTC_WIE_ON(r1, 0x700f) fstat(r0, &(0x7f0000000040)) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@local, @in=@dev}}, {{@in=@multicast1}, 0x0, @in=@private}}, &(0x7f0000000240)=0xe8) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000140)={0x37}, 0x14) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000029bd7000fd5bdf250200000008000108000600ac1414aa"], 0x2c}, 0x1, 0x0, 0x0, 0x40005}, 0x10) setresuid(0x0, r2, 0x0) r3 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) clone3(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0], 0x8}, 0x58) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7, r3}) syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') fadvise64(0xffffffffffffffff, 0x8, 0x7, 0x3) [ 809.590503] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 809.591832] d_alloc_pseudo+0x19/0x70 [ 809.592659] alloc_file_pseudo+0xce/0x250 [ 809.593562] ? alloc_file+0x590/0x590 [ 809.594402] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 15:44:20 executing program 1: syz_mount_image$nfs4(0x0, 0x0, 0x3, 0x1, &(0x7f0000002300)=[{&(0x7f0000002280)='A', 0x1}], 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000580)={0x0, 0x0, 0x0}, &(0x7f00000005c0)=0xc) getresgid(&(0x7f0000000b80), &(0x7f0000000bc0), &(0x7f0000000c00)=0x0) setregid(r1, 0x0) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r2, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000600)={{{@in6, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in6=@initdev}}, &(0x7f0000000700)=0xe8) syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0xfff, 0x6, &(0x7f00000004c0)=[{&(0x7f0000000080)="e971d2879bacf9e653e59bed7d9f2685aab53f55d7ec37938e9d2df211d736f4d281ec1650c56f1edf5a3c7e84e6e8daece867837aa077a30eb07ff5d09d59351eed2b5a", 0x44, 0xcbc}, {&(0x7f0000000100)="ee33aba098efacd43dda979a071a3ff68d0e8ea680ffd75f0df825f7cc67ebcfc6d9b5bcdc72f615f1b4964f221cc55ddf74fa7a88009c0ee2c634d4ab619e1cc0c82f232ef99f1ac6fd9ec2d2de6850758e095c4a4189dda4446a602dbf7b71ff5b983c1ed95246bd0d0acbde9739ed147ce7c9775da306094a69cd62edbb470d8c1b7e71ae806392958154e57721c26ba5a27460da86b9635d94b97b8292be9d037a7ce28c33d3c5fb8f08b535e3f4fe3d76533427de79c6000bf5b0e4266d053fca01b53679232c857844911cceba4f5997531e55086af9e8f82a5a06272e", 0xe0, 0x9}, {&(0x7f0000000200)="00b0894480fe8b801d0e7f3b39220e5d53a1655cda339f1bb9e703d89f70fa9b7c76389141edea842a26d8721dd482b347e2183bb23a5da439c8cd56b3b59db9b5c5df81c930115c30454346dbb58d283770da9b2223624becb2ce5ee5ffd1ae56f619f5be4ebb4f555533a3ca21f179d1bd919d591c8beb91fd88a16db7648408855c64d4e49fcadb38a62616cab90ba84a23e1a66add1ead54d2398a9a47a1807d8099c2e9f60552ca38cbf4423eb40ff812aca5507225e54d964701405566d9d648e9276a9b8a29564c0d44c8216755a0b30e026fab0fe68e642274bf2921a80c1aa7ed9b3213d5c18982607131bab9b7c7474f9c4ad19045eb", 0xfb, 0x8001}, {&(0x7f0000000300)="f51c660a9017ab704b1d2174ef9cbc2a3bae34800af4df3200c49a423ef97bbb83e79f02a4fdd074ab270ba69563c91d2c2f6b8aabb0d08db173ab6feadb71b568a54c35da2e9b4e42ca056328d4a53abe", 0x51, 0x9}, {&(0x7f0000000380)="ae5f2f2ea0db7e8a1a18f3ffa422d0bc893fb68b87ea2ff22613229b3e8801d43cb9cec6b7ac552ba4745b", 0x2b, 0x81}, {&(0x7f00000003c0)="9201ab53313ccf6f91b5ed630289c1cffd5de17204c32f3afd224f4cc28a37558446b25444248813c61bf95cfaeee1597a0d96d57e83b9c29a7357f29142c9330b1d40a817e7e50d8a85ef882b1d1b682462ab7fec9aa8992462762e99d1622f2af276e70ada577a2061dc08f40ff1944d4f381c2cc7bd0d3d36e860e7c6902b4172491dcc77ae24a893912753d750f539eb2cc4e07192297e476a336728a313083e04706b680d0c07e3c8d12ae1a02fd31adc0dae49fe25d9054724ac077b1668d3d4", 0xc3, 0x1}], 0x2, &(0x7f0000000740)={[{@uid={'uid', 0x3d, 0xee00}}, {@huge_never}, {@nr_blocks={'nr_blocks', 0x3d, [0x34, 0x31, 0x36, 0x78, 0x35, 0x4c, 0x35]}}, {@gid={'gid', 0x3d, r0}}, {@huge_advise}, {@gid={'gid', 0x3d, r1}}], [{@subj_user={'subj_user', 0x3d, ','}}, {@uid_eq}, {@uid_eq={'uid', 0x3d, r2}}, {@subj_type}, {@smackfshat}, {@permit_directio}, {@euid_lt={'euid<', r3}}, {@dont_hash}, {@permit_directio}]}) [ 809.595587] ? shmem_get_inode+0x622/0xd20 [ 809.596514] __shmem_file_setup+0x144/0x310 [ 809.597462] __do_sys_memfd_create+0x1c6/0x4f0 [ 809.598470] do_syscall_64+0x3b/0x90 [ 809.599286] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 809.600389] RIP: 0033:0x7f01cb928b19 [ 809.601188] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 809.605165] RSP: 002b:00007f01c8e9df48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 809.606801] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f01cb928b19 [ 809.608333] RDX: 0000000000020800 RSI: 0000000000000000 RDI: 00007f01cb9820fb [ 809.609848] RBP: 0000000000000002 R08: 0000000000010400 R09: ffffffffffffffff [ 809.611380] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000008100000 [ 809.612908] R13: 0000000020000040 R14: 0000000000020800 R15: 0000000020000140 [ 809.614459] [ 809.630315] loop5: detected capacity change from 0 to 260 [ 809.636271] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:44:20 executing program 4: r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x7}, ["", "", "", "", "", ""]}, 0x14}}, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) mlock(&(0x7f0000ffa000/0x2000)=nil, 0x2000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CCA_MODE(r1, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = accept$unix(r0, &(0x7f0000000380), &(0x7f0000000300)=0x6e) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000c00)={0xc0, 0x0, &(0x7f0000000b00)=[@increfs={0x40046304, 0x3}, @clear_death={0x400c630f, 0x3}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000880)=ANY=[@ANYBLOB="8561646600000000010000000000000002000000000000001b00000000000000852a6273000000000300000000000000000000000000770a1100000200"/75], &(0x7f0000000900)={0x0, 0x20, 0x38}}}, @dead_binder_done, @acquire, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000a40)={@ptr={0x70742a85, 0x0, &(0x7f0000000940)=""/66, 0x42, 0x1, 0x24}, @ptr={0x70742a85, 0x1, &(0x7f00000009c0)=""/106, 0x6a, 0x0, 0x2f}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000ac0)={0x0, 0x28, 0x50}}}, @register_looper], 0x0, 0x0, &(0x7f0000000bc0)}) vmsplice(r2, &(0x7f0000000840)=[{&(0x7f0000000400)="6639a66d4a4d70ae5b89077c2fe5d512b955370555dfbba934d9c7f75dcdd380c8a631d642490421495b57beaf881d345128ab46878cac29a398af7c1a859c34b9f4a49ac6145ac7e4afa612a1d074fdd9a0fa2f56881f757d0822", 0x5b}, {&(0x7f0000000640)="165c25efaed55845004819d67b471b4d85429f2326192d56994cfc0e6848928780c69116c068b523df6acaca0a970ef3a41bc5ee66c5e5be82477d1bb6196697e7ba400dc2aeac5a1609c75d559a918fb474e40d0b689fcba79e3d1ac3d8ce0363a0f18a307bc449566961ed8cc8b31ea17e46429a94bdda6c82998cf14407d3befe6b7c14fae2f0ae95caa6d413f2a3bbd631d9b61c60124074654fb0212cf7eaa230a4ca8db5f4897f367df48ffd73e8af07c8605755c69084589ffb73652e20c5466655d9bef1486c2fb9d8f0f7af443d3297dcc3d4bce3af835196cc7161427d5fa529a3d81aaba8892ce8dffb519c2fb4b1554a4dde7172", 0xfa}, {&(0x7f0000000480)="6cbe22cc9071e40b72380567bd493401df7a1e0ac264245423df2902eeef6d61be1f4865214e85facc80437ce8aba30f5d163e8e7d257ea1801ed776937666f730ea57f68750adb3e071f804efeed260294a0418efc7916fb4d976340928b550820369e97d9434cfaf9f2ca460b14c7504ff2d84f22961b9bf975aa8780b9d7f14f9a22b6b363b3134872df91c76b804f0d57f10847811a6cefae9fa96a433a16638a3efdad8ff965b341839244b", 0xae}, {&(0x7f0000000740)="81e1a07373072accdd9562f12b3911066f72a686d95477b5bc156154a3ec5bc1d513317dd816eebb14ae4c4b33c15b4bbf2f232fcf8e136e8318b63804603dde7e239cae5d02b5315e0543cc5aff9314aae4ac03685a1f9f98bd8ccdfc0134de51943486e6a9ea6152f4af9c96102b5eac4d9fd26995fb966de34a4c49462c10463d7db749facb81582d6d1f805b1f2ae2b3724772c9186795789f5b431c7899015f54cf284bdc0969906e82f7100a6b2461613dde7667c8fad9bf4edfa4fd6bcf89ab89a1bb4efc053978a16f1a95088b80f316", 0xd4}], 0x4, 0x4) 15:44:20 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f00000000c0)={0x0, 0x6855, 0x4, 0x0, 0x1ce}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) io_uring_enter(r1, 0x4cf5, 0xeed3, 0x1, &(0x7f0000000080)={[0xe]}, 0x8) 15:44:20 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x6, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:44:31 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) pwrite64(r0, &(0x7f0000000040)="274e1e43aea793014cb1211935f66ad5592851489a582948e2d63a9d3e15ad273ff1c81d2878cfa5437fe47dae88ebf3a0a37fee9beae0", 0x37, 0x3f) [ 820.593435] FAULT_INJECTION: forcing a failure. [ 820.593435] name failslab, interval 1, probability 0, space 0, times 0 [ 820.595760] CPU: 1 PID: 7847 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 820.597658] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 820.599924] Call Trace: [ 820.600433] [ 820.600873] dump_stack_lvl+0x8b/0xb3 [ 820.601638] should_fail.cold+0x5/0xa [ 820.602433] ? __alloc_file+0x21/0x240 [ 820.603211] should_failslab+0x5/0x10 [ 820.603974] kmem_cache_alloc+0x5b/0x480 [ 820.604791] __alloc_file+0x21/0x240 [ 820.605540] alloc_empty_file+0x6d/0x170 [ 820.606367] alloc_file+0x59/0x590 15:44:31 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 10) 15:44:31 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) r1 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) clone3(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0], 0x8}, 0x58) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000040)={'\x00', 0x2d8c, 0x8, 0x800, 0x0, 0x8, r1}) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) 15:44:31 executing program 0: ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000180)={'syzkaller0\x00'}) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) r1 = eventfd(0x27) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r1, 0xf505, 0x0) syz_io_uring_setup(0x1a1a, &(0x7f0000000280)={0x0, 0x0, 0x1, 0x1, 0x225}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000006c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) socketpair(0x2b, 0x3, 0x80000000, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$FOU_CMD_ADD(r4, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x38, 0x0, 0x800, 0x70bd28, 0x25dfdbfe, {}, [@FOU_ATTR_IFINDEX={0x8}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e22}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @mcast2}]}, 0x38}, 0x1, 0x0, 0x0, 0x81}, 0x4) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000640)={0x0, 0xcf95, 0x200}) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001640)={0x0, 0x0, {0x0, @usage, 0x0}, {0x0, @usage, 0x0}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000e40)={0x0, 0x1, {0x9, @struct={0x1e9f, 0x7}, r6, 0xfffffffffffffff8, 0x4, 0x800, 0x9, 0x1, 0xc0, @struct={0x4, 0xffffffff}, 0x7ff, 0x81, [0x8001, 0x0, 0x2, 0x0, 0x7ff, 0x3]}, {0x7, @struct={0x5, 0x1f}, 0x0, 0x7, 0x7, 0x22e3, 0x0, 0xff, 0x400, @usage=0x401, 0x0, 0x9, [0x9, 0x0, 0xc55, 0xe522, 0x2, 0x3303]}, {0x3, @struct={0x1, 0xfffffff8}, r7, 0x0, 0x7fffffff, 0x8e6, 0x5, 0x4, 0x404, @struct={0x2, 0x8}, 0x6, 0x0, [0x3, 0x8, 0x4, 0x1ff]}, {0xd23, 0x20, 0x7fff}}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000700)={r6, 0x7, 0xeec}) r8 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r8, 0x40305839, &(0x7f00000001c0)=ANY=[@ANYBLOB="0600000000fddda786adff1800000ceb0000002b00db2ba571f584e22000000000000000"]) io_uring_setup(0x2d62, &(0x7f0000001100)={0x0, 0x0, 0x0, 0x0, 0x80}) clone3(&(0x7f0000000580)={0x40040300, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 15:44:31 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x7, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:44:31 executing program 1: r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x7}, ["", "", "", "", "", ""]}, 0x14}}, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) mlock(&(0x7f0000ffa000/0x2000)=nil, 0x2000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CCA_MODE(r1, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = accept$unix(r0, &(0x7f0000000380), &(0x7f0000000300)=0x6e) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000c00)={0xc0, 0x0, &(0x7f0000000b00)=[@increfs={0x40046304, 0x3}, @clear_death={0x400c630f, 0x3}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000880)=ANY=[@ANYBLOB="8561646600000000010000000000000002000000000000001b00000000000000852a6273000000000300000000000000000000000000770a1100000200"/75], &(0x7f0000000900)={0x0, 0x20, 0x38}}}, @dead_binder_done, @acquire, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000a40)={@ptr={0x70742a85, 0x0, &(0x7f0000000940)=""/66, 0x42, 0x1, 0x24}, @ptr={0x70742a85, 0x1, &(0x7f00000009c0)=""/106, 0x6a, 0x0, 0x2f}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000ac0)={0x0, 0x28, 0x50}}}, @register_looper], 0x0, 0x0, &(0x7f0000000bc0)}) vmsplice(r2, &(0x7f0000000840)=[{&(0x7f0000000400)="6639a66d4a4d70ae5b89077c2fe5d512b955370555dfbba934d9c7f75dcdd380c8a631d642490421495b57beaf881d345128ab46878cac29a398af7c1a859c34b9f4a49ac6145ac7e4afa612a1d074fdd9a0fa2f56881f757d0822", 0x5b}, {&(0x7f0000000640)="165c25efaed55845004819d67b471b4d85429f2326192d56994cfc0e6848928780c69116c068b523df6acaca0a970ef3a41bc5ee66c5e5be82477d1bb6196697e7ba400dc2aeac5a1609c75d559a918fb474e40d0b689fcba79e3d1ac3d8ce0363a0f18a307bc449566961ed8cc8b31ea17e46429a94bdda6c82998cf14407d3befe6b7c14fae2f0ae95caa6d413f2a3bbd631d9b61c60124074654fb0212cf7eaa230a4ca8db5f4897f367df48ffd73e8af07c8605755c69084589ffb73652e20c5466655d9bef1486c2fb9d8f0f7af443d3297dcc3d4bce3af835196cc7161427d5fa529a3d81aaba8892ce8dffb519c2fb4b1554a4dde7172", 0xfa}, {&(0x7f0000000480)="6cbe22cc9071e40b72380567bd493401df7a1e0ac264245423df2902eeef6d61be1f4865214e85facc80437ce8aba30f5d163e8e7d257ea1801ed776937666f730ea57f68750adb3e071f804efeed260294a0418efc7916fb4d976340928b550820369e97d9434cfaf9f2ca460b14c7504ff2d84f22961b9bf975aa8780b9d7f14f9a22b6b363b3134872df91c76b804f0d57f10847811a6cefae9fa96a433a16638a3efdad8ff965b341839244b", 0xae}, {&(0x7f0000000740)="81e1a07373072accdd9562f12b3911066f72a686d95477b5bc156154a3ec5bc1d513317dd816eebb14ae4c4b33c15b4bbf2f232fcf8e136e8318b63804603dde7e239cae5d02b5315e0543cc5aff9314aae4ac03685a1f9f98bd8ccdfc0134de51943486e6a9ea6152f4af9c96102b5eac4d9fd26995fb966de34a4c49462c10463d7db749facb81582d6d1f805b1f2ae2b3724772c9186795789f5b431c7899015f54cf284bdc0969906e82f7100a6b2461613dde7667c8fad9bf4edfa4fd6bcf89ab89a1bb4efc053978a16f1a95088b80f316", 0xd4}], 0x4, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x8000, 0x3, &(0x7f0000ff6000/0x8000)=nil) 15:44:31 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f00000003c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$RTC_WIE_ON(r1, 0x700f) fstat(r0, &(0x7f0000000040)) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@local, @in=@dev}}, {{@in=@multicast1}, 0x0, @in=@private}}, &(0x7f0000000240)=0xe8) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000140)={0x37}, 0x14) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000029bd7000fd5bdf250200000008000108000600ac1414aa"], 0x2c}, 0x1, 0x0, 0x0, 0x40005}, 0x10) setresuid(0x0, r2, 0x0) r3 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) clone3(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0], 0x8}, 0x58) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7, r3}) syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') 15:44:31 executing program 4: r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x7}, ["", "", "", "", "", ""]}, 0x14}}, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) mlock(&(0x7f0000ffa000/0x2000)=nil, 0x2000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CCA_MODE(r1, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) accept$unix(r0, &(0x7f0000000380), &(0x7f0000000300)=0x6e) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000c00)={0xc0, 0x0, &(0x7f0000000b00)=[@increfs={0x40046304, 0x3}, @clear_death={0x400c630f, 0x3}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000880)=ANY=[@ANYBLOB="8561646600000000010000000000000002000000000000001b00000000000000852a6273000000000300000000000000000000000000770a1100000200"/75], &(0x7f0000000900)={0x0, 0x20, 0x38}}}, @dead_binder_done, @acquire, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000a40)={@ptr={0x70742a85, 0x0, &(0x7f0000000940)=""/66, 0x42, 0x1, 0x24}, @ptr={0x70742a85, 0x1, &(0x7f00000009c0)=""/106, 0x6a, 0x0, 0x2f}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000ac0)={0x0, 0x28, 0x50}}}, @register_looper], 0x0, 0x0, &(0x7f0000000bc0)}) [ 820.607453] alloc_file_pseudo+0x16a/0x250 [ 820.608419] ? alloc_file+0x590/0x590 [ 820.609177] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 820.610294] ? shmem_get_inode+0x622/0xd20 [ 820.611143] __shmem_file_setup+0x144/0x310 [ 820.612018] __do_sys_memfd_create+0x1c6/0x4f0 [ 820.612949] do_syscall_64+0x3b/0x90 [ 820.613703] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 820.614723] RIP: 0033:0x7f01cb928b19 [ 820.615467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 820.619113] RSP: 002b:00007f01c8e9df48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 820.620603] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f01cb928b19 [ 820.622018] RDX: 0000000000020800 RSI: 0000000000000000 RDI: 00007f01cb9820fb [ 820.623413] RBP: 0000000000000002 R08: 0000000000010400 R09: ffffffffffffffff [ 820.624813] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000008100000 [ 820.626218] R13: 0000000020000040 R14: 0000000000020800 R15: 0000000020000140 [ 820.627622] 15:44:31 executing program 1: r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x7}, ["", "", "", "", "", ""]}, 0x14}}, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) mlock(&(0x7f0000ffa000/0x2000)=nil, 0x2000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CCA_MODE(r1, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = accept$unix(r0, &(0x7f0000000380), &(0x7f0000000300)=0x6e) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000c00)={0xc0, 0x0, &(0x7f0000000b00)=[@increfs={0x40046304, 0x3}, @clear_death={0x400c630f, 0x3}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000880)=ANY=[@ANYBLOB="8561646600000000010000000000000002000000000000001b00000000000000852a6273000000000300000000000000000000000000770a1100000200"/75], &(0x7f0000000900)={0x0, 0x20, 0x38}}}, @dead_binder_done, @acquire, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000a40)={@ptr={0x70742a85, 0x0, &(0x7f0000000940)=""/66, 0x42, 0x1, 0x24}, @ptr={0x70742a85, 0x1, &(0x7f00000009c0)=""/106, 0x6a, 0x0, 0x2f}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000ac0)={0x0, 0x28, 0x50}}}, @register_looper], 0x0, 0x0, &(0x7f0000000bc0)}) vmsplice(r2, &(0x7f0000000840)=[{&(0x7f0000000400)="6639a66d4a4d70ae5b89077c2fe5d512b955370555dfbba934d9c7f75dcdd380c8a631d642490421495b57beaf881d345128ab46878cac29a398af7c1a859c34b9f4a49ac6145ac7e4afa612a1d074fdd9a0fa2f56881f757d0822", 0x5b}, {&(0x7f0000000640)="165c25efaed55845004819d67b471b4d85429f2326192d56994cfc0e6848928780c69116c068b523df6acaca0a970ef3a41bc5ee66c5e5be82477d1bb6196697e7ba400dc2aeac5a1609c75d559a918fb474e40d0b689fcba79e3d1ac3d8ce0363a0f18a307bc449566961ed8cc8b31ea17e46429a94bdda6c82998cf14407d3befe6b7c14fae2f0ae95caa6d413f2a3bbd631d9b61c60124074654fb0212cf7eaa230a4ca8db5f4897f367df48ffd73e8af07c8605755c69084589ffb73652e20c5466655d9bef1486c2fb9d8f0f7af443d3297dcc3d4bce3af835196cc7161427d5fa529a3d81aaba8892ce8dffb519c2fb4b1554a4dde7172", 0xfa}, {&(0x7f0000000480)="6cbe22cc9071e40b72380567bd493401df7a1e0ac264245423df2902eeef6d61be1f4865214e85facc80437ce8aba30f5d163e8e7d257ea1801ed776937666f730ea57f68750adb3e071f804efeed260294a0418efc7916fb4d976340928b550820369e97d9434cfaf9f2ca460b14c7504ff2d84f22961b9bf975aa8780b9d7f14f9a22b6b363b3134872df91c76b804f0d57f10847811a6cefae9fa96a433a16638a3efdad8ff965b341839244b", 0xae}, {&(0x7f0000000740)="81e1a07373072accdd9562f12b3911066f72a686d95477b5bc156154a3ec5bc1d513317dd816eebb14ae4c4b33c15b4bbf2f232fcf8e136e8318b63804603dde7e239cae5d02b5315e0543cc5aff9314aae4ac03685a1f9f98bd8ccdfc0134de51943486e6a9ea6152f4af9c96102b5eac4d9fd26995fb966de34a4c49462c10463d7db749facb81582d6d1f805b1f2ae2b3724772c9186795789f5b431c7899015f54cf284bdc0969906e82f7100a6b2461613dde7667c8fad9bf4edfa4fd6bcf89ab89a1bb4efc053978a16f1a95088b80f316", 0xd4}], 0x4, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x8000, 0x3, &(0x7f0000ff6000/0x8000)=nil) 15:44:31 executing program 4: r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x7}, ["", "", "", "", "", ""]}, 0x14}}, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) mlock(&(0x7f0000ffa000/0x2000)=nil, 0x2000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CCA_MODE(r1, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) accept$unix(r0, &(0x7f0000000380), &(0x7f0000000300)=0x6e) 15:44:31 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 11) 15:44:31 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x9, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:44:31 executing program 2: clock_getres(0x7, &(0x7f0000000080)) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:44:31 executing program 0: ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000180)={'syzkaller0\x00'}) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) r1 = eventfd(0x27) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r1, 0xf505, 0x0) syz_io_uring_setup(0x1a1a, &(0x7f0000000280)={0x0, 0x0, 0x1, 0x1, 0x225}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000006c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) socketpair(0x2b, 0x3, 0x80000000, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$FOU_CMD_ADD(r4, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x38, 0x0, 0x800, 0x70bd28, 0x25dfdbfe, {}, [@FOU_ATTR_IFINDEX={0x8}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e22}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @mcast2}]}, 0x38}, 0x1, 0x0, 0x0, 0x81}, 0x4) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000640)={0x0, 0xcf95, 0x200}) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001640)={0x0, 0x0, {0x0, @usage, 0x0}, {0x0, @usage, 0x0}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000e40)={0x0, 0x1, {0x9, @struct={0x1e9f, 0x7}, r6, 0xfffffffffffffff8, 0x4, 0x800, 0x9, 0x1, 0xc0, @struct={0x4, 0xffffffff}, 0x7ff, 0x81, [0x8001, 0x0, 0x2, 0x0, 0x7ff, 0x3]}, {0x7, @struct={0x5, 0x1f}, 0x0, 0x7, 0x7, 0x22e3, 0x0, 0xff, 0x400, @usage=0x401, 0x0, 0x9, [0x9, 0x0, 0xc55, 0xe522, 0x2, 0x3303]}, {0x3, @struct={0x1, 0xfffffff8}, r7, 0x0, 0x7fffffff, 0x8e6, 0x5, 0x4, 0x404, @struct={0x2, 0x8}, 0x6, 0x0, [0x3, 0x8, 0x4, 0x1ff]}, {0xd23, 0x20, 0x7fff}}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000700)={r6, 0x7, 0xeec}) r8 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r8, 0x40305839, &(0x7f00000001c0)=ANY=[@ANYBLOB="0600000000fddda786adff1800000ceb0000002b00db2ba571f584e22000000000000000"]) io_uring_setup(0x2d62, &(0x7f0000001100)={0x0, 0x0, 0x0, 0x0, 0x80}) clone3(&(0x7f0000000580)={0x40040300, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 15:44:31 executing program 1: r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x7}, ["", "", "", "", "", ""]}, 0x14}}, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) mlock(&(0x7f0000ffa000/0x2000)=nil, 0x2000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CCA_MODE(r1, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = accept$unix(r0, &(0x7f0000000380), &(0x7f0000000300)=0x6e) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000c00)={0xc0, 0x0, &(0x7f0000000b00)=[@increfs={0x40046304, 0x3}, @clear_death={0x400c630f, 0x3}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000880)=ANY=[@ANYBLOB="8561646600000000010000000000000002000000000000001b00000000000000852a6273000000000300000000000000000000000000770a1100000200"/75], &(0x7f0000000900)={0x0, 0x20, 0x38}}}, @dead_binder_done, @acquire, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000a40)={@ptr={0x70742a85, 0x0, &(0x7f0000000940)=""/66, 0x42, 0x1, 0x24}, @ptr={0x70742a85, 0x1, &(0x7f00000009c0)=""/106, 0x6a, 0x0, 0x2f}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000ac0)={0x0, 0x28, 0x50}}}, @register_looper], 0x0, 0x0, &(0x7f0000000bc0)}) vmsplice(r2, &(0x7f0000000840)=[{&(0x7f0000000400)="6639a66d4a4d70ae5b89077c2fe5d512b955370555dfbba934d9c7f75dcdd380c8a631d642490421495b57beaf881d345128ab46878cac29a398af7c1a859c34b9f4a49ac6145ac7e4afa612a1d074fdd9a0fa2f56881f757d0822", 0x5b}, {&(0x7f0000000640)="165c25efaed55845004819d67b471b4d85429f2326192d56994cfc0e6848928780c69116c068b523df6acaca0a970ef3a41bc5ee66c5e5be82477d1bb6196697e7ba400dc2aeac5a1609c75d559a918fb474e40d0b689fcba79e3d1ac3d8ce0363a0f18a307bc449566961ed8cc8b31ea17e46429a94bdda6c82998cf14407d3befe6b7c14fae2f0ae95caa6d413f2a3bbd631d9b61c60124074654fb0212cf7eaa230a4ca8db5f4897f367df48ffd73e8af07c8605755c69084589ffb73652e20c5466655d9bef1486c2fb9d8f0f7af443d3297dcc3d4bce3af835196cc7161427d5fa529a3d81aaba8892ce8dffb519c2fb4b1554a4dde7172", 0xfa}, {&(0x7f0000000480)="6cbe22cc9071e40b72380567bd493401df7a1e0ac264245423df2902eeef6d61be1f4865214e85facc80437ce8aba30f5d163e8e7d257ea1801ed776937666f730ea57f68750adb3e071f804efeed260294a0418efc7916fb4d976340928b550820369e97d9434cfaf9f2ca460b14c7504ff2d84f22961b9bf975aa8780b9d7f14f9a22b6b363b3134872df91c76b804f0d57f10847811a6cefae9fa96a433a16638a3efdad8ff965b341839244b", 0xae}, {&(0x7f0000000740)="81e1a07373072accdd9562f12b3911066f72a686d95477b5bc156154a3ec5bc1d513317dd816eebb14ae4c4b33c15b4bbf2f232fcf8e136e8318b63804603dde7e239cae5d02b5315e0543cc5aff9314aae4ac03685a1f9f98bd8ccdfc0134de51943486e6a9ea6152f4af9c96102b5eac4d9fd26995fb966de34a4c49462c10463d7db749facb81582d6d1f805b1f2ae2b3724772c9186795789f5b431c7899015f54cf284bdc0969906e82f7100a6b2461613dde7667c8fad9bf4edfa4fd6bcf89ab89a1bb4efc053978a16f1a95088b80f316", 0xd4}], 0x4, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x8000, 0x3, &(0x7f0000ff6000/0x8000)=nil) [ 820.792591] FAULT_INJECTION: forcing a failure. [ 820.792591] name failslab, interval 1, probability 0, space 0, times 0 [ 820.793961] CPU: 0 PID: 7876 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 820.794990] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 820.796201] Call Trace: [ 820.796473] [ 820.796710] dump_stack_lvl+0x8b/0xb3 [ 820.797128] should_fail.cold+0x5/0xa [ 820.797538] ? create_object.isra.0+0x3a/0xa20 [ 820.798044] should_failslab+0x5/0x10 [ 820.798447] kmem_cache_alloc+0x5b/0x480 [ 820.798890] create_object.isra.0+0x3a/0xa20 [ 820.799369] ? kasan_unpoison+0x23/0x50 [ 820.799807] kmem_cache_alloc+0x239/0x480 [ 820.800250] __alloc_file+0x21/0x240 [ 820.800663] alloc_empty_file+0x6d/0x170 [ 820.801101] alloc_file+0x59/0x590 [ 820.801488] alloc_file_pseudo+0x16a/0x250 [ 820.801961] ? alloc_file+0x590/0x590 [ 820.802371] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 820.802963] ? shmem_get_inode+0x622/0xd20 [ 820.803417] __shmem_file_setup+0x144/0x310 [ 820.803898] __do_sys_memfd_create+0x1c6/0x4f0 [ 820.804385] do_syscall_64+0x3b/0x90 [ 820.804789] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 820.805344] RIP: 0033:0x7f01cb928b19 [ 820.805741] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 820.807697] RSP: 002b:00007f01c8e9df48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 820.808497] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f01cb928b19 [ 820.809243] RDX: 0000000000020800 RSI: 0000000000000000 RDI: 00007f01cb9820fb [ 820.810003] RBP: 0000000000000002 R08: 0000000000010400 R09: ffffffffffffffff [ 820.810768] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000008100000 [ 820.811572] R13: 0000000020000040 R14: 0000000000020800 R15: 0000000020000140 [ 820.812389] [ 820.858565] loop5: detected capacity change from 0 to 260 [ 820.861543] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) [ 821.012430] blktrace: Concurrent blktraces are not allowed on sr0 15:44:40 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ip6gretap0\x00'}) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:44:40 executing program 4: r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x7}, ["", "", "", "", "", ""]}, 0x14}}, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) mlock(&(0x7f0000ffa000/0x2000)=nil, 0x2000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CCA_MODE(r1, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 15:44:40 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$BTRFS_IOC_QGROUP_LIMIT(r1, 0x8030942b, &(0x7f0000000040)={0x9, {0x4, 0x8001, 0x12b4, 0x0, 0xd}}) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) 15:44:40 executing program 0: ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000180)={'syzkaller0\x00'}) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) r1 = eventfd(0x27) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r1, 0xf505, 0x0) syz_io_uring_setup(0x1a1a, &(0x7f0000000280)={0x0, 0x0, 0x1, 0x1, 0x225}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000006c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) socketpair(0x2b, 0x3, 0x80000000, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$FOU_CMD_ADD(r4, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x38, 0x0, 0x800, 0x70bd28, 0x25dfdbfe, {}, [@FOU_ATTR_IFINDEX={0x8}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e22}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @mcast2}]}, 0x38}, 0x1, 0x0, 0x0, 0x81}, 0x4) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000640)={0x0, 0xcf95, 0x200}) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001640)={0x0, 0x0, {0x0, @usage, 0x0}, {0x0, @usage, 0x0}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000e40)={0x0, 0x1, {0x9, @struct={0x1e9f, 0x7}, r6, 0xfffffffffffffff8, 0x4, 0x800, 0x9, 0x1, 0xc0, @struct={0x4, 0xffffffff}, 0x7ff, 0x81, [0x8001, 0x0, 0x2, 0x0, 0x7ff, 0x3]}, {0x7, @struct={0x5, 0x1f}, 0x0, 0x7, 0x7, 0x22e3, 0x0, 0xff, 0x400, @usage=0x401, 0x0, 0x9, [0x9, 0x0, 0xc55, 0xe522, 0x2, 0x3303]}, {0x3, @struct={0x1, 0xfffffff8}, r7, 0x0, 0x7fffffff, 0x8e6, 0x5, 0x4, 0x404, @struct={0x2, 0x8}, 0x6, 0x0, [0x3, 0x8, 0x4, 0x1ff]}, {0xd23, 0x20, 0x7fff}}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000700)={r6, 0x7, 0xeec}) r8 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r8, 0x40305839, &(0x7f00000001c0)=ANY=[@ANYBLOB="0600000000fddda786adff1800000ceb0000002b00db2ba571f584e22000000000000000"]) io_uring_setup(0x2d62, &(0x7f0000001100)={0x0, 0x0, 0x0, 0x0, 0x80}) clone3(&(0x7f0000000580)={0x40040300, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 15:44:40 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 12) [ 829.961714] FAULT_INJECTION: forcing a failure. [ 829.961714] name failslab, interval 1, probability 0, space 0, times 0 [ 829.964388] CPU: 1 PID: 7907 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 829.966275] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 15:44:40 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f00000003c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$RTC_WIE_ON(r1, 0x700f) fstat(r0, &(0x7f0000000040)) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@local, @in=@dev}}, {{@in=@multicast1}, 0x0, @in=@private}}, &(0x7f0000000240)=0xe8) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000140)={0x37}, 0x14) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000029bd7000fd5bdf250200000008000108000600ac1414aa"], 0x2c}, 0x1, 0x0, 0x0, 0x40005}, 0x10) setresuid(0x0, r2, 0x0) r3 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) clone3(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0], 0x8}, 0x58) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7, r3}) 15:44:40 executing program 1: r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x7}, ["", "", "", "", "", ""]}, 0x14}}, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) mlock(&(0x7f0000ffa000/0x2000)=nil, 0x2000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CCA_MODE(r1, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = accept$unix(r0, &(0x7f0000000380), &(0x7f0000000300)=0x6e) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000c00)={0xc0, 0x0, &(0x7f0000000b00)=[@increfs={0x40046304, 0x3}, @clear_death={0x400c630f, 0x3}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000880)=ANY=[@ANYBLOB="8561646600000000010000000000000002000000000000001b00000000000000852a6273000000000300000000000000000000000000770a1100000200"/75], &(0x7f0000000900)={0x0, 0x20, 0x38}}}, @dead_binder_done, @acquire, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000a40)={@ptr={0x70742a85, 0x0, &(0x7f0000000940)=""/66, 0x42, 0x1, 0x24}, @ptr={0x70742a85, 0x1, &(0x7f00000009c0)=""/106, 0x6a, 0x0, 0x2f}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000ac0)={0x0, 0x28, 0x50}}}, @register_looper], 0x0, 0x0, &(0x7f0000000bc0)}) vmsplice(r2, &(0x7f0000000840)=[{&(0x7f0000000400)="6639a66d4a4d70ae5b89077c2fe5d512b955370555dfbba934d9c7f75dcdd380c8a631d642490421495b57beaf881d345128ab46878cac29a398af7c1a859c34b9f4a49ac6145ac7e4afa612a1d074fdd9a0fa2f56881f757d0822", 0x5b}, {&(0x7f0000000640)="165c25efaed55845004819d67b471b4d85429f2326192d56994cfc0e6848928780c69116c068b523df6acaca0a970ef3a41bc5ee66c5e5be82477d1bb6196697e7ba400dc2aeac5a1609c75d559a918fb474e40d0b689fcba79e3d1ac3d8ce0363a0f18a307bc449566961ed8cc8b31ea17e46429a94bdda6c82998cf14407d3befe6b7c14fae2f0ae95caa6d413f2a3bbd631d9b61c60124074654fb0212cf7eaa230a4ca8db5f4897f367df48ffd73e8af07c8605755c69084589ffb73652e20c5466655d9bef1486c2fb9d8f0f7af443d3297dcc3d4bce3af835196cc7161427d5fa529a3d81aaba8892ce8dffb519c2fb4b1554a4dde7172", 0xfa}, {&(0x7f0000000480)="6cbe22cc9071e40b72380567bd493401df7a1e0ac264245423df2902eeef6d61be1f4865214e85facc80437ce8aba30f5d163e8e7d257ea1801ed776937666f730ea57f68750adb3e071f804efeed260294a0418efc7916fb4d976340928b550820369e97d9434cfaf9f2ca460b14c7504ff2d84f22961b9bf975aa8780b9d7f14f9a22b6b363b3134872df91c76b804f0d57f10847811a6cefae9fa96a433a16638a3efdad8ff965b341839244b", 0xae}, {&(0x7f0000000740)="81e1a07373072accdd9562f12b3911066f72a686d95477b5bc156154a3ec5bc1d513317dd816eebb14ae4c4b33c15b4bbf2f232fcf8e136e8318b63804603dde7e239cae5d02b5315e0543cc5aff9314aae4ac03685a1f9f98bd8ccdfc0134de51943486e6a9ea6152f4af9c96102b5eac4d9fd26995fb966de34a4c49462c10463d7db749facb81582d6d1f805b1f2ae2b3724772c9186795789f5b431c7899015f54cf284bdc0969906e82f7100a6b2461613dde7667c8fad9bf4edfa4fd6bcf89ab89a1bb4efc053978a16f1a95088b80f316", 0xd4}], 0x4, 0x4) [ 829.968466] Call Trace: [ 829.969084] [ 829.969523] dump_stack_lvl+0x8b/0xb3 [ 829.970289] should_fail.cold+0x5/0xa [ 829.971035] ? security_file_alloc+0x34/0x170 [ 829.971912] should_failslab+0x5/0x10 [ 829.972647] kmem_cache_alloc+0x5b/0x480 15:44:40 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0xf, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 829.973440] security_file_alloc+0x34/0x170 [ 829.974384] __alloc_file+0xb6/0x240 [ 829.975133] alloc_empty_file+0x6d/0x170 [ 829.975954] alloc_file+0x59/0x590 [ 829.976666] alloc_file_pseudo+0x16a/0x250 [ 829.977511] ? alloc_file+0x590/0x590 15:44:40 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r2, &(0x7f0000000140)={0x37}, 0x14) preadv(r1, &(0x7f0000000480)=[{&(0x7f0000000180)=""/193, 0xc1}, {&(0x7f0000000080)=""/134, 0x86}, {&(0x7f00000002c0)=""/213, 0xd5}, {&(0x7f00000003c0)=""/152, 0x98}], 0x4, 0x0, 0x1) ioctl$TUNSETOFFLOAD(r2, 0x400454d0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) [ 829.978293] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 829.979489] ? shmem_get_inode+0x622/0xd20 [ 829.980332] __shmem_file_setup+0x144/0x310 [ 829.981185] __do_sys_memfd_create+0x1c6/0x4f0 [ 829.982104] do_syscall_64+0x3b/0x90 [ 829.982842] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 829.983858] RIP: 0033:0x7f01cb928b19 [ 829.984585] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 829.988341] RSP: 002b:00007f01c8e9df48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 829.990009] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f01cb928b19 15:44:40 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0xf0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 829.991567] RDX: 0000000000020800 RSI: 0000000000000000 RDI: 00007f01cb9820fb [ 829.993208] RBP: 0000000000000002 R08: 0000000000010400 R09: ffffffffffffffff [ 829.994783] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000008100000 [ 829.996340] R13: 0000000020000040 R14: 0000000000020800 R15: 0000000020000140 [ 829.997910] 15:44:40 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:44:40 executing program 1: r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x7}, ["", "", "", "", "", ""]}, 0x14}}, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) mlock(&(0x7f0000ffa000/0x2000)=nil, 0x2000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CCA_MODE(r1, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) accept$unix(r0, &(0x7f0000000380), &(0x7f0000000300)=0x6e) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000c00)={0xc0, 0x0, &(0x7f0000000b00)=[@increfs={0x40046304, 0x3}, @clear_death={0x400c630f, 0x3}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000880)=ANY=[@ANYBLOB="8561646600000000010000000000000002000000000000001b00000000000000852a6273000000000300000000000000000000000000770a1100000200"/75], &(0x7f0000000900)={0x0, 0x20, 0x38}}}, @dead_binder_done, @acquire, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000a40)={@ptr={0x70742a85, 0x0, &(0x7f0000000940)=""/66, 0x42, 0x1, 0x24}, @ptr={0x70742a85, 0x1, &(0x7f00000009c0)=""/106, 0x6a, 0x0, 0x2f}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000ac0)={0x0, 0x28, 0x50}}}, @register_looper], 0x0, 0x0, &(0x7f0000000bc0)}) 15:44:40 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x175, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:44:40 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 13) 15:44:40 executing program 0: ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000180)={'syzkaller0\x00'}) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) r1 = eventfd(0x27) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r1, 0xf505, 0x0) syz_io_uring_setup(0x1a1a, &(0x7f0000000280)={0x0, 0x0, 0x1, 0x1, 0x225}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000006c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) socketpair(0x2b, 0x3, 0x80000000, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$FOU_CMD_ADD(r4, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x38, 0x0, 0x800, 0x70bd28, 0x25dfdbfe, {}, [@FOU_ATTR_IFINDEX={0x8}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e22}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @mcast2}]}, 0x38}, 0x1, 0x0, 0x0, 0x81}, 0x4) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000640)={0x0, 0xcf95, 0x200}) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001640)={0x0, 0x0, {0x0, @usage, 0x0}, {0x0, @usage, 0x0}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000e40)={0x0, 0x1, {0x9, @struct={0x1e9f, 0x7}, r6, 0xfffffffffffffff8, 0x4, 0x800, 0x9, 0x1, 0xc0, @struct={0x4, 0xffffffff}, 0x7ff, 0x81, [0x8001, 0x0, 0x2, 0x0, 0x7ff, 0x3]}, {0x7, @struct={0x5, 0x1f}, 0x0, 0x7, 0x7, 0x22e3, 0x0, 0xff, 0x400, @usage=0x401, 0x0, 0x9, [0x9, 0x0, 0xc55, 0xe522, 0x2, 0x3303]}, {0x3, @struct={0x1, 0xfffffff8}, r7, 0x0, 0x7fffffff, 0x8e6, 0x5, 0x4, 0x404, @struct={0x2, 0x8}, 0x6, 0x0, [0x3, 0x8, 0x4, 0x1ff]}, {0xd23, 0x20, 0x7fff}}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000700)={r6, 0x7, 0xeec}) r8 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r8, 0x40305839, &(0x7f00000001c0)=ANY=[@ANYBLOB="0600000000fddda786adff1800000ceb0000002b00db2ba571f584e22000000000000000"]) io_uring_setup(0x2d62, &(0x7f0000001100)={0x0, 0x0, 0x0, 0x0, 0x80}) clone3(&(0x7f0000000580)={0x40040300, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 15:44:40 executing program 6: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r0, &(0x7f0000000140)={0x37}, 0x14) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r2, &(0x7f0000000140)={0x37}, 0x14) openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x280, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000080)={{0x1, 0x1, 0x18, r1, @in_args={0x2}}, './file0\x00'}) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r3, &(0x7f0000000140)={0x37}, 0x14) openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/bus/input/handlers\x00', 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r4, &(0x7f0000000140)={0x37}, 0x14) ioctl$CDROMMULTISESSION(r4, 0x5312, 0x0) [ 830.141972] FAULT_INJECTION: forcing a failure. [ 830.141972] name failslab, interval 1, probability 0, space 0, times 0 [ 830.143299] CPU: 0 PID: 7943 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 830.144333] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 830.145575] Call Trace: [ 830.145848] [ 830.146094] dump_stack_lvl+0x8b/0xb3 [ 830.146522] should_fail.cold+0x5/0xa [ 830.146929] ? create_object.isra.0+0x3a/0xa20 [ 830.147429] should_failslab+0x5/0x10 [ 830.147839] kmem_cache_alloc+0x5b/0x480 [ 830.148277] ? memcg_slab_post_alloc_hook+0x206/0x440 [ 830.148853] create_object.isra.0+0x3a/0xa20 [ 830.149328] ? kasan_unpoison+0x23/0x50 [ 830.149759] kmem_cache_alloc+0x239/0x480 [ 830.150225] security_file_alloc+0x34/0x170 [ 830.150709] __alloc_file+0xb6/0x240 [ 830.151106] alloc_empty_file+0x6d/0x170 [ 830.151539] alloc_file+0x59/0x590 [ 830.151919] alloc_file_pseudo+0x16a/0x250 [ 830.152384] ? alloc_file+0x590/0x590 [ 830.152795] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 830.153379] ? shmem_get_inode+0x622/0xd20 [ 830.153833] __shmem_file_setup+0x144/0x310 [ 830.154286] __do_sys_memfd_create+0x1c6/0x4f0 [ 830.154797] do_syscall_64+0x3b/0x90 [ 830.155213] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 830.155781] RIP: 0033:0x7f01cb928b19 [ 830.156187] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 830.158228] RSP: 002b:00007f01c8e9df48 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 830.159065] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f01cb928b19 [ 830.159771] RDX: 0000000000020800 RSI: 0000000000000000 RDI: 00007f01cb9820fb [ 830.160549] RBP: 0000000000000002 R08: 0000000000010400 R09: ffffffffffffffff [ 830.161337] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000008100000 [ 830.162051] R13: 0000000020000040 R14: 0000000000020800 R15: 0000000020000140 [ 830.162839] 15:44:40 executing program 4: r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x7}, ["", "", "", "", "", ""]}, 0x14}}, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) mlock(&(0x7f0000ffa000/0x2000)=nil, 0x2000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CCA_MODE(r1, 0x0, 0x0) [ 830.222428] loop5: detected capacity change from 0 to 260 [ 830.245790] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:44:49 executing program 0: ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000180)={'syzkaller0\x00'}) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) r1 = eventfd(0x27) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r1, 0xf505, 0x0) syz_io_uring_setup(0x1a1a, &(0x7f0000000280)={0x0, 0x0, 0x1, 0x1, 0x225}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000006c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) socketpair(0x2b, 0x3, 0x80000000, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$FOU_CMD_ADD(r4, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x38, 0x0, 0x800, 0x70bd28, 0x25dfdbfe, {}, [@FOU_ATTR_IFINDEX={0x8}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e22}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @mcast2}]}, 0x38}, 0x1, 0x0, 0x0, 0x81}, 0x4) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000640)={0x0, 0xcf95, 0x200}) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001640)={0x0, 0x0, {0x0, @usage, 0x0}, {0x0, @usage, 0x0}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000e40)={0x0, 0x1, {0x9, @struct={0x1e9f, 0x7}, r6, 0xfffffffffffffff8, 0x4, 0x800, 0x9, 0x1, 0xc0, @struct={0x4, 0xffffffff}, 0x7ff, 0x81, [0x8001, 0x0, 0x2, 0x0, 0x7ff, 0x3]}, {0x7, @struct={0x5, 0x1f}, 0x0, 0x7, 0x7, 0x22e3, 0x0, 0xff, 0x400, @usage=0x401, 0x0, 0x9, [0x9, 0x0, 0xc55, 0xe522, 0x2, 0x3303]}, {0x3, @struct={0x1, 0xfffffff8}, r7, 0x0, 0x7fffffff, 0x8e6, 0x5, 0x4, 0x404, @struct={0x2, 0x8}, 0x6, 0x0, [0x3, 0x8, 0x4, 0x1ff]}, {0xd23, 0x20, 0x7fff}}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000700)={r6, 0x7, 0xeec}) r8 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r8, 0x40305839, &(0x7f00000001c0)=ANY=[@ANYBLOB="0600000000fddda786adff1800000ceb0000002b00db2ba571f584e22000000000000000"]) io_uring_setup(0x2d62, &(0x7f0000001100)={0x0, 0x0, 0x0, 0x0, 0x80}) 15:44:49 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f00000003c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$RTC_WIE_ON(r1, 0x700f) fstat(r0, &(0x7f0000000040)) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@local, @in=@dev}}, {{@in=@multicast1}, 0x0, @in=@private}}, &(0x7f0000000240)=0xe8) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000140)={0x37}, 0x14) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000029bd7000fd5bdf250200000008000108000600ac1414aa"], 0x2c}, 0x1, 0x0, 0x0, 0x40005}, 0x10) setresuid(0x0, r2, 0x0) r3 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7, r3}) 15:44:49 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) r1 = syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0xfffffffffffffffe, 0x3, &(0x7f00000012c0)=[{&(0x7f0000001500)="086d89c548f37300f7248c16c0d3c53f781c062f1da4f6df6803c4583359799d0edf0535ac07146f686fbe4ae52750c4e8a31a79ac24ec93cb807a10662adc80d769c1e8ca3a53806e024de3fed283fe334ed5f217cc1e2ee85252f4e31fb879fc03967b84f77402eaa841545e6a7d6f9ee06c44a2dc858a1d2635736b97ae80967ef5f99c2a47ea36a60018516dda425228679f7551a32d165d3074a826f2a483d8863b3fe692f765208368", 0xac, 0x80000000}, {&(0x7f0000000200)="4760cc3f5ee156e00309fa1f4f9ca2f2bf4dc9bdd6a86f2a1a8c89e4b0fbdbbd94fe9ce1aa9016dfeee826316a4b454b0231de432215b86b6ca12154877d14ccec5312acfc1c9d045b15a83d224713931126c795f8", 0x55, 0x5}, {&(0x7f00000002c0)="2640ffcb168eb286717d3c6486adce2cdb44bdc00a40249939d434fc507112ab89c71af77838ebea10941157c30317217c59627db435ab524100f029b42fca0a6f83c8656bb6000f6c00059f871d94255e6154d147e7c773fb45d63750f80ad806aa961596c99d52883c864ecfc432e5d5dbd8e486059ad1fca443539da28137957bb2b88aa667137748c1ce443db612dc3a4f616b8f17c7f34c624b776c8b15244af11ddd85b9b3a103a463b077062b96b3dd05fddfe95ee3f18405a9a79a07651e62d3c88716ed5017eb95fce6c48de8d9952880de70fa8a115ecd855a4629a1757324a6b9eff60e598f429533cfb69dd0a2915565181a6c0de294af6c3f6076702a4f590fc7e5ce01087eba05d3bb57aba45a360f51abbbcd63c1266fcebe3da43da6fd041fc4ecd0b0dc97b72a2a6d2f7da353740e58e7c9f88e0e2397fe10d9dd50ec321fbae3cea4342482edf231a8ff71435a734fc80304e49d3b3a06b249c86828433fbe99be761588641edff994b446d19180664fa00185ccd832bbab1ecf4be47e2a26e7bd77089215bf8767b21fa898f3a92c6baaa2318c8e23de63a023f27be53c3bb4666512342b340d98a4225adec650f4062271a796e49ce5e8aa00c103d063e79231c6761d75c5c9efb87056b7e73f90e954ad671af45ac677901bea86eb5bdf996b7ea36f62e0d046c8aae6903e68708d8dc2628543ba4f62eb26e9f121a477fcc2eee59ea98c8efc1963e99c23cc9d8d3e2c230b44ea84b632693859d2f0fb3bd2ac52a94ca0380a83f03fd7db4742daa53b1d7db80cb2a882fb6af766200b7584ce53a3b761b945236cef76b4c7178a44536f2e22a41332307415fff5e0e5cc04678a916b67154a6f0ad2a94ddd7993cdbbc7879b0fa7a6138c2c7fbd7c91fb60f8c588e3f9ae150e9c838090d16c26d8e72b385c202e0b30188b5e9902152c714a2a4e21b4813fb7726bda435938818b9db50a3e033bb72fbab9247b18d8308d70406bc8ca72c1c08f86c79da2608cd58563199eac5a44a271fbfc1efbb7d8ab22f1a4d0063701c7f287799eb24e2bfbb6f510fa78041b37e5886c49f1097331f072da8c6f50023ff024c9db80876880c8978d39b0f2ad5eec2b71b2101db479d42909d0d1d25d4c5ae917c9cd7b0d9aa032acef7542ae7da897f8c7d2569b6ae8d1504d6fa9834a1351cf10808d1957187ec0e317d72a6f73c6fe3e99961992c30e7401ddfbbed68baa2550a09cb330c68dfa6029a4ba871607d6c911c94943aa527eb1c67dd724b7dfa18e15635bf3ee07e920e10a87f35e89b59f4ab43acb0d0bae254f51d70aa15be5d2e8cb193155e765892766cb07209bae1901f3f6f8a02619291dfcd06b768c4aa4e2687932123c189d847590900b7405f1c48a1d04de1779d826140c644a09eea64b66627bdcaf80c7af69d824ba6d6cb5da67b5910eea20440811a93d92c44ebc3ef72ce4d88656767257fa0201f3f52cc312b92ff7e50d5202a0aa1db5a413b043fa7162e0ee1d649649637936e1d472a867e68b3d0f958cc0bc0a596338d560375fe35ecd6d140a9cd195a934057273877d50083db6284d7213f08d590fe9cadb27d446b5ce525f85942e280fe47d164cdc6f5f826fda9a983327abc6eee31e0bec6f8460280a8a636effd38faf45c2998ae7294792be4ad9272ef4e2d53d7db7d4f88e3a3b2e533882824c1fa051c6b7b5d080bce753cd9e71d6d5dacae88b9295c1b1bf28c129d0c4105c98f549c635ddc872f89b20124b9a832d148c04d65deb62042f16749907314425efa9a3f1bc77d8aca62bd03449ee214b8f94b1c5ed5bf252461929247fc04164f6b63f67956f849c25444f20e833178989c891978c4fe83e931184baad46421b19b2c30e671ca5945485bf249c98105500b07f87c1d4629d814e0a0e91dbf3f0e1d082c66aaa90d4d0a7fa845b9f1185cefee0f3fbf0fe19a0caefd9401f72ddb8cac2fae790a1a86fbf9f2332e3e0891226ae4b9159770f922f5e4fdd46b1d042bfb5b675a7565755b1757934e6b912245ebfc64fb3e200a80876d5220497a2bae013d714d167bb9caf3d0b4ff7590df744f1f2636ae5960eb6477c7159f9edddb193f955dbd86b033ed988a6a7e9c73b3a845f2a90d1b779e1bb021dd38ee1b7c92c4e8a98b67010de3bc4ebdf3be580d57b8bbdd5a82d940bb4f89b14f642e63eaeb3b8e453937960424620502cb7f0415b21cf0fa297d93ee1d49679c322fe8eb95522aa53c6560ce9aacebaab8d2508580e75c9978243d44d6e8e74bccbc36c6559ef76657187a192131f3a1986b4308cc0bd978f695b271d6cdb56a11279c32aa306b51ff5fead1df279ea3d2781cb7b05f559f282978d24366c955d176ae79957b278e5b51f28bb1e0be89f14081720ed15580523c56abb114aca90ed1797d24743a0bb20b7d055e8e91391f0b1a4abefffe8171d8aee0ec3a07d1f68f2755b3dcfd2ca6805e851dfb09904c0dbc1d09fe6c46039930dc93df6a57b787781fc1eea11ba184a382b94294cc870b7f447e3238327f1ac3e3273466d2b5b86d19b33418d566515e8d8536a72ead10dceca4048799513bb3b89130b31acc4ad3a0891ff98819a32fa502d6e19a7d7af0264174084ae83dccba6f0db12df9a36c8f914864d763dad1409965db0c04c5f743253b5e1c9ac8ab0c512d3609f0f3df497222f4233b4adab48069ff2e02bda0a5bb7f3eef4b3078267ca39bc0656d944d9e3219aed460757b2c0ce7dea5dc7ea6e5a2c151566032a364dfaffd881e58bdd8b97a62dd5cabfee17b05c4f5eebf78acd3741b95beba7a996075bf04abb749e937fa09187dd291240a78107318fa1c1ec9746e15d9764382e26616a4780917745463c1cb6ea0887fe23b0b79fd637474cd1cd126221c00e4e98c1ee8351cacb5bb58a3fc3a0ea49816b9f7b23a077c3fe9e2623641b5c644aad635fc882a1c8201c21e5985195c330bbf4f9e8fe31993221d050fb7bedfc6e01fdfb5ea1db50efb0f7f5be62188f91cf17f85f70b254b6ea2f7a0b49610ca5ab54f3a68a0d28eb370975430dcdf7e662ff18905199166731d1da0df28f80de7f6315deb994607e6246b54bbff02d3584e4492b5e32534fadb91d311b55c541358a49aeca2d445ed192869d08963d568813868db1714c9b22271089fde72cc96d526ec922169b90835737b8090899238044837216367a93ec7122291501607fd60498711828f874647dfc008553834316c676725ea07e8d9d4b5fe120a61ad2c8b39ece36a97e8bec8dedc93376a8f7612ab29f27fdb9ca44cca8cab2afadeaff8a076d98fbb592d1688f294d6c3c15e4b1233b895240aee57c5a78a61ad2bad5366d706afb4f8444dce99a33a78226baca6db252e9bf7473d7e8a1fc948bd5fffb727f310be5954440948ff322b5761895250075554e7165cd1c307e97e003170fc4c5ca592a15ffb26c0c0743bceef7263bc4e01eaca10210ca911666e10848637e7ff45847d99c23f7ca4525eb23f1f5d6a822fd81f93f9a3e114ecea811b62722c38149937cde56dbbd3545eecbbc4d7d49d37ece8e7f770a3e3b70d3d2df879b5db7f0199c2edab82a80c7c22efdc162605c878324897ae4ff2bbba07d43ee485bfe3c2c1634cb212aa10fbdcb2e17128ac6c177b6cda5e9d870dd0db05352756d14c690386bd55485f4c4f0556b06bc960f5ae84cd9b2c5278d859a63774ef8a3cd019786eb013244812e18f56b8cd543a7b2472151563f0a5b41f51be8a84dbf7c1e4474feb29b898b4615f7747a1e13f6f40a83bc68a4afec586d62da785da8a13e756a924a656ec642c79cf711f7c3f7648c4be54fade7fa04b2beecf284dca0300d5c98f8cf2ca9a6f8b01f41c3ee32480f3108162f412c52cb9777e59b61b64be8b903b4dd4cde46b50b11cfb7745c98b0c44db864ce4cb5236d2fd22b37de33fc30d534c2ca2f68a657b628b3fa8f0b3fc6554b0cd47f4608f7b8466f2d8ea0e554b61017ec9568122890c97cfacd4ad84f3d44551f11cdd92a1e9de134a06251fa0e045ef2e109008df4d6c58ba38e597daa8dfe69865444c65a0478d4bf07ce4dcad5b34b7a11c9b129edc157444c8f35d24ae353ea9c00e1a9095b0ced263d33af3e1f7281033856469a4875bd36e98841a67d4d38393114817ce8b70eac87dbec4b91f21c286e5114fdb3e7fbe1ed5ae7edc30c8998fc9cd2658161be47e9d028ceeae08f7d2b6c885aa5d7c55fa580348199ccc0357bf7ac92c0f4fa17dd53719ca62363e1c8e32c9de511b705bc4e8620e55ce3bf49cd1ad69582cd87adb077b9c56b1209a41b946a970c558ad5ff419fc6d9311071efbb35a8a753d6e4dbea4d1551f96b69faec8fef922a0f9a25eff52165bb3e79c950b38dfd4361c6b6a619018a64ff9996789ce6b4b36ff1d17119439963b4dbdf1590337c7bbd2a885863b77f3048824187bc65d45c422c57c7aed4de071b8e0ca07149bf937163c301f4748462a8682ff8bc9322cd64dd0ad999178f4f8eb38ca8bb075c3b4e6f545e952c7112288e9c1a3e13f712f6f9618eb2721f77b68ce5a00da181e89268d85c1a31453aa28e6829a8a8291306693a2767d9452285981315d61921f60ad3a333cf0a2413d52cf072cba5b7e9059b99bc154c937cd044a35b8a45874f2c704e98eb8eac9eaa5b40de12998ce75ad393ff24a1bf70c4c7900e1847373d63e76df711cb6f7f29c190307e24daf06207ecf21a8e42a3c502e1df88f1a5dd13c89edacd4100ab70498b980727ea95f426146e0ae84e3f886dc868a4d3c5e8afa0c60534e472010a0c9208c88ac388bb837fd4643737c539403b87f7e9f3754197e368de9a6a4719441ed61c6b160a6bc1a107561386513bd387ccd9f134851f5eeb0f378cf999501ba8626d46abea95cc1ae15dffb2c556eee8a19212d3ffe043c33642fded304168b5d36264e6ce77c83b233f6d1ce13b83387185b5964f513a187846da5a495bdcdead5e4bd758df93154ab01c425d44eaae6d5b83b46371e188e44d0868bcea2258a00f7140683c86583b5cf818449b462da55f7458d4d02afb62ea05313c9b3050eab3f00c96e2e41bee90de8ca5fb216d23f0731ef2cdb67889993df2236ca82e7ec599a8ab9a614fbebf2925bff43d64612d8af57143a49dce3376fa57e3a40133ffb0294fbdafe166cb0e158272f9c8c7b070dd996c966ecdeab631a22e332ccb768a14030f6787d88a4456a8c1e294d1641aaf78d02267bb09e07886ead14c23b38ea4a476f0d00452d1efae7530313996eac268151e257d99dc30fb489776a506676f152b380b710b200408be4d08271c22f857313aca2f98c3d0c44a6a7cf404a883fa2c5b13b190d62ae8fde7859ab4bb8725c733f2ab76222e6aece105ec815395ab5cd26f3a576d7f1f48cfc365429159d3d115e3726da132bad30370d64e88885e3d0a51633b2f27b6d5ae462704d5e6176a8617eaf9b5f162d2ec9439c9a75c248e67728ed52cbac2680f04b9c44ce9d51be8f93a4d6bc8cf1b351b76fbba714f44d7a4c270f3e7be1f73b21a7a37ed8c372ba6f3323b8d3e43032947ec8b6040a15989885b2c59f6a41013b5bc1c6727cbae41541a8af0c6f24c7a9cf94eb0a49ee59072a3572000f4b23af0f7787754443df604e8c4d2f9ba0738fac459727dec95f28ab5d0a1693b831f6e8ff9dcb1ad0fa0e90c75671d4ddd242493332c6418d24220431e140c98d13756e5", 0x1000, 0x1}], 0x523fad6ae27803ea, &(0x7f00000015c0)=ANY=[@ANYBLOB="757466385f302c73752c00000000000000000000000000000000c41ea92c2f23c9fcb60bf8842847a6be155a30ba8b3fc98309b8cb837a14c3e4284881ae4e78e516b6f6fa14005348a03ecb8163d74c4bdaff2133ca60605c2c2486e86828d4396f927628e091e0e6b46c81b510a577867226ee6697aeef71cec69d258b2b6e4245d18d00ba4471454e90d7c0ae540640bcb7f62848f4feb632a9b2934c33434c7194f42ffe910122b660817401d050"]) pwritev2(r1, &(0x7f00000014c0)=[{&(0x7f0000001380)="fea225ca285fd19c0c3822e08a836d3e0b75f58be5d8d9985583983e95788392b45ba473db2dc5aa7fd0c8073b13364c8059efbc7d0bcd05174cc0973ee8a4e5c0b0132a05b5265c7324563365b0641649db7beb538e427a40398ec7a12f82ef705d650a87cdd070521a37d1bee18960b1261aba0b7d2ef61ae222c64d50c69fd38ed84f65c801", 0x87}, {&(0x7f0000001440)="017e3f4ae50356ada827eec0f3483bb3c4e89daf03a4f5e639a120c8350326a4c213fe4644f383cfe96aa1f3df145a62dc40e673d09d684f96f8a3fdec1834e72a2e621e2900e2ae883f43abfd86808e4b01bba5fedee4f5eae58adda393281dbd1c2d37e5ab35dfe0dda3c7", 0x6c}], 0x2, 0x2, 0x5, 0x1) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r2, &(0x7f0000000140)={0x37}, 0x14) ioctl$TUNSETGROUP(r2, 0x400454ce, 0xee01) openat(r2, &(0x7f0000000080)='./file0\x00', 0x20a000, 0x20) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r3, &(0x7f0000000140)={0x37}, 0x14) dup3(r2, r3, 0x80000) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180), r3) 15:44:49 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$DVD_WRITE_STRUCT(r1, 0x5390, &(0x7f0000000040)=@copyright={0x1, 0x1, 0xeb, 0x9}) [ 839.107746] FAULT_INJECTION: forcing a failure. [ 839.107746] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 839.110393] CPU: 1 PID: 7981 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 839.112475] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 839.114951] Call Trace: [ 839.115513] 15:44:49 executing program 4: r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x7}, ["", "", "", "", "", ""]}, 0x14}}, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) mlock(&(0x7f0000ffa000/0x2000)=nil, 0x2000) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff) 15:44:49 executing program 1: r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x7}, ["", "", "", "", "", ""]}, 0x14}}, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) mlock(&(0x7f0000ffa000/0x2000)=nil, 0x2000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CCA_MODE(r1, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) accept$unix(r0, &(0x7f0000000380), &(0x7f0000000300)=0x6e) 15:44:49 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 14) 15:44:49 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x300, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 839.115993] dump_stack_lvl+0x8b/0xb3 [ 839.117019] should_fail.cold+0x5/0xa [ 839.117843] prepare_alloc_pages+0x17b/0x500 [ 839.118805] ? __wake_up_common_lock+0xde/0x130 [ 839.119800] ? __sanitizer_cov_trace_cmp2+0x22/0x80 [ 839.120880] __alloc_pages+0x131/0x4e0 [ 839.121720] ? lock_release+0x505/0x6f0 [ 839.122585] ? __alloc_pages_slowpath.constprop.0+0x1f10/0x1f10 [ 839.123888] ? lock_downgrade+0x6d0/0x6d0 [ 839.124777] ? rcu_read_lock_sched_held+0xd/0x70 [ 839.125790] ? lock_acquire+0x41c/0x4d0 15:44:49 executing program 4: r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x7}, ["", "", "", "", "", ""]}, 0x14}}, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) mlock(&(0x7f0000ffa000/0x2000)=nil, 0x2000) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) [ 839.126680] ? __sanitizer_cov_trace_cmp2+0x22/0x80 [ 839.127854] alloc_pages_vma+0xde/0x500 [ 839.128748] shmem_alloc_page+0x108/0x1d0 [ 839.129656] ? shmem_add_to_page_cache+0x1640/0x1640 [ 839.130793] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 839.131975] ? percpu_counter_add_batch+0xb4/0x170 [ 839.133249] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 839.134411] ? __vm_enough_memory+0x184/0x360 [ 839.135447] shmem_getpage_gfp.constprop.0+0x651/0x2190 [ 839.136679] ? shmem_unuse_inode+0xdd0/0xdd0 [ 839.137733] ? fault_in_readable+0x18a/0x250 [ 839.138879] ? fault_in_writeable+0x1d0/0x1d0 [ 839.139914] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 839.141196] shmem_write_begin+0xfd/0x1d0 [ 839.142188] generic_perform_write+0x208/0x510 [ 839.143374] ? folio_unlock+0xb0/0xb0 [ 839.144280] ? discard_new_inode+0x190/0x190 [ 839.145449] ? generic_write_checks+0x25f/0x390 [ 839.146601] __generic_file_write_iter+0x306/0x4b0 [ 839.147956] generic_file_write_iter+0xd7/0x220 15:44:49 executing program 1: r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x7}, ["", "", "", "", "", ""]}, 0x14}}, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) mlock(&(0x7f0000ffa000/0x2000)=nil, 0x2000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CCA_MODE(r1, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) [ 839.149066] ? iov_iter_init+0x45/0x1b0 [ 839.150344] new_sync_write+0x437/0x660 [ 839.151685] ? new_sync_read+0x6f0/0x6f0 [ 839.153036] ? rcu_read_lock_sched_held+0xd/0x70 [ 839.154553] ? x86_pmu_enable+0xa30/0xd90 [ 839.155704] ? lock_release+0x6f0/0x6f0 [ 839.156811] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 839.158366] vfs_write+0x7c2/0xad0 [ 839.159393] __x64_sys_pwrite64+0x1fd/0x250 [ 839.160615] ? vfs_write+0xad0/0xad0 [ 839.161671] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 839.163089] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 839.164583] ? syscall_enter_from_user_mode+0x1d/0x50 [ 839.166055] do_syscall_64+0x3b/0x90 [ 839.167114] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 839.168536] RIP: 0033:0x7f01cb8dbab7 [ 839.169557] Code: 08 89 3c 24 48 89 4c 24 18 e8 e5 f8 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 12 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 15 f9 ff ff 48 8b [ 839.174616] RSP: 002b:00007f01c8e9df20 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 839.176692] RAX: ffffffffffffffda RBX: 00007f01cb972970 RCX: 00007f01cb8dbab7 [ 839.178656] RDX: 0000000000000021 RSI: 0000000020010000 RDI: 0000000000000004 [ 839.180597] RBP: 0000000000000002 R08: 0000000000000000 R09: ffffffffffffffff [ 839.182553] R10: 0000000000000004 R11: 0000000000000293 R12: 0000000000000004 [ 839.184498] R13: 0000000000000004 R14: 0000000020000200 R15: 0000000000000000 [ 839.186480] [ 839.279386] loop5: detected capacity change from 0 to 260 [ 839.287201] FAT-fs (loop5): bogus number of reserved sectors [ 839.288644] FAT-fs (loop5): Can't find a valid FAT filesystem 15:44:59 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 15) 15:44:59 executing program 1: r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x7}, ["", "", "", "", "", ""]}, 0x14}}, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) mlock(&(0x7f0000ffa000/0x2000)=nil, 0x2000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CCA_MODE(r1, 0x0, 0x0) 15:44:59 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f00000003c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$RTC_WIE_ON(r1, 0x700f) fstat(r0, &(0x7f0000000040)) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@local, @in=@dev}}, {{@in=@multicast1}, 0x0, @in=@private}}, &(0x7f0000000240)=0xe8) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000140)={0x37}, 0x14) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000029bd7000fd5bdf250200000008000108000600ac1414aa"], 0x2c}, 0x1, 0x0, 0x0, 0x40005}, 0x10) setresuid(0x0, r2, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7}) 15:44:59 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:44:59 executing program 4: r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x7}, ["", "", "", "", "", ""]}, 0x14}}, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) mlock(&(0x7f0000ffa000/0x2000)=nil, 0x2000) 15:44:59 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x500, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:44:59 executing program 0: ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000180)={'syzkaller0\x00'}) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) r1 = eventfd(0x27) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r1, 0xf505, 0x0) syz_io_uring_setup(0x1a1a, &(0x7f0000000280)={0x0, 0x0, 0x1, 0x1, 0x225}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000006c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) socketpair(0x2b, 0x3, 0x80000000, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$FOU_CMD_ADD(r4, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x38, 0x0, 0x800, 0x70bd28, 0x25dfdbfe, {}, [@FOU_ATTR_IFINDEX={0x8}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e22}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @mcast2}]}, 0x38}, 0x1, 0x0, 0x0, 0x81}, 0x4) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000640)={0x0, 0xcf95, 0x200}) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001640)={0x0, 0x0, {0x0, @usage, 0x0}, {0x0, @usage, 0x0}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000e40)={0x0, 0x1, {0x9, @struct={0x1e9f, 0x7}, r6, 0xfffffffffffffff8, 0x4, 0x800, 0x9, 0x1, 0xc0, @struct={0x4, 0xffffffff}, 0x7ff, 0x81, [0x8001, 0x0, 0x2, 0x0, 0x7ff, 0x3]}, {0x7, @struct={0x5, 0x1f}, 0x0, 0x7, 0x7, 0x22e3, 0x0, 0xff, 0x400, @usage=0x401, 0x0, 0x9, [0x9, 0x0, 0xc55, 0xe522, 0x2, 0x3303]}, {0x3, @struct={0x1, 0xfffffff8}, r7, 0x0, 0x7fffffff, 0x8e6, 0x5, 0x4, 0x404, @struct={0x2, 0x8}, 0x6, 0x0, [0x3, 0x8, 0x4, 0x1ff]}, {0xd23, 0x20, 0x7fff}}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000700)={r6, 0x7, 0xeec}) r8 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r8, 0x40305839, &(0x7f00000001c0)=ANY=[@ANYBLOB="0600000000fddda786adff1800000ceb0000002b00db2ba571f584e22000000000000000"]) 15:44:59 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000122008017eb0000", @ANYRES32=r0, @ANYRES32=0xffffffffffffffff, @ANYRES32=r3, @ANYBLOB='./file0\x00']) r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000001c0), 0x1c5282, 0x0) ioctl$BTRFS_IOC_INO_PATHS(r5, 0xc0389423, &(0x7f0000000400)={0xa2, 0x18, [0x100, 0x0, 0x5, 0x40], &(0x7f0000000200)=[0x0, 0x0, 0x0]}) getsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000440), &(0x7f0000000480)=0x8) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) pwrite64(r6, &(0x7f0000000300)="cb7c057ad96989ba0a5f8709fd57175ce49a2379998df2d42a8675611e15cba4ff6a47e61b1352aebd8f759fbe2017e00dfeadd9376942374686ccee517eeed644ba92aa9f6857fd3bb3dddd6db5fbfbb617cc03360c0c33ca66e4cb441e8cce4b4c0d4769fd20403e17736bc3bba101ac8b152ca6ef39d2f6064f218e5b1d90f70ea024718b26ead8baf9761b55005d75bdd40093e6d158c54b34612ce27e32b94b206b727cdbaf63ad1725ed4f835dfb480d552780110915da2d5ea0e84020017d3dcd903c45863ed7d9f6ec1eda38bbd857111469943e27727f56b713b43e9a00d8ee8a395ead94c343866775", 0xee, 0x27) lchown(&(0x7f0000000100)='./file0\x00', r4, 0xee01) setresuid(r4, r2, r2) setresuid(0x0, r2, 0x0) setuid(r2) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x80000, &(0x7f00000004c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB=',aname=%$:(,dont_measure,permit_directio,euid=', @ANYRESDEC=r2, @ANYBLOB="2c646f6e745f686173682c61707072616973652c7063723d30303030303030340000000130303030303036322c00312678d2c0ffe597ee8403ee1d5ece75f5a8360022ac64fbeec1b3d4d04c85dec45175b7c5cce4043bb17d32cd0ca760ceacbf53ce63390177d9c0688ca79a857829d0504434d90c90536134d874b346552c9a8491f02a144fe70c966dadc715fdd711b6b4559c7d2cbad7ba0e079adbbdac8e398bf1cdf8f5d4c9a178413af792190c8a8f818e64f927ea7544abea0a94cfceb84dd4afb12bad12367d80691c9d87e02bfece49d815b28c01989606d2d3a693d4e512fc7923625eb2566a312caf10e9b45e03fa7f88e9da18c028617b65802c969452f22e7f61be4e0c49d6bd6da4db27e5b0d8619324895817d4d951160623530c7157915a4010353e2fe9be8547c2d95696096e51b81aaf421e"]) write$P9_RREADLINK(r0, &(0x7f00000000c0)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) [ 849.248364] FAULT_INJECTION: forcing a failure. [ 849.248364] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 849.249747] CPU: 0 PID: 8012 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 849.250944] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 849.252237] Call Trace: [ 849.252528] [ 849.252780] dump_stack_lvl+0x8b/0xb3 [ 849.253225] should_fail.cold+0x5/0xa [ 849.253661] copy_page_from_iter_atomic+0x4e4/0x1b10 [ 849.254279] ? iov_iter_get_pages_alloc+0x15a0/0x15a0 [ 849.254870] ? fault_in_readable+0x18a/0x250 [ 849.255377] ? fault_in_writeable+0x1d0/0x1d0 [ 849.255888] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 849.256464] ? shmem_write_begin+0xfd/0x1d0 [ 849.256953] ? shmem_write_begin+0x106/0x1d0 [ 849.257458] generic_perform_write+0x27e/0x510 [ 849.257976] ? folio_unlock+0xb0/0xb0 [ 849.258422] ? discard_new_inode+0x190/0x190 [ 849.258929] ? generic_write_checks+0x25f/0x390 [ 849.259462] __generic_file_write_iter+0x306/0x4b0 [ 849.260026] generic_file_write_iter+0xd7/0x220 [ 849.260566] ? iov_iter_init+0x45/0x1b0 [ 849.261029] new_sync_write+0x437/0x660 [ 849.261483] ? new_sync_read+0x6f0/0x6f0 [ 849.261948] ? rcu_read_lock_sched_held+0xd/0x70 [ 849.262510] ? x86_pmu_enable+0xa30/0xd90 [ 849.262989] ? lock_release+0x6f0/0x6f0 [ 849.263446] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 849.264073] vfs_write+0x7c2/0xad0 [ 849.264482] __x64_sys_pwrite64+0x1fd/0x250 [ 849.264975] ? vfs_write+0xad0/0xad0 [ 849.265398] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 849.265969] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 849.266593] ? syscall_enter_from_user_mode+0x1d/0x50 [ 849.267185] do_syscall_64+0x3b/0x90 [ 849.267613] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 849.268199] RIP: 0033:0x7f01cb8dbab7 [ 849.268619] Code: 08 89 3c 24 48 89 4c 24 18 e8 e5 f8 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 12 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 15 f9 ff ff 48 8b [ 849.270733] RSP: 002b:00007f01c8e9df20 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 849.271593] RAX: ffffffffffffffda RBX: 00007f01cb972970 RCX: 00007f01cb8dbab7 [ 849.272414] RDX: 0000000000000021 RSI: 0000000020010000 RDI: 0000000000000004 [ 849.273221] RBP: 0000000000000002 R08: 0000000000000000 R09: ffffffffffffffff [ 849.274032] R10: 0000000000000004 R11: 0000000000000293 R12: 0000000000000004 [ 849.274856] R13: 0000000000000004 R14: 0000000020000200 R15: 0000000000000000 [ 849.275674] 15:44:59 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000240), 0x181081, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0xfffffffc, 0x0, 0x0, 0x1ce, 0x0, r1}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) syz_io_uring_setup(0x4b87, &(0x7f0000000080)={0x0, 0x4e54, 0x0, 0x3, 0x2f2}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'veth0_to_bridge\x00'}) write$P9_RMKNOD(r3, &(0x7f0000000140)={0x37}, 0x14) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000001c0)={'batadv_slave_0\x00'}) syz_io_uring_submit(r2, 0x0, &(0x7f0000000180)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x5, 0x0, 0x0, 0x0, 0x23456}, 0x1) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:44:59 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x600, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:44:59 executing program 1: r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x7}, ["", "", "", "", "", ""]}, 0x14}}, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) mlock(&(0x7f0000ffa000/0x2000)=nil, 0x2000) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff) 15:44:59 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f00000003c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$RTC_WIE_ON(r1, 0x700f) fstat(r0, &(0x7f0000000040)) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@local, @in=@dev}}, {{@in=@multicast1}, 0x0, @in=@private}}, &(0x7f0000000240)=0xe8) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000140)={0x37}, 0x14) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000029bd7000fd5bdf250200000008000108000600ac1414aa"], 0x2c}, 0x1, 0x0, 0x0, 0x40005}, 0x10) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7}) 15:44:59 executing program 4: r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x7}, ["", "", "", "", "", ""]}, 0x14}}, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:44:59 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) r1 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000080)='.pending_reads\x00', 0x101000, 0x80) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'bridge0\x00'}) 15:44:59 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x700, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:44:59 executing program 1: r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x7}, ["", "", "", "", "", ""]}, 0x14}}, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) mlock(&(0x7f0000ffa000/0x2000)=nil, 0x2000) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) [ 849.412262] loop5: detected capacity change from 0 to 260 [ 849.424306] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:44:59 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 16) 15:44:59 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f00000003c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$RTC_WIE_ON(r1, 0x700f) fstat(r0, &(0x7f0000000040)) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@local, @in=@dev}}, {{@in=@multicast1}, 0x0, @in=@private}}, &(0x7f0000000240)=0xe8) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000140)={0x37}, 0x14) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000029bd7000fd5bdf250200000008000108000600ac1414aa"], 0x2c}, 0x1, 0x0, 0x0, 0x40005}, 0x10) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7}) 15:44:59 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000080)={{0x1, 0x1, 0x18, r1, {0x8}}, './file0\x00'}) ioctl$TUNDETACHFILTER(r2, 0x401054d6, 0x0) 15:45:00 executing program 0: ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000180)={'syzkaller0\x00'}) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) r1 = eventfd(0x27) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r1, 0xf505, 0x0) syz_io_uring_setup(0x1a1a, &(0x7f0000000280)={0x0, 0x0, 0x1, 0x1, 0x225}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000006c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) socketpair(0x2b, 0x3, 0x80000000, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$FOU_CMD_ADD(r4, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x38, 0x0, 0x800, 0x70bd28, 0x25dfdbfe, {}, [@FOU_ATTR_IFINDEX={0x8}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e22}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @mcast2}]}, 0x38}, 0x1, 0x0, 0x0, 0x81}, 0x4) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000640)={0x0, 0xcf95, 0x200}) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001640)={0x0, 0x0, {0x0, @usage, 0x0}, {0x0, @usage, 0x0}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000e40)={0x0, 0x1, {0x9, @struct={0x1e9f, 0x7}, r6, 0xfffffffffffffff8, 0x4, 0x800, 0x9, 0x1, 0xc0, @struct={0x4, 0xffffffff}, 0x7ff, 0x81, [0x8001, 0x0, 0x2, 0x0, 0x7ff, 0x3]}, {0x7, @struct={0x5, 0x1f}, 0x0, 0x7, 0x7, 0x22e3, 0x0, 0xff, 0x400, @usage=0x401, 0x0, 0x9, [0x9, 0x0, 0xc55, 0xe522, 0x2, 0x3303]}, {0x3, @struct={0x1, 0xfffffff8}, r7, 0x0, 0x7fffffff, 0x8e6, 0x5, 0x4, 0x404, @struct={0x2, 0x8}, 0x6, 0x0, [0x3, 0x8, 0x4, 0x1ff]}, {0xd23, 0x20, 0x7fff}}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000700)={r6, 0x7, 0xeec}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) [ 849.510578] FAULT_INJECTION: forcing a failure. [ 849.510578] name failslab, interval 1, probability 0, space 0, times 0 15:45:00 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f00000003c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$RTC_WIE_ON(r1, 0x700f) fstat(r0, &(0x7f0000000040)) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@local, @in=@dev}}, {{@in=@multicast1}, 0x0, @in=@private}}, &(0x7f0000000240)=0xe8) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000140)={0x37}, 0x14) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7}) [ 849.512027] CPU: 0 PID: 8057 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 15:45:00 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:45:00 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_FILES(r1, 0x3, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:45:00 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip6_flowlabel\x00') r2 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r2, &(0x7f0000000140)={0x37}, 0x14) mq_timedreceive(r2, &(0x7f0000000100)=""/51, 0x33, 0x3ff, &(0x7f0000000180)={0x0, 0x989680}) write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000040)={'\x00', 0x9, 0x40, 0x8001, 0x4096, 0x10001, 0xffffffffffffffff}) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) [ 849.513107] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 849.514423] Call Trace: [ 849.514704] [ 849.514948] dump_stack_lvl+0x8b/0xb3 [ 849.515380] should_fail.cold+0x5/0xa [ 849.515804] ? getname_flags.part.0+0x50/0x4f0 [ 849.516330] should_failslab+0x5/0x10 [ 849.516747] kmem_cache_alloc+0x5b/0x480 [ 849.517194] getname_flags.part.0+0x50/0x4f0 [ 849.517679] ? x86_pmu_enable+0xa30/0xd90 [ 849.518134] getname+0x8e/0xd0 [ 849.518508] do_sys_openat2+0xf5/0x4d0 [ 849.518936] ? build_open_flags+0x6f0/0x6f0 [ 849.519402] ? preempt_count_add+0x74/0x140 [ 849.519891] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 849.520490] __x64_sys_openat+0x13f/0x1f0 [ 849.520948] ? __x64_sys_open+0x1c0/0x1c0 [ 849.521388] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 849.521937] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 849.522533] ? syscall_enter_from_user_mode+0x1d/0x50 [ 849.523102] do_syscall_64+0x3b/0x90 [ 849.523505] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 849.524085] RIP: 0033:0x7f01cb8dba04 [ 849.524479] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 849.526501] RSP: 002b:00007f01c8e9ded0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 849.527320] RAX: ffffffffffffffda RBX: 00007f01cb972970 RCX: 00007f01cb8dba04 [ 849.528107] RDX: 0000000000000002 RSI: 00007f01c8e9e000 RDI: 00000000ffffff9c [ 849.528897] RBP: 00007f01c8e9e000 R08: 0000000000000000 R09: ffffffffffffffff [ 849.529684] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 849.530477] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002 [ 849.531258] 15:45:00 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x900, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:45:11 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f00000003c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$RTC_WIE_ON(r1, 0x700f) fstat(r0, &(0x7f0000000040)) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@local, @in=@dev}}, {{@in=@multicast1}, 0x0, @in=@private}}, &(0x7f0000000240)=0xe8) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7}) 15:45:11 executing program 1: r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x7}, ["", "", "", "", "", ""]}, 0x14}}, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) mlock(&(0x7f0000ffa000/0x2000)=nil, 0x2000) 15:45:11 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) ioctl$BTRFS_IOC_RM_DEV_V2(r0, 0x5000943a, &(0x7f0000000040)={{r0}, 0x0, 0x10, @unused=[0x9, 0x8, 0x0, 0x3], @subvolid=0xffffffff}) 15:45:11 executing program 0: ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000180)={'syzkaller0\x00'}) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) r1 = eventfd(0x27) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r1, 0xf505, 0x0) syz_io_uring_setup(0x1a1a, &(0x7f0000000280)={0x0, 0x0, 0x1, 0x1, 0x225}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000006c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) socketpair(0x2b, 0x3, 0x80000000, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$FOU_CMD_ADD(r4, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x38, 0x0, 0x800, 0x70bd28, 0x25dfdbfe, {}, [@FOU_ATTR_IFINDEX={0x8}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e22}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @mcast2}]}, 0x38}, 0x1, 0x0, 0x0, 0x81}, 0x4) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000640)={0x0, 0xcf95, 0x200}) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001640)={0x0, 0x0, {0x0, @usage, 0x0}, {0x0, @usage, 0x0}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000e40)={0x0, 0x1, {0x9, @struct={0x1e9f, 0x7}, r6, 0xfffffffffffffff8, 0x4, 0x800, 0x9, 0x1, 0xc0, @struct={0x4, 0xffffffff}, 0x7ff, 0x81, [0x8001, 0x0, 0x2, 0x0, 0x7ff, 0x3]}, {0x7, @struct={0x5, 0x1f}, 0x0, 0x7, 0x7, 0x22e3, 0x0, 0xff, 0x400, @usage=0x401, 0x0, 0x9, [0x9, 0x0, 0xc55, 0xe522, 0x2, 0x3303]}, {0x3, @struct={0x1, 0xfffffff8}, r7, 0x0, 0x7fffffff, 0x8e6, 0x5, 0x4, 0x404, @struct={0x2, 0x8}, 0x6, 0x0, [0x3, 0x8, 0x4, 0x1ff]}, {0xd23, 0x20, 0x7fff}}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000700)={r6, 0x7, 0xeec}) 15:45:11 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0xf00, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:45:11 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 17) 15:45:11 executing program 4: mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:45:11 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'veth1\x00'}) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) [ 860.937795] FAULT_INJECTION: forcing a failure. [ 860.937795] name failslab, interval 1, probability 0, space 0, times 0 [ 860.940514] CPU: 0 PID: 8098 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 860.942810] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 860.945478] Call Trace: [ 860.946059] [ 860.946579] dump_stack_lvl+0x8b/0xb3 [ 860.947463] should_fail.cold+0x5/0xa [ 860.948341] ? create_object.isra.0+0x3a/0xa20 [ 860.949389] should_failslab+0x5/0x10 [ 860.950246] kmem_cache_alloc+0x5b/0x480 [ 860.951184] ? up_write+0x148/0x460 [ 860.952005] create_object.isra.0+0x3a/0xa20 [ 860.953009] ? kasan_unpoison+0x23/0x50 [ 860.953920] kmem_cache_alloc+0x239/0x480 [ 860.954869] getname_flags.part.0+0x50/0x4f0 [ 860.955878] ? x86_pmu_enable+0xa30/0xd90 [ 860.956828] getname+0x8e/0xd0 [ 860.957563] do_sys_openat2+0xf5/0x4d0 [ 860.958455] ? build_open_flags+0x6f0/0x6f0 [ 860.959435] ? preempt_count_add+0x74/0x140 [ 860.960419] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 860.961671] __x64_sys_openat+0x13f/0x1f0 [ 860.962629] ? __x64_sys_open+0x1c0/0x1c0 15:45:11 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f00000003c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$RTC_WIE_ON(r1, 0x700f) fstat(r0, &(0x7f0000000040)) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@local, @in=@dev}}, {{@in=@multicast1}, 0x0, @in=@private}}, &(0x7f0000000240)=0xe8) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7}) [ 860.963571] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 860.964820] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 860.966028] ? syscall_enter_from_user_mode+0x1d/0x50 [ 860.967206] do_syscall_64+0x3b/0x90 [ 860.968064] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 860.969224] RIP: 0033:0x7f01cb8dba04 [ 860.970051] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 860.974184] RSP: 002b:00007f01c8e9ded0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 860.975909] RAX: ffffffffffffffda RBX: 00007f01cb972970 RCX: 00007f01cb8dba04 [ 860.977519] RDX: 0000000000000002 RSI: 00007f01c8e9e000 RDI: 00000000ffffff9c [ 860.979139] RBP: 00007f01c8e9e000 R08: 0000000000000000 R09: ffffffffffffffff [ 860.980748] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 860.982380] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002 [ 860.984003] 15:45:11 executing program 0: ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000180)={'syzkaller0\x00'}) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) r1 = eventfd(0x27) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r1, 0xf505, 0x0) syz_io_uring_setup(0x1a1a, &(0x7f0000000280)={0x0, 0x0, 0x1, 0x1, 0x225}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000006c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) socketpair(0x2b, 0x3, 0x80000000, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$FOU_CMD_ADD(r4, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x38, 0x0, 0x800, 0x70bd28, 0x25dfdbfe, {}, [@FOU_ATTR_IFINDEX={0x8}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e22}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @mcast2}]}, 0x38}, 0x1, 0x0, 0x0, 0x81}, 0x4) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000640)={0x0, 0xcf95, 0x200}) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001640)={0x0, 0x0, {0x0, @usage, 0x0}, {0x0, @usage, 0x0}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000e40)={0x0, 0x1, {0x9, @struct={0x1e9f, 0x7}, r6, 0xfffffffffffffff8, 0x4, 0x800, 0x9, 0x1, 0xc0, @struct={0x4, 0xffffffff}, 0x7ff, 0x81, [0x8001, 0x0, 0x2, 0x0, 0x7ff, 0x3]}, {0x7, @struct={0x5, 0x1f}, 0x0, 0x7, 0x7, 0x22e3, 0x0, 0xff, 0x400, @usage=0x401, 0x0, 0x9, [0x9, 0x0, 0xc55, 0xe522, 0x2, 0x3303]}, {0x3, @struct={0x1, 0xfffffff8}, r7, 0x0, 0x7fffffff, 0x8e6, 0x5, 0x4, 0x404, @struct={0x2, 0x8}, 0x6, 0x0, [0x3, 0x8, 0x4, 0x1ff]}, {0xd23, 0x20, 0x7fff}}) [ 861.074123] loop5: detected capacity change from 0 to 260 [ 861.080341] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:45:22 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x7501, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:45:22 executing program 4: mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:45:22 executing program 0: ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000180)={'syzkaller0\x00'}) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) r1 = eventfd(0x27) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r1, 0xf505, 0x0) syz_io_uring_setup(0x1a1a, &(0x7f0000000280)={0x0, 0x0, 0x1, 0x1, 0x225}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000006c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) socketpair(0x2b, 0x3, 0x80000000, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$FOU_CMD_ADD(r4, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x38, 0x0, 0x800, 0x70bd28, 0x25dfdbfe, {}, [@FOU_ATTR_IFINDEX={0x8}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e22}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @mcast2}]}, 0x38}, 0x1, 0x0, 0x0, 0x81}, 0x4) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000640)={0x0, 0xcf95, 0x200}) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001640)={0x0, 0x0, {}, {}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) [ 871.615023] FAULT_INJECTION: forcing a failure. [ 871.615023] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 871.617442] CPU: 0 PID: 8125 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 871.619420] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 871.621737] Call Trace: [ 871.622257] [ 871.622737] dump_stack_lvl+0x8b/0xb3 [ 871.623537] should_fail.cold+0x5/0xa [ 871.624333] strncpy_from_user+0x34/0x3d0 [ 871.625242] getname_flags.part.0+0x95/0x4f0 [ 871.626297] ? x86_pmu_enable+0xa30/0xd90 [ 871.627294] getname+0x8e/0xd0 [ 871.628062] do_sys_openat2+0xf5/0x4d0 [ 871.628990] ? build_open_flags+0x6f0/0x6f0 [ 871.629998] ? preempt_count_add+0x74/0x140 15:45:22 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 18) 15:45:22 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x232a02, 0x0) r1 = openat$cgroup_devices(r0, &(0x7f0000000040)='devices.deny\x00', 0x2, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r1, 0xc020662a, &(0x7f0000000080)={0x2, 0x0, 0x1, 0xfeb, 0x3, [{0x80, 0x7, 0xffff}, {0x73, 0x3, 0x9, '\x00', 0x400}, {0x0, 0x77a, 0x68, '\x00', 0x84}]}) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1}, 0x5) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) 15:45:22 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f00000003c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$RTC_WIE_ON(r1, 0x700f) fstat(r0, &(0x7f0000000040)) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7}) 15:45:22 executing program 1: r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x7}, ["", "", "", "", "", ""]}, 0x14}}, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) [ 871.631045] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 871.632513] __x64_sys_openat+0x13f/0x1f0 [ 871.633524] ? __x64_sys_open+0x1c0/0x1c0 [ 871.634517] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 871.635700] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 871.636966] ? syscall_enter_from_user_mode+0x1d/0x50 [ 871.638188] do_syscall_64+0x3b/0x90 [ 871.639089] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 871.640305] RIP: 0033:0x7f01cb8dba04 [ 871.641188] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 871.645524] RSP: 002b:00007f01c8e9ded0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 871.647329] RAX: ffffffffffffffda RBX: 00007f01cb972970 RCX: 00007f01cb8dba04 [ 871.649020] RDX: 0000000000000002 RSI: 00007f01c8e9e000 RDI: 00000000ffffff9c [ 871.650722] RBP: 00007f01c8e9e000 R08: 0000000000000000 R09: ffffffffffffffff [ 871.652407] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 871.654091] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002 [ 871.655799] 15:45:22 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ipvlan1\x00'}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'veth0_virt_wifi\x00'}) 15:45:22 executing program 4: mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:45:22 executing program 4: syz_open_dev$mouse(0x0, 0x6, 0x1) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:45:22 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:45:22 executing program 1: mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:45:22 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f00000003c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$RTC_WIE_ON(r1, 0x700f) fstat(r0, &(0x7f0000000040)) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7}) 15:45:22 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x6c842, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) ioctl$CDROMREADALL(r0, 0x5318, &(0x7f0000000040)) 15:45:22 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0xf000, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:45:22 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r1, {0xee01, 0xee00}}, './file0\x00'}) ioctl$TUNSETGROUP(r0, 0x400454ce, r2) r3 = socket(0x22, 0x4, 0x55e) ioctl$FS_IOC_GETVERSION(r3, 0x80087601, &(0x7f0000000080)) flock(r3, 0xe) 15:45:22 executing program 1: mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:45:32 executing program 4: syz_open_dev$mouse(0x0, 0x6, 0x1) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:45:32 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 19) 15:45:32 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0xf0ffff, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:45:32 executing program 1: mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:45:32 executing program 0: ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000180)={'syzkaller0\x00'}) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) r1 = eventfd(0x27) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r1, 0xf505, 0x0) syz_io_uring_setup(0x1a1a, &(0x7f0000000280)={0x0, 0x0, 0x1, 0x1, 0x225}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000006c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) socketpair(0x2b, 0x3, 0x80000000, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$FOU_CMD_ADD(r4, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x38, 0x0, 0x800, 0x70bd28, 0x25dfdbfe, {}, [@FOU_ATTR_IFINDEX={0x8}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e22}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @mcast2}]}, 0x38}, 0x1, 0x0, 0x0, 0x81}, 0x4) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000640)={0x0, 0xcf95, 0x200}) 15:45:32 executing program 6: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') ioctl$KDSETMODE(r0, 0x4b3a, 0x0) ioctl$sock_SIOCDELRT(r0, 0x890c, &(0x7f0000000100)={0x0, @l2={0x1f, 0x0, @none, 0x100}, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x44}}, @xdp={0x2c, 0x8, 0x0, 0xb}, 0xa8e, 0x0, 0x0, 0x0, 0xfff8, &(0x7f00000000c0)='wg0\x00', 0x8, 0x400, 0x6}) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000240)={'wg0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) r5 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$ETHTOOL_MSG_RINGS_SET(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)={0x30, r4, 0xd0b, 0x0, 0x0, {}, [@ETHTOOL_A_RINGS_RX_MINI={0x8, 0xa, 0xf7d}, @ETHTOOL_A_RINGS_TX={0x8, 0x9, 0x8}, @ETHTOOL_A_RINGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}]}, 0x30}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_GET(r0, &(0x7f0000000640)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000600)={&(0x7f00000002c0)={0x32c, 0x0, 0x2, 0x70bd2c, 0x25dfdbfc, {}, [{{0x8}, {0xec, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x40}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r1}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x81}}, {0x8, 0x6, r2}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}]}}, {{0x8, 0x1, r6}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xc5a}}, {0x8, 0x6, r7}}}]}}, {{0x8}, {0x184, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}]}}, {{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xa9}}, {0x8}}}]}}]}, 0x32c}}, 0x800) r8 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$CDROMMULTISESSION(r8, 0x5312, 0x0) ioctl$FIONCLEX(0xffffffffffffffff, 0x5450) 15:45:32 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f00000003c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$RTC_WIE_ON(r1, 0x700f) fstat(r0, &(0x7f0000000040)) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7}) 15:45:32 executing program 2: r0 = syz_genetlink_get_family_id$tipc(&(0x7f0000000880), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_LINK_WINDOW(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000940)={&(0x7f00000008c0)={0x68, r0, 0x0, 0x70bd2d, 0x0, {{}, {}, {0x4c, 0x18, {0x0, @link='broadcast-link\x00'}}}, [""]}, 0x68}}, 0x0) sendmsg$TIPC_CMD_DISABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, r0, 0x100, 0x70bd29, 0x25dfdbfb, {{}, {}, {0x10, 0x13, @l2={'eth', 0x3a, 'ip6gre0\x00'}}}, ["", ""]}, 0x2c}, 0x1, 0x0, 0x0, 0x2000c080}, 0x4000010) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x30, 0x0, 0x800, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0xe2, 0x63}}}}, [@NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000) ioctl$TUNGETVNETHDRSZ(r1, 0x800454d7, &(0x7f0000000080)) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r2, &(0x7f0000000140)={0x37}, 0x14) ioctl$TUNSETVNETLE(r2, 0x400454dc, &(0x7f00000001c0)=0x1) r3 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r2, 0xc018937e, &(0x7f0000000340)={{0x1, 0x1, 0x18, r3, @in_args={0x2}}, './file0\x00'}) r5 = syz_genetlink_get_family_id$devlink(&(0x7f00000003c0), r2) sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(r4, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x38, r5, 0x8, 0x70bd2c, 0x25dfdbfd, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0xac}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8001}, 0x20004850) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:45:32 executing program 4: syz_open_dev$mouse(0x0, 0x6, 0x1) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) [ 882.090381] FAULT_INJECTION: forcing a failure. [ 882.090381] name failslab, interval 1, probability 0, space 0, times 0 [ 882.092950] CPU: 1 PID: 8192 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 882.095068] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 882.097539] Call Trace: [ 882.098105] [ 882.098597] dump_stack_lvl+0x8b/0xb3 [ 882.099467] should_fail.cold+0x5/0xa [ 882.100316] ? __alloc_file+0x21/0x240 [ 882.101188] should_failslab+0x5/0x10 [ 882.102026] kmem_cache_alloc+0x5b/0x480 [ 882.102946] ? rcu_read_lock_sched_held+0xd/0x70 [ 882.104002] __alloc_file+0x21/0x240 [ 882.104832] alloc_empty_file+0x6d/0x170 [ 882.105746] path_openat+0xe1/0x28a0 [ 882.106585] ? __is_insn_slot_addr+0x144/0x250 [ 882.107619] ? kernel_text_address+0x53/0xb0 [ 882.108598] ? path_lookupat+0x850/0x850 [ 882.109500] ? unwind_get_return_address+0x51/0x90 [ 882.110577] ? create_prof_cpu_mask+0x20/0x20 [ 882.111589] ? arch_stack_walk+0x99/0xf0 [ 882.112496] ? rcu_read_lock_sched_held+0xd/0x70 [ 882.113540] ? lock_acquire+0x41c/0x4d0 [ 882.114418] do_filp_open+0x1aa/0x400 [ 882.115280] ? may_open_dev+0xf0/0xf0 [ 882.116129] ? lock_release+0x505/0x6f0 [ 882.117006] ? alloc_fd+0x2f0/0x670 [ 882.117802] ? lock_downgrade+0x6d0/0x6d0 [ 882.118721] ? rwlock_bug.part.0+0x90/0x90 [ 882.119653] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 882.120854] ? _find_next_bit+0x1e5/0x260 [ 882.121754] ? _raw_spin_unlock+0x24/0x40 [ 882.122688] ? alloc_fd+0x2f0/0x670 [ 882.123483] do_sys_openat2+0x16d/0x4d0 [ 882.124348] ? build_open_flags+0x6f0/0x6f0 [ 882.125287] ? preempt_count_add+0x74/0x140 [ 882.126231] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 882.127438] __x64_sys_openat+0x13f/0x1f0 [ 882.128341] ? __x64_sys_open+0x1c0/0x1c0 [ 882.129243] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 882.130333] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 882.131509] ? syscall_enter_from_user_mode+0x1d/0x50 [ 882.132623] do_syscall_64+0x3b/0x90 [ 882.133434] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 882.134540] RIP: 0033:0x7f01cb8dba04 [ 882.135347] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 882.139304] RSP: 002b:00007f01c8e9ded0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 882.140944] RAX: ffffffffffffffda RBX: 00007f01cb972970 RCX: 00007f01cb8dba04 [ 882.142477] RDX: 0000000000000002 RSI: 00007f01c8e9e000 RDI: 00000000ffffff9c [ 882.143959] RBP: 00007f01c8e9e000 R08: 0000000000000000 R09: ffffffffffffffff [ 882.145456] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 15:45:32 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x1000000, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 882.146992] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002 [ 882.148652] 15:45:32 executing program 1: syz_open_dev$mouse(0x0, 0x6, 0x1) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:45:32 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x1) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:45:32 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f00000003c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$RTC_WIE_ON(r1, 0x700f) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7}) 15:45:32 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 20) [ 882.389038] FAULT_INJECTION: forcing a failure. [ 882.389038] name failslab, interval 1, probability 0, space 0, times 0 [ 882.391439] CPU: 1 PID: 8217 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 882.393430] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 882.395850] Call Trace: [ 882.396391] [ 882.396862] dump_stack_lvl+0x8b/0xb3 [ 882.397688] should_fail.cold+0x5/0xa [ 882.398505] ? create_object.isra.0+0x3a/0xa20 [ 882.399484] should_failslab+0x5/0x10 [ 882.400273] kmem_cache_alloc+0x5b/0x480 [ 882.401121] create_object.isra.0+0x3a/0xa20 [ 882.402043] ? kasan_unpoison+0x23/0x50 [ 882.402901] kmem_cache_alloc+0x239/0x480 [ 882.403764] __alloc_file+0x21/0x240 [ 882.404547] alloc_empty_file+0x6d/0x170 [ 882.405398] path_openat+0xe1/0x28a0 [ 882.406191] ? __is_insn_slot_addr+0x144/0x250 [ 882.407156] ? kernel_text_address+0x53/0xb0 [ 882.408087] ? path_lookupat+0x850/0x850 [ 882.408955] ? unwind_get_return_address+0x51/0x90 [ 882.409995] ? create_prof_cpu_mask+0x20/0x20 [ 882.410944] ? arch_stack_walk+0x99/0xf0 [ 882.411814] ? rcu_read_lock_sched_held+0xd/0x70 [ 882.412806] ? lock_acquire+0x41c/0x4d0 [ 882.413653] do_filp_open+0x1aa/0x400 [ 882.414456] ? may_open_dev+0xf0/0xf0 [ 882.415284] ? lock_release+0x505/0x6f0 [ 882.416109] ? alloc_fd+0x2f0/0x670 [ 882.416873] ? lock_downgrade+0x6d0/0x6d0 [ 882.417752] ? rwlock_bug.part.0+0x90/0x90 [ 882.418631] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 882.419809] ? _find_next_bit+0x1e5/0x260 [ 882.420670] ? _raw_spin_unlock+0x24/0x40 [ 882.421558] ? alloc_fd+0x2f0/0x670 [ 882.422316] do_sys_openat2+0x16d/0x4d0 [ 882.423167] ? build_open_flags+0x6f0/0x6f0 [ 882.424073] ? preempt_count_add+0x74/0x140 [ 882.424990] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 882.426160] __x64_sys_openat+0x13f/0x1f0 [ 882.427030] ? __x64_sys_open+0x1c0/0x1c0 [ 882.427905] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 882.428941] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 882.430073] ? syscall_enter_from_user_mode+0x1d/0x50 [ 882.431167] do_syscall_64+0x3b/0x90 [ 882.431962] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 882.433032] RIP: 0033:0x7f01cb8dba04 [ 882.433812] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 882.437702] RSP: 002b:00007f01c8e9ded0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 882.439309] RAX: ffffffffffffffda RBX: 00007f01cb972970 RCX: 00007f01cb8dba04 [ 882.440815] RDX: 0000000000000002 RSI: 00007f01c8e9e000 RDI: 00000000ffffff9c [ 882.442340] RBP: 00007f01c8e9e000 R08: 0000000000000000 R09: ffffffffffffffff [ 882.443856] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 882.445357] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002 [ 882.446881] [ 882.464692] loop5: detected capacity change from 0 to 260 [ 882.471053] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:45:45 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 21) 15:45:45 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:45:45 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f00000003c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7}) [ 894.536407] FAULT_INJECTION: forcing a failure. [ 894.536407] name failslab, interval 1, probability 0, space 0, times 0 [ 894.538695] CPU: 1 PID: 8228 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 894.540598] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 894.542836] Call Trace: [ 894.543343] 15:45:45 executing program 0: ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000180)={'syzkaller0\x00'}) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) r1 = eventfd(0x27) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r1, 0xf505, 0x0) syz_io_uring_setup(0x1a1a, &(0x7f0000000280)={0x0, 0x0, 0x1, 0x1, 0x225}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000006c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) socketpair(0x2b, 0x3, 0x80000000, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$FOU_CMD_ADD(r4, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x38, 0x0, 0x800, 0x70bd28, 0x25dfdbfe, {}, [@FOU_ATTR_IFINDEX={0x8}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e22}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @mcast2}]}, 0x38}, 0x1, 0x0, 0x0, 0x81}, 0x4) [ 894.543782] dump_stack_lvl+0x8b/0xb3 [ 894.544684] should_fail.cold+0x5/0xa [ 894.545589] ? security_file_alloc+0x34/0x170 [ 894.546559] should_failslab+0x5/0x10 [ 894.547307] kmem_cache_alloc+0x5b/0x480 [ 894.548108] security_file_alloc+0x34/0x170 [ 894.548940] __alloc_file+0xb6/0x240 [ 894.549663] alloc_empty_file+0x6d/0x170 [ 894.550461] path_openat+0xe1/0x28a0 [ 894.551214] ? __is_insn_slot_addr+0x144/0x250 [ 894.552109] ? kernel_text_address+0x53/0xb0 [ 894.552981] ? path_lookupat+0x850/0x850 15:45:45 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x2000000, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:45:45 executing program 1: syz_open_dev$mouse(0x0, 0x6, 0x1) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) [ 894.553772] ? unwind_get_return_address+0x51/0x90 [ 894.554811] ? create_prof_cpu_mask+0x20/0x20 [ 894.555697] ? arch_stack_walk+0x99/0xf0 [ 894.556493] ? rcu_read_lock_sched_held+0xd/0x70 [ 894.557405] ? lock_acquire+0x41c/0x4d0 [ 894.558176] do_filp_open+0x1aa/0x400 [ 894.558927] ? may_open_dev+0xf0/0xf0 [ 894.559666] ? lock_release+0x505/0x6f0 [ 894.560464] ? alloc_fd+0x2f0/0x670 [ 894.561163] ? lock_downgrade+0x6d0/0x6d0 [ 894.561962] ? rwlock_bug.part.0+0x90/0x90 15:45:45 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) recvmsg$unix(r0, &(0x7f0000000740)={&(0x7f0000000200), 0x6e, &(0x7f0000000680)=[{&(0x7f0000000280)=""/159, 0x9f}, {&(0x7f0000000340)=""/201, 0xc9}, {&(0x7f0000000440)=""/232, 0xe8}, {&(0x7f0000000540)=""/104, 0x68}, {&(0x7f00000005c0)=""/155, 0x9b}], 0x5, &(0x7f0000000700)=[@cred={{0x1c, 0x1, 0x2, {0x0}}}], 0x20}, 0x10040) clone3(&(0x7f0000000980)={0x200000, &(0x7f0000000780), &(0x7f00000007c0)=0x0, &(0x7f0000000800), {0x1f}, &(0x7f0000000840)=""/119, 0x77, &(0x7f00000008c0)=""/85, &(0x7f0000000940)=[0x0], 0x1, {r0}}, 0x58) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000a00)=0x0) preadv(0xffffffffffffffff, &(0x7f0000001040)=[{&(0x7f0000000b40)=""/94, 0x5e}, {&(0x7f0000000bc0)=""/207, 0xcf}, {&(0x7f0000000cc0)=""/106, 0x6a}, {&(0x7f0000000d40)=""/88, 0x58}, {&(0x7f0000000dc0)=""/216, 0xd8}, {&(0x7f0000000ec0)=""/128, 0x80}, {&(0x7f0000000f40)=""/103, 0x67}, {&(0x7f0000000fc0)=""/55, 0x37}, {&(0x7f0000001000)=""/34, 0x22}], 0x9, 0x9, 0x48ade513) r4 = openat$cgroup(r0, &(0x7f0000000a80)='syz0\x00', 0x200002, 0x0) clone3(&(0x7f0000000ac0)={0x2000000, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x1a}, &(0x7f0000000100)=""/116, 0x74, &(0x7f0000000180)=""/102, &(0x7f0000000a40)=[r1, r2, r3], 0x3, {r4}}, 0x58) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) 15:45:45 executing program 2: r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN(r0, 0x4040942c, &(0x7f00000000c0)={0x0, 0x7fe000000, [0x8, 0x3, 0x619, 0x3f, 0x1000, 0x12]}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r2, &(0x7f0000000140)={0x37}, 0x14) syz_io_uring_setup(0x4eff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @private1}}, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f0000000180)=@IORING_OP_MADVISE={0x19, 0x5, 0x0, 0x0, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x13, 0x1}, 0x7) read$ptp(r2, &(0x7f0000000100)=""/60, 0x3c) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) [ 894.562934] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 894.564240] ? _find_next_bit+0x1e5/0x260 [ 894.565073] ? _raw_spin_unlock+0x24/0x40 [ 894.565899] ? alloc_fd+0x2f0/0x670 [ 894.566604] do_sys_openat2+0x16d/0x4d0 [ 894.567427] ? build_open_flags+0x6f0/0x6f0 [ 894.568262] ? preempt_count_add+0x74/0x140 [ 894.569098] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 894.570184] __x64_sys_openat+0x13f/0x1f0 [ 894.571009] ? __x64_sys_open+0x1c0/0x1c0 [ 894.571837] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 894.573001] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 894.574229] ? syscall_enter_from_user_mode+0x1d/0x50 [ 894.575470] do_syscall_64+0x3b/0x90 [ 894.576231] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 894.577243] RIP: 0033:0x7f01cb8dba04 [ 894.577953] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 894.581585] RSP: 002b:00007f01c8e9ded0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 894.583067] RAX: ffffffffffffffda RBX: 00007f01cb972970 RCX: 00007f01cb8dba04 [ 894.584444] RDX: 0000000000000002 RSI: 00007f01c8e9e000 RDI: 00000000ffffff9c [ 894.585819] RBP: 00007f01c8e9e000 R08: 0000000000000000 R09: ffffffffffffffff [ 894.587224] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 894.588597] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002 [ 894.589981] 15:45:45 executing program 0: ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000180)={'syzkaller0\x00'}) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) r1 = eventfd(0x27) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r1, 0xf505, 0x0) syz_io_uring_setup(0x1a1a, &(0x7f0000000280)={0x0, 0x0, 0x1, 0x1, 0x225}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000006c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) socketpair(0x2b, 0x3, 0x80000000, &(0x7f0000000000)) 15:45:45 executing program 1: syz_open_dev$mouse(0x0, 0x6, 0x1) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:45:45 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) 15:45:45 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x3000000, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:45:45 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f00000003c0)) syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7}) 15:45:45 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYBLOB="07000000018000002e2f66696c657000"]) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'tunl0\x00'}) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:45:45 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) 15:45:45 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x1) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) [ 906.152534] FAULT_INJECTION: forcing a failure. [ 906.152534] name failslab, interval 1, probability 0, space 0, times 0 [ 906.154970] CPU: 0 PID: 8283 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 906.156913] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 906.159232] Call Trace: [ 906.159755] [ 906.160207] dump_stack_lvl+0x8b/0xb3 [ 906.160999] should_fail.cold+0x5/0xa [ 906.161778] ? create_object.isra.0+0x3a/0xa20 [ 906.162711] should_failslab+0x5/0x10 [ 906.163766] kmem_cache_alloc+0x5b/0x480 [ 906.164590] ? memcg_slab_post_alloc_hook+0x206/0x440 [ 906.165636] create_object.isra.0+0x3a/0xa20 [ 906.166531] ? kasan_unpoison+0x23/0x50 [ 906.167358] kmem_cache_alloc+0x239/0x480 [ 906.168204] security_file_alloc+0x34/0x170 [ 906.169216] __alloc_file+0xb6/0x240 [ 906.169981] alloc_empty_file+0x6d/0x170 [ 906.170810] path_openat+0xe1/0x28a0 [ 906.171591] ? __is_insn_slot_addr+0x144/0x250 [ 906.172522] ? kernel_text_address+0x53/0xb0 [ 906.173420] ? path_lookupat+0x850/0x850 [ 906.174244] ? unwind_get_return_address+0x51/0x90 [ 906.175240] ? create_prof_cpu_mask+0x20/0x20 [ 906.176150] ? arch_stack_walk+0x99/0xf0 [ 906.176979] ? rcu_read_lock_sched_held+0xd/0x70 [ 906.177936] ? lock_acquire+0x41c/0x4d0 [ 906.178743] do_filp_open+0x1aa/0x400 [ 906.179526] ? may_open_dev+0xf0/0xf0 [ 906.180302] ? lock_release+0x505/0x6f0 [ 906.181103] ? alloc_fd+0x2f0/0x670 [ 906.181832] ? lock_downgrade+0x6d0/0x6d0 [ 906.182671] ? rwlock_bug.part.0+0x90/0x90 [ 906.183545] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 906.184654] ? _find_next_bit+0x1e5/0x260 [ 906.185487] ? _raw_spin_unlock+0x24/0x40 [ 906.186337] ? alloc_fd+0x2f0/0x670 [ 906.187082] do_sys_openat2+0x16d/0x4d0 [ 906.187882] ? build_open_flags+0x6f0/0x6f0 [ 906.188751] ? preempt_count_add+0x74/0x140 [ 906.189627] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 906.190737] __x64_sys_openat+0x13f/0x1f0 [ 906.191587] ? __x64_sys_open+0x1c0/0x1c0 [ 906.192423] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 906.193432] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 906.194506] ? syscall_enter_from_user_mode+0x1d/0x50 [ 906.195555] do_syscall_64+0x3b/0x90 [ 906.196315] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 906.197352] RIP: 0033:0x7f01cb8dba04 [ 906.198093] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 [ 906.201804] RSP: 002b:00007f01c8e9ded0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 906.203333] RAX: ffffffffffffffda RBX: 00007f01cb972970 RCX: 00007f01cb8dba04 [ 906.204763] RDX: 0000000000000002 RSI: 00007f01c8e9e000 RDI: 00000000ffffff9c [ 906.206196] RBP: 00007f01c8e9e000 R08: 0000000000000000 R09: ffffffffffffffff [ 906.207648] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 906.209085] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002 [ 906.210522] 15:45:56 executing program 0: ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000180)={'syzkaller0\x00'}) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) r1 = eventfd(0x27) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r1, 0xf505, 0x0) syz_io_uring_setup(0x1a1a, &(0x7f0000000280)={0x0, 0x0, 0x1, 0x1, 0x225}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000006c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) 15:45:56 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {0xffffffffffffffff, 0xffffffffffffffff}}, './file0\x00'}) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/tty/drivers\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'wg2\x00'}) ioctl$TUNSETGROUP(r0, 0x400454ce, r1) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:45:56 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) 15:45:56 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f00000003c0)) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7}) 15:45:56 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x4000000, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:45:56 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:45:56 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 22) 15:45:56 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) io_setup(0x100004, &(0x7f0000000200)=0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) io_submit(r1, 0x1, &(0x7f0000000300)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}]) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r3, &(0x7f0000000140)={0x37}, 0x14) r4 = eventfd2(0x0, 0x801) r5 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') ioctl$CDROMSTART(r3, 0x5308) write$P9_RMKNOD(r5, &(0x7f0000000140)={0x37}, 0x14) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(0xffffffffffffffff, 0x7, &(0x7f0000002540), 0x1) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r0, 0xc0189378, &(0x7f00000022c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00./file0 ']) r7 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') ioctl$NS_GET_OWNER_UID(r5, 0xb704, &(0x7f0000002400)=0x0) mount$9p_fd(0x0, &(0x7f0000002380)='./file0\x00', &(0x7f00000023c0), 0x1000, &(0x7f0000002580)=ANY=[@ANYBLOB="58ccb08c2df01ab9e2747261986e733d66642c8266647e000000", @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',access=', @ANYRESDEC=r8, @ANYBLOB=',cachetag=.-:!,permit_directio,context=user_u,dont_appraise,appraise,pcr=00000000000000000063,\x00']) write$P9_RMKNOD(r7, &(0x7f0000000140)={0x37}, 0x14) r9 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r9, &(0x7f0000000140)={0x37}, 0x14) io_submit(r1, 0x5, &(0x7f0000002340)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x3, 0xb73, r3, &(0x7f0000000040)="dd71ddf9394b095cf6df0bf3c52fe3a1ca641f78517801f152b05d4cadf993ca814bc413fe8807e953ada171b40c4b26f82a624764cb42", 0x37, 0xfff, 0x0, 0x0, r4}, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x8, r0, &(0x7f00000000c0)="522859a029059bfce79d3a5bce3e452b2c42e523105aa02f9a8774a53200c2f06152ffb477914eacfeb1217a89a361f530e81c6cab85d6b2ab18702892574b5ea4aed0d29264c926788b8c854cd21751475dfe2fcef10e524d67c19b7327f2e0cae866eb293441c586b11ee2245f00df92e436a2b15339752d32a859b09c52ee7de3fcd2263ef32f33862764aa428dad9be153f8612383cbeca0fbad446031553b3cd57000362ee7c270763ea2b23489a52c8ddea32edf9559e5f0871ba0d87d1ccd31eb76d19aa40e520e9afbe4358c7f9689c19e4d9f", 0xd7, 0x7, 0x0, 0x2, r0}, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x2, 0x81, r0, &(0x7f0000000200), 0x0, 0xc59, 0x0, 0x2, r5}, &(0x7f0000001280)={0x0, 0x0, 0x0, 0xa, 0x3, r9, &(0x7f0000000280)="d519e5c1886c2e40dd68eebecc5272efc0a7c1b40e218041d2d7a222e156b58607768e29839f7c8f8f35e04e28fd9f222e30bd384bc3bc3ac88933a25ed67438ef423f5104365858311ebd7b5f46b31a61634e0dd49b1af788ff6e66ceda7f9e99e2bfc43ebef2c4cfe9c0cf990a021ba8b5bf8246b29499eede80268a1f23074dc9481e9c05b0771636b1ed0b87973a20f72b3666c146c750c31a80ef566566c72d74edd242f3206bf78629312b22019ee49fe8a71cce8648324d5136b6b6b56a648abab8b5a9a98d9293eb710a481e942cdb275f0dc9977d1d9c0a711b40e2b724296155e68fd54f6a28d5cad2b5ccba70ee23ca284a1dc82768cdcd5c12c08345c85b5819b3b015b644db5356a8c199af3271c32225ae0d8fcf163bb72b31541484ab36af8c5e5d327b0b9548e888ad4ccd1f96eda7badc249ebda43452bfd4b6f7e4da07c6fdc485b78222b85a1a33f1757d6ba239dcda15c8ca016f633e584e02d1dc18b8436db1d2acaa25b7b8d6666437b3a2c5a00cd6d551f10b3eb64dcaa6830e211e9ebd70161d7ab62baff02a2499151e58e3143673703a91de6a9d84e9c6ade3e597be1ac04a59cc76291c8c1291f3a6f7a81b25539ef14046a1e1a4a76d5a9fcb90d7d27b95219b03e2dd6e7600e8219ecf7e17cfea076baf723f556f15325b0913ca3e13aeca14dbc67d23f5f5a913637ddd9f8300a7a84bafec75f31a53660e52dc1fc35f12ac33e342f04f25dbad8302ec84037026c267eea62aa6eb06e93a63e732916eb3daf3ef879d80b57cb3cb103c16d4d89bfa6bddd0f68df78c99252481b2c9da8ee801d0c53e353464b1e8e4cd5893e477b089303418b3fdea99e21745c8d4951d745f23e5190211f25c598b1b0fd4b3025fabbf2f658fe8d72f3155d5ec25fe4e912e6ce60b02f146cb5be728f11275f3efef1af22f7c28cf6d768a02d2b2d3b6edab40cdeb92bd62c8db6e962d808e24d96a0f0bdc51504fe56bc692dcf5eca8f35cef57a027ee1fef39ba6e58f905b444a351ac268d12069999b5053005db719fa6d0696a8cd6d678225ad7e5be02042f7ba3f4f210c7379c34cf7464c8b52ccaa9e9938b5e9a3721ec56852971fa16c8619e48cdab08da855611958070757a6fe0fb1a825106f9d081b780843c038af4bdab14b1fed59b0c881a7a65eb9fab51c6254dbf19581fd6b6ee4cea7f9636a0a885158e998d4e1761fe9b1134e73a207223df668976200f48f0a614de104c49a5b33869c539c07ebab6be961b69fceae8590cfd8425d57eea0e7974a9ca32a1510223deefddf90dc91f6ddf74352d4e0a220c68ace7cb0949509fcb9db3431a2c038ed0bc6ed51b0c491f69d92bb4dc914176701304f21585779d682de7f8e6a9a9b9fd24360f3e8df72b857574bcdff4937cd0bfa2315f7daeec79a03f6c50094355533139b9bc10e175972f18ce7a5997300683036e2e4550f5c802b9f6726c8b8d3bf8b93a03b1c42900bf92951aaa3f0dbfce932a7954d528646b77e02ae11f518a97836102e44bf69432071866ba3ace09a6a7e9ff8a66bafe659347f600b39b41da6cbe2e29930e0f4992436a84eb7665b3753bd11a4e839e815aa9a10e184d865290605a733023388391ea40382c50b81f41ed8c8ff7cc926fb66467c8b94f99f410bffba26cc1434e38b2347216415812538ee2f1967800c4ece6b77e3e3bc0669780ad208e197460bb27a23d111d91e1afca2ea72759f41cdc8b5f9bc0a60559ea34246a5b64c2667c7826538fb4bcef6b016a26b5e83dfa6963abf9e7c2f8f98f0fa7e980809e4d572d1790d72fe7109402952aa70ef62654f1398a65738156d2e9d9f4d72ceab5aaac5262c32cb52918a873be201d220673d6396c57659ad1d52dc32e59052d40dd1686fa4b8add606efc835dbb31b59736369309ae2cdfd1de441dceffca82b3925df1e0943ef9dc118eab84afbc7f095f5aa409ccb8216e8efa92e3afcef313fbca899d299a9f8c4b61e112f4b45f3c0d85a7eb4cdd4f8dba4e75a70a5cb8321a082b8d167868f214e776eaef5641da85d95bba87a5dae6606aefe18ca7ace8fe0c58db5ea5c53686a7c89ec7a3f884ac04cd56757be2caa22d85e565be745e19c774b8a7be2a2b2e681e33e4d00d8d981ec929766da499e878cb8a93955d7228b86ece064f6fdfc49859f8894b1d529071591b1fa8ec56e6af0ede4a10e821da31827a00d6878649e86f50923f59d1ad9156fc1bc050eb3857366ae9a69296c253cbcce827253d0334ab711ad3a66dac2d20ca509ebb171a2b0c64d25361cd65b1902b3ab4b0e23f0c896dc4c7cc3baa05c97c6ecf37b217143f70aeaf7c119f7a05e3178b87b599084e680b143a6bf426aba9eeb33222ed4e452d0888e666547340e2ba5684f776bad8dc6108c24b791108de285752d5b1421009f8fe9fd31def5d4630ed594f2132853e642b290791a01a7129e4f75697e11af8c10027896eec3df9a62e9a24b72fbd7cb2f82d2bc280902d0741b23beb2a0b8bf4271f463fcd90e06acf80f728ca6a610294594959df37ad09c6b6066072b9e812fdabd87a32ae6b39b08a9b20155635373e2dc5ad3acc4321052f71ba6e52cbb454a6d649d4e5e5b1d7afbceca37eeb5326a0fcfa6d4db28fe021b44daa1e2bf2b920fe9ac4bef8f937af5019af55b373c87ab5be9f3bf59fbb0b83cc19016199ae7c77e8fc678ca823f8505b8ad2608dd0b5efe7d8e65c49b25d5ce25c36a76e395417817b20f633cc13a11f70ab015ebe1f1d9de87dee0f9928623b9489d7a6e3bc54a96af19c1c223463635dc7bfc67708ff2dc2f92aff515be849b415350d573f25d11b3d440bc87043b779f30ead213c350f16d88ad7f6bc55722dd6c7d96b2a4733ed0ea6a67034c6226114fae13601a41f9a87188645b5e06217abf709af7c5855b1bb9552cefd3dad2911808b0a8158dd478824e61b7b2cc9a6fbbcf3ab9c468c21f274014b315ddad9a1369bc2e13ef413fe5b5355719735b82d1181b099c8b4693b5302fec0e54ca6a3a776100bb06ff4e0dda0e58d9600288ea0c45be955e6411a3bcb2641556b3b6a93a0f37f2a093ef8824df90e30a791f5bb0620677842b2a5ce846eef60908dce517b14a70144a2457095efe32ecc2cd57d55bf8b85cf2e13b7a3bf7c686ec4024d9e731f665972e7606c54d44b78a3cd756f4288a77a33a610b58606f5f0981c214a47c2334b7dc42cf73eeb5d91fda6fc96938890a950f892e05bed330f4a0937cf9bb6a3583ccb37fef846e509326a0cf981091f947de1b705df95d713e7560f2333b60ef87023e47a4a25941ec821d281b393f0441a402f538040335c8622adb421d75fc71d4ffab6b4861c88e664965eba09210c84f4692bd34c99629f1a30a6daf9f2a8eb164519b8052058068eb5a422e885e31e5f198d2a81aeab575ec5def120978fb3843b41fa98fcc4be061fe846c9c9feee24a95afcb6fbd4267c48e1a71c62e58f6534afa5223c0bafb8c10b9b1241c5029b3fa84440fdde22df4945cf754a240b23b373af42488170269cfb1aeb0862c1ff908364a430d64a045a4625327080608fefc212e3e951273f8a5b9e5e44af6b74f8f80bdf0bce3dff05bab5b12579263e072c08bd28c79921b01b8bf0600e4ad8e859335caa42d0f23083018137e18da7e00861c7de8c281d63676258882936b42eadea8edd0d12d6cef3bde8a3071da418250fd6b260324dfc18de680a4cd5c3f56bea7aa97e9ce145cc605f29bc939c7aaee1b4aeb10d9724df22334ea46380681416f5b34969871abf267ac6cc6c43463509574a54a61352717b38adb882278687735873d566f5a2e1ca85beddfd4a78ffcb94ebb30237fdf87b70d0cb21e36733708b6fe2ae562fd1164c8236a5df3c2436da40266cc2a4a42f245c8b3e47efd9b504ad84eb04c6907b44f4475b444c8992954cc1cb060a7bad9d7523252f135eb17374762078bb9f02a0a2e7f4dc09e8dc39ac37a4ba54c5463a81548ddee2c7a8702cedc9e6bf233bf24ad2f6aa453c2e7ed44d104561730ca9fb6a879d5d670f56b876a84a67aa2a96a305ee62ab6d98481fdbb40f6c627b4e91f300af85741342e6fd6a6a1d98cf82c146180cc1edb1cf84dbe8a9dbc7d67ff4a69d4ba25a44b9c796071dba5796312bbfc748fbb339ab147b6b3b08cd5317bfe00d9b96c7753cb3d07754c87348daffca077cde3a0e90e15a3afc535debec9242d267754c4b65f68bcd32ded8f16e18bbe267fc1f3991e3757164fb51ba9c2fa095be6d67a6e586978432a195c5c6b30f107a88ea72b1c86b8b0aed0d594543e26b059e49408d69723d13e8b297108305885adfb980ee7e232fe28456b14365a58233854d29da17ce17ed00243a905f8c7840529109f1f29d1366e2da0f43540bd2862ea9e15e551f526a8b86a57c2a5cfa77606f4af8a8dfb632a506086e450f79e75bb74da3175cdabaca2214a1c7b83207dc8e313c097f1e1b86a8882f910c1f0166f44a5b1254ce192ddd480d60814e7e5404222245f0b36a851daf1e5b6273f6f5e64116b926523a2fc5b6f71edc8526c1a59d289de61e736da6dc5327d58efce8c8b5b70e7d3b80c9b3bc14a825de4d155701fa160422f112010c40127c3c4b7b1315eddb4dfd8c2321cc80699ce3dbf477bef03a2cabd6a31cce737f36379701fc43e5872e602decb7931722412ce4046add2b416caa3b0b632268dca4e8ef8e4f44f0d12d795fb39aa2347a0b85bf58bc2769008390bb923048961c9ed367190795b675dda2daf65e1e038ab04f1f10c03e2d1f20255de639231b9f508b0ed511e3be6fc95871d1a7a6ab5639ec82d038f1f9dabc172f7f105d95f5549614cf84ff5e29d366de3fc19bd30287b6643e94731fa9229a2f8d39864378e71fabe5635ada99ed3a1a14afb3522449c51f638d2e61f26d36bf9dab1447eb1e8c0b9ad5e7832508513b0b3c299e9a40e250ea99983992f72617479f32b0ba467081a75a10c9901d22dd48a93238ffdac538feb5bf29694689055977388b61773779a269b372c1b181734aecf7cd3d86b315d1108c243fc12bb48bd7a3255af4a8a23050d0d4b60e9f8814fdd13b24be0be50fc8e02866429174b06d37d2d40fcaf326fea1ad0184b6325157f7fca62c195c528cb85e2201e88fe850a362e5f6b6ee68504da8a05d330d0f7d49a72028aa6bc756ff61e19fabdcc883eb0b51d96d72d0f91308c8f1a91853b9a1bc216d95e8a6d876f1fc3d3a48b84e05f0dfd40ee40e1ff3c83efc8d26b632b6b0a0725f7f1b305b03ba5020e0201c1df9629e3020d7b13146becc2700e1b24cdbff1d266899cb11f1034323d8e4946cbbaab942484534f5aa8e611054f490ad933208c4c485ca7d55b94488a7faf8c78d9a73d0ba1e40cb7850bb81b8ca0f6e5668e79df91f3f915059df25ee1a26401ea3cc839bdd87c79aa27b41f46747ec4c4b3942bef9314ae6d9d900b189203ee4b8600987f924b5bb7563ceb5967ceea16eb7ebbe6ae4efdbdaac5b594e1fca7732dec41a5895713f8d822fd5467b67c5a312dbbb59467b8e144a993f7132e5254c081839ba0b46d08f5afe5f776bb86517d698c52ef862138c59ad3b499c50bd5bf4d5aef03b8eeccf9e1830a6d7518fa02ff31ea44c4d12e96459735fda4d55002b803491feeecbcd12c2f287c7c874334e210159c8ab0c02d6fca6103f4742309632f5ed992a3bc5692162997f676e43611e80ddb8", 0x1000, 0xfd09, 0x0, 0x3, r0}, &(0x7f0000002300)={0x0, 0x0, 0x0, 0x2, 0x4003, r0, &(0x7f00000012c0)="f237cf06c3b658aa1b302b44c4da5f851c6e3576c15a91c99289949af8a792bcbae91809fadb04fbb6495bbb593dbe7d99073cb84e1e02fe68282cce085018a6318d271d57b08d5c1fa54645ed08fee5f3952ae4bab101b836baadeaa1c2ba4bb50b0b291b329db3d2ad3d426d09e357ee27019b33ad1320cfaecdae3d8c75e1cabec4cfa66498428bfe934099f7ea7451273aa89ab0edb82d008049393786561e5c6ef2f5ed701d7168f0a9816e7eab96488b9060cf6a78ee8b7673d2194da0c0f1fa6cd073feacee4f60b1fc69b0c57fd8cd638a2679ffb1dab09e6f474351452ca0d081929b5a4f46d0432b7498dad1cfda84e35f6763d580b974a7ad8a07806ae67993608a0d86ffc597ff6f93a1ce61a22a204fbba21d8619422d2aaf57803fb4955fb41f8da3b1412349f3b18f37b74808309fd984b633389b257137b5a050cdb96eb090b24a39cc866490d58181d11df27f5c2c43ad9e029936ecfbfc0aae3d5510f40b9d655cce7b26256aeddfe74cb657a910e2d5652bbb50ac44609f34a3b3ab8110f49cda1d5eb7ccd5ae8fa9bdace827331c8d747ce80fdd4a611177a3ea800938095ce29ad6cfcd7796e55153d161ef2a68d766f62ed8e9f0e566efea5d805dcdabe737ecb16f575e85746f145c4f5ac5913058b1022e0f76376fea79eee36bf6f5cdaf211e992ca0190e62cdc94fb0712a565c4782e8dafcab09da329186963786b4979a19f2ebedaa904c252e1cbe2f1cde1c7e2c0542d0b221ab1af6caed784c40aa01ed68a87c6401a91f59aca2a97f29f95f8c0f205245c38004eac6162554a31a128ff49a672aed6f579170c75babe3757d9060c416f1efb647de4c1125becc4238fb40c9a8b5e622b8383115efc2e6c01827b9e5a303f41b9f9bd55aa7790a0234340c685275edc752fa6438dd3099e3200a67b5b2c944ba8e775deae06ad73b5e1eaaca29ff6d1da1be1d1ebd0bb79a2508e0b32565bde6ed877f750ffa17a51433ba4dcbbaa32bbf90c119a058a97b7885a859cbafadaf18ae0d3d12f292b0a2eb3ab5669493dedc6edb5488685dbe59a28d17d8376199f32e99ba2960b5ccd01a9b357bbd9d03460304844225d615499782a3b16c825eb0b05595bee1f68fbbee73489315dec27c9c896647c79211ee2c6100824d33dc2d03b814067effe36e063a9a28d3afa9fa984a5024acb074cbcde66c36c5b7f15050576a43deaba80d7d00f465e45392e0682d07b44345e5846526f02029f59ab718ed51a2937328e3611b6b74dbbb3c23d03aafde5ead439d5aa6441ef3c5bb80c1abf5eb286a6669849b3c37339b61ac0ed38a2d8e08d9d4950aa5c633aeaa73b2b229bb236786154c2e4aa0044c0a9d44309058e560436165e0ffae6aef46df6a11d20d3c32c7d930527d085b586a5c00d6405aa0660e98b1c88416780b37c95d78145ee54bf895286f04adbd88b46b541dc32301c6abfba8048b1be1ac8760c760d12f2a5dc3c6b8eee02826db97ba000a1a26ee3aa791e9feea80030058b06007805b1576b4308759011991af01a57cb42a3e5ddb466557e0374531ade13a802e81d7d8434b8dbdb9d316c611dc1f6c0e878621fa29d513c0d0a687906e89ab56a653f5ed46d3ec0ea25421d215f463bb96d0cc8dd2b5f3816eb0385bbf27eae65f038179c0d292f50d6f0c621d4cf18807a0ce9ee8f7ca48b12d26e9e23ff91ff948f9d041d4155eb35bad5567e3a4c7a2eba2e37faece32d14e9520eca5729ed80962e794786dcd32749c32414143a3ee02a72052d240e504464c15e7e1b9eab7ab31dbc52c427bf1848396adf5e67c351f157f710175dc95696ba4753cebca2dbe3ba6dbdfb6f6cf46be0d6b1722e0002ad9a5d6496e11ba90d6d5f346c73d1d0cb99edc92cc9f647e13e2dcc68cb490e8b9d4cf56bd9f31387b2ba32f3e37dd8af429ab61018d5cf4e334f4e53f0570a7aeed8ce210606a3f9924c18c7401cc697cb1b617495c54e585490c0a13119d6ee607dc7335ed91f088fe0018ad78c114cfaffbd9ef8da9415fe25557713b0b0cb3f6448db8fe2bd326fdb36da45bcbe54c76ab65f7bfae9681b9ca4b6d01d43c8ddf55a6fa057edd50470d7fd0f569355ecac7e1c939a6ac09d244bce0227c36b6a685ef1fb1ec253a57b302ed398e166c0d8ad76d7d1c37e2adc2f5b5431745b30bb05b37e84225322e095fa80f3758869c95bd2fc07d99b67641ba6d7b22121e7e0740bfb5a43a3505ecd629f4ee3d5da07f069bec1a15e94031f41c0897bd73c7378e5b50b5dd8a4bab3a3fa0127534b269f8c6c24defc13097f74d025ade519f2554658da83ea16a95bb4511359a0572b444d0f189901b30dfc2978e28bba32442a01533dc57e6defa6d12936db3e49b3764cd370723a089a37cccd7b61fef161553ba27d3daef411cd586f312e34ffe8402468b15f2e5021c1f7b2ce2ede0754cbe25c7653526ef4376a11454c92ad4b341b59d5aa0b0653c713a66c636c2317fba6237eade08c9f92ea34025feb0767817e52c20f88857a4a48bf4da5db4540454201faa4321c4edbb15ae8c1115f4e0c5b9eb43ef7a9a11ad264afada3c064a64ef010e13baa21cb458458485fab3f7740ef229416c7647307a17f7955eaf72bfec9f33662bd022ebdfd3b3c89939f47a0a4dd43973374091b675c028f5a5b3dfd55b2cb893376c82c27ac095852c7fdb4a34d3674b0d82b89c463c0e3fdbbb22568b815f660e76a6ffb49be1597fb70e3f7ab1f039c3a58622a27c2688b4f1f503fe6f824e43b9e1b4a962aa489b7817e0161cb60fe3265cdbf69bc1d1dce09563b0cbae17a78f912148955e9e968d951a79adeb7e33fa56873f823bd00647e82f468ee29eb07de9e9fc7b96e5be0a6f480c7949c05d206b69ae4cd8f5f404311611ff47f53bc449ff57da26d35fbafb13ceb52cfdeb105bbceaeb1af16a9bdbcb38c89337871ae2a3908059a404e7139e96ae18e5fe5ffcd6d57c3b2b7fa21626fa1864981f793469082e63a3e887e03c09d71514edc6d72ff71966d449942c624c7207677c96e8a0eece46c48a63e39f52f5e22fd4f1d9fde48cde148c6c3e90ef6f086c37e3abac8a8499afbee2560f70a06ba0970393ae96720fa9910e125ff4583c3be4fde4273517b0d9f1adb8b850ee31b2e63b06e40e88b34a6eefdda48854bd21a59f6c6e1091a0348521b186ec41e6dff769261f4a033983e137a3c8f6d193c978a00ceaf5f267d6086b141f36692e6c422d4ac19f1b6badfb11c4971be7688add33a75e7c929cd77af64abc2b03e449125b4076e245bb9b1f1ee0c27903db1c4061b16f11b315efa4ac517825d978f973f854486ac6438a24bf494b8875b6e1df2c023cfbd42cb2a396874347f2a0bb3dc405294365e3b8a73ca7ffe74df8da02a8dc86bc082e5bb40e4e17a53ceda2792abd339bc80b4d0fee53e4ae65af854b894a1f826987920b017b31ba30db7fb3675ec3a320e248217ecef642d7cc3cc283e267615f0b489e0b1860342ecb737b76b45ae75d0d558cd18314e40981681f69fd80a4a30de0c9493a1277f09fcaa35d3bb2aa1fd17cefa8783c084ca7f5559d68dbbb2c5db93af0761e7ae60b566effc2af661c7b1cc8fe6f138fb8b8722523e1f4234a64062512f2dab3d2f64cb13a0e9dfa3e6478b70f59fb87da1b8cd8a37d890c40e45229b538597065820e1697e9f1f14d841c378cdb9707087828765de251c400ac0295940756c4d13613024a95b189d4ca21b6d4ac98438ee8dc8087c45c0369394373a35076b4144ae4ea5d64c671d7f999f78fd987df397374bc5bce4eb4f46d0f34238ce992c64baee4485f1f9cbd950634222875491ec9fbf9e8d166f107c3cad002bbd7cd57ebb9029ab3d980c83355ddca6d64d23c95480a6416a3282e2297b97070d509c638565af966e20d83b8994d08da2a81805cd7ae4f09c63743ce8f5e46b7e9dd73ec3ff8e94cff4dcad5efc74d506b76b621ef545326f7c716f56cc981b6bf02c06b9eae2c07ef7cd794d3f502b77b2f71f39beb1da81f2e9a72e99a6995463c6eb912f5ffc3c78d45c4c689cd7e2f2b032efaae2381dee459238d874cab12013674ba55c11e816d2fada8135a2b223d2d5c1447a9a9124325ac44170191d89c28d8fb38c0fda6a2bf0559615366c9798f308b459ccd757a87c69e464807ff615832e76d11a43815f87f91ce7e6e155f48a82adae7845bf4c870399dbc656f68eada07bffe1214ccd4c06b077701a324c532ee61de2070e2af24e7642ce113a1bfde0f73c898b26b337b32860c541e3bb94b83dfa418e94c9415c39bc839945a5d00103e0c12ade6198cf00e2c3cfac0a9b0aec2db50ae5f591373fadfad8599422a9d6509ad0d55d46c823d4c959bc983298a08abacac9389b75e1c2f152f6bce3b97f826cf533eff17629212a59e92e4630fb05dda7ff3eafeffb7ffebf816365a9df971d3e7fb5f75ec8cf6603bcbbaa89ade37b541ccd235d2bb0534def533790d4e5547a350a79e645371fd19b2b8b4b19fb54909e786112f0e9aacd62efb9e46232f8dbfc2fea4fd2a21e00f07d981a94450626839c1fa1526d5d433e6955cab7470980e30beea260e4a55a9fe51c75a8e835b167e0617330e58edb5b76eaa1c4bc6a59247dc491c773eb4c14c14349a6b42164ca6d943af5512f5e7e5866730cc3fc4b4a7e19b4ae6c33d82b32459faf9107304b5a9e45cf2ca030a52ac62b24976b4d07792aff13e674480c12f8b35017cacd53b786c25f2ae229f6101da83836e8dba304b230466f75997afc7a5eae602ed07960c8f75a84afb82127f235cf8fd5c2849c9dac54c076b62af3726aef120699afef0cc3e6d43b662fb365956c6e526311860a52bd57281634fe8cf642bf774763ec29138cde9b73a886ccba9b0637cd64eab4c9afc8cc9d8d95df64d6aa40e7218e68c2c49d634e2457c93d66a62d1d097e66a0d6f51f8116143a9a3541e82dc34dc0302289f22f1d1d64cff1b8b2afdd5845f798674216745e8faefb9193c1f1a0d7a8f647f3d15197efba2ab0f7b2c44266a112dc42854308eb14218519bb97d171a38064c33a66c8e2b18f90b2540d97615ecd4f36d28d0849ac49169e697809c7a131d207ae53f9f3efffd9a2e1709b7abf23147cd5e59ad85b9289c58d94f450fbfcc9f8cb4f4b0d8e4f7f9b0d32122fd9ea2e545bc2bc22ee63748abbb825d3cd4a5fa8c04a5d9d58cb79e2ebf6f6b730a8b03de7fe525c161027392babbcfbec25beba1ec328b80c88bfb4ab2755524244b72884a1eeb7b7c068be270c14caa039ae885df0e34fbf0bf3d8c09d18dd31823a911ff9ced17710e1fa39da3cdb92513a430ee45da51f8f99cc1d284d240567325b9d5aa8588ecb465941184e6b36e13334b5063e42e1d1f47d8fe1ebe0ba5b1458e45ee9a2840f20e78b4ed3f3b91e702f80fea8d3926b3b15fcc77673e28825bf531f733e8ba9c5421a346f1a92344c2a925967aa0e68a36fc2d73c9b8f151d2e1c7fa743aa94114e7d5f14c660005272fb3e5c1de51f9ec51ffbbea90f5820a223fd94daad2f46bfe657d057fef68a5ef97688d75775cec19234e314e7b3ce97a4e33310ed70864746a38db9165b8aea23f81bfa945d0902ec206dfd424b9b58250b4d87667ca7802e1bf05cbcd6f46f59ac94148737963b42c399b12f70b054b341734e2ec1028d88bfa9dcc415bd90b0d36f544de00"/4096, 0x1000, 0x7, 0x0, 0x1, r6}]) [ 906.212431] loop5: detected capacity change from 0 to 260 15:45:56 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) [ 906.226905] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:45:56 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x5000000, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:45:56 executing program 6: ioctl$AUTOFS_IOC_PROTOSUBVER(0xffffffffffffffff, 0x80049367, &(0x7f0000000080)) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) fcntl$setstatus(r1, 0x4, 0x40000) 15:45:56 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x2000000, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:45:56 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) 15:45:56 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7}) 15:45:56 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 23) 15:45:56 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x6000000, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 906.346225] FAULT_INJECTION: forcing a failure. [ 906.346225] name failslab, interval 1, probability 0, space 0, times 0 [ 906.347521] CPU: 1 PID: 8316 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 906.348527] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 906.349730] Call Trace: [ 906.350007] [ 906.350240] dump_stack_lvl+0x8b/0xb3 [ 906.350653] should_fail.cold+0x5/0xa [ 906.351074] ? alloc_workqueue+0x914/0xeb0 [ 906.351537] should_failslab+0x5/0x10 [ 906.351945] __kmalloc+0x72/0x440 [ 906.352316] alloc_workqueue+0x914/0xeb0 [ 906.352742] ? do_raw_spin_unlock+0x4f/0x210 [ 906.353207] ? _raw_spin_unlock+0x24/0x40 [ 906.353660] ? bd_prepare_to_claim+0x164/0x300 [ 906.354139] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 906.354663] ? __fget_files+0x28d/0x470 [ 906.355095] ? loop_configure+0x62b/0x1950 [ 906.355549] loop_configure+0x6ec/0x1950 [ 906.355972] ? putname+0xfe/0x140 [ 906.356346] lo_ioctl+0x782/0x1860 [ 906.356716] ? avc_has_extended_perms+0x7e8/0xeb0 [ 906.357222] ? loop_set_status_old+0x1b0/0x1b0 [ 906.357711] ? fsnotify+0xb4f/0x1250 [ 906.358096] ? avc_ss_reset+0x180/0x180 [ 906.358513] ? fsnotify_first_mark+0x1f0/0x1f0 [ 906.358986] ? rcu_read_lock_sched_held+0xd/0x70 [ 906.359485] ? lock_acquire+0x41c/0x4d0 [ 906.359907] ? rcu_read_lock_sched_held+0xd/0x70 [ 906.360409] ? lock_release+0x505/0x6f0 [ 906.360820] ? find_and_remove_object+0xe4/0x120 [ 906.361327] ? __delete_object+0xb3/0x100 [ 906.361760] ? lock_downgrade+0x6d0/0x6d0 [ 906.362190] ? rwlock_bug.part.0+0x90/0x90 [ 906.362630] ? rcu_read_lock_sched_held+0xd/0x70 [ 906.363144] ? selinux_inode_getsecctx+0x90/0x90 [ 906.363641] ? loop_set_status_old+0x1b0/0x1b0 [ 906.364114] blkdev_ioctl+0x362/0x7f0 [ 906.364507] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 906.365010] ? __x64_sys_ioctl+0x97/0x210 [ 906.365445] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 906.366028] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 906.366522] __x64_sys_ioctl+0x196/0x210 [ 906.366944] do_syscall_64+0x3b/0x90 [ 906.367354] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 906.367886] RIP: 0033:0x7f01cb9288d7 [ 906.368283] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 906.370197] RSP: 002b:00007f01c8e9df48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 906.370991] RAX: ffffffffffffffda RBX: 00007f01cb972970 RCX: 00007f01cb9288d7 [ 906.371751] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 906.372496] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 906.373229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 906.373969] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002 [ 906.374710] [ 916.681928] FAULT_INJECTION: forcing a failure. [ 916.681928] name failslab, interval 1, probability 0, space 0, times 0 15:46:07 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7}) 15:46:07 executing program 4: r0 = syz_genetlink_get_family_id$tipc(&(0x7f0000000880), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_LINK_WINDOW(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000940)={&(0x7f00000008c0)={0x68, r0, 0x0, 0x70bd2d, 0x0, {{}, {}, {0x4c, 0x18, {0x0, @link='broadcast-link\x00'}}}, [""]}, 0x68}}, 0x0) sendmsg$TIPC_CMD_DISABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, r0, 0x100, 0x70bd29, 0x25dfdbfb, {{}, {}, {0x10, 0x13, @l2={'eth', 0x3a, 'ip6gre0\x00'}}}, ["", ""]}, 0x2c}, 0x1, 0x0, 0x0, 0x2000c080}, 0x4000010) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x30, 0x0, 0x800, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0xe2, 0x63}}}}, [@NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000) ioctl$TUNGETVNETHDRSZ(r1, 0x800454d7, &(0x7f0000000080)) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r2, &(0x7f0000000140)={0x37}, 0x14) ioctl$TUNSETVNETLE(r2, 0x400454dc, &(0x7f00000001c0)=0x1) r3 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r2, 0xc018937e, &(0x7f0000000340)={{0x1, 0x1, 0x18, r3, @in_args={0x2}}, './file0\x00'}) r5 = syz_genetlink_get_family_id$devlink(&(0x7f00000003c0), r2) sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(r4, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x38, r5, 0x8, 0x70bd2c, 0x25dfdbfd, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0xac}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8001}, 0x20004850) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:46:07 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) 15:46:07 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x7000000, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:46:07 executing program 2: sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x60, 0x0, 0x100, 0x70bd28, 0x25dfdbfc, {}, [@SEG6_ATTR_ALGID={0x5, 0x6, 0xe9}, @SEG6_ATTR_SECRETLEN={0x5}, @SEG6_ATTR_SECRET={0x18, 0x4, [0x7f, 0x7, 0x1fd50ad3, 0xffff8001, 0xffffffff]}, @SEG6_ATTR_SECRET={0x14, 0x4, [0x0, 0x7ff, 0x0, 0x10001]}, @SEG6_ATTR_HMACKEYID={0x8}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x20}]}, 0x60}, 0x1, 0x0, 0x0, 0x20000040}, 0x8000) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = accept4(0xffffffffffffffff, &(0x7f00000001c0)=@nfc_llcp, &(0x7f0000000240)=0x80, 0x80000) sendmsg$SMC_PNETID_GET(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)={0x14, 0x0, 0x300, 0x70bd2c, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x8000) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x4, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f0000000300)={'wg0\x00'}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) sendmsg$NL80211_CMD_DEL_MPATH(r1, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x68, 0x0, 0x2, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x68}, 0x1, 0x0, 0x0, 0x800}, 0x800) r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000600)='./file0\x00', 0x80001) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) r6 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)={0x30, r5, 0xd0b, 0x0, 0x0, {}, [@ETHTOOL_A_RINGS_RX_MINI={0x8, 0xa, 0xf7d}, @ETHTOOL_A_RINGS_TX={0x8, 0x9, 0x8}, @ETHTOOL_A_RINGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}]}]}, 0x30}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000840)={'syztnl2\x00', &(0x7f00000007c0)={'syztnl2\x00', r7, 0x4, 0xf9, 0x9d, 0x27, 0x40, @dev={0xfe, 0x80, '\x00', 0x1d}, @mcast1, 0x8, 0x7800, 0x6d6, 0x2685}}) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff) sendmsg$NL80211_CMD_DEAUTHENTICATE(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x28, r9, 0x501, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @random="1f4a8df1b4ae"}]}, 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000780)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000680)={0xb0, r9, 0x1, 0x70bd2c, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xffffffff, 0x63}}}}, [@NL80211_ATTR_MESH_ID={0xa}, @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MNTR_FLAGS={0x18, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}]}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "62e049beed3e08cefcf5583ca329035fe61e90ca588efe2c"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}], @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}, @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_MESH_ID={0xa}]}, 0xb0}}, 0x4) 15:46:07 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x434000, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000040), 0xfffffffffffffffb, 0x2001) ioctl$CDROMREADAUDIO(r1, 0x530e, &(0x7f00000000c0)={@msf={0xff, 0x3f, 0xca}, 0x2, 0x29, &(0x7f0000000080)=""/41}) 15:46:07 executing program 0: ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000180)={'syzkaller0\x00'}) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) r1 = eventfd(0x27) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r1, 0xf505, 0x0) syz_io_uring_setup(0x1a1a, &(0x7f0000000280)={0x0, 0x0, 0x1, 0x1, 0x225}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080), &(0x7f00000006c0)) 15:46:07 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 24) [ 916.684393] CPU: 1 PID: 8347 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 916.686655] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 916.689042] Call Trace: [ 916.689584] [ 916.690049] dump_stack_lvl+0x8b/0xb3 [ 916.690863] should_fail.cold+0x5/0xa [ 916.691683] ? alloc_workqueue+0x914/0xeb0 [ 916.692578] should_failslab+0x5/0x10 [ 916.693378] __kmalloc+0x72/0x440 [ 916.694111] alloc_workqueue+0x914/0xeb0 [ 916.694969] ? do_raw_spin_unlock+0x4f/0x210 [ 916.695926] ? _raw_spin_unlock+0x24/0x40 [ 916.696811] ? bd_prepare_to_claim+0x164/0x300 [ 916.697779] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 916.698843] ? __fget_files+0x28d/0x470 [ 916.699693] ? loop_configure+0x62b/0x1950 [ 916.700590] loop_configure+0x6ec/0x1950 [ 916.701451] ? putname+0xfe/0x140 [ 916.702192] lo_ioctl+0x782/0x1860 [ 916.702944] ? avc_has_extended_perms+0x7e8/0xeb0 [ 916.703993] ? loop_set_status_old+0x1b0/0x1b0 [ 916.704960] ? fsnotify+0xb4f/0x1250 [ 916.705742] ? avc_ss_reset+0x180/0x180 [ 916.706590] ? fsnotify_first_mark+0x1f0/0x1f0 [ 916.707561] ? rcu_read_lock_sched_held+0xd/0x70 [ 916.708557] ? lock_acquire+0x41c/0x4d0 [ 916.709394] ? rcu_read_lock_sched_held+0xd/0x70 [ 916.710390] ? lock_release+0x505/0x6f0 [ 916.711237] ? find_and_remove_object+0xe4/0x120 [ 916.712240] ? __delete_object+0xb3/0x100 [ 916.713118] ? lock_downgrade+0x6d0/0x6d0 [ 916.713987] ? rwlock_bug.part.0+0x90/0x90 [ 916.714879] ? rcu_read_lock_sched_held+0xd/0x70 [ 916.715904] ? selinux_inode_getsecctx+0x90/0x90 [ 916.716904] ? loop_set_status_old+0x1b0/0x1b0 [ 916.717863] blkdev_ioctl+0x362/0x7f0 [ 916.718654] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 916.719653] ? __x64_sys_ioctl+0x97/0x210 [ 916.720520] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 916.721672] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 916.722661] __x64_sys_ioctl+0x196/0x210 [ 916.723521] do_syscall_64+0x3b/0x90 [ 916.724311] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 916.725388] RIP: 0033:0x7f01cb9288d7 [ 916.726161] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 916.730069] RSP: 002b:00007f01c8e9df48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 916.731671] RAX: ffffffffffffffda RBX: 00007f01cb972970 RCX: 00007f01cb9288d7 [ 916.733164] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 916.734659] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 916.736172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 916.737670] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002 [ 916.739191] 15:46:07 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x9000000, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:46:07 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 25) 15:46:07 executing program 0: ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000180)={'syzkaller0\x00'}) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) r1 = eventfd(0x27) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r1, 0xf505, 0x0) 15:46:07 executing program 6: ioctl$TIOCSRS485(0xffffffffffffffff, 0x542f, &(0x7f0000000c00)={0xffff0001, 0x401, 0x80000000}) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) r2 = accept4$packet(r0, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000280)=0x14, 0x800) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r3, &(0x7f0000000140)={0x37}, 0x14) r4 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000540), 0x400000, 0x0) io_submit(0x0, 0x5, &(0x7f0000000680)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x6, 0x7f, r1, &(0x7f0000000140)="427a408a5ae360726a011e8fd8afc87263469a9192f169f18e192c7dad90320a5cc40c369e06a1da0d3e9fe18c3ff6d633a92b0421800abdde44a064a54b4fe9437c6ee27287d5ee469d896eefb15fddb0e431bfdcabbd782ab257a0ef6bb8cfc45a126592be793c055b073068f2a9ca0f1a4c6afc50f67d5f377e76f759f3d05d420dfb6c4f8568361395cd3b0780db8e6b9fae42bd9dc572b3ec038e", 0x9d, 0xa994, 0x0, 0x3, r0}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x5, 0x7, r2, &(0x7f00000002c0)="8b9f224b6b87467f079b9a175c0042ee4112acc8d3a67a7f2426bf49ffc216826d27c6a6ae6249fc5bc5dd35a17c65514170742671e7f2e716c7e0a4904030b8f9127aedc24e36eaa98879635626ef16c4f1e87d60798733fff0", 0x5a, 0x2, 0x0, 0x2, r3}, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x5, 0xfffd, r0, &(0x7f0000000380)="777c106a95bf2c8440ed6e16cf4fe92ee579742b4406fc68fac1a9045fe3babed1a79d4f1fb7ea091e8b0cc445cda8f2b06ea603648409dd086d5fca19dda92a6981e22c0d8398159434c6f509361f4dd612dde1cd395b5a1b353c92c7cb53ee8ee35ab77a7ebdcbd24d5c68c5fa932db60cf68098039dcbb7958141420f93612fbb0b80b2ab546e701174db0a4b66bcf0661a4e627ba106e82fb380455360cd212b645f7468311f477016319961f496d0db74e4a984d01d2884", 0xba, 0x8001, 0x0, 0x1, r0}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x8, 0x1, r0, &(0x7f0000000480)="342f359604116efce78d5adbceaee10ad7d39da62dd4c9dce071628a5ed1f6af9a0204864103aded5580ee8f8d9271414a90d72c417983cbe219ee2a2f5cc0d36ac9135c2548da33a38c98ba6c1d58471aa8f464afb0cb56404a4e0b6de20f341a62e34bc4dc8c4e6a43bc1c50be", 0x6e, 0xffffffffffffff00, 0x0, 0x2}, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x6, 0x81, r4, &(0x7f0000000580)="40e65aa79c84682c2935ea7368cace75bb59812098fd6536bda33a84eb0a2476fe086d406e54e1af108096f3370d3d982d1a485445907add37fd32859f80c5deb89f39bb1139bcf0ad6ded6d34a64809e017a15f59e77f991d8ace99da9840d6da14dc089ca63191850744f1b1c85250dbc9dc0051263f499e379e4405423957aea480af9106fb42951002f4698bf090620fda9f58149b68cb33f533aa7b7beca0ceedb56bf11495689c9ec06cdb01104ddd269772e73525", 0xb8, 0x3, 0x0, 0x2, r0}]) r5 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r5, &(0x7f0000000140)={0x37}, 0x14) ioctl$BTRFS_IOC_SCRUB(r5, 0xc400941b, &(0x7f00000006c0)={0x0, 0x10001, 0x3}) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) r6 = epoll_create(0x7ff) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000b00), r3) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000bc0)={&(0x7f0000000ac0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000b80)={&(0x7f0000000b40)={0x28, r7, 0x10, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_P2P_OPPPS={0x5, 0xa3, 0x1}]}, 0x28}}, 0x41) lseek(r0, 0x2, 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x100000, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[{@access_client}], [{@dont_appraise}, {@smackfsdef={'smackfsdef', 0x3d, '/dev/sr0\x00'}}]}}) 15:46:07 executing program 7: fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7}) 15:46:07 executing program 4: ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000180)={'syzkaller0\x00'}) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) r1 = eventfd(0x27) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r1, 0xf505, 0x0) syz_io_uring_setup(0x1a1a, &(0x7f0000000280)={0x0, 0x0, 0x1, 0x1, 0x225}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000006c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) [ 916.846414] FAULT_INJECTION: forcing a failure. [ 916.846414] name failslab, interval 1, probability 0, space 0, times 0 [ 916.847657] CPU: 0 PID: 8376 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 916.848690] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 916.849939] Call Trace: [ 916.850209] [ 916.850442] dump_stack_lvl+0x8b/0xb3 [ 916.850870] should_fail.cold+0x5/0xa [ 916.851296] ? alloc_workqueue_attrs+0x38/0x80 [ 916.851784] should_failslab+0x5/0x10 [ 916.852190] kmem_cache_alloc_trace+0x55/0x3c0 [ 916.852684] alloc_workqueue_attrs+0x38/0x80 [ 916.853175] alloc_workqueue+0x939/0xeb0 [ 916.853630] ? do_raw_spin_unlock+0x4f/0x210 [ 916.854096] ? _raw_spin_unlock+0x24/0x40 [ 916.854561] ? bd_prepare_to_claim+0x164/0x300 [ 916.855056] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 916.855634] ? __fget_files+0x28d/0x470 [ 916.856057] ? loop_configure+0x62b/0x1950 [ 916.856534] loop_configure+0x6ec/0x1950 [ 916.856971] ? putname+0xfe/0x140 [ 916.857363] lo_ioctl+0x782/0x1860 [ 916.857746] ? avc_has_extended_perms+0x7e8/0xeb0 [ 916.858291] ? loop_set_status_old+0x1b0/0x1b0 [ 916.858785] ? fsnotify+0xb4f/0x1250 [ 916.859211] ? avc_ss_reset+0x180/0x180 [ 916.859653] ? fsnotify_first_mark+0x1f0/0x1f0 [ 916.860135] ? rcu_read_lock_sched_held+0xd/0x70 [ 916.860659] ? lock_acquire+0x41c/0x4d0 [ 916.861089] ? rcu_read_lock_sched_held+0xd/0x70 [ 916.861617] ? lock_release+0x505/0x6f0 [ 916.862060] ? find_and_remove_object+0xe4/0x120 [ 916.862618] ? __delete_object+0xb3/0x100 [ 916.863085] ? lock_downgrade+0x6d0/0x6d0 [ 916.863561] ? rwlock_bug.part.0+0x90/0x90 [ 916.864039] ? rcu_read_lock_sched_held+0xd/0x70 [ 916.864570] ? selinux_inode_getsecctx+0x90/0x90 [ 916.865105] ? loop_set_status_old+0x1b0/0x1b0 [ 916.865612] blkdev_ioctl+0x362/0x7f0 [ 916.866018] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 916.866550] ? __x64_sys_ioctl+0x97/0x210 [ 916.866988] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 916.867582] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 916.868081] __x64_sys_ioctl+0x196/0x210 [ 916.868510] do_syscall_64+0x3b/0x90 [ 916.868912] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 916.869462] RIP: 0033:0x7f01cb9288d7 [ 916.869855] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 916.871807] RSP: 002b:00007f01c8e9df48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 916.872607] RAX: ffffffffffffffda RBX: 00007f01cb972970 RCX: 00007f01cb9288d7 [ 916.873364] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 916.874120] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 916.874882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 916.875639] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002 [ 916.876421] 15:46:07 executing program 1: mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:46:07 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0xf000000, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 919.271355] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 919.273119] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 919.275441] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 919.278670] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 919.280334] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 919.282717] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 921.305950] Bluetooth: hci6: command 0x0409 tx timeout [ 923.354005] Bluetooth: hci6: command 0x041b tx timeout [ 925.401894] Bluetooth: hci6: command 0x040f tx timeout [ 925.468460] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 925.469933] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 925.477560] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 925.491074] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 925.492518] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 925.494035] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 927.449905] Bluetooth: hci6: command 0x0419 tx timeout 15:46:27 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x4a0f, &(0x7f0000000080)={0x0, 0xcacd, 0x10, 0x0, 0xcc, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)) syz_io_uring_submit(r2, 0x0, &(0x7f0000000180)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4004, @fd=r0, 0x3, 0x8, 0x2, 0x20, 0x1, {0x1}}, 0xcf) 15:46:27 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x75010000, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:46:27 executing program 4: ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000180)={'syzkaller0\x00'}) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) r1 = eventfd(0x27) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r1, 0xf505, 0x0) syz_io_uring_setup(0x1a1a, &(0x7f0000000280)={0x0, 0x0, 0x1, 0x1, 0x225}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000006c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) socketpair(0x2b, 0x3, 0x80000000, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$FOU_CMD_ADD(r4, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x38, 0x0, 0x800, 0x70bd28, 0x25dfdbfe, {}, [@FOU_ATTR_IFINDEX={0x8}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e22}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @mcast2}]}, 0x38}, 0x1, 0x0, 0x0, 0x81}, 0x4) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000640)={0x0, 0xcf95, 0x200}) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001640)={0x0, 0x0, {0x0, @usage, 0x0}, {0x0, @usage, 0x0}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000e40)={0x0, 0x1, {0x9, @struct={0x1e9f, 0x7}, r6, 0xfffffffffffffff8, 0x4, 0x800, 0x9, 0x1, 0xc0, @struct={0x4, 0xffffffff}, 0x7ff, 0x81, [0x8001, 0x0, 0x2, 0x0, 0x7ff, 0x3]}, {0x7, @struct={0x5, 0x1f}, 0x0, 0x7, 0x7, 0x22e3, 0x0, 0xff, 0x400, @usage=0x401, 0x0, 0x9, [0x9, 0x0, 0xc55, 0xe522, 0x2, 0x3303]}, {0x3, @struct={0x1, 0xfffffff8}, r7, 0x0, 0x7fffffff, 0x8e6, 0x5, 0x4, 0x404, @struct={0x2, 0x8}, 0x6, 0x0, [0x3, 0x8, 0x4, 0x1ff]}, {0xd23, 0x20, 0x7fff}}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000700)={r6, 0x7, 0xeec}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) 15:46:27 executing program 7: fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7}) 15:46:27 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x80a81, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) 15:46:27 executing program 0: ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000180)={'syzkaller0\x00'}) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) eventfd(0x27) 15:46:27 executing program 1: syz_open_dev$mouse(0x0, 0x6, 0x1) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:46:27 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 26) [ 937.191347] FAULT_INJECTION: forcing a failure. [ 937.191347] name failslab, interval 1, probability 0, space 0, times 0 [ 937.192638] CPU: 0 PID: 8865 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 937.193644] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 937.194823] Call Trace: [ 937.195102] [ 937.195340] dump_stack_lvl+0x8b/0xb3 [ 937.195754] should_fail.cold+0x5/0xa [ 937.196160] ? create_object.isra.0+0x3a/0xa20 [ 937.196649] should_failslab+0x5/0x10 [ 937.197047] kmem_cache_alloc+0x5b/0x480 [ 937.197484] create_object.isra.0+0x3a/0xa20 [ 937.197951] ? kasan_unpoison+0x23/0x50 [ 937.198376] kmem_cache_alloc_trace+0x22e/0x3c0 [ 937.198864] alloc_workqueue_attrs+0x38/0x80 [ 937.199334] alloc_workqueue+0x939/0xeb0 [ 937.199772] ? do_raw_spin_unlock+0x4f/0x210 [ 937.200243] ? _raw_spin_unlock+0x24/0x40 [ 937.200686] ? bd_prepare_to_claim+0x164/0x300 [ 937.201180] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 937.201704] ? __fget_files+0x28d/0x470 [ 937.202125] ? loop_configure+0x62b/0x1950 [ 937.202565] loop_configure+0x6ec/0x1950 [ 937.202998] ? putname+0xfe/0x140 [ 937.203374] lo_ioctl+0x782/0x1860 [ 937.203763] ? avc_has_extended_perms+0x7e8/0xeb0 [ 937.204274] ? loop_set_status_old+0x1b0/0x1b0 [ 937.204750] ? fsnotify+0xb4f/0x1250 [ 937.205143] ? avc_ss_reset+0x180/0x180 [ 937.205563] ? fsnotify_first_mark+0x1f0/0x1f0 [ 937.206041] ? rcu_read_lock_sched_held+0xd/0x70 [ 937.206542] ? lock_acquire+0x41c/0x4d0 [ 937.206958] ? rcu_read_lock_sched_held+0xd/0x70 [ 937.207453] ? lock_release+0x505/0x6f0 [ 937.207874] ? find_and_remove_object+0xe4/0x120 [ 937.208368] ? __delete_object+0xb3/0x100 [ 937.208804] ? lock_downgrade+0x6d0/0x6d0 [ 937.209241] ? rwlock_bug.part.0+0x90/0x90 [ 937.209684] ? rcu_read_lock_sched_held+0xd/0x70 [ 937.210191] ? selinux_inode_getsecctx+0x90/0x90 [ 937.210690] ? loop_set_status_old+0x1b0/0x1b0 [ 937.211172] blkdev_ioctl+0x362/0x7f0 [ 937.211579] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 937.212076] ? __x64_sys_ioctl+0x97/0x210 [ 937.212509] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 937.213100] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 937.213595] __x64_sys_ioctl+0x196/0x210 [ 937.214031] do_syscall_64+0x3b/0x90 [ 937.214428] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 937.214980] RIP: 0033:0x7f01cb9288d7 [ 937.215366] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 937.217344] RSP: 002b:00007f01c8e9df48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 937.218143] RAX: ffffffffffffffda RBX: 00007f01cb972970 RCX: 00007f01cb9288d7 [ 937.218899] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 937.219664] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 937.220408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 937.221156] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002 [ 937.221912] [ 937.230576] loop5: detected capacity change from 0 to 260 15:46:27 executing program 1: ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000180)={'syzkaller0\x00'}) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) r1 = eventfd(0x27) ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(r1, 0xf505, 0x0) syz_io_uring_setup(0x1a1a, &(0x7f0000000280)={0x0, 0x0, 0x1, 0x1, 0x225}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000080)=0x0, &(0x7f00000006c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) socketpair(0x2b, 0x3, 0x80000000, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$FOU_CMD_ADD(r4, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x38, 0x0, 0x800, 0x70bd28, 0x25dfdbfe, {}, [@FOU_ATTR_IFINDEX={0x8}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e22}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @mcast2}]}, 0x38}, 0x1, 0x0, 0x0, 0x81}, 0x4) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000640)={0x0, 0xcf95, 0x200}) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001640)={0x0, 0x0, {0x0, @usage, 0x0}, {0x0, @usage, 0x0}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000e40)={0x0, 0x1, {0x9, @struct={0x1e9f, 0x7}, r6, 0xfffffffffffffff8, 0x4, 0x800, 0x9, 0x1, 0xc0, @struct={0x4, 0xffffffff}, 0x7ff, 0x81, [0x8001, 0x0, 0x2, 0x0, 0x7ff, 0x3]}, {0x7, @struct={0x5, 0x1f}, 0x0, 0x7, 0x7, 0x22e3, 0x0, 0xff, 0x400, @usage=0x401, 0x0, 0x9, [0x9, 0x0, 0xc55, 0xe522, 0x2, 0x3303]}, {0x3, @struct={0x1, 0xfffffff8}, r7, 0x0, 0x7fffffff, 0x8e6, 0x5, 0x4, 0x404, @struct={0x2, 0x8}, 0x6, 0x0, [0x3, 0x8, 0x4, 0x1ff]}, {0xd23, 0x20, 0x7fff}}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000700)={r6, 0x7, 0xeec}) r8 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r8, 0x40305839, &(0x7f00000001c0)=ANY=[@ANYBLOB="0600000000fddda786adff1800000ceb0000002b00db2ba571f584e22000000000000000"]) [ 937.251736] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:46:27 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x9effffff, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:46:27 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 27) 15:46:27 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0xf0ffffff, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:46:27 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) r1 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) clone3(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0], 0x8}, 0x58) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8b, 0x1, r1}) [ 937.339329] FAULT_INJECTION: forcing a failure. [ 937.339329] name failslab, interval 1, probability 0, space 0, times 0 [ 937.340561] CPU: 0 PID: 8888 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 937.341556] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 937.342750] Call Trace: [ 937.343022] [ 937.343257] dump_stack_lvl+0x8b/0xb3 [ 937.343677] should_fail.cold+0x5/0xa [ 937.344083] should_failslab+0x5/0x10 [ 937.344482] __kmalloc_track_caller+0x79/0x420 [ 937.344973] ? kasprintf+0xbb/0xf0 [ 937.345351] kvasprintf+0xb5/0x150 [ 937.345723] ? bust_spinlocks+0xe0/0xe0 [ 937.346152] ? rcu_read_lock_sched_held+0xd/0x70 [ 937.346658] ? preempt_count_add+0x74/0x140 [ 937.347116] ? __is_module_percpu_address+0x237/0x300 [ 937.347674] kasprintf+0xbb/0xf0 [ 937.348041] ? kvasprintf_const+0x190/0x190 [ 937.348499] ? save_trace+0xd00/0xd00 [ 937.348905] ? lockdep_init_map_type+0x21a/0x7e0 [ 937.349405] alloc_workqueue+0x408/0xeb0 [ 937.349833] ? do_raw_spin_unlock+0x4f/0x210 [ 937.350300] ? _raw_spin_unlock+0x24/0x40 [ 937.350739] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 937.351273] ? __fget_files+0x28d/0x470 [ 937.351706] ? loop_configure+0x62b/0x1950 [ 937.352159] loop_configure+0x6ec/0x1950 [ 937.352594] ? putname+0xfe/0x140 [ 937.352974] lo_ioctl+0x782/0x1860 [ 937.353347] ? avc_has_extended_perms+0x7e8/0xeb0 [ 937.353867] ? loop_set_status_old+0x1b0/0x1b0 [ 937.354347] ? fsnotify+0xb4f/0x1250 [ 937.354743] ? avc_ss_reset+0x180/0x180 [ 937.355163] ? fsnotify_first_mark+0x1f0/0x1f0 [ 937.355675] ? rcu_read_lock_sched_held+0xd/0x70 [ 937.356178] ? lock_acquire+0x41c/0x4d0 [ 937.356597] ? rcu_read_lock_sched_held+0xd/0x70 [ 937.357104] ? lock_release+0x505/0x6f0 [ 937.357526] ? find_and_remove_object+0xe4/0x120 [ 937.358034] ? __delete_object+0xb3/0x100 [ 937.358483] ? lock_downgrade+0x6d0/0x6d0 [ 937.358922] ? rwlock_bug.part.0+0x90/0x90 [ 937.359373] ? rcu_read_lock_sched_held+0xd/0x70 [ 937.359891] ? selinux_inode_getsecctx+0x90/0x90 [ 937.360401] ? loop_set_status_old+0x1b0/0x1b0 [ 937.360898] blkdev_ioctl+0x362/0x7f0 [ 937.361297] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 937.361804] ? __x64_sys_ioctl+0x97/0x210 [ 937.362240] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 937.362822] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 937.363322] __x64_sys_ioctl+0x196/0x210 [ 937.363760] do_syscall_64+0x3b/0x90 [ 937.364161] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 937.364703] RIP: 0033:0x7f01cb9288d7 [ 937.365099] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 937.367049] RSP: 002b:00007f01c8e9df48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 937.367877] RAX: ffffffffffffffda RBX: 00007f01cb972970 RCX: 00007f01cb9288d7 [ 937.368627] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 937.369390] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 937.370148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 937.370910] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002 [ 937.371684] [ 937.386370] loop5: detected capacity change from 0 to 260 15:46:27 executing program 7: fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7}) 15:46:27 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000240), 0x181081, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0xfffffffc, 0x0, 0x0, 0x1ce, 0x0, r1}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) syz_io_uring_setup(0x4b87, &(0x7f0000000080)={0x0, 0x4e54, 0x0, 0x3, 0x2f2}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'veth0_to_bridge\x00'}) write$P9_RMKNOD(r3, &(0x7f0000000140)={0x37}, 0x14) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000001c0)={'batadv_slave_0\x00'}) syz_io_uring_submit(r2, 0x0, &(0x7f0000000180)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x5, 0x0, 0x0, 0x0, 0x23456}, 0x1) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:46:27 executing program 0: ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000180)={'syzkaller0\x00'}) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) [ 937.420434] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:46:27 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1d5}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000fff000/0x1000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:46:27 executing program 1: r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x7}, ["", "", "", "", "", ""]}, 0x14}}, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) mlock(&(0x7f0000ffa000/0x2000)=nil, 0x2000) 15:46:39 executing program 7: r0 = openat$sr(0xffffffffffffff9c, 0x0, 0x40b01, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7}) 15:46:39 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0xfcffffff, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:46:39 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) pwritev2(r1, &(0x7f0000000200)=[{&(0x7f0000000080)="c5168c272893c06819773388cf1faf0c06f732486eafd807bb3f20ee81a968d79c8ddf0ad44ec8c267dc3af1258248af", 0x30}, {&(0x7f00000000c0)="baf291f6b6165d1a65547be095d099c27ee17e76eb518979c5b5e667890f263df0f0b2396a38951c", 0x28}, {&(0x7f0000000100)}, {&(0x7f0000000140)="ba65f1852444f28348b5e9fa8a5abbf9d84627ddc61859b808a8c52ed69a1c5b3f32e773d384828a18c4f23f409ab1c816380d4ed29d496aec8a08e35f1dabb841f77267a6210c816c86a03fc0418fb13a28e7e7c9931f474d36d5d34c5a1fae4c4abb660990754f6928ff5cfe04429424ef4d774a41e801d59b8b0804e9984828226bffac34c4c0fdc826ee34f97f00afc4dc11889252ca6bcbd15dd2bb217c31b1d8", 0xa3}, {&(0x7f00000002c0)="a43be04e0062aae926b25a34462d67c0c03033487351240eed8cf083655e816e6f771b53652cab92388d9b34b54176d9c4b28eeaebda0a018c44caf655a4b52b8fb468afdfc7f31bd1ef7d9ae9636441529d9f348da20cc38fce4a0babd85214ef0f42efff96dcabb696a804637915e270a4c9958fc89db753bd4a6e5dc187c1d1b39e0c8fb7edc58da8506d4fb37a5532c4b05b2b361a228a87346c2ac0b2e0f2cf05d7037b83e6ec7794f9", 0xac}, {&(0x7f0000000380)="aa4b50b23ff38786bcf9b69e931fc1e74d88176a3a92febe9accaf14f13fc3d8f12492bb83c498d0f0e32e27ca7eef5917cdd259b5ce87a2f8b5b107ec0d5822217af0238898bb31d97d9f2927cebb3980a11456e44ed8a2282cfb4855bcf9a77506b2f06cb2e9214bce20900cdcfd01757209719df9e35391100fbd40882696b836944bdbd9eb", 0x87}, {&(0x7f0000000440)="338f68516f652de062e69e794ecb6be1c1bf814058e686cc1a388ed1b47523e1e87ca4c37d23cd5ac9d12703ac5218c9870193795ab059cf2f303070a9feb3484376b2d9b142d84a4cdebaba11114c56a9e60461eeb73dd72fce03610a978295276acf4fce2965a6bc3e7610129da332b0c5255cdcfa1c1988ec8e5c0c9ce48aa6dd867e6ef47a2e94069b397ee141b5d1fcc671e5d9400691c02f686999dbf5", 0xa0}, {&(0x7f0000000500)="6512475b7b3d56aec2043281b9fa663419508ca282b95d62992ea54db0f6a97954b4792ea3e777c3c858fcc18bb7c7100f984f58c7ee4a2cb79a32c1d7784603bbc5891cc570dbefc8b0ed63e0f30fdd84273fea7748a5fda5feccecd939322840355b5b78345c72c90ee4ab5050f86b7ad902b7f74b2db8fc4b09ede71373979ec7058bc2ad6839f07c9d9cd63b1cc2d22a3de4fd8e12447828bb3fa5ba0a66f1fbc920d1eb82955d1c3c3640e3772bf34f8b068ad837ca95c5129e9020a03ba9161a47f23fdfadcb5426697213c15432b4107b0346f0cc181cd62d717dbb70fdaff1ea2b5b77eb2438b8537a32ab40009451641ef82a9564d63534", 0xfc}], 0x8, 0x3, 0x7, 0x15) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:46:39 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000180), 0x4f0bc1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) getsockopt$inet_tcp_buf(r1, 0x6, 0xd, &(0x7f0000000080)=""/179, &(0x7f0000000000)=0xb3) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) 15:46:39 executing program 0: ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000180)={'syzkaller0\x00'}) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) 15:46:39 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 28) 15:46:39 executing program 4: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f00000003c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$RTC_WIE_ON(r1, 0x700f) fstat(r0, &(0x7f0000000040)) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@local, @in=@dev}}, {{@in=@multicast1}, 0x0, @in=@private}}, &(0x7f0000000240)=0xe8) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000140)={0x37}, 0x14) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000029bd7000fd5bdf250200000008000108000600ac1414aa"], 0x2c}, 0x1, 0x0, 0x0, 0x40005}, 0x10) setresuid(0x0, r2, 0x0) r3 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7, r3}) 15:46:39 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x300, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 948.757757] FAULT_INJECTION: forcing a failure. [ 948.757757] name failslab, interval 1, probability 0, space 0, times 0 [ 948.760068] CPU: 0 PID: 8934 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 948.762014] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 948.764333] Call Trace: [ 948.764848] [ 948.765298] dump_stack_lvl+0x8b/0xb3 [ 948.766080] should_fail.cold+0x5/0xa [ 948.766851] ? create_object.isra.0+0x3a/0xa20 [ 948.767793] should_failslab+0x5/0x10 [ 948.768561] kmem_cache_alloc+0x5b/0x480 [ 948.769387] create_object.isra.0+0x3a/0xa20 [ 948.770324] ? kasan_unpoison+0x23/0x50 [ 948.771240] __kmalloc_track_caller+0x25e/0x420 [ 948.772201] ? kasprintf+0xbb/0xf0 [ 948.772930] kvasprintf+0xb5/0x150 [ 948.773652] ? bust_spinlocks+0xe0/0xe0 [ 948.774459] ? rcu_read_lock_sched_held+0xd/0x70 [ 948.775430] ? preempt_count_add+0x74/0x140 [ 948.776295] ? __is_module_percpu_address+0x237/0x300 [ 948.777357] kasprintf+0xbb/0xf0 [ 948.778036] ? kvasprintf_const+0x190/0x190 [ 948.778912] ? save_trace+0xd00/0xd00 [ 948.779833] ? lockdep_init_map_type+0x21a/0x7e0 [ 948.781016] alloc_workqueue+0x408/0xeb0 [ 948.781990] ? do_raw_spin_unlock+0x4f/0x210 [ 948.783041] ? _raw_spin_unlock+0x24/0x40 [ 948.784084] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 948.785300] ? __fget_files+0x28d/0x470 [ 948.786245] ? loop_configure+0x62b/0x1950 [ 948.787258] loop_configure+0x6ec/0x1950 [ 948.788253] ? putname+0xfe/0x140 [ 948.789093] lo_ioctl+0x782/0x1860 [ 948.789938] ? avc_has_extended_perms+0x7e8/0xeb0 [ 948.791102] ? loop_set_status_old+0x1b0/0x1b0 [ 948.792201] ? fsnotify+0xb4f/0x1250 [ 948.793085] ? avc_ss_reset+0x180/0x180 [ 948.794041] ? fsnotify_first_mark+0x1f0/0x1f0 [ 948.795125] ? rcu_read_lock_sched_held+0xd/0x70 [ 948.796123] ? lock_acquire+0x41c/0x4d0 [ 948.796626] ? rcu_read_lock_sched_held+0xd/0x70 [ 948.797228] ? lock_release+0x505/0x6f0 [ 948.797699] ? find_and_remove_object+0xe4/0x120 [ 948.798301] ? __delete_object+0xb3/0x100 [ 948.798832] ? lock_downgrade+0x6d0/0x6d0 [ 948.799360] ? rwlock_bug.part.0+0x90/0x90 [ 948.799899] ? rcu_read_lock_sched_held+0xd/0x70 [ 948.800509] ? selinux_inode_getsecctx+0x90/0x90 [ 948.801113] ? loop_set_status_old+0x1b0/0x1b0 [ 948.801687] blkdev_ioctl+0x362/0x7f0 [ 948.802169] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 948.802769] ? __x64_sys_ioctl+0x97/0x210 [ 948.803261] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 948.803962] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 948.804552] __x64_sys_ioctl+0x196/0x210 [ 948.805075] do_syscall_64+0x3b/0x90 [ 948.805554] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 948.806218] RIP: 0033:0x7f01cb9288d7 [ 948.806660] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 948.809027] RSP: 002b:00007f01c8e9df48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 948.809981] RAX: ffffffffffffffda RBX: 00007f01cb972970 RCX: 00007f01cb9288d7 [ 948.810880] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 948.811773] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 948.812679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 948.813564] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002 [ 948.814464] 15:46:39 executing program 1: r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x6, 0x1) sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x7}, ["", "", "", "", "", ""]}, 0x14}}, 0x4) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) mlock(&(0x7f0000ffa000/0x2000)=nil, 0x2000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CCA_MODE(r1, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = accept$unix(r0, &(0x7f0000000380), &(0x7f0000000300)=0x6e) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000c00)={0xc0, 0x0, &(0x7f0000000b00)=[@increfs={0x40046304, 0x3}, @clear_death={0x400c630f, 0x3}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000880)=ANY=[@ANYBLOB="8561646600000000010000000000000002000000000000001b00000000000000852a6273000000000300000000000000000000000000770a1100000200"/75], &(0x7f0000000900)={0x0, 0x20, 0x38}}}, @dead_binder_done, @acquire, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000a40)={@ptr={0x70742a85, 0x0, &(0x7f0000000940)=""/66, 0x42, 0x1, 0x24}, @ptr={0x70742a85, 0x1, &(0x7f00000009c0)=""/106, 0x6a, 0x0, 0x2f}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000ac0)={0x0, 0x28, 0x50}}}, @register_looper], 0x0, 0x0, &(0x7f0000000bc0)}) vmsplice(r2, &(0x7f0000000840)=[{&(0x7f0000000400)="6639a66d4a4d70ae5b89077c2fe5d512b955370555dfbba934d9c7f75dcdd380c8a631d642490421495b57beaf881d345128ab46878cac29a398af7c1a859c34b9f4a49ac6145ac7e4afa612a1d074fdd9a0fa2f56881f757d0822", 0x5b}, {&(0x7f0000000640)="165c25efaed55845004819d67b471b4d85429f2326192d56994cfc0e6848928780c69116c068b523df6acaca0a970ef3a41bc5ee66c5e5be82477d1bb6196697e7ba400dc2aeac5a1609c75d559a918fb474e40d0b689fcba79e3d1ac3d8ce0363a0f18a307bc449566961ed8cc8b31ea17e46429a94bdda6c82998cf14407d3befe6b7c14fae2f0ae95caa6d413f2a3bbd631d9b61c60124074654fb0212cf7eaa230a4ca8db5f4897f367df48ffd73e8af07c8605755c69084589ffb73652e20c5466655d9bef1486c2fb9d8f0f7af443d3297dcc3d4bce3af835196cc7161427d5fa529a3d81aaba8892ce8dffb519c2fb4b1554a4dde7172", 0xfa}, {&(0x7f0000000480)="6cbe22cc9071e40b72380567bd493401df7a1e0ac264245423df2902eeef6d61be1f4865214e85facc80437ce8aba30f5d163e8e7d257ea1801ed776937666f730ea57f68750adb3e071f804efeed260294a0418efc7916fb4d976340928b550820369e97d9434cfaf9f2ca460b14c7504ff2d84f22961b9bf975aa8780b9d7f14f9a22b6b363b3134872df91c76b804f0d57f10847811a6cefae9fa96a433a16638a3efdad8ff965b341839244b", 0xae}, {&(0x7f0000000740)="81e1a07373072accdd9562f12b3911066f72a686d95477b5bc156154a3ec5bc1d513317dd816eebb14ae4c4b33c15b4bbf2f232fcf8e136e8318b63804603dde7e239cae5d02b5315e0543cc5aff9314aae4ac03685a1f9f98bd8ccdfc0134de51943486e6a9ea6152f4af9c96102b5eac4d9fd26995fb966de34a4c49462c10463d7db749facb81582d6d1f805b1f2ae2b3724772c9186795789f5b431c7899015f54cf284bdc0969906e82f7100a6b2461613dde7667c8fad9bf4edfa4fd6bcf89ab89a1bb4efc053978a16f1a95088b80f316", 0xd4}], 0x4, 0x4) 15:46:39 executing program 0: ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000180)={'syzkaller0\x00'}) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) 15:46:39 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0xfffff000, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:46:39 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) flock(r1, 0x0) 15:46:39 executing program 7: r0 = openat$sr(0xffffffffffffff9c, 0x0, 0x40b01, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7}) 15:46:39 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0xffffff7f, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:46:39 executing program 0: ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000180)={'syzkaller0\x00'}) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) [ 948.962132] loop5: detected capacity change from 0 to 260 [ 948.972106] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:46:48 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 29) 15:46:48 executing program 4: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f00000003c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$RTC_WIE_ON(r1, 0x700f) fstat(r0, &(0x7f0000000040)) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@local, @in=@dev}}, {{@in=@multicast1}, 0x0, @in=@private}}, &(0x7f0000000240)=0xe8) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000140)={0x37}, 0x14) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000029bd7000fd5bdf250200000008000108000600ac1414aa"], 0x2c}, 0x1, 0x0, 0x0, 0x40005}, 0x10) setresuid(0x0, r2, 0x0) r3 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) clone3(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0], 0x8}, 0x58) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7, r3}) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') fadvise64(0xffffffffffffffff, 0x8, 0x7, 0x3) write$P9_RMKNOD(r4, &(0x7f0000000140)={0x37}, 0x14) 15:46:48 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) 15:46:48 executing program 1: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) r1 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) clone3(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0], 0x8}, 0x58) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000040)={'\x00', 0x2d8c, 0x8, 0x800, 0x0, 0x8, r1}) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) 15:46:48 executing program 7: r0 = openat$sr(0xffffffffffffff9c, 0x0, 0x40b01, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7}) 15:46:48 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x4eff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r4, 0x80, &(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @private1}}, 0x0) syz_io_uring_setup(0x6dfe, &(0x7f0000000080)={0x0, 0xa0cb, 0x8, 0x2, 0x355, 0x0, r1}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) r6 = dup3(r1, 0xffffffffffffffff, 0x80000) syz_io_uring_submit(r2, r5, &(0x7f0000000240)=@IORING_OP_ACCEPT={0xd, 0x5, 0x0, r6, &(0x7f0000000180)=0x80, &(0x7f00000001c0)=@llc, 0x0, 0x81800}, 0x6) 15:46:48 executing program 0: ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000180)={'syzkaller0\x00'}) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) 15:46:48 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0xffffff9e, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 958.008402] FAULT_INJECTION: forcing a failure. [ 958.008402] name failslab, interval 1, probability 0, space 0, times 0 [ 958.009897] CPU: 0 PID: 8980 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 958.011144] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 958.012535] Call Trace: [ 958.012803] [ 958.013044] dump_stack_lvl+0x8b/0xb3 [ 958.013436] should_fail.cold+0x5/0xa [ 958.013817] ? apply_wqattrs_prepare+0xab/0x880 [ 958.014286] should_failslab+0x5/0x10 [ 958.014664] __kmalloc+0x72/0x440 [ 958.015018] apply_wqattrs_prepare+0xab/0x880 [ 958.015467] ? is_kernel_percpu_address+0xe6/0x110 [ 958.015981] apply_workqueue_attrs_locked+0xc1/0x140 [ 958.016487] alloc_workqueue+0xb1a/0xeb0 [ 958.016893] ? do_raw_spin_unlock+0x4f/0x210 [ 958.017331] ? _raw_spin_unlock+0x24/0x40 [ 958.017748] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 958.018247] ? __fget_files+0x28d/0x470 [ 958.018647] ? loop_configure+0x62b/0x1950 [ 958.019070] loop_configure+0x6ec/0x1950 [ 958.019477] ? putname+0xfe/0x140 [ 958.019834] lo_ioctl+0x782/0x1860 [ 958.020188] ? avc_has_extended_perms+0x7e8/0xeb0 [ 958.020673] ? loop_set_status_old+0x1b0/0x1b0 [ 958.021127] ? fsnotify+0xb4f/0x1250 [ 958.021496] ? avc_ss_reset+0x180/0x180 [ 958.021897] ? fsnotify_first_mark+0x1f0/0x1f0 [ 958.022347] ? rcu_read_lock_sched_held+0xd/0x70 [ 958.022836] ? lock_acquire+0x41c/0x4d0 [ 958.023240] ? rcu_read_lock_sched_held+0xd/0x70 [ 958.023714] ? lock_release+0x505/0x6f0 [ 958.024143] ? find_and_remove_object+0xe4/0x120 [ 958.024621] ? __delete_object+0xb3/0x100 [ 958.025049] ? lock_downgrade+0x6d0/0x6d0 [ 958.025472] ? rwlock_bug.part.0+0x90/0x90 [ 958.025913] ? rcu_read_lock_sched_held+0xd/0x70 [ 958.026400] ? selinux_inode_getsecctx+0x90/0x90 [ 958.026888] ? loop_set_status_old+0x1b0/0x1b0 [ 958.027354] blkdev_ioctl+0x362/0x7f0 [ 958.027739] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 958.028241] ? __x64_sys_ioctl+0x97/0x210 [ 958.028663] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 958.029225] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 958.029711] __x64_sys_ioctl+0x196/0x210 [ 958.030124] do_syscall_64+0x3b/0x90 [ 958.030517] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 958.031050] RIP: 0033:0x7f01cb9288d7 [ 958.031429] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 958.033335] RSP: 002b:00007f01c8e9df48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 958.034108] RAX: ffffffffffffffda RBX: 00007f01cb972970 RCX: 00007f01cb9288d7 [ 958.034831] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 958.035557] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 958.036301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 958.037037] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002 [ 958.037770] 15:46:48 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7}) 15:46:48 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0xfffffff0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:46:48 executing program 0: ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000180)={'syzkaller0\x00'}) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) 15:46:48 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0xfffffffc, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:46:48 executing program 2: openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000080), 0x200002, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(r0, 0xc0189371, &(0x7f0000000580)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000005c0)={'ip6gretap0\x00'}) io_uring_enter(r0, 0x1b4f, 0x954e, 0x0, &(0x7f00000000c0), 0x8) recvmsg$unix(r0, &(0x7f0000000540)={&(0x7f0000000100), 0x6e, &(0x7f0000000700)=[{&(0x7f0000000180)=""/23, 0x17}, {&(0x7f00000001c0)=""/117, 0x75}, {&(0x7f00000002c0)=""/141, 0x8d}, {&(0x7f0000000380)=""/160, 0xa0}, {&(0x7f0000000600)=""/196, 0xc4}], 0x5, &(0x7f0000000440)=[@cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xd0}, 0x10001) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'bond0\x00'}) 15:46:48 executing program 0: ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000180)={'syzkaller0\x00'}) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) 15:46:48 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7}) [ 958.173125] blktrace: Concurrent blktraces are not allowed on sr0 15:46:48 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0xffffffff, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:46:59 executing program 4: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f00000003c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$RTC_WIE_ON(r1, 0x700f) fstat(r0, &(0x7f0000000040)) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@local, @in=@dev}}, {{@in=@multicast1}, 0x0, @in=@private}}, &(0x7f0000000240)=0xe8) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000140)={0x37}, 0x14) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000029bd7000fd5bdf250200000008000108000600ac1414aa"], 0x2c}, 0x1, 0x0, 0x0, 0x40005}, 0x10) setresuid(0x0, r2, 0x0) r3 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) clone3(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0], 0x8}, 0x58) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7, r3}) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') fadvise64(0xffffffffffffffff, 0x8, 0x7, 0x3) write$P9_RMKNOD(r4, &(0x7f0000000140)={0x37}, 0x14) 15:46:59 executing program 1: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7}) 15:46:59 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x5f2c, &(0x7f0000000080)={0x0, 0x94b3, 0x1, 0x1, 0x278, 0x0, r1}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000180)=@IORING_OP_WRITE_FIXED={0x5, 0x2, 0x2000, @fd, 0x100000001, 0xdf, 0x1, 0x7, 0x0, {0x1}}, 0x1) 15:46:59 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 30) 15:46:59 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) 15:46:59 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0xf, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:46:59 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7}) 15:46:59 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) sendmsg$BATADV_CMD_GET_VLAN(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x4c, 0x0, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x1000}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xcf84}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20040040}, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) writev(r0, &(0x7f0000000180)=[{&(0x7f0000000040)="2d662a9004c0ff", 0x7}, {&(0x7f0000000080)="16d0403a774062d252e674dde5ab82172273e244e1af0ab84d46f6a00f8cb5b90a5c44b22b65551e727336e06fc91b839e150168af03338e59e9b99c40d616996f3ce53392bdc54f9fc85f1af9be0dbf6725f07d13c102df85e491d8706c1bb101b74481383269c0924fc9f3d3317f4193755d5372948c47b1c850dd8b0314d21c36e9a924fffb19e9b8a4927b9c5d10b2a29a1f95412866e5afbf8a64d5c1a4147bf2a6b9179e2d4c7e104fa40bfe7fdda4f039a942c8bd172ca6c345e17578ddbaab261109816cbc9b25df3eb63d5d94a685233bbc1c6ee03d6713fc6445f24cf68047bd1bb0ba6a278b6cee314705", 0xf0}], 0x2) [ 968.715634] FAULT_INJECTION: forcing a failure. [ 968.715634] name failslab, interval 1, probability 0, space 0, times 0 [ 968.716929] CPU: 1 PID: 9028 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 968.717945] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 968.719161] Call Trace: [ 968.719429] [ 968.719678] dump_stack_lvl+0x8b/0xb3 [ 968.720093] should_fail.cold+0x5/0xa [ 968.720509] ? create_object.isra.0+0x3a/0xa20 [ 968.721015] should_failslab+0x5/0x10 [ 968.721435] kmem_cache_alloc+0x5b/0x480 [ 968.721875] create_object.isra.0+0x3a/0xa20 [ 968.722364] ? kasan_unpoison+0x23/0x50 [ 968.722802] __kmalloc+0x25b/0x440 [ 968.723197] apply_wqattrs_prepare+0xab/0x880 [ 968.723682] ? is_kernel_percpu_address+0xe6/0x110 [ 968.724226] apply_workqueue_attrs_locked+0xc1/0x140 [ 968.724779] alloc_workqueue+0xb1a/0xeb0 [ 968.725214] ? do_raw_spin_unlock+0x4f/0x210 [ 968.725695] ? _raw_spin_unlock+0x24/0x40 [ 968.726151] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 968.726701] ? __fget_files+0x28d/0x470 [ 968.727130] ? loop_configure+0x62b/0x1950 [ 968.727588] loop_configure+0x6ec/0x1950 [ 968.728047] ? putname+0xfe/0x140 [ 968.728426] lo_ioctl+0x782/0x1860 [ 968.728809] ? avc_has_extended_perms+0x7e8/0xeb0 [ 968.729332] ? loop_set_status_old+0x1b0/0x1b0 [ 968.729829] ? fsnotify+0xb4f/0x1250 [ 968.730232] ? avc_ss_reset+0x180/0x180 [ 968.730659] ? fsnotify_first_mark+0x1f0/0x1f0 [ 968.731152] ? rcu_read_lock_sched_held+0xd/0x70 [ 968.731666] ? lock_acquire+0x41c/0x4d0 [ 968.732108] ? rcu_read_lock_sched_held+0xd/0x70 [ 968.732613] ? lock_release+0x505/0x6f0 [ 968.733044] ? find_and_remove_object+0xe4/0x120 [ 968.733556] ? __delete_object+0xb3/0x100 [ 968.734006] ? lock_downgrade+0x6d0/0x6d0 [ 968.734448] ? rwlock_bug.part.0+0x90/0x90 [ 968.734904] ? rcu_read_lock_sched_held+0xd/0x70 [ 968.735423] ? selinux_inode_getsecctx+0x90/0x90 [ 968.735960] ? loop_set_status_old+0x1b0/0x1b0 [ 968.736449] blkdev_ioctl+0x362/0x7f0 [ 968.736862] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 968.737365] ? __x64_sys_ioctl+0x97/0x210 [ 968.737809] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 968.738411] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 968.738917] __x64_sys_ioctl+0x196/0x210 [ 968.739357] do_syscall_64+0x3b/0x90 [ 968.739767] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 968.740348] RIP: 0033:0x7f01cb9288d7 [ 968.740744] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 968.742756] RSP: 002b:00007f01c8e9df48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 968.743581] RAX: ffffffffffffffda RBX: 00007f01cb972970 RCX: 00007f01cb9288d7 [ 968.744371] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 968.745129] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 968.745901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 968.746677] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002 [ 968.747454] 15:46:59 executing program 0: socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) [ 968.755414] loop5: detected capacity change from 0 to 260 [ 968.764473] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:46:59 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 1) 15:46:59 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 31) 15:46:59 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x14, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:46:59 executing program 0: socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) [ 968.857569] FAULT_INJECTION: forcing a failure. [ 968.857569] name failslab, interval 1, probability 0, space 0, times 0 [ 968.858887] CPU: 1 PID: 9056 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 968.860025] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 968.861218] Call Trace: [ 968.861486] [ 968.861734] dump_stack_lvl+0x8b/0xb3 [ 968.862149] should_fail.cold+0x5/0xa [ 968.862563] ? alloc_workqueue_attrs+0x38/0x80 [ 968.863065] should_failslab+0x5/0x10 [ 968.863462] kmem_cache_alloc_trace+0x55/0x3c0 [ 968.863955] alloc_workqueue_attrs+0x38/0x80 [ 968.864427] apply_wqattrs_prepare+0xb3/0x880 [ 968.864914] ? is_kernel_percpu_address+0xe6/0x110 [ 968.865450] apply_workqueue_attrs_locked+0xc1/0x140 [ 968.865993] alloc_workqueue+0xb1a/0xeb0 [ 968.866455] ? do_raw_spin_unlock+0x4f/0x210 [ 968.866930] ? _raw_spin_unlock+0x24/0x40 [ 968.867388] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 968.867937] ? __fget_files+0x28d/0x470 [ 968.868369] ? loop_configure+0x62b/0x1950 [ 968.868827] loop_configure+0x6ec/0x1950 [ 968.869266] ? putname+0xfe/0x140 [ 968.869648] lo_ioctl+0x782/0x1860 [ 968.870042] ? avc_has_extended_perms+0x7e8/0xeb0 [ 968.870580] ? loop_set_status_old+0x1b0/0x1b0 [ 968.871066] ? fsnotify+0xb4f/0x1250 [ 968.871463] ? avc_ss_reset+0x180/0x180 [ 968.871898] ? fsnotify_first_mark+0x1f0/0x1f0 [ 968.872393] ? rcu_read_lock_sched_held+0xd/0x70 [ 968.872900] ? lock_acquire+0x41c/0x4d0 [ 968.873329] ? rcu_read_lock_sched_held+0xd/0x70 [ 968.873839] ? lock_release+0x505/0x6f0 [ 968.874264] ? find_and_remove_object+0xe4/0x120 [ 968.874790] ? __delete_object+0xb3/0x100 [ 968.875251] ? lock_downgrade+0x6d0/0x6d0 [ 968.875712] ? rwlock_bug.part.0+0x90/0x90 [ 968.876197] ? rcu_read_lock_sched_held+0xd/0x70 [ 968.876724] ? selinux_inode_getsecctx+0x90/0x90 [ 968.877250] ? loop_set_status_old+0x1b0/0x1b0 [ 968.877748] blkdev_ioctl+0x362/0x7f0 [ 968.878156] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 968.878693] ? __x64_sys_ioctl+0x97/0x210 [ 968.879142] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 968.879741] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 968.880260] __x64_sys_ioctl+0x196/0x210 [ 968.880718] do_syscall_64+0x3b/0x90 [ 968.881134] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 968.881699] RIP: 0033:0x7f01cb9288d7 [ 968.882097] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 968.884094] RSP: 002b:00007f01c8e9df48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 968.884910] RAX: ffffffffffffffda RBX: 00007f01cb972970 RCX: 00007f01cb9288d7 [ 968.885693] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 968.886465] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 968.887246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 968.888035] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002 [ 968.888822] [ 968.889648] FAULT_INJECTION: forcing a failure. [ 968.889648] name failslab, interval 1, probability 0, space 0, times 0 [ 968.892115] CPU: 0 PID: 9059 Comm: syz-executor.1 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 968.894021] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 968.896278] Call Trace: [ 968.896791] [ 968.897239] dump_stack_lvl+0x8b/0xb3 [ 968.898019] should_fail.cold+0x5/0xa [ 968.898787] ? vm_area_dup+0x7f/0x220 [ 968.899555] should_failslab+0x5/0x10 [ 968.900338] kmem_cache_alloc+0x5b/0x480 [ 968.901156] vm_area_dup+0x7f/0x220 [ 968.901887] ? lock_release+0x505/0x6f0 [ 968.902682] ? unwind_next_frame+0xc8b/0x2250 [ 968.903577] ? __is_insn_slot_addr+0x122/0x250 [ 968.904506] ? lock_downgrade+0x6d0/0x6d0 [ 968.905335] ? unwind_next_frame+0xc8b/0x2250 [ 968.906229] ? entry_SYSCALL_64_after_hwframe+0x44/0xae [ 968.907294] ? __is_insn_slot_addr+0x144/0x250 [ 968.908239] ? kernel_text_address+0x53/0xb0 [ 968.909130] ? __kernel_text_address+0x9/0x30 [ 968.910032] ? vm_area_alloc+0xf0/0xf0 [ 968.910811] ? arch_stack_walk+0x99/0xf0 [ 968.911640] ? putname+0xfe/0x140 [ 968.912353] ? putname+0xfe/0x140 [ 968.913058] ? stack_trace_save+0x8c/0xc0 [ 968.913894] ? filter_irq_stacks+0x90/0x90 [ 968.914740] ? putname+0xfe/0x140 [ 968.915444] ? __stack_depot_save+0x35/0x450 [ 968.916356] __split_vma+0xa2/0x540 [ 968.917089] ? putname+0xfe/0x140 [ 968.917793] do_mas_align_munmap.constprop.0+0x25e/0xc00 [ 968.918879] ? __split_vma+0x540/0x540 [ 968.919663] ? mas_walk+0x48a/0x670 [ 968.920395] ? mas_find+0x203/0xdd0 [ 968.921125] do_mas_munmap+0x1ed/0x2c0 [ 968.921905] do_munmap+0xc3/0x100 [ 968.922601] ? vm_brk+0x20/0x20 [ 968.923406] __do_sys_mremap+0x1196/0x14f0 [ 968.924280] ? move_vma.constprop.0+0xf40/0xf40 [ 968.925407] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 968.926505] ? fput+0x2a/0x50 [ 968.927261] ? ksys_write+0x1a5/0x250 [ 968.928041] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 968.929236] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 968.930300] ? syscall_enter_from_user_mode+0x1d/0x50 [ 968.931533] do_syscall_64+0x3b/0x90 [ 968.932318] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 968.933479] RIP: 0033:0x7ff16643bb19 [ 968.934212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 968.937890] RSP: 002b:00007ff1639b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 968.939398] RAX: ffffffffffffffda RBX: 00007ff16654ef60 RCX: 00007ff16643bb19 [ 968.940840] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 968.942251] RBP: 00007ff1639b11d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 968.943668] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 968.945093] R13: 00007fffc2898d3f R14: 00007ff1639b1300 R15: 0000000000022000 [ 968.946517] 15:47:08 executing program 4: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f00000003c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$RTC_WIE_ON(r1, 0x700f) fstat(r0, &(0x7f0000000040)) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@local, @in=@dev}}, {{@in=@multicast1}, 0x0, @in=@private}}, &(0x7f0000000240)=0xe8) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000140)={0x37}, 0x14) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000029bd7000fd5bdf250200000008000108000600ac1414aa"], 0x2c}, 0x1, 0x0, 0x0, 0x40005}, 0x10) setresuid(0x0, r2, 0x0) r3 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) clone3(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0], 0x8}, 0x58) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7, r3}) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') fadvise64(0xffffffffffffffff, 0x8, 0x7, 0x3) write$P9_RMKNOD(r4, &(0x7f0000000140)={0x37}, 0x14) 15:47:08 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) io_uring_enter(r1, 0xc47, 0xe392, 0x2, &(0x7f0000000080)={[0x2]}, 0x8) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:47:08 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 2) 15:47:08 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x30, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:47:08 executing program 7: openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7}) 15:47:08 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 32) 15:47:08 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff) sendmsg$NL80211_CMD_DEAUTHENTICATE(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x20, r2, 0x501, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @random="1f4a8df1b4ae"}]}, 0x20}}, 0x0) sendmsg$NL80211_CMD_NEW_MPATH(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x74, r2, 0x200, 0x70bd28, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}]}, 0x74}, 0x1, 0x0, 0x0, 0x20020041}, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0) 15:47:08 executing program 0: socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) [ 978.338604] FAULT_INJECTION: forcing a failure. [ 978.338604] name failslab, interval 1, probability 0, space 0, times 0 [ 978.340549] CPU: 1 PID: 9079 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 978.342116] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 978.343958] Call Trace: [ 978.344405] [ 978.344774] dump_stack_lvl+0x8b/0xb3 [ 978.345418] should_fail.cold+0x5/0xa [ 978.346053] ? create_object.isra.0+0x3a/0xa20 [ 978.346820] should_failslab+0x5/0x10 [ 978.347447] kmem_cache_alloc+0x5b/0x480 [ 978.348144] create_object.isra.0+0x3a/0xa20 [ 978.348882] ? kasan_unpoison+0x23/0x50 [ 978.349551] kmem_cache_alloc_trace+0x22e/0x3c0 [ 978.350323] alloc_workqueue_attrs+0x38/0x80 [ 978.351057] apply_wqattrs_prepare+0xb3/0x880 [ 978.351819] ? is_kernel_percpu_address+0xe6/0x110 [ 978.352656] apply_workqueue_attrs_locked+0xc1/0x140 [ 978.353503] alloc_workqueue+0xb1a/0xeb0 [ 978.354205] ? do_raw_spin_unlock+0x4f/0x210 [ 978.354943] ? _raw_spin_unlock+0x24/0x40 [ 978.355661] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 978.356516] ? __fget_files+0x28d/0x470 [ 978.357191] ? loop_configure+0x62b/0x1950 [ 978.357898] loop_configure+0x6ec/0x1950 [ 978.358577] ? putname+0xfe/0x140 [ 978.359179] lo_ioctl+0x782/0x1860 [ 978.359775] ? avc_has_extended_perms+0x7e8/0xeb0 [ 978.360619] ? loop_set_status_old+0x1b0/0x1b0 [ 978.361299] FAULT_INJECTION: forcing a failure. [ 978.361299] name failslab, interval 1, probability 0, space 0, times 0 [ 978.361385] ? fsnotify+0xb4f/0x1250 [ 978.364361] ? avc_ss_reset+0x180/0x180 [ 978.365031] ? fsnotify_first_mark+0x1f0/0x1f0 [ 978.365775] ? rcu_read_lock_sched_held+0xd/0x70 [ 978.366583] ? lock_acquire+0x41c/0x4d0 [ 978.367239] ? rcu_read_lock_sched_held+0xd/0x70 [ 978.368018] ? lock_release+0x505/0x6f0 [ 978.368713] ? find_and_remove_object+0xe4/0x120 [ 978.369531] ? __delete_object+0xb3/0x100 [ 978.370251] ? lock_downgrade+0x6d0/0x6d0 [ 978.370958] ? rwlock_bug.part.0+0x90/0x90 [ 978.371684] ? rcu_read_lock_sched_held+0xd/0x70 [ 978.372486] ? selinux_inode_getsecctx+0x90/0x90 [ 978.373301] ? loop_set_status_old+0x1b0/0x1b0 [ 978.374052] blkdev_ioctl+0x362/0x7f0 [ 978.374674] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 978.375451] ? __x64_sys_ioctl+0x97/0x210 [ 978.376139] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 978.377045] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 978.377821] __x64_sys_ioctl+0x196/0x210 [ 978.378488] do_syscall_64+0x3b/0x90 [ 978.379109] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 978.379956] RIP: 0033:0x7f01cb9288d7 [ 978.380588] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 978.383591] RSP: 002b:00007f01c8e9df48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 978.384853] RAX: ffffffffffffffda RBX: 00007f01cb972970 RCX: 00007f01cb9288d7 [ 978.386020] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 978.387184] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 978.388358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 978.389519] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002 [ 978.390689] [ 978.391063] CPU: 0 PID: 9074 Comm: syz-executor.1 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 978.393117] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 978.395502] Call Trace: [ 978.396041] [ 978.396584] dump_stack_lvl+0x8b/0xb3 [ 978.397475] should_fail.cold+0x5/0xa [ 978.398283] ? create_object.isra.0+0x3a/0xa20 [ 978.399261] should_failslab+0x5/0x10 [ 978.400073] kmem_cache_alloc+0x5b/0x480 [ 978.400940] create_object.isra.0+0x3a/0xa20 [ 978.401876] ? kasan_unpoison+0x23/0x50 [ 978.402725] kmem_cache_alloc+0x239/0x480 [ 978.403599] vm_area_dup+0x7f/0x220 [ 978.404381] ? lock_release+0x505/0x6f0 [ 978.405219] ? unwind_next_frame+0xc8b/0x2250 [ 978.406162] ? __is_insn_slot_addr+0x122/0x250 [ 978.407133] ? lock_downgrade+0x6d0/0x6d0 [ 978.408004] ? unwind_next_frame+0xc8b/0x2250 [ 978.408965] ? entry_SYSCALL_64_after_hwframe+0x44/0xae [ 978.410088] ? __is_insn_slot_addr+0x144/0x250 [ 978.411061] ? kernel_text_address+0x53/0xb0 [ 978.411998] ? __kernel_text_address+0x9/0x30 [ 978.412962] ? vm_area_alloc+0xf0/0xf0 [ 978.413790] ? arch_stack_walk+0x99/0xf0 [ 978.414663] ? putname+0xfe/0x140 [ 978.415409] ? putname+0xfe/0x140 [ 978.416161] ? stack_trace_save+0x8c/0xc0 [ 978.417043] ? filter_irq_stacks+0x90/0x90 [ 978.417938] ? putname+0xfe/0x140 [ 978.418676] ? __stack_depot_save+0x35/0x450 [ 978.419620] __split_vma+0xa2/0x540 [ 978.420413] ? putname+0xfe/0x140 [ 978.421153] do_mas_align_munmap.constprop.0+0x25e/0xc00 [ 978.422303] ? __split_vma+0x540/0x540 [ 978.423132] ? mas_walk+0x48a/0x670 [ 978.423894] ? mas_find+0x203/0xdd0 [ 978.424674] do_mas_munmap+0x1ed/0x2c0 [ 978.425498] do_munmap+0xc3/0x100 [ 978.426234] ? vm_brk+0x20/0x20 [ 978.426942] __do_sys_mremap+0x1196/0x14f0 [ 978.427845] ? move_vma.constprop.0+0xf40/0xf40 [ 978.428859] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 978.430018] ? fput+0x2a/0x50 [ 978.430687] ? ksys_write+0x1a5/0x250 [ 978.431496] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 978.432559] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 978.433682] ? syscall_enter_from_user_mode+0x1d/0x50 [ 978.434769] do_syscall_64+0x3b/0x90 [ 978.435566] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 978.436654] RIP: 0033:0x7ff16643bb19 [ 978.437432] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 978.439249] loop5: detected capacity change from 0 to 260 [ 978.441311] RSP: 002b:00007ff1639b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 978.441339] RAX: ffffffffffffffda RBX: 00007ff16654ef60 RCX: 00007ff16643bb19 [ 978.445296] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 978.446784] RBP: 00007ff1639b11d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 978.448287] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 978.449784] R13: 00007fffc2898d3f R14: 00007ff1639b1300 R15: 0000000000022000 [ 978.451294] [ 978.463006] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:47:09 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x6b, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:47:09 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, 0x0) 15:47:09 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 33) 15:47:09 executing program 7: openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7}) 15:47:09 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) remap_file_pages(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x200000c, 0x8001, 0x3) ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0xd) [ 978.571956] FAULT_INJECTION: forcing a failure. [ 978.571956] name failslab, interval 1, probability 0, space 0, times 0 15:47:09 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x14, 0x13, 0x0, {0x0, 0x1000000, 0x2000000000000000}}, 0x14) r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000080), 0x24000, 0x0) pidfd_getfd(r0, r1, 0x0) write$P9_RREADLINK(r0, &(0x7f00000000c0)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10) dup(0xffffffffffffffff) ioctl$CDROMMULTISESSION(r1, 0x5312, 0x0) open_by_handle_at(r2, &(0x7f0000000180)=ANY=[@ANYBLOB="c1000000fb00000000fbc100ff8d825166b156794ddd91473da1d98dd829d606df9bfad5ee16ca99a794f8068eca4d5f3a54a6c4cd52283ec29358f6aaef6c501c54df05141107cc300c48f58e0aef5cbbeab21a6cbc534b69f9dcd6a7105d3c5bfcf127b9ce46bcbe2fd6dfacdbf9c09567652ac02cf2af3b1a05d2e34d506218e42a58a7cd7912a55a3be1e016e2c1a9b16cd93279482a6c0b46ecf06ddea95e638ed08896df5d8182586673904e9efdec4605c80b262fbc5ed25f0c0c930aeb37843f0c48abfa20"], 0x56151d528fdd2f11) 15:47:09 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, 0x0) [ 978.573623] CPU: 1 PID: 9098 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 978.575275] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 978.576909] Call Trace: [ 978.577262] [ 978.577578] dump_stack_lvl+0x8b/0xb3 [ 978.578142] should_fail.cold+0x5/0xa [ 978.578759] ? alloc_workqueue_attrs+0x38/0x80 [ 978.579420] should_failslab+0x5/0x10 [ 978.579958] kmem_cache_alloc_trace+0x55/0x3c0 [ 978.580620] alloc_workqueue_attrs+0x38/0x80 [ 978.581244] apply_wqattrs_prepare+0xbb/0x880 [ 978.581878] ? is_kernel_percpu_address+0xe6/0x110 [ 978.582581] apply_workqueue_attrs_locked+0xc1/0x140 [ 978.583305] alloc_workqueue+0xb1a/0xeb0 [ 978.583872] ? do_raw_spin_unlock+0x4f/0x210 [ 978.584501] ? _raw_spin_unlock+0x24/0x40 [ 978.585093] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 978.585791] ? __fget_files+0x28d/0x470 [ 978.586346] ? loop_configure+0x62b/0x1950 [ 978.586942] loop_configure+0x6ec/0x1950 [ 978.587512] ? putname+0xfe/0x140 [ 978.588002] lo_ioctl+0x782/0x1860 [ 978.588507] ? avc_has_extended_perms+0x7e8/0xeb0 [ 978.589195] ? loop_set_status_old+0x1b0/0x1b0 [ 978.589833] ? fsnotify+0xb4f/0x1250 [ 978.590352] ? avc_ss_reset+0x180/0x180 [ 978.590913] ? fsnotify_first_mark+0x1f0/0x1f0 [ 978.591549] ? rcu_read_lock_sched_held+0xd/0x70 [ 978.592225] ? lock_acquire+0x41c/0x4d0 [ 978.592777] ? rcu_read_lock_sched_held+0xd/0x70 [ 978.593434] ? lock_release+0x505/0x6f0 [ 978.593990] ? find_and_remove_object+0xe4/0x120 [ 978.594656] ? __delete_object+0xb3/0x100 [ 978.595225] ? lock_downgrade+0x6d0/0x6d0 [ 978.595805] ? rwlock_bug.part.0+0x90/0x90 [ 978.596399] ? rcu_read_lock_sched_held+0xd/0x70 [ 978.597070] ? selinux_inode_getsecctx+0x90/0x90 [ 978.597739] ? loop_set_status_old+0x1b0/0x1b0 [ 978.598380] blkdev_ioctl+0x362/0x7f0 [ 978.598905] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 978.599560] ? __x64_sys_ioctl+0x97/0x210 [ 978.600141] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 978.600903] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 978.601558] __x64_sys_ioctl+0x196/0x210 [ 978.602126] do_syscall_64+0x3b/0x90 [ 978.602648] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 978.603358] RIP: 0033:0x7f01cb9288d7 [ 978.603867] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 978.606418] RSP: 002b:00007f01c8e9df48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 978.607477] RAX: ffffffffffffffda RBX: 00007f01cb972970 RCX: 00007f01cb9288d7 [ 978.608471] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 978.609445] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 978.610438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 978.611413] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002 [ 978.612396] 15:47:09 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0xc0, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 978.660759] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 978.661594] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 978.700505] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 978.702183] I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 15:47:19 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 1) 15:47:19 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x1ff800000000000, 0x2, &(0x7f0000000380)=[{&(0x7f00000002c0)="7177bcd71382eb8c74ad2de5576a4d880c110a556cf1296f801f1a9392ce247c48969ff880d32ce377d57ebff269", 0x2e, 0x9}, {&(0x7f0000000300)="44771297e2855bf909acdcc514830948266433d6972fc2f799e36cdb9fdd2dcb91e6822be7bfcb7ea067fc5af80cca9a1a69a061a1075204b099e693c0652279071366d2f2bb470a", 0x48, 0xacf6}], 0x1000000, &(0x7f00000003c0)={[{@huge_advise}], [{@fsname={'fsname', 0x3d, '@$'}}, {@obj_type={'obj_type', 0x3d, '/dev/net/tun\x00'}}, {@fsmagic={'fsmagic', 0x3d, 0x100000000}}, {@seclabel}, {@obj_role={'obj_role', 0x3d, '@'}}]}) semctl$SEM_INFO(0xffffffffffffffff, 0x4, 0x13, &(0x7f0000000080)=""/251) semctl$SEM_INFO(0xffffffffffffffff, 0x4, 0x13, &(0x7f0000000180)=""/102) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) syz_io_uring_setup(0x0, &(0x7f0000000480)={0x0, 0x0, 0x20, 0x0, 0x1ce, 0x0, r1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_FLAGS(0x0, 0x118, &(0x7f0000000440)=0x1, 0x0, 0x4) semget$private(0x0, 0x0, 0x10) semget$private(0x0, 0x4, 0x186) r2 = semget$private(0x0, 0x4, 0x0) semtimedop(r2, &(0x7f0000000100)=[{0x0, 0x400}], 0x1, 0x0) semtimedop(r2, &(0x7f0000000000)=[{0x0, 0x7fff}], 0x1, 0x0) semtimedop(r2, &(0x7f0000000500)=[{0x1, 0x5, 0x1000}, {0x0, 0x5, 0x1800}, {0x1, 0xfff7}, {0x2, 0x9, 0x1000}, {0x3, 0x2008, 0x800}, {0x0, 0x9, 0x1000}, {0x4, 0x4, 0x1400}, {0x4, 0x9, 0x800}, {0x3, 0x3812}], 0x9, &(0x7f0000000540)={0x77359400}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:47:19 executing program 7: openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7}) 15:47:19 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 3) 15:47:19 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0xec0, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:47:19 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, 0x0) 15:47:19 executing program 6: r0 = syz_open_procfs$userns(0x0, &(0x7f0000000400)) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000440)={0x0, 0x2, r0, 0x7}) r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x4c1a00, 0x0) io_setup(0x7, &(0x7f0000002ec0)=0x0) io_submit(r2, 0x4, &(0x7f0000003280)=[&(0x7f0000003000)={0x0, 0x0, 0x0, 0x6, 0x9, r1, &(0x7f0000002f00)="f419b1e298c030803a846b56f68d5790ae4f533bfbf01f0b5ad62b5b194e57935cd36296a31ae29aa3673e99ba19c692877c490e4031ee77c9172370e838a4c6b3857282b1c0b130988ccd06b5e4456a1206226832793052026ff8df73118b3f294b452bf5ba66c548e233dc9a4fec0171d54556c59de25ce99c1a09e8a0fc8bb557a76b2c0e608d220a34682ce2c74b6372e8f54c39fdde70815853ad638467561c87ca42e7613042ed945d3bd8137ad26483066e151dfb8304c3298e6703379053e3c8e47ede9a5bcb0b8172daeed73c999480a5b6d8cdc6d79a143d4511", 0xdf, 0x9c74, 0x0, 0x3, r1}, &(0x7f00000030c0)={0x0, 0x0, 0x0, 0x0, 0xfff, r0, &(0x7f0000003040)="923e311803399e33795b1550e916cf23eb1066208a0e82004c950a32ee06156aa4088b58819b250c66517c93dd9a67eb9c3e038d98bfc87e8917f3bebd572063209f898017718e", 0x47, 0x80000000, 0x0, 0x0, r1}, &(0x7f00000031c0)={0x0, 0x0, 0x0, 0x5, 0x100, r0, &(0x7f0000003100)="eabd4e90c86ac9445b9fee9a8068352f6807f5cde0cca060bb2823099e2302a9bd25c032a8bfb2da60ab127050053534f9928205904f2f7c1a933cbc737dd4965a65ef262ef9a1b28e90aee0a144f1e216af0d3a0ee845664fcbc359707dd0eadbc73f962f2a124404afdc040af4f7434e4ceed627e1317bc16ae4677adc0eb03e66e5a433735473e14969ccedb915d5ed998112d8bf04b14d1560f96c90301ec3370f05a6a9c186f2e2c14092a207fc088106e90a67ecfe0f52", 0xba, 0x6, 0x0, 0x1}, &(0x7f0000003240)={0x0, 0x0, 0x0, 0x1, 0x9, r1, &(0x7f0000003200)="d293048c0025f546301e1aa620e2b6e18c96f7357577d71bad436711960abb161b6b", 0x22, 0x5d, 0x0, 0x1}]) close(r1) sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="f8000000", @ANYRES16=0x0, @ANYBLOB="00032cbd7000ffdbdf250700000008000500ff000000400001800800050002000000060002008700000008000b0073697000140003000a01010200000000000000000000000008000b0073697000060004004e2400003c0002801400010020180000000000000000000000007f0214000100200100000000000000000000000000020800060000100000060002004e220000080000000400000048000380080001000100000008000300030000000800010002000000060004000001000014000600fe80000000000000000000de000000bb06000400ef4a7f4d397f1c06ac1414aa08000400040000000800050002000000"], 0xf8}, 0x1, 0x0, 0x0, 0x20008000}, 0x200008a0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$inet(r3, &(0x7f00000001c0)={&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000140)=[{&(0x7f00000000c0)="de", 0x1}], 0x1, &(0x7f0000000180)=[@ip_tos_int={{0x14}}], 0x18}, 0x854) r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000003c0), 0x10000, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r1, 0x89fb, &(0x7f0000000380)={'ip6gre0\x00', &(0x7f0000000300)={'syztnl1\x00', 0x0, 0x4, 0x20, 0x8, 0x98, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}, @local, 0x8000, 0x10, 0x15e61d26, 0x10001}}) ioctl$CDROMMULTISESSION(r1, 0x5312, 0x0) recvmmsg(r4, &(0x7f0000002e00)=[{{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000480)=""/18, 0x12}, {&(0x7f00000004c0)=""/33, 0x21}, {&(0x7f0000000500)=""/45, 0x2d}, {&(0x7f0000000540)=""/34, 0x22}, {&(0x7f0000000580)=""/129, 0x81}, {&(0x7f0000000640)=""/120, 0x78}, {&(0x7f00000006c0)=""/21, 0x15}, {&(0x7f0000000700)=""/201, 0xc9}], 0x8, &(0x7f0000000880)=""/4096, 0x1000}, 0x4}, {{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f0000001880)=""/3, 0x3}, {&(0x7f00000018c0)=""/22, 0x16}, {&(0x7f0000001900)=""/104, 0x68}, {&(0x7f0000001980)=""/152, 0x98}, {&(0x7f0000001a40)=""/40, 0x28}], 0x5, &(0x7f0000001b00)=""/191, 0xbf}, 0x800}, {{&(0x7f0000001bc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @private}}}, 0x80, &(0x7f0000002dc0)=[{&(0x7f0000001c40)=""/82, 0x52}, {&(0x7f0000001cc0)=""/196, 0xc4}, {&(0x7f0000001dc0)=""/4096, 0x1000}], 0x3}, 0x1}], 0x3, 0x162, 0x0) ioctl$CDROM_SELECT_SPEED(r4, 0x5322, 0x8) 15:47:19 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 34) [ 988.998867] FAULT_INJECTION: forcing a failure. [ 988.998867] name failslab, interval 1, probability 0, space 0, times 0 [ 989.001376] CPU: 1 PID: 9122 Comm: syz-executor.4 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 989.003458] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 989.006208] Call Trace: [ 989.006838] [ 989.007381] dump_stack_lvl+0x8b/0xb3 [ 989.008340] should_fail.cold+0x5/0xa [ 989.009276] ? vm_area_dup+0x7f/0x220 [ 989.010215] should_failslab+0x5/0x10 [ 989.011146] kmem_cache_alloc+0x5b/0x480 [ 989.012142] vm_area_dup+0x7f/0x220 [ 989.013009] ? lock_release+0x505/0x6f0 [ 989.013833] ? unwind_next_frame+0xc8b/0x2250 [ 989.014757] ? __is_insn_slot_addr+0x122/0x250 [ 989.015710] ? lock_downgrade+0x6d0/0x6d0 [ 989.016577] ? unwind_next_frame+0xc8b/0x2250 [ 989.017504] ? entry_SYSCALL_64_after_hwframe+0x44/0xae [ 989.018663] ? __is_insn_slot_addr+0x144/0x250 [ 989.018794] FAULT_INJECTION: forcing a failure. [ 989.018794] name failslab, interval 1, probability 0, space 0, times 0 [ 989.019612] ? kernel_text_address+0x53/0xb0 [ 989.021639] ? __kernel_text_address+0x9/0x30 [ 989.022589] ? vm_area_alloc+0xf0/0xf0 [ 989.023402] ? arch_stack_walk+0x99/0xf0 [ 989.024267] ? putname+0xfe/0x140 [ 989.024986] ? putname+0xfe/0x140 [ 989.025707] ? stack_trace_save+0x8c/0xc0 [ 989.026588] ? filter_irq_stacks+0x90/0x90 [ 989.027474] __split_vma+0xa2/0x540 [ 989.028248] do_mas_align_munmap.constprop.0+0x25e/0xc00 [ 989.029423] ? __split_vma+0x540/0x540 [ 989.030233] ? mas_walk+0x48a/0x670 [ 989.030978] ? mas_find+0x203/0xdd0 [ 989.031729] do_mas_munmap+0x1ed/0x2c0 [ 989.032546] do_munmap+0xc3/0x100 [ 989.033256] ? vm_brk+0x20/0x20 [ 989.033942] __do_sys_mremap+0x1196/0x14f0 [ 989.034813] ? move_vma.constprop.0+0xf40/0xf40 [ 989.035774] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 989.036901] ? fput+0x2a/0x50 [ 989.037541] ? ksys_write+0x1a5/0x250 [ 989.038329] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 989.039348] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 989.040461] ? syscall_enter_from_user_mode+0x1d/0x50 [ 989.041516] do_syscall_64+0x3b/0x90 [ 989.042279] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 989.043318] RIP: 0033:0x7fe3cdd6fb19 [ 989.044060] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 989.047751] RSP: 002b:00007fe3cb2e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 989.049300] RAX: ffffffffffffffda RBX: 00007fe3cde82f60 RCX: 00007fe3cdd6fb19 [ 989.050742] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 989.052182] RBP: 00007fe3cb2e51d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 989.053632] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 989.055077] R13: 00007fffdf0ea1bf R14: 00007fe3cb2e5300 R15: 0000000000022000 [ 989.056534] [ 989.057002] CPU: 0 PID: 9128 Comm: syz-executor.1 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 989.058074] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 989.059274] Call Trace: [ 989.059544] [ 989.059780] dump_stack_lvl+0x8b/0xb3 [ 989.059885] FAULT_INJECTION: forcing a failure. [ 989.059885] name failslab, interval 1, probability 0, space 0, times 0 [ 989.060193] should_fail.cold+0x5/0xa [ 989.060211] ? anon_vma_clone+0xd3/0x560 [ 989.063242] should_failslab+0x5/0x10 [ 989.063643] kmem_cache_alloc+0x5b/0x480 [ 989.064074] anon_vma_clone+0xd3/0x560 [ 989.064502] ? putname+0xfe/0x140 [ 989.064877] __split_vma+0x16d/0x540 [ 989.065272] ? putname+0xfe/0x140 [ 989.065641] do_mas_align_munmap.constprop.0+0x25e/0xc00 [ 989.066215] ? __split_vma+0x540/0x540 [ 989.066635] ? mas_walk+0x48a/0x670 [ 989.067026] ? mas_find+0x203/0xdd0 [ 989.067409] do_mas_munmap+0x1ed/0x2c0 [ 989.067822] do_munmap+0xc3/0x100 [ 989.068189] ? vm_brk+0x20/0x20 [ 989.068550] __do_sys_mremap+0x1196/0x14f0 [ 989.069004] ? move_vma.constprop.0+0xf40/0xf40 [ 989.069497] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 989.070076] ? fput+0x2a/0x50 [ 989.070416] ? ksys_write+0x1a5/0x250 [ 989.070822] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 989.071356] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 989.071934] ? syscall_enter_from_user_mode+0x1d/0x50 [ 989.072497] do_syscall_64+0x3b/0x90 [ 989.072904] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 989.073448] RIP: 0033:0x7ff16643bb19 [ 989.073837] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 989.075777] RSP: 002b:00007ff1639b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 989.076590] RAX: ffffffffffffffda RBX: 00007ff16654ef60 RCX: 00007ff16643bb19 [ 989.077336] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 989.078079] RBP: 00007ff1639b11d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 989.078827] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 989.079572] R13: 00007fffc2898d3f R14: 00007ff1639b1300 R15: 0000000000022000 [ 989.080341] [ 989.080585] CPU: 1 PID: 9134 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 989.082502] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 989.084752] Call Trace: [ 989.085262] [ 989.085701] dump_stack_lvl+0x8b/0xb3 [ 989.086470] should_fail.cold+0x5/0xa [ 989.087234] ? create_object.isra.0+0x3a/0xa20 [ 989.088150] should_failslab+0x5/0x10 [ 989.088911] kmem_cache_alloc+0x5b/0x480 [ 989.089720] create_object.isra.0+0x3a/0xa20 [ 989.090602] ? kasan_unpoison+0x23/0x50 [ 989.091403] kmem_cache_alloc_trace+0x22e/0x3c0 [ 989.092376] alloc_workqueue_attrs+0x38/0x80 [ 989.093257] apply_wqattrs_prepare+0xbb/0x880 [ 989.094159] ? is_kernel_percpu_address+0xe6/0x110 [ 989.095149] apply_workqueue_attrs_locked+0xc1/0x140 [ 989.096167] alloc_workqueue+0xb1a/0xeb0 [ 989.096980] ? do_raw_spin_unlock+0x4f/0x210 [ 989.097849] ? _raw_spin_unlock+0x24/0x40 [ 989.098685] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 989.099679] ? __fget_files+0x28d/0x470 [ 989.100473] ? loop_configure+0x62b/0x1950 [ 989.101311] loop_configure+0x6ec/0x1950 [ 989.102120] ? putname+0xfe/0x140 [ 989.102815] lo_ioctl+0x782/0x1860 [ 989.103528] ? avc_has_extended_perms+0x7e8/0xeb0 [ 989.104505] ? loop_set_status_old+0x1b0/0x1b0 [ 989.105408] ? fsnotify+0xb4f/0x1250 [ 989.106136] ? avc_ss_reset+0x180/0x180 [ 989.106929] ? fsnotify_first_mark+0x1f0/0x1f0 [ 989.107822] ? rcu_read_lock_sched_held+0xd/0x70 [ 989.108907] ? lock_acquire+0x41c/0x4d0 [ 989.109824] ? rcu_read_lock_sched_held+0xd/0x70 [ 989.110914] ? lock_release+0x505/0x6f0 [ 989.111830] ? find_and_remove_object+0xe4/0x120 [ 989.112946] ? __delete_object+0xb3/0x100 [ 989.113909] ? lock_downgrade+0x6d0/0x6d0 [ 989.114864] ? rwlock_bug.part.0+0x90/0x90 15:47:19 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 2) [ 989.115846] ? rcu_read_lock_sched_held+0xd/0x70 [ 989.117148] ? selinux_inode_getsecctx+0x90/0x90 [ 989.118254] ? loop_set_status_old+0x1b0/0x1b0 [ 989.119316] blkdev_ioctl+0x362/0x7f0 [ 989.120196] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 989.121305] ? __x64_sys_ioctl+0x97/0x210 [ 989.122262] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 989.123533] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 989.124628] __x64_sys_ioctl+0x196/0x210 [ 989.125582] do_syscall_64+0x3b/0x90 [ 989.126449] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 989.127626] RIP: 0033:0x7f01cb9288d7 [ 989.128482] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 989.132742] RSP: 002b:00007f01c8e9df48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 989.134470] RAX: ffffffffffffffda RBX: 00007f01cb972970 RCX: 00007f01cb9288d7 [ 989.136097] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 989.137721] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff 15:47:19 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 4) [ 989.139342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 989.141037] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002 [ 989.142650] 15:47:19 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x33fe0, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:47:19 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) 15:47:19 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:47:19 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) fcntl$lock(r0, 0x0, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7}) [ 989.168177] FAULT_INJECTION: forcing a failure. [ 989.168177] name failslab, interval 1, probability 0, space 0, times 0 [ 989.169595] CPU: 0 PID: 9144 Comm: syz-executor.1 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 989.170571] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 989.171792] Call Trace: [ 989.172058] [ 989.172308] dump_stack_lvl+0x8b/0xb3 [ 989.172729] should_fail.cold+0x5/0xa [ 989.173151] ? lock_downgrade+0x6d0/0x6d0 [ 989.173606] ? create_object.isra.0+0x3a/0xa20 [ 989.174110] should_failslab+0x5/0x10 [ 989.174526] kmem_cache_alloc+0x5b/0x480 [ 989.174953] create_object.isra.0+0x3a/0xa20 [ 989.175432] ? kasan_unpoison+0x23/0x50 [ 989.175848] kmem_cache_alloc+0x239/0x480 [ 989.176312] anon_vma_clone+0xd3/0x560 [ 989.176720] ? putname+0xfe/0x140 [ 989.177116] __split_vma+0x16d/0x540 [ 989.177600] ? putname+0xfe/0x140 [ 989.178063] do_mas_align_munmap.constprop.0+0x25e/0xc00 [ 989.178772] ? __split_vma+0x540/0x540 [ 989.179281] ? mas_walk+0x48a/0x670 [ 989.179749] ? mas_find+0x203/0xdd0 [ 989.180243] do_mas_munmap+0x1ed/0x2c0 [ 989.180749] do_munmap+0xc3/0x100 [ 989.181194] ? vm_brk+0x20/0x20 [ 989.181554] __do_sys_mremap+0x1196/0x14f0 [ 989.181983] ? move_vma.constprop.0+0xf40/0xf40 [ 989.182478] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 989.183028] ? fput+0x2a/0x50 [ 989.183369] ? ksys_write+0x1a5/0x250 [ 989.183754] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 989.184297] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 989.184829] ? syscall_enter_from_user_mode+0x1d/0x50 [ 989.185383] do_syscall_64+0x3b/0x90 [ 989.185763] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 989.186307] RIP: 0033:0x7ff16643bb19 [ 989.186678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 989.188617] RSP: 002b:00007ff1639b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 989.189367] RAX: ffffffffffffffda RBX: 00007ff16654ef60 RCX: 00007ff16643bb19 [ 989.190066] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 989.190764] RBP: 00007ff1639b11d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 989.191467] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 989.192171] R13: 00007fffc2898d3f R14: 00007ff1639b1300 R15: 0000000000022000 [ 989.192914] [ 989.195016] FAULT_INJECTION: forcing a failure. [ 989.195016] name failslab, interval 1, probability 0, space 0, times 0 [ 989.196168] CPU: 0 PID: 9145 Comm: syz-executor.4 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 989.197140] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 989.198280] Call Trace: [ 989.198559] [ 989.198792] dump_stack_lvl+0x8b/0xb3 [ 989.199199] should_fail.cold+0x5/0xa [ 989.199617] ? create_object.isra.0+0x3a/0xa20 [ 989.200115] should_failslab+0x5/0x10 [ 989.200513] kmem_cache_alloc+0x5b/0x480 [ 989.200929] create_object.isra.0+0x3a/0xa20 [ 989.201413] ? kasan_unpoison+0x23/0x50 [ 989.201826] kmem_cache_alloc+0x239/0x480 [ 989.202278] vm_area_dup+0x7f/0x220 [ 989.202660] ? lock_release+0x505/0x6f0 [ 989.203101] ? unwind_next_frame+0xc8b/0x2250 [ 989.203565] ? __is_insn_slot_addr+0x122/0x250 [ 989.204063] ? lock_downgrade+0x6d0/0x6d0 [ 989.204494] ? unwind_next_frame+0xc8b/0x2250 [ 989.204955] ? entry_SYSCALL_64_after_hwframe+0x44/0xae [ 989.205498] ? __is_insn_slot_addr+0x144/0x250 [ 989.205969] ? kernel_text_address+0x53/0xb0 [ 989.206462] ? __kernel_text_address+0x9/0x30 [ 989.206928] ? vm_area_alloc+0xf0/0xf0 [ 989.207354] ? arch_stack_walk+0x99/0xf0 [ 989.207782] ? putname+0xfe/0x140 [ 989.208170] ? putname+0xfe/0x140 [ 989.208578] ? stack_trace_save+0x8c/0xc0 [ 989.209040] ? filter_irq_stacks+0x90/0x90 [ 989.209506] ? putname+0xfe/0x140 [ 989.209885] ? __stack_depot_save+0x35/0x450 [ 989.210368] __split_vma+0xa2/0x540 [ 989.210763] ? putname+0xfe/0x140 [ 989.211147] do_mas_align_munmap.constprop.0+0x25e/0xc00 [ 989.211741] ? __split_vma+0x540/0x540 [ 989.212167] ? mas_walk+0x48a/0x670 [ 989.212572] ? mas_find+0x203/0xdd0 [ 989.212970] do_mas_munmap+0x1ed/0x2c0 [ 989.213394] do_munmap+0xc3/0x100 [ 989.213764] ? vm_brk+0x20/0x20 [ 989.214134] __do_sys_mremap+0x1196/0x14f0 [ 989.214598] ? move_vma.constprop.0+0xf40/0xf40 [ 989.215128] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 989.215725] ? fput+0x2a/0x50 [ 989.216075] ? ksys_write+0x1a5/0x250 [ 989.216506] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 989.217060] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 989.217642] ? syscall_enter_from_user_mode+0x1d/0x50 [ 989.218217] do_syscall_64+0x3b/0x90 [ 989.218638] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 989.219197] RIP: 0033:0x7fe3cdd6fb19 [ 989.219596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 989.221619] RSP: 002b:00007fe3cb2e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 989.222423] RAX: ffffffffffffffda RBX: 00007fe3cde82f60 RCX: 00007fe3cdd6fb19 [ 989.223188] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 989.223960] RBP: 00007fe3cb2e51d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 989.224744] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 989.225526] R13: 00007fffdf0ea1bf R14: 00007fe3cb2e5300 R15: 0000000000022000 [ 989.226285] [ 989.227145] loop5: detected capacity change from 0 to 260 [ 989.232796] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:47:19 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f0000000040)=0x8, &(0x7f0000000080)=0x2) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x80049367, &(0x7f00000000c0)) 15:47:19 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) 15:47:19 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x7ffff000, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:47:19 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x8000, 0x0) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r2, 0x29, 0x41, &(0x7f00000013c0)=ANY=[@ANYBLOB="66696c746572000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e68f70f9c4df2758d9f8d605a39434277e2fa696f130defaca30c33069c54e95ab2d49d386de67038bea9b8abb810da5211161815aec90c6aedd5135c272ac76a548ee99de431b7e870fb8cbdc8675da2437b2eb6743410fb5eb51dde8c6c30596f3cfa858b5c6226b659da2df54f15b36965ae5d23efef57ea1dc4938962c81b8854ac21eb381eab1e0e48cde2435c93640b2e5"], 0x68) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000001980)={0x0, 0x3, 0x0, 0x2, 0x7f}) r3 = syz_io_uring_setup(0x51f3, &(0x7f0000000080)={0x0, 0xa6e9, 0x0, 0x2, 0x3b, 0x0, r1}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)) r5 = syz_io_uring_setup(0x4eff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r7 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r7, &(0x7f0000000140)={0x37}, 0x14) r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x5, 0x4010, r3, 0x0) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) syz_io_uring_submit(r8, r6, &(0x7f00000019c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x3, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x0, {0x0, r9}}, 0x9) syz_io_uring_submit(r4, r6, &(0x7f0000001280)=@IORING_OP_SEND={0x1a, 0x5, 0x0, r7, 0x0, &(0x7f0000000280)="2c215211d3fede84f8b8339531011c7cf5f2838a63f0076ec219f2c05bcd4d89d07c0e9b4be7dc5a7a55d6e6cb990d1c1291d636058ba4bec97ef224690a271c36e5820a48767e1dda90106f0bb81bb7d41db965ee62f03010807ed854b217bd2cf611ca1b23027357428bd5b7a5d5579456790c8d462db6b4b73a171344f296fc054a4d350efee36bf06cca6e8606a0ae7359f7c427d83a61e1726c98a34f6845ab07d100db477a53338f83afa33bbd6e26a934248e71ce289234c3f1633ff0944785750bbbf87061c7a106f7f419ea1ef9d7c8733d3e5d38a2acd0b5e09d5d624b139e4ed48dbf6c3d7247b25e5f722b10a727bba162925cc53c2154d04242a8644f35dc42e67697f409a96cf82fec4f6b8d62669ada2c788d80d5027865b19c362d7867e922c1c71d5e43f125cae68676280df630fb56096f28da34175349c033194feadc3cf82a206baed9dc11e8c9f1c1f87dd885203fe2d17fa9de81dcecc4af47b83b24364497adb3ff59d7fd0b9dbd6674897c677beef94e7c60fe4052626a1e4e1d16243128659dfc44de444278cac167cd5cb648f1b90f1d99a87723677beeff9c98d50fc37cfdb72ad614d891c8297a592dca98a3b7513c94aaff5f523b44f645ab2330c2fbb5993656e40c6b2549121b3a9b96bb231c956d3d041db19c87b7e6f290991ba494d88494be056f2eac7bd02068344805b8e22f1cd21f73a05596bec26e5b50597a3f84219ccd8cf84b93348d10c9770bea3b23178dd2ddde177bd54bf51757d79f453e0a90e1ec2dd48df55944dfa9ddfbf2c761c2ada17dc4694ad9a968a24902c9c69e919030107c3df679c092c07bfd0d70273e091c0394f75c5c7ed873780281c55b77cf704f1237c0aae750365708814de3a7791938084d50e4f6bc51d4c4e78a7d11d228996faaf3dbdfa2244dcea823611429c5831338e5eb37475860c4c838507c95dccd6a51f0cca8568e9cd0afcee7030bea5ce34c7dcd850c23786ff712ec3f55d85fc98b23fc60da6bd90ffa8ccc53ea56b95a5710fea68b028691a29c0eec7776a861af8f2154720c883d3827ecd9690d412f87c24a739bc3cbb45b1dec8bf9c8a8c5e4078cea0090144ade7e74b6e3530103078ba4eed86b7d02de550e3586aaa65155ba328397c4278c7fe29b6cdbf58b7ca91bb4c58251f18f59523a8cd255c83965cbdc366fa4c49ed30b0847f5df66edbe236c11b59b69e7f63d5d76a9977e6a2ed288d50c59497b7be677f7adfde8b6fc5a817204ae7a492d4c34691da2272f3949a6ed65e52c09dc3bd33e44eb77834ce7eb05000dd226abb90b2b06eabe01ebbe052a1918d70aa34a153d40452485a57526114004429c2987ccf2a0c850d06dc8e448730572f5cff5523ea2bff7aee6a1472d893f09d654d8d00fccb4182027b4c746974512a32b4b143153f365a8fe47653117ee093f670e3cc56b3236bb88b58ce21753150849061d4cde340d9e0a902abdadfc45ad8034628021099c131f42263aaafb8713701c592ce722315d38484acb9f3c59ff1114a1a1dc09a1064cc983e90d880ad3bf76255a0073aa5ef728393887c81f0322f4a7d6d3ee2af9214c333688c185a50b0dca305487aef93f7ac8a02ce3f88eba857658e4dbd276ab559f601be1aa6d118f0ee10a9b66917912f30f8faee8f5cf7bcc646f5567b57ac6a77ec67c0bdf97d2f815470a7fb65d483cde9d921b58cffec1e4ae8f585c454f5d7747980cc4ea0c2f450cd9d09e2151bea19a47ca5a804d0624663b2fa2a1c281ea51d60eb1f9b6edfad550c7500512eb0e9ff80adbdc7cc7a90e205db698cbefbbbfb4beb90e4e1147afc7168239563a990690c20d1a354672253dfd98c106f10429870b403a4d884cd7da63f4241de8b23d308d2ab07f08d0a39084e0ec599cbdd727799127feee0baf1d3829c9973c1facd93c65f1ac011e22a8388e6684133ac89b13fd8296aa8b29d5f13285c63a0ba106c464fa194351dafad904b372fd5f645370787055f2524e6f577b92601b22b20c7104bf4b1ce036d3d5cc5c564962b4534cbb01d7c2c143d54226d8e7d75d192f63011df448a1acc574ad89e61d4937e60e963f47f56fe2964554b6c6c16126c2e13a101e764de734080ae7c73e2387c650a795538b4b0fdebe7b898dc881f824fdb96a05e1f3e59451b30e0b3d05277702ad25f1b908ee33a6022bbfdc30c00250e840da41b2100097834b1e9fad9e788592026c74e8321cebe43a09347a44325d5f180b5c5401effa8ba8ec647ff84fd4b976c4b05cc308388227518bb4abe167e0a063c4593de5d9c1de56795473c2e1866c0ef8df523047431f9042c1360e499432e517cc94c6e81074ac01e507291a358053462a740c57114cfe3d9d9cbd53828d12f7ce5cef76a444164929aabce0307ae5a51c54e132cdf4968fd02bd3576eb0a9ae96b06ece64720c1d5f1f9fd56f0fe7259c295bbfb4275186492c3075c81bb6a0d94ab40df1aa5627dd43d02ff3c91f0080e94ec5821cdad7ced270bc202261b7faa077943942310b8efd0304948c621a29fd644aaffc4be9db9742cfd2ace7d66797468feb52893723c8ccc63af570204e8be19eb8d50abf39f569d205df0990db2362be8ca6bbf3865153e35716050532a4c940009d94fb0478022bb0353d6dbf7c21bed14d170d4b686a9b752eb1ab74215368131819ef80e435cffcbbb2811d1d50c8084910956c48424f83e1bb32eea6f8ba0d2e5c5f3f169554cab48924e9baf8ec446be8bb15c5154f7a807b1da7ec95183f3c8135f603e621d1dc7c03c8c58c70985208d0586b3ed1d9055b34d86ba2a0532bad18bf65e403cf895239ff97035f722625b1eb9d9ca8e61e0d08ee49a22fa051c678d9e9b4d4ef3ee6003753be1a22d8653d8b221e2bbdf7e523fbcfe39d6c21198e25bd61052189d404c7ef7211d495199421c2a5d80f19a156b8fedd9b46b214ea5de6aa07d7596bbd088294eb8680142d4700461067596b54a0bae2de471a6e3debaa4e0d4e5df7f9eac6f67d4e0cdb99227b7bb050a1ef455cf22224ea912948cd4db953dc507064bb74b9d7b431b7c78ef86ac8d268309ab33a083402117e8ada9ea6a2688f3e0f34dea18363f993dc578fea4fca8e65e5e8f1f37a1495f79c66f72cf6efdd45d55a8dc657f795b6d5a8b8e56c8ddfd55c55f80ccf8f2894c90767b5d203bf1c27c99e54b314ff2d9320e87f198423cf7cad0bee15ac7163c34ea9f01f35f815dc65ddbf4773b69aef2395cae54ed4e4025418868b0fb86836685f798ddc66a67cd3699e470f793f79aec493d11509ae712e22ae2639261c63c151376df4c5b97ba16c0cce459cdaf12e2d159dd1f65aeca6564816086058e200b7bc6633c91165f4174e1b207825fc3aefaee399b07821f74e11a5799af5b631644b4d5c387757dda2820e7673c84d109a13f4494c70beef9d1372acbef1f1bcf7cb6fa8dbf90bbd15f995dabe0404dc2d81feb86e9570b4fd1ea221f7f497545aba9b8507fc256209afc5c72ca34205d192a225a188b9f6aef6d96f108536b9de88e1284060f279a5c115199fbe001149b638b4bef10bcec15961e1715e6ca9b53d4acd0d48b937a5f83381942c798864f96aa0b115bdc8fbf6fe83f4ec90f209b79bc2cbd7adc8e0891edd1789c0a1a6305392389b7fe7750af172bd91fedf92c8635a6742ae083282214c5fd807005ef91d8b01cea7c4439bac200b15b3dbe30105dcb7f6914065716bef6d9de4041ee37a5e18ec0d35d8b4bb3d39074bba9cf4cf6c6db540116960e53a932f1678d63d5a66fe8f3056ba3ec8c08b5e2533bba1ea4db40a7841848899f3c1ec38f1030733c913309ac59ff440af49fbf0af2a3acf5bb0677f36ab7b6daefc911713cf0b0b3c744d5918852e9a56f074708fbe246ff29505442daf85aa0a26d7132f23a65b4a59da142c81dac426972a989fb8eb1ec8f2ce25e97045bd5b754db6fb940507d933f331aa2b200dc878319371b55ae847e586704a8e52ed9439c99549d776457a97272da5d5b0184672e0902756793412ae60641e3c281ef1a050b1e75eab4c862ae4f0baf7472e92b02226b1f07d2f16a1de3485848b0f63bafb3849a5c950d9c0ba4aaac6f1802357a306437eacc0e00595bf76d31fc4347cb2b60f4d6d09d91bdfe462bf909a0b57f6f067af44311f207a309c638984659a7d8c53495873e1a7a1b1cf899a90fa4ba3ecf0ae6a3afcdb7924b114bb14b9d54536df5d0ed380d4d15fce4750f408a4b2c27c5e1d6743b4cc2afc9a93a40d1f3d850ba3b26dbb6353f5e141213268fb18940afb934f374464982a2517b4822b9c06c521b6a48c5d638323081366b4500da211b62f8a0fd658553a5af0e73a6cba37640358808ad09e7c1e4068c2fd196f8273d2b99f85db8aa0d367eac9b80573f2dade8f2df304b92f26779d0a8f500cf96724a97959cfe31c95b22ac9c3bf2aab8aaa5b1de02b5ea62f7b830e034f4bee4201418b1cb16d822b33e4cf97ad1845ac74d23ef87b847c3480c59281c67b9148d7b0c7711bcae716e5e1ddf9e35ff64e61cdd033eec83f743810a98f7b4e5970554e342ad739e21640f589fe982fa80bd328c953e8e8aefc66cff84ec12000d2d42d7a413614e2c92f2d8b8737ba2b98b9b88466d3e423e53a6354306c447141ad8e0022c6dc957a69db14f354340998122e5d6267de2a371e66c6fd7d1c4b3100f01254f4dd992f9e76c262466720721cc16cff5c2f70da68f446d8afdd4af588724a169015cc2ca3ea72e9d52d9fa61a2d03f860efb722ad2b1161e39d12aac6fd5820c229a3a06b35f97fdd07088e6c2c82ad4c008d47b6c0f341f5529b60e593a302669ca93582691848cde595c6b946bc2343de1357db4b2b42783d409c26a9e5ec59e0a2b85d9fb732d17863f0f42437f1560b84de5e13748e1c0a10e7cc91e37211224dc3ff4773638bb498fe39a628f5e422e3a807c018e1a29e7327b79309cee9a85f821c2b037501772f4d3fde0696201a77a259c939e27e2822dbddead8a4e00481866ebec9efadf998ba99206fa8c477ab1e14fad560974024b8024d2a38dc8c8f3ef232209c43b3fba83fd371e62653ace17f937e661508e47e8f840520cb872b0b6e0d02651634e8eda8f62eae6986f60d4dd6536e016a379a396a65475df81add3a61ae3cfdea6234616a8ab583464cacb3d1ea4a8d7f18bebdf73b5805a23be8379dfa5ffc2cb79fb8661e73a1e3bae99e446732b84f59677f59cc97ade4b17b42a50430b56a181e2c539ce9a688061a56672f073fcbdf889a6d7d06d472a1370927d633b8c795bb42e9710fd1b852c9470e4ac3af79f69940c5c2d963674d168dd758c6f9e74be7faf58c855365dce048afaccaf193c007fe0750226007315c8436c31d42757784a8ad1dc66c2078b996174e443e0669ed08ce4b47e1a68deb149ef96e903f4cf7e1cca013218b89f60deb80e2bc4386d0d6ba14a7fb091cdb0f0b1ab62140a19d3713ead805ee6c656ec23e6eaa8775957ca819f48afe0060e862c9a7a20b0249c896cccc25872f3844015f2c58481b622473bf7e921c75ea22753430b2adf2347f2af69788767ca4dd7e76a93c47214012037cae886d0f5ed4102e3c5f57f6749583522d8764075fa65306e7cdc815de1b84745f124a2871504fe70d0e47594cb41c1bca0762b957f7fc69cb8653287a4ee5ecd8ab7aeed4325f5617a84440b0e0fce806b876bf29", 0x1000, 0x4, 0xd7f9ea71b7db31e6}, 0x1) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) r10 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r10, &(0x7f0000000140)={0x37}, 0x14) preadv(r10, &(0x7f0000001900)=[{&(0x7f00000012c0)=""/137, 0x89}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000014c0)=""/254, 0xfe}, {&(0x7f00000015c0)=""/218, 0xda}, {&(0x7f00000016c0)=""/161, 0xa1}, {&(0x7f0000001380)=""/63, 0x3f}, {&(0x7f0000001780)=""/93, 0x5d}, {&(0x7f0000001800)=""/216, 0xd8}], 0x8, 0x5, 0x8) r11 = syz_open_dev$mouse(&(0x7f0000000180), 0x6, 0x12800) fcntl$dupfd(r0, 0x0, r11) 15:47:19 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) fcntl$lock(r0, 0x0, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7}) 15:47:19 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 5) 15:47:19 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 3) 15:47:19 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') io_setup(0x5, &(0x7f0000000080)=0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r3, &(0x7f0000000140)={0x37}, 0x14) io_submit(r2, 0x1, &(0x7f0000000100)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0xff, r1, &(0x7f0000000180)="287c2606fe1b9329de7e1058eb100d62171873a81d3664d16ac6423a016094d854e66411e0c4b98e26cf39873f94fd82950353cf78802247b4cb9fe2e0a37c6f3f2e0394749ce7505b4690ecac44eeeff8e8e7adba21e4e7ec838990bcf84fb561b4903b8a7ed78316516dcf8d3e826302d65722a24621b59620783c8dbae9b27658a030ebde5cd4392996245e46bc50e0731c82d6b984deb3a888d482cb88af0e831c71f12058ab23b7bf9e88714271cda856fe1400dfc721e2e22502a1782900c7c539f15f5b34b1cf821a8b6499ebbfbc6db2581b385b8ca1983a24726a33b1f03058f536c53b94183a1a574b41d510fa05f494", 0xf5, 0x9, 0x0, 0x1, r3}]) write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x6) ioctl$F2FS_IOC_RESIZE_FS(r1, 0x4008f510, &(0x7f0000000040)=0x2) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') perf_event_open$cgroup(&(0x7f0000000680)={0x0, 0x80, 0x28, 0x20, 0x5, 0x0, 0x0, 0x2, 0x40, 0x5, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x7319, 0x2, @perf_bp={&(0x7f0000000640), 0x1}, 0x2000, 0x2, 0x1f, 0x7, 0x9, 0x3, 0x5, 0x0, 0x2, 0x0, 0x80000000}, r4, 0x4, r4, 0xc) write$P9_RMKNOD(r4, &(0x7f0000000140)={0x37}, 0x14) write$P9_RLOPEN(r4, &(0x7f0000000280)={0x18, 0xd, 0x2, {{0x2, 0x1, 0x3}}}, 0x18) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) ioctl$INCFS_IOC_CREATE_FILE(r3, 0xc058671e, &(0x7f00000005c0)={{'\x00', 0x2}, {0x4}, 0x40, 0x0, 0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='./file0\x00', &(0x7f0000000340)="c4460b2f68055c911d539c72e87b6a5e0256f6129cab85049ba610ebe398493c6f02c51649486227d0b78587fe782f4e3e8569cdb46406dea6f7a3f829d5e43301da0bd5c670d8b7c3eb989c1fbe603c3e3da04eea1aef75a5b65eb5c6909989a1bb297aae2fd533217ef61b0166eb7d0adfc762eb7e1116449aaa48705ae4c14d0eb9d1bd6ababb1f49b3baf3f6fc94fff043250df9b2be8f2ac8b75d86dbeac586efdb547675e76b1af6a4c84809247dc69211375f48831fd7529b7d617b9a8573f572e66414e2f0728aee4bfb5f76aa", 0xd1, 0x0, &(0x7f0000000440)={0x2, 0xd4, {0x0, 0xc, 0x1e, "1ee79f80febed261327f523c396fbaf659dbf042b71feae8223e3486a07d", 0xa9, "5fcf6b861fb1dc4c29e3dec3c16741ba0566ae7c8a88b7e18f2264d10723bcbec6503862fe425c240514d8fdff7c938d3d2a89d2f57315b5983d09680ce5441e96fad915e2a93408f8ff99e631467598bae2aa5b1d52c5bed709b6c96d250446d460648c0ada540ad0e4e15a64264bd8c24737c883ece8fcea57182c777a0e18906bb3a5501344ec5b3af3d1d9e0087884b527946073d62b0ea1e6dc587e2b0ddca73f4120614b4948"}, 0x8a, "76cf8a2c931a581a2071951b9c2ae593c320e14d3e72c281bebf78841651584f5f463b3b594b559373f8237826deeefe1acaf6eb00638588e9f63efdb8a89deb1b0d30e5e5eba7db3799dd660be15fd88c769c78822d341cf4437b7267e9ef6e376ebeb12d83f5d20703e745fc2cdec065e6c4258fd257fd4218ba5c460e9df02f6942927b2c7b786540"}, 0x16a}) [ 989.396472] FAULT_INJECTION: forcing a failure. [ 989.396472] name failslab, interval 1, probability 0, space 0, times 0 [ 989.398646] CPU: 0 PID: 9172 Comm: syz-executor.1 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 989.400631] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 989.402602] Call Trace: [ 989.403133] [ 989.403519] dump_stack_lvl+0x8b/0xb3 [ 989.404333] should_fail.cold+0x5/0xa [ 989.405128] ? vm_area_dup+0x7f/0x220 [ 989.405803] should_failslab+0x5/0x10 [ 989.406587] kmem_cache_alloc+0x5b/0x480 [ 989.407306] ? mas_store_gfp+0x133/0x1f0 [ 989.408141] vm_area_dup+0x7f/0x220 [ 989.408808] ? rcu_read_lock_sched_held+0xd/0x70 [ 989.409632] ? lock_release+0x505/0x6f0 [ 989.410457] ? __vma_adjust+0x707/0x1510 [ 989.411182] ? lock_downgrade+0x6d0/0x6d0 [ 989.412041] ? vma_store+0x145/0x360 [ 989.412717] ? vma_mt_szero+0x2e0/0x2e0 [ 989.413549] ? vm_area_alloc+0xf0/0xf0 [ 989.414247] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 989.415341] ? mas_next_nentry+0x52b/0xb30 [ 989.416067] ? mas_find+0x203/0xdd0 [ 989.416652] __split_vma+0xa2/0x540 [ 989.417186] ? mas_walk+0x48a/0x670 [ 989.417735] do_mas_align_munmap.constprop.0+0x3d8/0xc00 [ 989.418578] ? __split_vma+0x540/0x540 [ 989.419188] ? mas_walk+0x48a/0x670 [ 989.419746] ? mas_find+0x203/0xdd0 [ 989.420324] do_mas_munmap+0x1ed/0x2c0 [ 989.420921] do_munmap+0xc3/0x100 [ 989.421451] ? vm_brk+0x20/0x20 [ 989.421960] __do_sys_mremap+0x1196/0x14f0 [ 989.422619] ? move_vma.constprop.0+0xf40/0xf40 [ 989.423305] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 989.424142] ? fput+0x2a/0x50 [ 989.424633] ? ksys_write+0x1a5/0x250 [ 989.425211] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 989.425955] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 989.426738] ? syscall_enter_from_user_mode+0x1d/0x50 [ 989.427527] do_syscall_64+0x3b/0x90 [ 989.428107] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 989.428892] RIP: 0033:0x7ff16643bb19 [ 989.429466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 989.432239] RSP: 002b:00007ff1639b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 989.433400] RAX: ffffffffffffffda RBX: 00007ff16654ef60 RCX: 00007ff16643bb19 [ 989.434456] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 989.435578] RBP: 00007ff1639b11d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 989.436713] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 989.437822] R13: 00007fffc2898d3f R14: 00007ff1639b1300 R15: 0000000000022000 [ 989.438952] [ 989.443673] FAULT_INJECTION: forcing a failure. [ 989.443673] name failslab, interval 1, probability 0, space 0, times 0 [ 989.445549] CPU: 0 PID: 9178 Comm: syz-executor.4 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 989.447283] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 989.449082] Call Trace: [ 989.449461] [ 989.449796] dump_stack_lvl+0x8b/0xb3 [ 989.450380] should_fail.cold+0x5/0xa [ 989.450966] ? anon_vma_clone+0xd3/0x560 [ 989.451584] should_failslab+0x5/0x10 [ 989.452155] kmem_cache_alloc+0x5b/0x480 [ 989.452768] anon_vma_clone+0xd3/0x560 [ 989.453360] ? putname+0xfe/0x140 [ 989.453886] __split_vma+0x16d/0x540 [ 989.454446] ? putname+0xfe/0x140 [ 989.454993] do_mas_align_munmap.constprop.0+0x25e/0xc00 [ 989.455833] ? __split_vma+0x540/0x540 [ 989.456453] ? mas_walk+0x48a/0x670 [ 989.457019] ? mas_find+0x203/0xdd0 [ 989.457591] do_mas_munmap+0x1ed/0x2c0 [ 989.458215] do_munmap+0xc3/0x100 [ 989.458766] ? vm_brk+0x20/0x20 [ 989.459291] __do_sys_mremap+0x1196/0x14f0 [ 989.459981] ? move_vma.constprop.0+0xf40/0xf40 [ 989.460736] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 989.461601] ? fput+0x2a/0x50 [ 989.462103] ? ksys_write+0x1a5/0x250 [ 989.462705] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 989.463491] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 989.464336] ? syscall_enter_from_user_mode+0x1d/0x50 [ 989.465159] do_syscall_64+0x3b/0x90 [ 989.465752] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 989.466560] RIP: 0033:0x7fe3cdd6fb19 [ 989.467141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 989.470080] RSP: 002b:00007fe3cb2e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 989.471275] RAX: ffffffffffffffda RBX: 00007fe3cde82f60 RCX: 00007fe3cdd6fb19 [ 989.472414] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 989.473540] RBP: 00007fe3cb2e51d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 989.474674] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 989.475789] R13: 00007fffdf0ea1bf R14: 00007fe3cb2e5300 R15: 0000000000022000 [ 989.476920] 15:47:32 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) 15:47:32 executing program 6: setsockopt$inet_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000040)={0x40003}, 0x4) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x242300, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) 15:47:32 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) r1 = dup2(r0, 0xffffffffffffffff) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000180), 0x8000, 0x0) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r4) ioctl$LOOP_CTL_ADD(r2, 0x4c80, r4) syz_io_uring_setup(0x3b5f, &(0x7f0000000080)={0x0, 0xc207, 0x10, 0x1, 0xd4, 0x0, r1}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)) 15:47:32 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 4) 15:47:32 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 35) 15:47:32 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0xfffffdef, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:47:32 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) fcntl$lock(r0, 0x0, &(0x7f0000000300)={0x0, 0x1, 0x6, 0x7}) 15:47:32 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 6) [ 1001.616053] FAULT_INJECTION: forcing a failure. [ 1001.616053] name failslab, interval 1, probability 0, space 0, times 0 [ 1001.618844] CPU: 0 PID: 9194 Comm: syz-executor.4 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1001.621063] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1001.623704] Call Trace: [ 1001.624292] [ 1001.624825] dump_stack_lvl+0x8b/0xb3 [ 1001.625727] should_fail.cold+0x5/0xa [ 1001.626613] ? anon_vma_clone+0xd3/0x560 [ 1001.627567] ? create_object.isra.0+0x3a/0xa20 [ 1001.628661] should_failslab+0x5/0x10 [ 1001.629541] kmem_cache_alloc+0x5b/0x480 [ 1001.630489] create_object.isra.0+0x3a/0xa20 [ 1001.631516] ? kasan_unpoison+0x23/0x50 [ 1001.632459] kmem_cache_alloc+0x239/0x480 [ 1001.633426] anon_vma_clone+0xd3/0x560 [ 1001.634343] ? putname+0xfe/0x140 [ 1001.635165] __split_vma+0x16d/0x540 [ 1001.636035] ? putname+0xfe/0x140 [ 1001.636870] do_mas_align_munmap.constprop.0+0x25e/0xc00 [ 1001.638136] ? __split_vma+0x540/0x540 [ 1001.639046] ? mas_walk+0x48a/0x670 [ 1001.639890] ? mas_find+0x203/0xdd0 [ 1001.640735] do_mas_munmap+0x1ed/0x2c0 [ 1001.641645] do_munmap+0xc3/0x100 [ 1001.642459] ? vm_brk+0x20/0x20 [ 1001.643238] __do_sys_mremap+0x1196/0x14f0 [ 1001.644233] ? move_vma.constprop.0+0xf40/0xf40 [ 1001.645341] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1001.646627] ? fput+0x2a/0x50 [ 1001.647363] ? ksys_write+0x1a5/0x250 [ 1001.648260] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1001.649442] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1001.650226] FAULT_INJECTION: forcing a failure. [ 1001.650226] name failslab, interval 1, probability 0, space 0, times 0 [ 1001.650689] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1001.653060] do_syscall_64+0x3b/0x90 [ 1001.653929] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1001.655036] RIP: 0033:0x7fe3cdd6fb19 [ 1001.655831] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1001.659792] RSP: 002b:00007fe3cb2e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1001.661434] RAX: ffffffffffffffda RBX: 00007fe3cde82f60 RCX: 00007fe3cdd6fb19 [ 1001.663102] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1001.664754] RBP: 00007fe3cb2e51d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1001.666385] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 1001.668024] R13: 00007fffdf0ea1bf R14: 00007fe3cb2e5300 R15: 0000000000022000 [ 1001.669683] [ 1001.670215] CPU: 1 PID: 9200 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1001.671206] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1001.672377] Call Trace: [ 1001.672663] [ 1001.672891] dump_stack_lvl+0x8b/0xb3 [ 1001.673289] should_fail.cold+0x5/0xa [ 1001.673683] ? alloc_unbound_pwq+0x4ad/0xd70 [ 1001.674139] should_failslab+0x5/0x10 [ 1001.674531] kmem_cache_alloc_node+0x55/0x490 [ 1001.674994] alloc_unbound_pwq+0x4ad/0xd70 [ 1001.675430] apply_wqattrs_prepare+0x2a4/0x880 [ 1001.675896] ? is_kernel_percpu_address+0xe6/0x110 [ 1001.676406] apply_workqueue_attrs_locked+0xc1/0x140 [ 1001.676931] alloc_workqueue+0xb1a/0xeb0 [ 1001.677346] ? do_raw_spin_unlock+0x4f/0x210 [ 1001.677802] ? _raw_spin_unlock+0x24/0x40 [ 1001.678229] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 1001.678739] ? __fget_files+0x28d/0x470 [ 1001.679143] ? loop_configure+0x62b/0x1950 [ 1001.679583] loop_configure+0x6ec/0x1950 [ 1001.680005] ? putname+0xfe/0x140 [ 1001.680370] lo_ioctl+0x782/0x1860 [ 1001.680751] ? avc_has_extended_perms+0x7e8/0xeb0 [ 1001.681253] ? loop_set_status_old+0x1b0/0x1b0 [ 1001.681718] ? fsnotify+0xb4f/0x1250 [ 1001.682095] ? avc_ss_reset+0x180/0x180 [ 1001.682503] ? fsnotify_first_mark+0x1f0/0x1f0 [ 1001.682966] ? rcu_read_lock_sched_held+0xd/0x70 [ 1001.683456] ? lock_acquire+0x41c/0x4d0 [ 1001.683872] ? rcu_read_lock_sched_held+0xd/0x70 [ 1001.684360] ? lock_release+0x505/0x6f0 [ 1001.684784] ? find_and_remove_object+0xe4/0x120 [ 1001.685273] ? __delete_object+0xb3/0x100 [ 1001.685698] ? lock_downgrade+0x6d0/0x6d0 [ 1001.686126] ? rwlock_bug.part.0+0x90/0x90 [ 1001.686561] ? rcu_read_lock_sched_held+0xd/0x70 [ 1001.687060] ? selinux_inode_getsecctx+0x90/0x90 [ 1001.687552] ? loop_set_status_old+0x1b0/0x1b0 [ 1001.688020] blkdev_ioctl+0x362/0x7f0 [ 1001.688408] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 1001.688891] ? __x64_sys_ioctl+0x97/0x210 [ 1001.689310] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1001.689880] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 1001.690358] __x64_sys_ioctl+0x196/0x210 [ 1001.690770] do_syscall_64+0x3b/0x90 [ 1001.691151] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1001.691671] RIP: 0033:0x7f01cb9288d7 [ 1001.692044] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1001.693920] RSP: 002b:00007f01c8e9df48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1001.694691] RAX: ffffffffffffffda RBX: 00007f01cb972970 RCX: 00007f01cb9288d7 [ 1001.695409] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1001.696120] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff 15:47:32 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000040), 0x36db81, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) fstat(r0, &(0x7f0000000080)) [ 1001.696859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1001.697772] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002 [ 1001.698511] [ 1001.699568] FAULT_INJECTION: forcing a failure. [ 1001.699568] name failslab, interval 1, probability 0, space 0, times 0 [ 1001.702239] CPU: 0 PID: 9195 Comm: syz-executor.1 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1001.704425] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1001.704444] Call Trace: [ 1001.704450] [ 1001.704458] dump_stack_lvl+0x8b/0xb3 [ 1001.704496] should_fail.cold+0x5/0xa [ 1001.704530] ? create_object.isra.0+0x3a/0xa20 [ 1001.704566] should_failslab+0x5/0x10 [ 1001.704587] kmem_cache_alloc+0x5b/0x480 [ 1001.704617] create_object.isra.0+0x3a/0xa20 [ 1001.704651] ? kasan_unpoison+0x23/0x50 [ 1001.704687] kmem_cache_alloc+0x239/0x480 [ 1001.704716] vm_area_dup+0x7f/0x220 [ 1001.704750] ? rcu_read_lock_sched_held+0xd/0x70 [ 1001.704776] ? lock_release+0x505/0x6f0 [ 1001.704801] ? __vma_adjust+0x707/0x1510 [ 1001.704829] ? lock_downgrade+0x6d0/0x6d0 [ 1001.704855] ? vma_store+0x145/0x360 [ 1001.704880] ? vma_mt_szero+0x2e0/0x2e0 [ 1001.704910] ? vm_area_alloc+0xf0/0xf0 [ 1001.704939] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1001.704970] ? mas_next_nentry+0x52b/0xb30 [ 1001.704997] ? mas_find+0x203/0xdd0 [ 1001.705020] __split_vma+0xa2/0x540 [ 1001.725314] ? mas_walk+0x48a/0x670 [ 1001.726137] do_mas_align_munmap.constprop.0+0x3d8/0xc00 [ 1001.727388] ? __split_vma+0x540/0x540 [ 1001.728286] ? mas_walk+0x48a/0x670 [ 1001.729129] ? mas_find+0x203/0xdd0 [ 1001.729963] do_mas_munmap+0x1ed/0x2c0 [ 1001.730858] do_munmap+0xc3/0x100 [ 1001.731655] ? vm_brk+0x20/0x20 [ 1001.732427] __do_sys_mremap+0x1196/0x14f0 [ 1001.733406] ? move_vma.constprop.0+0xf40/0xf40 [ 1001.734470] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1001.735730] ? fput+0x2a/0x50 [ 1001.736471] ? ksys_write+0x1a5/0x250 [ 1001.737349] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1001.738494] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1001.739709] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1001.740912] do_syscall_64+0x3b/0x90 15:47:32 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x102, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 1001.741761] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1001.743100] RIP: 0033:0x7ff16643bb19 [ 1001.743938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1001.748515] RSP: 002b:00007ff1639b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1001.750343] RAX: ffffffffffffffda RBX: 00007ff16654ef60 RCX: 00007ff16643bb19 [ 1001.752048] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1001.753749] RBP: 00007ff1639b11d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1001.755452] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 1001.757161] R13: 00007fffc2898d3f R14: 00007ff1639b1300 R15: 0000000000022000 [ 1001.758881] 15:47:32 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 5) [ 1001.821393] FAULT_INJECTION: forcing a failure. [ 1001.821393] name failslab, interval 1, probability 0, space 0, times 0 [ 1001.822634] CPU: 1 PID: 9217 Comm: syz-executor.4 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1001.823613] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1001.824790] Call Trace: [ 1001.825054] [ 1001.825282] dump_stack_lvl+0x8b/0xb3 [ 1001.825682] should_fail.cold+0x5/0xa [ 1001.826077] ? vm_area_dup+0x7f/0x220 [ 1001.826473] should_failslab+0x5/0x10 [ 1001.826863] kmem_cache_alloc+0x5b/0x480 [ 1001.827286] ? mas_store_gfp+0x133/0x1f0 [ 1001.827705] vm_area_dup+0x7f/0x220 [ 1001.828082] ? rcu_read_lock_sched_held+0xd/0x70 [ 1001.828578] ? lock_release+0x505/0x6f0 [ 1001.828992] ? __vma_adjust+0x707/0x1510 [ 1001.829412] ? lock_downgrade+0x6d0/0x6d0 [ 1001.829836] ? vma_store+0x145/0x360 [ 1001.830227] ? vma_mt_szero+0x2e0/0x2e0 [ 1001.830636] ? vm_area_alloc+0xf0/0xf0 [ 1001.831040] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1001.831609] ? mas_next_nentry+0x52b/0xb30 [ 1001.832047] ? mas_find+0x203/0xdd0 [ 1001.832425] __split_vma+0xa2/0x540 [ 1001.832803] ? mas_walk+0x48a/0x670 [ 1001.833184] do_mas_align_munmap.constprop.0+0x3d8/0xc00 [ 1001.833746] ? __split_vma+0x540/0x540 [ 1001.834148] ? mas_walk+0x48a/0x670 [ 1001.834521] ? mas_find+0x203/0xdd0 [ 1001.834900] do_mas_munmap+0x1ed/0x2c0 [ 1001.835311] do_munmap+0xc3/0x100 [ 1001.835666] ? vm_brk+0x20/0x20 [ 1001.836021] __do_sys_mremap+0x1196/0x14f0 [ 1001.836468] ? move_vma.constprop.0+0xf40/0xf40 [ 1001.836947] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1001.837515] ? fput+0x2a/0x50 [ 1001.837842] ? ksys_write+0x1a5/0x250 [ 1001.838234] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1001.838756] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1001.839307] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1001.839835] do_syscall_64+0x3b/0x90 [ 1001.840222] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1001.840754] RIP: 0033:0x7fe3cdd6fb19 [ 1001.841131] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1001.843008] RSP: 002b:00007fe3cb2e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1001.843786] RAX: ffffffffffffffda RBX: 00007fe3cde82f60 RCX: 00007fe3cdd6fb19 [ 1001.844534] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1001.845265] RBP: 00007fe3cb2e51d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1001.845988] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 1001.846717] R13: 00007fffdf0ea1bf R14: 00007fe3cb2e5300 R15: 0000000000022000 [ 1001.847446] 15:47:42 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 6) 15:47:42 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x108, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:47:42 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 7) 15:47:42 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 36) 15:47:42 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) fcntl$lock(r0, 0x5, 0x0) 15:47:42 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r1, 0x8983, &(0x7f0000000180)={0x2, 'bridge_slave_0\x00', {0x1}, 0x2}) ioctl$CDROM_SET_OPTIONS(r1, 0x5320, 0xc) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x2400) ioctl$CDROMPLAYMSF(r1, 0x5303, &(0x7f0000000140)={0x4, 0x3f, 0x2, 0x0, 0x1, 0x5}) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f00000001c0)={0x0, 'veth0_macvtap\x00', {0x4}, 0x7}) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r4, &(0x7f0000000140)={0x37}, 0x14) ioctl$BTRFS_IOC_DEV_INFO(r3, 0xd000941e, &(0x7f0000000c00)={0x0, "fd75aa8fef38633dd288239fb4df1ed5"}) ioctl$BTRFS_IOC_DEV_INFO(r4, 0xd000941e, &(0x7f0000001c00)={r5, "eed5b99cde8040adcaf17d790daf3e7a"}) syz_open_dev$sg(&(0x7f00000000c0), 0x9c, 0x200300) fcntl$setflags(r2, 0x2, 0x1) r6 = pidfd_open(0x0, 0x0) fcntl$F_GET_FILE_RW_HINT(r6, 0x40d, &(0x7f0000000080)) [ 1011.567673] FAULT_INJECTION: forcing a failure. [ 1011.567673] name failslab, interval 1, probability 0, space 0, times 0 [ 1011.570005] CPU: 0 PID: 9227 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1011.571937] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1011.574239] Call Trace: [ 1011.574756] [ 1011.575200] dump_stack_lvl+0x8b/0xb3 [ 1011.575984] should_fail.cold+0x5/0xa [ 1011.576764] ? create_object.isra.0+0x3a/0xa20 [ 1011.577696] should_failslab+0x5/0x10 [ 1011.578462] kmem_cache_alloc+0x5b/0x480 15:47:42 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) [ 1011.579284] create_object.isra.0+0x3a/0xa20 [ 1011.580287] ? kasan_unpoison+0x23/0x50 [ 1011.581120] kmem_cache_alloc_node+0x248/0x490 [ 1011.582062] alloc_unbound_pwq+0x4ad/0xd70 [ 1011.582929] apply_wqattrs_prepare+0x2a4/0x880 [ 1011.583852] ? is_kernel_percpu_address+0xe6/0x110 [ 1011.584881] apply_workqueue_attrs_locked+0xc1/0x140 [ 1011.585917] alloc_workqueue+0xb1a/0xeb0 [ 1011.586738] ? do_raw_spin_unlock+0x4f/0x210 [ 1011.587637] ? _raw_spin_unlock+0x24/0x40 15:47:42 executing program 2: r0 = semget$private(0x0, 0x4, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x400}], 0x1, 0x0) semtimedop(r0, &(0x7f0000000000)=[{0x0, 0x7fff}], 0x1, 0x0) semctl$IPC_STAT(r0, 0x0, 0x2, &(0x7f0000000340)=""/166) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r2 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x4eff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @private1}}, 0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f00000000c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x2, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x1, 0x1, 0x2, {0x0, r6}}, 0x9) syz_io_uring_setup(0x4eff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_submit(r7, r8, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r9, 0x80, &(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @private1}}, 0x0) syz_io_uring_submit(r3, r8, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x4, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r6}}, 0x8) [ 1011.588509] ? workqueue_sysfs_register+0x3e0/0x3e0 [ 1011.589589] ? __fget_files+0x28d/0x470 [ 1011.590393] ? loop_configure+0x62b/0x1950 [ 1011.591251] loop_configure+0x6ec/0x1950 [ 1011.592061] FAULT_INJECTION: forcing a failure. [ 1011.592061] name failslab, interval 1, probability 0, space 0, times 0 [ 1011.592073] ? putname+0xfe/0x140 [ 1011.593967] lo_ioctl+0x782/0x1860 [ 1011.594684] ? avc_has_extended_perms+0x7e8/0xeb0 [ 1011.595667] ? loop_set_status_old+0x1b0/0x1b0 [ 1011.596594] ? fsnotify+0xb4f/0x1250 [ 1011.597346] ? avc_ss_reset+0x180/0x180 [ 1011.598154] ? fsnotify_first_mark+0x1f0/0x1f0 [ 1011.599078] ? rcu_read_lock_sched_held+0xd/0x70 [ 1011.600043] ? lock_acquire+0x41c/0x4d0 [ 1011.600864] ? rcu_read_lock_sched_held+0xd/0x70 [ 1011.601817] ? lock_release+0x505/0x6f0 [ 1011.602615] ? find_and_remove_object+0xe4/0x120 [ 1011.603574] ? __delete_object+0xb3/0x100 [ 1011.604419] ? lock_downgrade+0x6d0/0x6d0 [ 1011.605265] ? rwlock_bug.part.0+0x90/0x90 [ 1011.606126] ? rcu_read_lock_sched_held+0xd/0x70 [ 1011.607095] ? selinux_inode_getsecctx+0x90/0x90 [ 1011.608062] ? loop_set_status_old+0x1b0/0x1b0 [ 1011.608997] blkdev_ioctl+0x362/0x7f0 [ 1011.609762] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 1011.610713] ? __x64_sys_ioctl+0x97/0x210 [ 1011.611550] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1011.612673] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 1011.613623] __x64_sys_ioctl+0x196/0x210 [ 1011.614447] do_syscall_64+0x3b/0x90 [ 1011.615209] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1011.616248] RIP: 0033:0x7f01cb9288d7 [ 1011.617005] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1011.620712] RSP: 002b:00007f01c8e9df48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1011.622244] RAX: ffffffffffffffda RBX: 00007f01cb972970 RCX: 00007f01cb9288d7 [ 1011.623682] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1011.625133] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 1011.626580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1011.628018] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002 [ 1011.629486] [ 1011.629955] CPU: 1 PID: 9228 Comm: syz-executor.4 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1011.631057] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1011.632259] Call Trace: [ 1011.632533] [ 1011.632776] dump_stack_lvl+0x8b/0xb3 [ 1011.633186] should_fail.cold+0x5/0xa [ 1011.633601] ? create_object.isra.0+0x3a/0xa20 [ 1011.634087] should_failslab+0x5/0x10 [ 1011.634490] kmem_cache_alloc+0x5b/0x480 [ 1011.634914] create_object.isra.0+0x3a/0xa20 [ 1011.635380] ? kasan_unpoison+0x23/0x50 [ 1011.635808] kmem_cache_alloc+0x239/0x480 [ 1011.636245] vm_area_dup+0x7f/0x220 [ 1011.636655] ? rcu_read_lock_sched_held+0xd/0x70 [ 1011.637171] ? lock_release+0x505/0x6f0 [ 1011.637620] ? __vma_adjust+0x707/0x1510 [ 1011.638071] ? lock_downgrade+0x6d0/0x6d0 [ 1011.638525] ? vma_store+0x145/0x360 [ 1011.638929] ? vma_mt_szero+0x2e0/0x2e0 [ 1011.639367] ? vm_area_alloc+0xf0/0xf0 [ 1011.639792] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1011.640394] ? mas_next_nentry+0x52b/0xb30 [ 1011.640875] ? mas_find+0x203/0xdd0 [ 1011.641272] __split_vma+0xa2/0x540 [ 1011.641680] ? mas_walk+0x48a/0x670 [ 1011.642074] do_mas_align_munmap.constprop.0+0x3d8/0xc00 [ 1011.642667] ? __split_vma+0x540/0x540 [ 1011.643091] ? mas_walk+0x48a/0x670 [ 1011.643487] ? mas_find+0x203/0xdd0 [ 1011.643885] do_mas_munmap+0x1ed/0x2c0 [ 1011.644308] do_munmap+0xc3/0x100 [ 1011.644701] ? vm_brk+0x20/0x20 [ 1011.645064] __do_sys_mremap+0x1196/0x14f0 [ 1011.645529] ? move_vma.constprop.0+0xf40/0xf40 [ 1011.646034] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1011.646640] ? fput+0x2a/0x50 [ 1011.646986] ? ksys_write+0x1a5/0x250 [ 1011.647410] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1011.647967] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1011.648552] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1011.649144] do_syscall_64+0x3b/0x90 [ 1011.649559] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1011.650121] RIP: 0033:0x7fe3cdd6fb19 [ 1011.650520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1011.652516] RSP: 002b:00007fe3cb2e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1011.653345] RAX: ffffffffffffffda RBX: 00007fe3cde82f60 RCX: 00007fe3cdd6fb19 [ 1011.654116] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1011.654879] RBP: 00007fe3cb2e51d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1011.655645] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 1011.656415] R13: 00007fffdf0ea1bf R14: 00007fe3cb2e5300 R15: 0000000000022000 [ 1011.657203] [ 1011.659744] FAULT_INJECTION: forcing a failure. [ 1011.659744] name failslab, interval 1, probability 0, space 0, times 0 [ 1011.661021] CPU: 1 PID: 9241 Comm: syz-executor.1 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1011.662083] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1011.663323] Call Trace: [ 1011.663601] [ 1011.663845] dump_stack_lvl+0x8b/0xb3 [ 1011.664266] should_fail.cold+0x5/0xa [ 1011.664690] ? anon_vma_clone+0xd3/0x560 [ 1011.665146] should_failslab+0x5/0x10 [ 1011.665557] kmem_cache_alloc+0x5b/0x480 [ 1011.666005] anon_vma_clone+0xd3/0x560 [ 1011.666433] __split_vma+0x16d/0x540 [ 1011.666849] ? mas_walk+0x48a/0x670 [ 1011.667241] do_mas_align_munmap.constprop.0+0x3d8/0xc00 [ 1011.667837] ? __split_vma+0x540/0x540 [ 1011.668261] ? mas_walk+0x48a/0x670 [ 1011.668674] ? mas_find+0x203/0xdd0 [ 1011.669074] do_mas_munmap+0x1ed/0x2c0 [ 1011.669498] do_munmap+0xc3/0x100 [ 1011.669879] ? vm_brk+0x20/0x20 [ 1011.670249] __do_sys_mremap+0x1196/0x14f0 [ 1011.670717] ? move_vma.constprop.0+0xf40/0xf40 [ 1011.671232] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1011.671824] ? fput+0x2a/0x50 [ 1011.672168] ? ksys_write+0x1a5/0x250 [ 1011.672595] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1011.673141] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1011.673716] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1011.674285] do_syscall_64+0x3b/0x90 [ 1011.674698] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1011.675265] RIP: 0033:0x7ff16643bb19 [ 1011.675671] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1011.677700] RSP: 002b:00007ff1639b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1011.678528] RAX: ffffffffffffffda RBX: 00007ff16654ef60 RCX: 00007ff16643bb19 [ 1011.679305] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1011.680102] RBP: 00007ff1639b11d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1011.680892] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 1011.681674] R13: 00007fffc2898d3f R14: 00007ff1639b1300 R15: 0000000000022000 [ 1011.682471] 15:47:42 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x130, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 1011.694353] loop5: detected capacity change from 0 to 260 [ 1011.699991] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:47:42 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 8) 15:47:42 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 37) 15:47:42 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) fcntl$lock(r0, 0x5, 0x0) 15:47:42 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x16b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 1011.753723] FAULT_INJECTION: forcing a failure. [ 1011.753723] name failslab, interval 1, probability 0, space 0, times 0 [ 1011.754952] CPU: 1 PID: 9254 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1011.755947] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1011.757140] Call Trace: [ 1011.757404] [ 1011.757640] dump_stack_lvl+0x8b/0xb3 [ 1011.758048] should_fail.cold+0x5/0xa [ 1011.758447] ? kobject_uevent_env+0x236/0xfa0 [ 1011.758930] should_failslab+0x5/0x10 [ 1011.759328] kmem_cache_alloc_trace+0x55/0x3c0 [ 1011.759802] kobject_uevent_env+0x236/0xfa0 [ 1011.760261] ? dev_uevent_filter+0xd0/0xd0 [ 1011.760718] ? _raw_spin_unlock+0x24/0x40 [ 1011.761158] disk_event_uevent+0x17b/0x1e0 [ 1011.761610] ? disk_events_async_show+0x10/0x10 [ 1011.762123] ? __fget_files+0x28d/0x470 [ 1011.762548] disk_force_media_change+0x1e/0xc0 [ 1011.763061] loop_configure+0x75b/0x1950 [ 1011.763492] ? putname+0xfe/0x140 [ 1011.763884] lo_ioctl+0x782/0x1860 [ 1011.764255] ? avc_has_extended_perms+0x7e8/0xeb0 [ 1011.764820] ? loop_set_status_old+0x1b0/0x1b0 [ 1011.765329] ? fsnotify+0xb4f/0x1250 [ 1011.765726] ? avc_ss_reset+0x180/0x180 [ 1011.766176] ? fsnotify_first_mark+0x1f0/0x1f0 [ 1011.766692] ? rcu_read_lock_sched_held+0xd/0x70 [ 1011.767220] ? lock_acquire+0x41c/0x4d0 [ 1011.767632] ? rcu_read_lock_sched_held+0xd/0x70 [ 1011.768161] ? lock_release+0x505/0x6f0 [ 1011.768582] ? find_and_remove_object+0xe4/0x120 [ 1011.769112] ? __delete_object+0xb3/0x100 [ 1011.769567] ? lock_downgrade+0x6d0/0x6d0 [ 1011.770023] ? rwlock_bug.part.0+0x90/0x90 [ 1011.770496] ? rcu_read_lock_sched_held+0xd/0x70 [ 1011.771031] ? selinux_inode_getsecctx+0x90/0x90 [ 1011.771552] ? loop_set_status_old+0x1b0/0x1b0 [ 1011.772027] blkdev_ioctl+0x362/0x7f0 [ 1011.772438] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 1011.772943] ? __x64_sys_ioctl+0x97/0x210 [ 1011.773408] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1011.773976] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 1011.774496] __x64_sys_ioctl+0x196/0x210 [ 1011.774933] do_syscall_64+0x3b/0x90 [ 1011.775358] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1011.775896] RIP: 0033:0x7f01cb9288d7 [ 1011.776304] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1011.778265] RSP: 002b:00007f01c8e9df48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1011.779113] RAX: ffffffffffffffda RBX: 00007f01cb972970 RCX: 00007f01cb9288d7 [ 1011.779872] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1011.780685] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 1011.781489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1011.782275] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002 [ 1011.783065] [ 1011.800389] FAULT_INJECTION: forcing a failure. [ 1011.800389] name failslab, interval 1, probability 0, space 0, times 0 [ 1011.801665] CPU: 1 PID: 9256 Comm: syz-executor.1 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1011.802683] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1011.803897] Call Trace: [ 1011.804163] [ 1011.804402] dump_stack_lvl+0x8b/0xb3 [ 1011.804844] should_fail.cold+0x5/0xa [ 1011.805248] ? lock_downgrade+0x6d0/0x6d0 [ 1011.805698] ? create_object.isra.0+0x3a/0xa20 [ 1011.806190] should_failslab+0x5/0x10 [ 1011.806588] kmem_cache_alloc+0x5b/0x480 [ 1011.807033] create_object.isra.0+0x3a/0xa20 [ 1011.807508] ? kasan_unpoison+0x23/0x50 [ 1011.807933] kmem_cache_alloc+0x239/0x480 [ 1011.808375] anon_vma_clone+0xd3/0x560 [ 1011.808819] __split_vma+0x16d/0x540 [ 1011.809217] ? mas_walk+0x48a/0x670 [ 1011.809598] do_mas_align_munmap.constprop.0+0x3d8/0xc00 [ 1011.810284] ? __split_vma+0x540/0x540 [ 1011.810692] ? mas_walk+0x48a/0x670 [ 1011.811069] ? mas_find+0x203/0xdd0 [ 1011.811446] do_mas_munmap+0x1ed/0x2c0 [ 1011.811854] do_munmap+0xc3/0x100 [ 1011.812220] ? vm_brk+0x20/0x20 [ 1011.812582] __do_sys_mremap+0x1196/0x14f0 [ 1011.813035] ? move_vma.constprop.0+0xf40/0xf40 [ 1011.813520] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1011.814100] ? fput+0x2a/0x50 [ 1011.814440] ? ksys_write+0x1a5/0x250 [ 1011.814841] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1011.815364] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1011.815928] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1011.816462] do_syscall_64+0x3b/0x90 [ 1011.816859] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1011.817410] RIP: 0033:0x7ff16643bb19 [ 1011.817793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1011.819725] RSP: 002b:00007ff1639b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1011.820518] RAX: ffffffffffffffda RBX: 00007ff16654ef60 RCX: 00007ff16643bb19 [ 1011.821273] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1011.822015] RBP: 00007ff1639b11d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1011.822754] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 1011.823499] R13: 00007fffc2898d3f R14: 00007ff1639b1300 R15: 0000000000022000 [ 1011.824262] 15:47:42 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 7) 15:47:42 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) [ 1011.845137] FAULT_INJECTION: forcing a failure. [ 1011.845137] name failslab, interval 1, probability 0, space 0, times 0 [ 1011.846387] CPU: 1 PID: 9267 Comm: syz-executor.4 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1011.847389] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1011.848598] Call Trace: [ 1011.848871] [ 1011.849102] dump_stack_lvl+0x8b/0xb3 [ 1011.849510] should_fail.cold+0x5/0xa [ 1011.849911] ? anon_vma_clone+0xd3/0x560 [ 1011.850357] should_failslab+0x5/0x10 [ 1011.850775] kmem_cache_alloc+0x5b/0x480 [ 1011.851208] anon_vma_clone+0xd3/0x560 [ 1011.851620] __split_vma+0x16d/0x540 [ 1011.852024] ? mas_walk+0x48a/0x670 [ 1011.852408] do_mas_align_munmap.constprop.0+0x3d8/0xc00 [ 1011.852997] ? __split_vma+0x540/0x540 [ 1011.853410] ? mas_walk+0x48a/0x670 [ 1011.853787] ? mas_find+0x203/0xdd0 [ 1011.854174] do_mas_munmap+0x1ed/0x2c0 [ 1011.854585] do_munmap+0xc3/0x100 [ 1011.854947] ? vm_brk+0x20/0x20 [ 1011.855311] __do_sys_mremap+0x1196/0x14f0 [ 1011.855763] ? move_vma.constprop.0+0xf40/0xf40 [ 1011.856263] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1011.856847] ? fput+0x2a/0x50 [ 1011.857180] ? ksys_write+0x1a5/0x250 [ 1011.857595] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1011.858122] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1011.858689] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1011.859235] do_syscall_64+0x3b/0x90 [ 1011.859632] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1011.860168] RIP: 0033:0x7fe3cdd6fb19 [ 1011.860572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1011.862510] RSP: 002b:00007fe3cb2e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1011.863314] RAX: ffffffffffffffda RBX: 00007fe3cde82f60 RCX: 00007fe3cdd6fb19 [ 1011.864066] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1011.864831] RBP: 00007fe3cb2e51d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1011.865590] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 1011.866357] R13: 00007fffdf0ea1bf R14: 00007fe3cb2e5300 R15: 0000000000022000 [ 1011.867130] 15:47:42 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r2, &(0x7f0000000140)={0x37}, 0x14) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0, {0x1}}, './file0\x00'}) io_submit(0x0, 0x3, &(0x7f0000000240)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x3, 0xffff, r1, &(0x7f0000000080)="acb27dc34e56744c21d8a73f4b75be0fd1a6bb3b2201734948a5d9ead474d2a7b9a02b85a8bfc2cf067d731cd2e927e78e45f2f4dda54849", 0x38, 0x0, 0x0, 0x7}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x6, 0x4, r2, &(0x7f0000000100)="7b66a161cab66cc19dea9922919e35ace6164730859d477354e7af3997a320be7fd7fa8eaf539a87fda5636b0ee70146", 0x30, 0x0, 0x0, 0x2}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x8, 0x9, r3, &(0x7f00000001c0)="9e8415597d17ef6968477bb49e11f9180c64c4f29632a5be8d42cc35fc24703a", 0x20, 0xfff, 0x0, 0x3, r0}]) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) 15:47:42 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:47:42 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) fcntl$lock(r0, 0x5, 0x0) [ 1011.966544] loop5: detected capacity change from 0 to 260 [ 1011.970153] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:47:53 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x0, 0x6, 0x7}) 15:47:53 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) 15:47:53 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 38) 15:47:53 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 8) 15:47:53 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) r2 = mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000a, 0x40010, r1, 0x10000000) syz_io_uring_submit(0x0, r2, &(0x7f0000000080)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd=r0, 0x40, 0x0, 0x5, 0x3, 0x1}, 0x4) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:47:53 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 9) 15:47:53 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x46a903, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) ioctl$CDROM_NEXT_WRITABLE(r0, 0x5394, &(0x7f0000000040)) ioctl$CDROM_CLEAR_OPTIONS(r0, 0x5321, 0x0) 15:47:53 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x2, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 1022.603287] FAULT_INJECTION: forcing a failure. 15:47:53 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) [ 1022.603287] name failslab, interval 1, probability 0, space 0, times 0 [ 1022.605742] CPU: 1 PID: 9294 Comm: syz-executor.1 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1022.607662] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1022.609931] Call Trace: [ 1022.610438] [ 1022.610881] dump_stack_lvl+0x8b/0xb3 [ 1022.611648] should_fail.cold+0x5/0xa [ 1022.612405] ? mas_alloc_nodes+0x2f4/0x600 [ 1022.613272] should_failslab+0x5/0x10 [ 1022.614026] kmem_cache_alloc+0x5b/0x480 [ 1022.614844] mas_alloc_nodes+0x2f4/0x600 [ 1022.615664] mas_node_count+0x101/0x130 [ 1022.616463] mas_root_expand.isra.0+0xe5/0xa60 [ 1022.616498] FAULT_INJECTION: forcing a failure. [ 1022.616498] name failslab, interval 1, probability 0, space 0, times 0 [ 1022.617403] mas_wr_store_entry.isra.0+0x33c/0x10e0 [ 1022.617427] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1022.620696] mas_store_gfp+0xca/0x1f0 [ 1022.621488] ? mtree_store+0x30/0x30 [ 1022.622236] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1022.623323] ? __split_vma+0x3b5/0x540 [ 1022.624103] do_mas_align_munmap.constprop.0+0x487/0xc00 [ 1022.625198] ? __split_vma+0x540/0x540 [ 1022.625975] ? mas_walk+0x48a/0x670 [ 1022.626693] ? mas_find+0x203/0xdd0 [ 1022.627420] do_mas_munmap+0x1ed/0x2c0 [ 1022.628200] do_munmap+0xc3/0x100 [ 1022.628907] ? vm_brk+0x20/0x20 [ 1022.629570] __do_sys_mremap+0x1196/0x14f0 [ 1022.630418] ? move_vma.constprop.0+0xf40/0xf40 [ 1022.631349] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1022.632443] ? fput+0x2a/0x50 [ 1022.633093] ? ksys_write+0x1a5/0x250 [ 1022.633862] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1022.634858] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1022.635917] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1022.636952] do_syscall_64+0x3b/0x90 [ 1022.637702] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1022.638725] RIP: 0033:0x7ff16643bb19 [ 1022.639462] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1022.643134] RSP: 002b:00007ff1639b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1022.644638] RAX: ffffffffffffffda RBX: 00007ff16654ef60 RCX: 00007ff16643bb19 [ 1022.646073] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1022.647472] RBP: 00007ff1639b11d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1022.648872] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 1022.650288] R13: 00007fffc2898d3f R14: 00007ff1639b1300 R15: 0000000000022000 [ 1022.651703] [ 1022.652168] CPU: 0 PID: 9296 Comm: syz-executor.5 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1022.653226] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1022.654432] Call Trace: [ 1022.654705] [ 1022.654946] dump_stack_lvl+0x8b/0xb3 [ 1022.655375] should_fail.cold+0x5/0xa [ 1022.655795] ? create_object.isra.0+0x3a/0xa20 [ 1022.656306] should_failslab+0x5/0x10 [ 1022.656728] kmem_cache_alloc+0x5b/0x480 [ 1022.657197] create_object.isra.0+0x3a/0xa20 [ 1022.657683] ? kasan_unpoison+0x23/0x50 [ 1022.658127] kmem_cache_alloc_trace+0x22e/0x3c0 [ 1022.658628] kobject_uevent_env+0x236/0xfa0 [ 1022.659099] ? dev_uevent_filter+0xd0/0xd0 [ 1022.659547] ? _raw_spin_unlock+0x24/0x40 [ 1022.660016] disk_event_uevent+0x17b/0x1e0 [ 1022.660468] ? disk_events_async_show+0x10/0x10 [ 1022.660996] ? __fget_files+0x28d/0x470 [ 1022.661439] disk_force_media_change+0x1e/0xc0 [ 1022.661953] loop_configure+0x75b/0x1950 [ 1022.662407] ? putname+0xfe/0x140 [ 1022.662795] lo_ioctl+0x782/0x1860 [ 1022.663195] ? avc_has_extended_perms+0x7e8/0xeb0 [ 1022.663741] ? loop_set_status_old+0x1b0/0x1b0 [ 1022.664251] ? fsnotify+0xb4f/0x1250 [ 1022.664647] ? avc_ss_reset+0x180/0x180 [ 1022.665106] ? fsnotify_first_mark+0x1f0/0x1f0 [ 1022.665618] ? rcu_read_lock_sched_held+0xd/0x70 [ 1022.666145] ? lock_acquire+0x41c/0x4d0 [ 1022.666588] ? rcu_read_lock_sched_held+0xd/0x70 [ 1022.667111] ? lock_release+0x505/0x6f0 [ 1022.667549] ? find_and_remove_object+0xe4/0x120 [ 1022.668076] ? __delete_object+0xb3/0x100 [ 1022.668543] ? lock_downgrade+0x6d0/0x6d0 [ 1022.669017] ? rwlock_bug.part.0+0x90/0x90 [ 1022.669491] ? rcu_read_lock_sched_held+0xd/0x70 [ 1022.670025] ? selinux_inode_getsecctx+0x90/0x90 [ 1022.670531] ? loop_set_status_old+0x1b0/0x1b0 [ 1022.671047] blkdev_ioctl+0x362/0x7f0 [ 1022.671474] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 1022.671995] ? __x64_sys_ioctl+0x97/0x210 [ 1022.672457] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1022.673072] ? blkdev_common_ioctl+0x16d0/0x16d0 [ 1022.673595] __x64_sys_ioctl+0x196/0x210 [ 1022.674049] do_syscall_64+0x3b/0x90 [ 1022.674466] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1022.675033] RIP: 0033:0x7f01cb9288d7 [ 1022.675424] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 54 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1022.677465] RSP: 002b:00007f01c8e9df48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1022.678307] RAX: ffffffffffffffda RBX: 00007f01cb972970 RCX: 00007f01cb9288d7 [ 1022.679092] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1022.679884] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffffffffffff [ 1022.680669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1022.681463] R13: 0000000000000004 R14: 0000000020000230 R15: 0000000000000002 [ 1022.682252] [ 1022.686358] FAULT_INJECTION: forcing a failure. [ 1022.686358] name failslab, interval 1, probability 0, space 0, times 0 [ 1022.687597] CPU: 0 PID: 9303 Comm: syz-executor.4 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1022.688697] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1022.689900] Call Trace: [ 1022.690173] [ 1022.690413] dump_stack_lvl+0x8b/0xb3 [ 1022.690830] should_fail.cold+0x5/0xa [ 1022.691244] ? create_object.isra.0+0x3a/0xa20 [ 1022.691753] should_failslab+0x5/0x10 [ 1022.692161] kmem_cache_alloc+0x5b/0x480 [ 1022.692593] create_object.isra.0+0x3a/0xa20 [ 1022.693074] ? kasan_unpoison+0x23/0x50 [ 1022.693508] kmem_cache_alloc+0x239/0x480 [ 1022.693953] anon_vma_clone+0xd3/0x560 [ 1022.694379] __split_vma+0x16d/0x540 [ 1022.694778] ? mas_walk+0x48a/0x670 [ 1022.695171] do_mas_align_munmap.constprop.0+0x3d8/0xc00 [ 1022.695749] ? __split_vma+0x540/0x540 [ 1022.696176] ? mas_walk+0x48a/0x670 [ 1022.696561] ? mas_find+0x203/0xdd0 [ 1022.696958] do_mas_munmap+0x1ed/0x2c0 [ 1022.697382] do_munmap+0xc3/0x100 [ 1022.697753] ? vm_brk+0x20/0x20 [ 1022.698113] __do_sys_mremap+0x1196/0x14f0 [ 1022.698569] ? move_vma.constprop.0+0xf40/0xf40 [ 1022.699068] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1022.699662] ? fput+0x2a/0x50 [ 1022.699999] ? ksys_write+0x1a5/0x250 [ 1022.700411] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1022.700953] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1022.701522] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1022.702077] do_syscall_64+0x3b/0x90 [ 1022.702278] loop5: detected capacity change from 0 to 260 [ 1022.702479] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1022.702493] RIP: 0033:0x7fe3cdd6fb19 [ 1022.702502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1022.702514] RSP: 002b:00007fe3cb2e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1022.707279] RAX: ffffffffffffffda RBX: 00007fe3cde82f60 RCX: 00007fe3cdd6fb19 [ 1022.708032] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1022.708793] RBP: 00007fe3cb2e51d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1022.709546] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 1022.710297] R13: 00007fffdf0ea1bf R14: 00007fe3cb2e5300 R15: 0000000000022000 [ 1022.711052] 15:47:53 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 10) [ 1022.718047] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) [ 1022.737445] FAULT_INJECTION: forcing a failure. [ 1022.737445] name failslab, interval 1, probability 0, space 0, times 0 [ 1022.740064] CPU: 1 PID: 9309 Comm: syz-executor.1 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1022.742048] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1022.744303] Call Trace: [ 1022.744829] [ 1022.745283] dump_stack_lvl+0x8b/0xb3 [ 1022.746098] should_fail.cold+0x5/0xa [ 1022.746863] ? create_object.isra.0+0x3a/0xa20 [ 1022.747781] should_failslab+0x5/0x10 [ 1022.748537] kmem_cache_alloc+0x5b/0x480 [ 1022.749380] ? mas_destroy+0x391/0x8d0 [ 1022.750189] create_object.isra.0+0x3a/0xa20 [ 1022.751083] ? kasan_unpoison+0x23/0x50 [ 1022.751884] kmem_cache_alloc+0x239/0x480 [ 1022.752735] mas_alloc_nodes+0x2f4/0x600 [ 1022.753564] mas_node_count+0x101/0x130 [ 1022.754397] mas_root_expand.isra.0+0xe5/0xa60 [ 1022.755322] mas_wr_store_entry.isra.0+0x33c/0x10e0 [ 1022.756320] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1022.757438] mas_store_gfp+0xca/0x1f0 [ 1022.758225] ? mtree_store+0x30/0x30 [ 1022.758973] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1022.760073] ? __split_vma+0x3b5/0x540 [ 1022.760882] do_mas_align_munmap.constprop.0+0x487/0xc00 [ 1022.762001] ? __split_vma+0x540/0x540 [ 1022.762785] ? mas_walk+0x48a/0x670 [ 1022.763510] ? mas_find+0x203/0xdd0 [ 1022.764237] do_mas_munmap+0x1ed/0x2c0 [ 1022.765063] do_munmap+0xc3/0x100 [ 1022.765779] ? vm_brk+0x20/0x20 [ 1022.766484] __do_sys_mremap+0x1196/0x14f0 [ 1022.767339] ? move_vma.constprop.0+0xf40/0xf40 [ 1022.768287] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1022.769401] ? fput+0x2a/0x50 [ 1022.770059] ? ksys_write+0x1a5/0x250 [ 1022.770823] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1022.771815] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1022.772940] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1022.774116] do_syscall_64+0x3b/0x90 [ 1022.774882] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1022.775915] RIP: 0033:0x7ff16643bb19 15:47:53 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x3, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 1022.776648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1022.780533] RSP: 002b:00007ff1639b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1022.782106] RAX: ffffffffffffffda RBX: 00007ff16654ef60 RCX: 00007ff16643bb19 [ 1022.783528] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1022.784974] RBP: 00007ff1639b11d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1022.786408] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1022.787846] R13: 00007fffc2898d3f R14: 00007ff1639b1300 R15: 0000000000022000 [ 1022.789292] 15:47:53 executing program 6: openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r0, &(0x7f0000000140)={0x37}, 0x14) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x1a1001, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$CDROMMULTISESSION(r1, 0x5312, 0x0) 15:47:53 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) 15:47:53 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x0, 0x6, 0x7}) 15:47:53 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 11) 15:47:53 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 9) 15:47:53 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) (fail_nth: 39) 15:47:53 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$BTRFS_IOC_DEFRAG_RANGE(r0, 0x40309410, &(0x7f0000000080)={0x8, 0xfa04, 0x0, 0x1, 0x0, [0x0, 0x1]}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:47:53 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x4, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 1022.871276] FAULT_INJECTION: forcing a failure. [ 1022.871276] name failslab, interval 1, probability 0, space 0, times 0 [ 1022.872556] CPU: 0 PID: 9324 Comm: syz-executor.1 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1022.873591] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1022.874793] Call Trace: [ 1022.875071] [ 1022.875308] dump_stack_lvl+0x8b/0xb3 [ 1022.875729] should_fail.cold+0x5/0xa [ 1022.876148] ? vm_area_dup+0x7f/0x220 [ 1022.876560] should_failslab+0x5/0x10 [ 1022.876987] kmem_cache_alloc+0x5b/0x480 [ 1022.877424] ? rcu_read_lock_sched_held+0xd/0x70 [ 1022.877943] vm_area_dup+0x7f/0x220 [ 1022.878335] ? rwlock_bug.part.0+0x90/0x90 [ 1022.878791] ? do_munmap+0xc3/0x100 [ 1022.879193] ? call_rcu+0x585/0xa20 [ 1022.879587] ? trace_hardirqs_on+0x5b/0x190 [ 1022.880056] ? kasan_quarantine_put+0x87/0x1e0 [ 1022.880547] ? trace_hardirqs_on+0x5b/0x190 [ 1022.881028] ? kasan_quarantine_put+0x87/0x1e0 [ 1022.881520] ? mt_destroy_walk+0xa72/0xe30 [ 1022.882000] ? kmem_cache_free+0xe0/0x420 [ 1022.882466] ? mt_destroy_walk+0xc9/0xe30 [ 1022.882918] ? lock_acquire+0x41c/0x4d0 [ 1022.883365] ? vm_area_alloc+0xf0/0xf0 [ 1022.883799] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1022.884391] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1022.884996] ? mas_update_gap+0x910/0x910 [ 1022.885461] ? rwlock_bug.part.0+0x90/0x90 [ 1022.885936] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1022.886546] ? mas_find+0x203/0xdd0 [ 1022.886956] __split_vma+0xa2/0x540 [ 1022.887361] do_mas_align_munmap.constprop.0+0x25e/0xc00 [ 1022.887971] ? __split_vma+0x540/0x540 [ 1022.888405] ? mas_walk+0x48a/0x670 [ 1022.888814] ? mas_find+0x203/0xdd0 [ 1022.889202] do_mas_munmap+0x1ed/0x2c0 [ 1022.889641] do_munmap+0xc3/0x100 [ 1022.890029] ? vm_brk+0x20/0x20 [ 1022.890399] __do_sys_mremap+0x1145/0x14f0 [ 1022.890875] ? move_vma.constprop.0+0xf40/0xf40 [ 1022.891397] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1022.892018] ? fput+0x2a/0x50 [ 1022.892369] ? ksys_write+0x1a5/0x250 [ 1022.892807] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1022.893342] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1022.893938] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1022.894512] do_syscall_64+0x3b/0x90 [ 1022.894936] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1022.895500] RIP: 0033:0x7ff16643bb19 [ 1022.895909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1022.897941] RSP: 002b:00007ff1639b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1022.898780] RAX: ffffffffffffffda RBX: 00007ff16654ef60 RCX: 00007ff16643bb19 [ 1022.899571] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1022.900359] RBP: 00007ff1639b11d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1022.901150] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1022.901947] R13: 00007fffc2898d3f R14: 00007ff1639b1300 R15: 0000000000022000 [ 1022.902737] [ 1022.903968] FAULT_INJECTION: forcing a failure. [ 1022.903968] name failslab, interval 1, probability 0, space 0, times 0 [ 1022.905393] CPU: 0 PID: 9325 Comm: syz-executor.4 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1022.906458] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1022.907710] Call Trace: [ 1022.907994] [ 1022.908241] dump_stack_lvl+0x8b/0xb3 [ 1022.908667] should_fail.cold+0x5/0xa [ 1022.909107] ? mas_alloc_nodes+0x2f4/0x600 [ 1022.909589] should_failslab+0x5/0x10 [ 1022.910015] kmem_cache_alloc+0x5b/0x480 [ 1022.910471] mas_alloc_nodes+0x2f4/0x600 [ 1022.910934] mas_node_count+0x101/0x130 [ 1022.911383] mas_root_expand.isra.0+0xe5/0xa60 [ 1022.911899] mas_wr_store_entry.isra.0+0x33c/0x10e0 [ 1022.912448] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1022.913083] mas_store_gfp+0xca/0x1f0 [ 1022.913508] ? mtree_store+0x30/0x30 [ 1022.913926] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1022.914538] ? __split_vma+0x3b5/0x540 [ 1022.914973] do_mas_align_munmap.constprop.0+0x487/0xc00 [ 1022.915578] ? __split_vma+0x540/0x540 [ 1022.916015] ? mas_walk+0x48a/0x670 [ 1022.916417] ? mas_find+0x203/0xdd0 [ 1022.916836] do_mas_munmap+0x1ed/0x2c0 [ 1022.917273] do_munmap+0xc3/0x100 [ 1022.917663] ? vm_brk+0x20/0x20 [ 1022.918039] __do_sys_mremap+0x1196/0x14f0 [ 1022.918516] ? move_vma.constprop.0+0xf40/0xf40 [ 1022.919041] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1022.919656] ? fput+0x2a/0x50 [ 1022.920011] ? ksys_write+0x1a5/0x250 [ 1022.920438] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1022.921011] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1022.921612] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1022.922188] do_syscall_64+0x3b/0x90 [ 1022.922608] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1022.923179] RIP: 0033:0x7fe3cdd6fb19 [ 1022.923582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1022.925631] RSP: 002b:00007fe3cb2e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1022.926475] RAX: ffffffffffffffda RBX: 00007fe3cde82f60 RCX: 00007fe3cdd6fb19 [ 1022.927265] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1022.928058] RBP: 00007fe3cb2e51d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1022.928869] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 1022.929653] R13: 00007fffdf0ea1bf R14: 00007fe3cb2e5300 R15: 0000000000022000 [ 1022.930448] [ 1032.460681] FAULT_INJECTION: forcing a failure. [ 1032.460681] name failslab, interval 1, probability 0, space 0, times 0 [ 1032.461961] CPU: 0 PID: 9349 Comm: syz-executor.4 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1032.462984] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1032.464225] Call Trace: [ 1032.464502] [ 1032.464741] dump_stack_lvl+0x8b/0xb3 [ 1032.465183] should_fail.cold+0x5/0xa [ 1032.465220] FAULT_INJECTION: forcing a failure. [ 1032.465220] name failslab, interval 1, probability 0, space 0, times 0 [ 1032.465594] ? mas_alloc_nodes+0x2f4/0x600 [ 1032.468467] ? create_object.isra.0+0x3a/0xa20 [ 1032.468982] should_failslab+0x5/0x10 [ 1032.469395] kmem_cache_alloc+0x5b/0x480 [ 1032.469843] ? mas_destroy+0x391/0x8d0 [ 1032.470260] create_object.isra.0+0x3a/0xa20 [ 1032.470747] ? kasan_unpoison+0x23/0x50 [ 1032.471186] kmem_cache_alloc+0x239/0x480 [ 1032.471633] mas_alloc_nodes+0x2f4/0x600 [ 1032.472075] mas_node_count+0x101/0x130 [ 1032.472509] mas_root_expand.isra.0+0xe5/0xa60 [ 1032.473023] mas_wr_store_entry.isra.0+0x33c/0x10e0 [ 1032.473551] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1032.474151] mas_store_gfp+0xca/0x1f0 [ 1032.474563] ? mtree_store+0x30/0x30 [ 1032.474973] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1032.475564] ? __split_vma+0x3b5/0x540 [ 1032.476012] do_mas_align_munmap.constprop.0+0x487/0xc00 [ 1032.476600] ? __split_vma+0x540/0x540 [ 1032.477034] ? mas_walk+0x48a/0x670 [ 1032.477425] ? mas_find+0x203/0xdd0 [ 1032.477813] do_mas_munmap+0x1ed/0x2c0 [ 1032.478236] do_munmap+0xc3/0x100 [ 1032.478612] ? vm_brk+0x20/0x20 [ 1032.478970] __do_sys_mremap+0x1196/0x14f0 [ 1032.479430] ? move_vma.constprop.0+0xf40/0xf40 [ 1032.479937] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1032.480522] ? fput+0x2a/0x50 [ 1032.480862] ? ksys_write+0x1a5/0x250 [ 1032.481294] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1032.481827] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1032.482402] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1032.482960] do_syscall_64+0x3b/0x90 [ 1032.483366] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1032.483918] RIP: 0033:0x7fe3cdd6fb19 [ 1032.484312] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1032.486290] RSP: 002b:00007fe3cb2e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1032.487108] RAX: ffffffffffffffda RBX: 00007fe3cde82f60 RCX: 00007fe3cdd6fb19 [ 1032.487861] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1032.488614] RBP: 00007fe3cb2e51d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1032.489383] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1032.490147] R13: 00007fffdf0ea1bf R14: 00007fe3cb2e5300 R15: 0000000000022000 [ 1032.490921] [ 1032.491170] CPU: 1 PID: 9350 Comm: syz-executor.1 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1032.493248] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1032.495651] Call Trace: [ 1032.496248] [ 1032.496721] dump_stack_lvl+0x8b/0xb3 15:48:02 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x5, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:48:02 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') r2 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r2, &(0x7f0000000140)={0x37}, 0x14) lstat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TUNSETOWNER(r2, 0x400454cc, r3) readahead(r1, 0x4, 0x10000) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000002c0)={'veth1_to_team\x00'}) write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_SEND={0x1a, 0x1, 0x0, r1, 0x0, &(0x7f0000000080)="e7a44d0243b6e00281ac637d4d1bea5975da6d2761e5b11bacf60e0328a652bc96058ce6ff1c0a23636f0206df69aa131b3d970b62594e5825eaa38bc0d99905c9e70577024723c2133410c2a997864755980d23becbd426133a1086655c6763bbe5a93e0f3fd3898bcfe98a582527a4c12280436512afe25baef4cdaafb6510cde8947e97ae125de92f3558f52d431d207fbe13998994a12bf45091d074486680086992ce7a85eb1b94c3458e25b68ae9e663a0e66f56f66c0a8d3a5f1cac246379b073a9fb25fe1b0ced80aa8c4fc63443af407d23df4c5251e4af392f64fbc819258983c6fb9340b06c901a", 0xed, 0x50, 0x1}, 0x1) 15:48:02 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffffffffffff9, 0xcae8}) 15:48:02 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:48:02 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x0, 0x6, 0x7}) 15:48:02 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 10) 15:48:02 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 12) 15:48:02 executing program 6: unlink(&(0x7f0000001cc0)='./file0\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r0, &(0x7f0000000140)={0x37}, 0x14) recvmmsg$unix(r0, &(0x7f0000001bc0)=[{{&(0x7f0000000180)=@abs, 0x6e, &(0x7f0000001440)=[{&(0x7f0000000200)=""/251, 0xfb}, {&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000001300)=""/81, 0x51}, {&(0x7f0000001380)=""/172, 0xac}, {&(0x7f0000000100)=""/1, 0x1}], 0x5, &(0x7f00000014c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x58}}, {{&(0x7f0000001540)=@abs, 0x6e, &(0x7f0000001780)=[{&(0x7f00000015c0)=""/153, 0x99}, {&(0x7f0000001680)=""/183, 0xb7}, {&(0x7f0000001740)=""/28, 0x1c}], 0x3, &(0x7f00000017c0)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xa0}}, {{&(0x7f0000001880), 0x6e, &(0x7f0000001a80)=[{&(0x7f0000001900)=""/241, 0xf1}, {&(0x7f0000001a00)=""/117, 0x75}], 0x2, &(0x7f0000001d00)=ANY=[@ANYBLOB="28000085f37c61b7569b695500ca2dd2dcc100030076dacac75d28304fa5000100000001000013ad90", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="34000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x100}}], 0x3, 0x23, &(0x7f0000001c80)={0x0, 0x989680}) read(r1, &(0x7f0000000040)=""/181, 0xb5) r2 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r3, &(0x7f0000000140)={0x37}, 0x14) mknodat(r3, &(0x7f0000001ac0)='./file0\x00', 0x8041, 0x5) ioctl$CDROMMULTISESSION(r2, 0x5312, 0x0) [ 1032.497566] should_fail.cold+0x5/0xa [ 1032.498671] ? create_object.isra.0+0x3a/0xa20 [ 1032.499648] should_failslab+0x5/0x10 [ 1032.500448] kmem_cache_alloc+0x5b/0x480 [ 1032.501324] create_object.isra.0+0x3a/0xa20 [ 1032.502260] ? kasan_unpoison+0x23/0x50 [ 1032.503115] kmem_cache_alloc+0x239/0x480 [ 1032.503992] vm_area_dup+0x7f/0x220 [ 1032.504766] ? rwlock_bug.part.0+0x90/0x90 [ 1032.505665] ? do_munmap+0xc3/0x100 [ 1032.506445] ? call_rcu+0x585/0xa20 [ 1032.507238] ? trace_hardirqs_on+0x5b/0x190 [ 1032.508159] ? kasan_quarantine_put+0x87/0x1e0 [ 1032.509200] ? trace_hardirqs_on+0x5b/0x190 [ 1032.510118] ? kasan_quarantine_put+0x87/0x1e0 [ 1032.511100] ? mt_destroy_walk+0xa72/0xe30 [ 1032.512011] ? kmem_cache_free+0xe0/0x420 [ 1032.512899] ? mt_destroy_walk+0xc9/0xe30 [ 1032.513785] ? lock_acquire+0x41c/0x4d0 [ 1032.514621] ? vm_area_alloc+0xf0/0xf0 [ 1032.514827] loop5: detected capacity change from 0 to 260 [ 1032.515439] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1032.517200] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1032.518353] ? mas_update_gap+0x910/0x910 [ 1032.519231] ? rwlock_bug.part.0+0x90/0x90 [ 1032.520122] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1032.521292] ? mas_find+0x203/0xdd0 [ 1032.522051] __split_vma+0xa2/0x540 [ 1032.522822] do_mas_align_munmap.constprop.0+0x25e/0xc00 [ 1032.523961] ? __split_vma+0x540/0x540 [ 1032.524780] ? mas_walk+0x48a/0x670 [ 1032.525544] ? mas_find+0x203/0xdd0 [ 1032.526308] do_mas_munmap+0x1ed/0x2c0 [ 1032.527128] do_munmap+0xc3/0x100 [ 1032.527857] ? vm_brk+0x20/0x20 [ 1032.528558] __do_sys_mremap+0x1145/0x14f0 [ 1032.529468] ? move_vma.constprop.0+0xf40/0xf40 [ 1032.530451] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1032.531606] ? fput+0x2a/0x50 [ 1032.532268] ? ksys_write+0x1a5/0x250 [ 1032.533081] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1032.534129] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1032.535262] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1032.536353] do_syscall_64+0x3b/0x90 [ 1032.537161] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1032.538236] RIP: 0033:0x7ff16643bb19 [ 1032.539008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1032.542862] RSP: 002b:00007ff1639b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1032.544443] RAX: ffffffffffffffda RBX: 00007ff16654ef60 RCX: 00007ff16643bb19 [ 1032.545943] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1032.547428] RBP: 00007ff1639b11d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1032.548921] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1032.550404] R13: 00007fffc2898d3f R14: 00007ff1639b1300 R15: 0000000000022000 [ 1032.551898] 15:48:03 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 11) [ 1032.571561] FAULT_INJECTION: forcing a failure. [ 1032.571561] name failslab, interval 1, probability 0, space 0, times 0 [ 1032.572845] CPU: 0 PID: 9363 Comm: syz-executor.4 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1032.573907] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1032.575141] Call Trace: [ 1032.575412] [ 1032.575655] dump_stack_lvl+0x8b/0xb3 [ 1032.576077] should_fail.cold+0x5/0xa [ 1032.576490] ? vm_area_dup+0x7f/0x220 [ 1032.576913] should_failslab+0x5/0x10 [ 1032.577321] kmem_cache_alloc+0x5b/0x480 [ 1032.577764] ? rcu_read_lock_sched_held+0xd/0x70 [ 1032.578305] vm_area_dup+0x7f/0x220 [ 1032.578695] ? rwlock_bug.part.0+0x90/0x90 [ 1032.579146] ? do_munmap+0xc3/0x100 [ 1032.579534] ? call_rcu+0x585/0xa20 [ 1032.579926] ? trace_hardirqs_on+0x5b/0x190 [ 1032.580396] ? kasan_quarantine_put+0x87/0x1e0 [ 1032.580904] ? trace_hardirqs_on+0x5b/0x190 [ 1032.581392] ? kasan_quarantine_put+0x87/0x1e0 [ 1032.581904] ? mt_destroy_walk+0xa72/0xe30 [ 1032.582384] ? kmem_cache_free+0xe0/0x420 [ 1032.582846] ? mt_destroy_walk+0xc9/0xe30 [ 1032.583311] ? lock_acquire+0x41c/0x4d0 [ 1032.583749] ? vm_area_alloc+0xf0/0xf0 [ 1032.584195] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1032.584804] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1032.585416] ? mas_update_gap+0x910/0x910 [ 1032.585879] ? rwlock_bug.part.0+0x90/0x90 [ 1032.586355] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1032.586967] ? mas_find+0x203/0xdd0 [ 1032.587372] __split_vma+0xa2/0x540 [ 1032.587781] do_mas_align_munmap.constprop.0+0x25e/0xc00 [ 1032.588391] ? __split_vma+0x540/0x540 [ 1032.588829] ? mas_walk+0x48a/0x670 [ 1032.589240] ? mas_find+0x203/0xdd0 [ 1032.589641] do_mas_munmap+0x1ed/0x2c0 [ 1032.590076] do_munmap+0xc3/0x100 [ 1032.590464] ? vm_brk+0x20/0x20 [ 1032.590844] __do_sys_mremap+0x1145/0x14f0 [ 1032.591314] ? move_vma.constprop.0+0xf40/0xf40 [ 1032.591837] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1032.592449] ? fput+0x2a/0x50 [ 1032.592805] ? ksys_write+0x1a5/0x250 [ 1032.593251] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1032.593811] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1032.594402] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1032.594982] do_syscall_64+0x3b/0x90 [ 1032.595400] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1032.595982] RIP: 0033:0x7fe3cdd6fb19 [ 1032.596388] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1032.598443] RSP: 002b:00007fe3cb2e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1032.599300] RAX: ffffffffffffffda RBX: 00007fe3cde82f60 RCX: 00007fe3cdd6fb19 [ 1032.600086] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1032.600899] RBP: 00007fe3cb2e51d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1032.601691] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1032.602481] R13: 00007fffdf0ea1bf R14: 00007fe3cb2e5300 R15: 0000000000022000 [ 1032.603279] 15:48:03 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0xcae8}) 15:48:03 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x6, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:48:03 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1, 0x0, 0x7}) 15:48:03 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000380), 0x4000, 0x0) ioctl$INCFS_IOC_FILL_BLOCKS(r1, 0x80106720, &(0x7f0000000340)={0x3, &(0x7f00000002c0)=[{0x9, 0xea, &(0x7f0000000080)="1925b0750e5a91bcca8ad49b3eb562f010216de332ca8e3f2a44f9cb27f3abf9089b527e240ba48e78ae05e7d60b1d854670d60b2a8d919388c9461db73433ae00b23d4f49aac5b70688dfe3cf680c3f32709468b2d27b85c1ed2439c4677b77fd8fbb6e43476fc4d7282d7c65bbaab5708f5b8f0e9555b902bd8cd685b207db06c8c432b3889fd6295a29baafe98e6515d461bd8257256953511ee84b3e688762542e4dd69a7b06462176bbd021f290230370d39d9b307c208113695dfdea2bdfb5d620a21411ef5fa34cc21cfc1b261771159eb2fbee23f5bb448bb6da4d9eab3e1f79861e4760cd96", 0x1, 0x1}, {0xfffffff7, 0x4e, &(0x7f0000000180)="ff7982d5b4fb030d8135ee5b6020b709412528fa854e6138b602d4645181a2cab020395795ce459b145fad6f13889087e8d41b8c242faf108855343bb86f3d7c77afa73d410ba645a830d6c108cf", 0x1, 0x1}, {0x10001, 0xb9, &(0x7f0000000200)="e93bcba86f777da23bfac06e696b58076d23f0bd662fb64521ed988c6735d620c8e6974e5853b2b8988c63f9aea7ed97e5735a0c6418c26eac9539d52b8dff53a7803e6ffd650f4e2bf0c86e7dd89701a1e9298bfe58c76fd0a7a976114e7585fabd95b1aa86d64cd3fe7a24df71bdfa34bda4f80c8597524e5469bf145b5a2cc02eaa4ecba8a3ebe5e847b0bb10b8cf9aa7abcfdf0de214f4e70ba9c77be98d7f453061810d6de9c0039f28846cf988e05b68e3a008a1dfd6"}]}) r2 = syz_open_dev$vcsa(&(0x7f00000003c0), 0x7fffffff, 0x200080) ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) [ 1032.681781] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:48:12 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcae8}) 15:48:12 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 12) 15:48:12 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1}) [ 1042.462927] loop5: detected capacity change from 0 to 260 [ 1042.466478] FAULT_INJECTION: forcing a failure. [ 1042.466478] name failslab, interval 1, probability 0, space 0, times 0 [ 1042.468064] CPU: 0 PID: 9400 Comm: syz-executor.1 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1042.469107] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1042.470324] Call Trace: [ 1042.470600] [ 1042.470839] dump_stack_lvl+0x8b/0xb3 15:48:12 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r2, &(0x7f0000000140)={0x37}, 0x14) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r3, &(0x7f0000000140)={0x37}, 0x14) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000001340)=ANY=[@ANYBLOB="01000000010000001800000089f41ae413aa890d0b5ea11467b42e9ce3901ea6efe563f3da8ed5dafa3e6de5c49e4fb332664b5eaf34a01a89fe20ba3ebb0bd9b803803691de44c6e1b9ffcfe22acd23ef5937eb0e3c9f66cd90b0846052851760a4d8dd7f59447683c7ed829ce39350310e530e63ea7224d975f4653b2042ad8d656dd7441670b4e76047b3d31644eeedc0f9a4340792f13bc619e6b06235a510e508711b9f0f7caf4c23e44eb1b55389f207a3aa5915a3001f10521dcc", @ANYRES32=r0, @ANYBLOB="02000000000000002e2f66696c653000"]) io_submit(0x0, 0x3, &(0x7f00000012c0)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x2, 0x7c, r1, &(0x7f0000000080)="8d8579810a60879f101e2d8afda8969d01394be468603851979f11a430f5ae8526b0bda36bde99238fa3b6f08a4230b6dd022b8e3f131874acfbdee39ae39388338b4fa67b3d977fe393a39bea02998425daad90077556562a3febf1e5d6269db27723505c5ff766a8630d0f7998747a870b4256ffe88c5f168107f15eea84b5567add94dd30bd784ca26a9fd524640aed83f3e9386670364342bea525cec20b033b1651531131715a94a03a59018d7a9b4ab865cdcce857b6f75e2f42057424f36b2e57ab54844969dad73d3bc2a969a8053266dd92c9f4725a0d44234aa3a8", 0xe0, 0x5, 0x0, 0x2}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x7, 0xff0f, r2, &(0x7f00000001c0)="75b4710d0d30cad40632573a72da1a1680de34654ec713f284", 0x19, 0x80000001, 0x0, 0x0, r3}, &(0x7f0000001280)={0x0, 0x0, 0x0, 0x3, 0x8, 0xffffffffffffffff, &(0x7f0000000240)="3048400d65ee2344e65538a7db74b4eeb0b27bf072fdff366d0a723a302241b3aab89c0cd2406d1cdffd522e671cc48b6385d5d661aab033469a89d7d563d59b82cfda09eb6da52a58c050809cb8444a28edad4cf6acd7ab70919faab275eccc708b4d5a2f333d2bebe126306a5c01c484085a1217dd3165db8f0fa048806d6671033784559c38a315993445fd124deffa4e7f4add1c110e7a57f3c88bed6dbaf383dc7fdbb24dbb76ba442a1ae06cd64fbcd62f0b459f51e9a1e04b5218e134fa5cf74e01dbd867f74dc597bd10bb0fcc1bc7176e86d9eb73fa710ccf752fedbf49c9a8be7626b8f61437cdae40eb5d66d1b0d56c5b73679259af793f86b781f27b609d6cf660a292306603b8c7e3ca74debfe9141d5b13a2b68cff39047625df677f5e584e449c0f1c4f6897692eeb2170a1972a0a0493264b0f59104db4b7251b87302a7a0264fd5e374cf29b0818bb3a5e2d0a7ec0805f32699b92bf5db82d20d54a5efcab9d17a07fecf1ab310197edc3880fb4d0fde9b41eaa8540f53c3f5f613aade1acf94f9f3de3f581162a7349df5ba5fe4474dd1885061deb600b2ff5c33c8251fe8729f57c31ca0811cdf68b8027309ee0ab788ce1207d0cd7362c1e4b54533af97fff4c088d0883f18f1c9af984256f976e56482508575ef25e6d194074006fd2bb05e58cf0e7c961f105be98a212c55177f1d68edb23b76786ce7389cfb1330881ffe2209f9e4f67858962bb85c8891870cdf678486750830dc9b40eb8b0baf0afe66f9bf30fa62580dc31b1446ec8c7f8e43fae4832ff51c9d4f54f58aef42c1d5e8f51b92b46c6f59d21b3b39ebb6fd7bd18bb3636b56a3960fb47c41b2dc2a7d697d9440f46ad0d6ba81148485e3318a789daaf0e325fdbb934f996c97cd0affa3be385c649cc59c21435c3e55d15f393d8761347ca1c98f94e53cac94b299d342d9922bf613688f9dc42bae85afd6f18c89f2ea7b7d4825943e5af5a6dc9cb8c9fbd4b7c7fd05b3f8731623184a0d40f0eed510e75ea6293541e4f205e13ad078b8d231aa44decaded641e91127e4d12f8ae18dd55845474e23d74545f81c8313501a9bc908db642a5a295145184f223df2d73b8808361e280b1bd60a0f010be928d365822604f2891cb7c3f8aa664a9587c6b693f93e4c9a6da6fba9480bd0c1c0d5c891e5db79a85cbbcb3225cbf770d089040e3c7b971fdbf1faaff5e0208241b73fe1980de1720e55ce27641655d63971349866c8d75ea076a978cfb4335f6f171183d1e804c5bcb24a0ce10f6fb0994f4d27b01f2744a45603ee8c21251ca2569af4fe3d8d3587b5e4989cc88cf9ec82ce11d1a63a8ce27a0b794f7150f97b591dad8b86c701dccf4632b6ab280aa49428c72bb0fbaa0c1de43de7def734df2e2d3249f5eac72b0c44e65d2f0c68d91ab0f7baf7ce27129e6708f9aa7428f2a7921ef237ae0f5096d12350bf95412567eb593c6b9d58ef9f5cf0ed0843f2c6d36f7a910a0fbdc05d62df80e4758e39be4944a81cd696905ccec1145ac4936486434ca3099a36148ec350c0b71949bf83114f0a42c2a24547cefbca35ca198ada7dfa769501c2c8387a8c2702bf8816c82c48127499226d89517d32628d4f956a6b96e0648bf272e75325e85df82e33f24716a07f3769cb37919cdec6e854cc3c03a99719f1428fde41badc07f2a0d015b1e198844d41b1c968c0c31a320a9e3d8728f2a850cba176ffeeaad9e9ee947c3c439b472a06ab3967134da65ed6330108c59cb7e24f064a73b59d210c8ea6039adf0bd98acff3d79107702071e5faf510c4504a858242b12416dfeb370e1bdd130f5727dbdc5a564dbdb019798115ed2fd85ee054006f12b7a6fe2e0932c7e7cabe10ca3f51a2b253440a616d2e607b589e1372ebbce8897df6a5f58a4f74f26bab91fa47be0d69d4cb7d43da79645b4c1a1a7e7d1ccb969cd74afc73ccf0b652863084bd1cdeae42898d22ebe86b7c4a524d150da5ea2171fbd37d0815064c0e54d53cfef9997e809b21c92fc8f40c842ce21a2784259679c758c637b8edc03a30152e29cd347a7e379b0c8a34581ff759ef8a064b977ff0dcd718e06b7bc2c5fdf1ca06f1324aefcfa2de295905b6001e2ba00cd6c8e5464812ad66f8257028c8e4b40c96950a28ffd6b24dbed53108990c890f0275e8703dcffd1a5e78b906e26a9ac7780c5e3a638820d4a257298aae962e29a8aba0890458e8142e254eb44b995a9a602e53509f75f562d850f51a14b3fb816a5de798a06316ca464911631395e199fe4b4f8267912a1e7cf707016dd33ff9a854de8d257b02950fd15fa48885a7c75cac289779ef9eff4a905020f38040428d6a317dc37e02b12596a4c0f26f23abae02b8e29656a8007c9b5998a15e6f6313786cdf51524b12df4c154b9e7fa4cc6cdbe492440d12dfb2835bcab0d526f0f205bf06a53a5a84910c845809ce88bc63d4f8ed233f646875d5d769b6528dbc89d88560d82d9b0c6d4b5ccca08d6319d80e5a82150efb0223243929cfd2d5f68c64e6b504f7d9631dd48722a11d59dab0dbeea94347f207a88c0fe1f99acb5678ff0c4ce53d721f792e936d25e5b024c4e202c3d6bab7ce572f3e0441038b9990aa9208edc0827408dbfbc415ee3ecb8541eeff18c0e4fcb53b59e5c35e2b73ecbf7f665252c8382a5a0a166885af0c53fea28c4d3ef493bafd01280378e9b8366f53cf95a7e8c1b7226b1e41bdcf91e53fcd757834db211190ff42e4755ad0842770af988be0e7856ef6f52a9ba61d707d5d284c953cb4772a982f660cecb1880378cbdd3070dfd068e5d20b359243cf90484893d82632e01d46e6a52edc3ea68556f4c09037797ec1d43c3ef3517745f8692082a14d540069df89becaa4f73f6e7821dadb46b3eff36e693efe0ca33b06e32e5001821dcb3dcbe1122b13957220ccbb806c386d737b51fdd3c391bc98b3decbefc366cb152f3ea198d5f286edba284ad67411afe3d757f6e8f500123e9ad381efa00e415949e484d0aeed41416db21cbf15eb33757e424c506e2593703ae9d2ee83277a9f53e4b8ac86bf57a80487a6e5255312c8f9a14cc15e0349d689bff3458b0ab122bc3c7fc24d3f29efdcd87de88eff116a330402e8c60f492bd3a9e840c2aa6dee9c6064c85a955e724f0a72a34f3a3c85c6df10a50dd4496db09ae2bb7c3fbb702099d9625b781fadf11e1bb696895bc994de4945c8da7a415f77ed5b68a0a404c85a859a9e6674ffb2c7ba72cdb42ca015b57df9538711c323f0bc2efdbaf9474bbe1f4e65eefea8fa0d9858ba86231a5f95d5bf9ad7776a6b1dfffae4c4be334ad5085061702b951e14b6e98acfc41671ebef3efbefca95483c3d59d17634d41cf117d9cefb9c87155fd889c9032c15e07c85a22a79ae2d2006f564b11d83cf75604bd71bb49e827c77df10509290a922c11a9e5cab8439bac85e519ce3aa31f70df2505cf793f468929db3d80f139d2e70426e0108c47bdecbe14ecd8bb45cc418d7610439ec089b4a0c3b18fac4c7f8b2c8ea7766e94d14db47b197e2e52996fee2899ec61aa8c170208aa43de6ddeb4edb8721ed6d5f7b76864091c79aecb8d7c2be90a96e91c20f00794c5036130bbd852140bbd6f24cdb045faf823b5738451b7ad6151f153bffddfc9fdd8b622d2dc954d0a9ae9ee132a1608eed763061363af48bd97e0cc16fee80226e3370178713fba1d8c6140e3ea75836ded03de5fb9aa9d3e32f391d6a17189095662832863005d66226937a33bfea1bd6de59d1c18eb0b5cfebdef9db87519d2e810f1173340f78c84d5261486792872bb7bfd7d469e080e3893e5205aed2634cd78189edf6f7506f263ed7fa824dc219586d81a350e14b524a322dfb8b072a00f1229f00693586a7aa26f27e288f62838a28bca15f4fa9cf1eedc4cbc06d14aaabeedad3c0408cd8aca468c4c5bb955560a31a5b0118c65bdd3a27e95f153fa331cdf0cbb088cde9d5423baa5fc313ba4ed2736075efb69f3e25fccf8e5389ec17f23648ea295f1f72dfb02eab4a2c5b5dbc0c068014dce0579fad0ce937e9dab70b1eba7c03cef62add74bebb5730d672fbda9d11b26216d878ebc8b1751c537ee5e353e4fe30e5b64329d98914d399dca1e651c495e4c50b10a1029c6a603ef12dffb77129983d3a56fce9d67c264b61dbd429c3a58f946d6b672831e2624b3239abb70355d05b78d17a9f5f8048a810f472a1c7b5e2fce64b8ea0844b40ee2f38ea17558b6af97f6a3923503c14bdd07692ead774fa253a26aec19e8921f32cacf9c73fabfb2df8d9b6132d6d50ceeca2fccd341d3820dd053706789dcab8f28f135cb902219ac7ac0619382c90f40ff5e6c82cc4c2b9e2608c47e568bde87237854c5afd56afdc5301448116467f15aef118d278ef69c8444fe0b94f88133938fae79db2024a4fd316334d7aff84c77fe2d1691cbd2d97ecdc852807b766e97ea96fce626e39191553f018610747aab72b0edecb035ffaf24307c628f26f0c09dfafb6a54f9363fc5342632b57e66f62542aabfd030649fbc6eb79f8da59cb7952f825657e55b86baa1e8068c1328918254660e7490f84863b91b7f015bec0437ab2a79e181980508f3e8a90222f48010a68c81b4b56c86945c084ed6a95bcf1e9d6fa504d47779b6f065415a4e9b3048153b7c09f846c5adf54e580aa28407690e3c4947c6e5fa50fb9444aa723267432744e04546bccf5a78110523d9226af064ffdb36c7cd0d4eeb4c747ec48113ed8d48bf4bc759d911ec1a195c0e25de082b1696f518c0e2109159c5ea4e8b643940bf0541ddf7467bc75488d2e2152c84ba36a2706827fd3973c484bb1f6396cef2f4f84f1ac5f05e4e253a24d1f49d0f015282dea862fbb20ee41f274401b08105fc48395a73300f93c7a5cf60ee18e1cd02e7af32de3ceaa8232aadf4d55961674aa878c56de94245b939cbc40186c7c0a34a1cd0f52be6fc4b68b89f260a6a54f589c63233a21632ba8fadf134d37b87b92504875bdc5531c3cab38cc71911bad7c79e4aaa2eec390e8b650d7136ebb84b9982c0855e6fa2ed53e28bb1cc31858a9a78162b9ee5594049528d66c008b87ffb8fdd3d60628f7cd25100e08b989edb4f7d896937f967d3df94b18f50b0618807722b54f43b43c3f0254bd954abdb6cea1803e91453781a367079777d9a04d1e11fee58b8a80f491e9713e27398078682cd0e8f2fc1b7c950634343dbea94a1ca624cdff504a66089a1152be4af9d29e1797b2da7f9bda3dda15bd8915efae11c6cdd57a493446b779e1cd8ed46f75fceba88b0ac043d289fa01c8cbfef5d4d718b0956c32944ccc9ae466f7437b5ad547f1c7f195b625eda8ea860c30565bf4a82fc71f8d73d646f0d13e85a16264789566927174a0cd151704f435d4894112facfad064cfd4409a9f8e9ff38a52c6bf297a09e9188a21efafcf90e9775bfe6b1c101c3391ce02426b470e7666953933b0fc63d1bc6bde527cadcffe280743e023f5031f285fa82e2d30e1d765ebde9100b9f101ea8a9ccd92a9524263e724b4b0fefe3a10e7bcc5a8a2e1baa4dee51728dbbdb231ba146df7b97dd2d898e2bd4a9b1cdd1a0e2c4715e45630693354ed91bb26f1e21fc0bc98c6f4330fc5331ffa395d3d3853828d2c2dbf11d21e0022fa6424d36be8cd3e5ab3485ca87c9acf36e185e91fc9c1e3bf04b25bb2e4559d8b51fab5114f7ef19aa3e47f7689388bfde117", 0x1000, 0x10002000000, 0x0, 0x2, r4}]) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) 15:48:12 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000080)=0x4) 15:48:12 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x2, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:48:12 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 13) 15:48:12 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x7, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 1042.471280] should_fail.cold+0x5/0xa [ 1042.471994] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1042.472588] ? anon_vma_clone+0xd3/0x560 [ 1042.473040] should_failslab+0x5/0x10 [ 1042.473449] kmem_cache_alloc+0x5b/0x480 [ 1042.473458] FAULT_INJECTION: forcing a failure. [ 1042.473458] name failslab, interval 1, probability 0, space 0, times 0 [ 1042.473889] anon_vma_clone+0xd3/0x560 [ 1042.473911] __split_vma+0x16d/0x540 [ 1042.476902] do_mas_align_munmap.constprop.0+0x25e/0xc00 [ 1042.477492] ? __split_vma+0x540/0x540 [ 1042.477912] ? mas_walk+0x48a/0x670 [ 1042.478297] ? mas_find+0x203/0xdd0 [ 1042.478686] do_mas_munmap+0x1ed/0x2c0 [ 1042.479102] do_munmap+0xc3/0x100 [ 1042.479478] ? vm_brk+0x20/0x20 [ 1042.479834] __do_sys_mremap+0x1145/0x14f0 [ 1042.480287] ? move_vma.constprop.0+0xf40/0xf40 [ 1042.480794] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1042.481394] ? fput+0x2a/0x50 [ 1042.481740] ? ksys_write+0x1a5/0x250 [ 1042.482145] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1042.482671] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1042.483234] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1042.483784] do_syscall_64+0x3b/0x90 [ 1042.484182] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1042.484737] RIP: 0033:0x7ff16643bb19 [ 1042.485139] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1042.487077] RSP: 002b:00007ff1639b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1042.487888] RAX: ffffffffffffffda RBX: 00007ff16654ef60 RCX: 00007ff16643bb19 [ 1042.488641] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1042.489422] RBP: 00007ff1639b11d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1042.490167] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1042.490931] R13: 00007fffc2898d3f R14: 00007ff1639b1300 R15: 0000000000022000 [ 1042.491700] [ 1042.491946] CPU: 1 PID: 9395 Comm: syz-executor.4 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1042.493899] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1042.496198] Call Trace: [ 1042.496706] [ 1042.497183] dump_stack_lvl+0x8b/0xb3 [ 1042.497957] should_fail.cold+0x5/0xa [ 1042.498738] ? create_object.isra.0+0x3a/0xa20 [ 1042.499669] should_failslab+0x5/0x10 [ 1042.500434] kmem_cache_alloc+0x5b/0x480 [ 1042.501268] create_object.isra.0+0x3a/0xa20 [ 1042.502174] ? kasan_unpoison+0x23/0x50 [ 1042.502996] kmem_cache_alloc+0x239/0x480 [ 1042.503835] vm_area_dup+0x7f/0x220 [ 1042.504577] ? rwlock_bug.part.0+0x90/0x90 [ 1042.505445] ? do_munmap+0xc3/0x100 [ 1042.506186] ? call_rcu+0x585/0xa20 [ 1042.506916] ? trace_hardirqs_on+0x5b/0x190 [ 1042.507884] ? kasan_quarantine_put+0x87/0x1e0 [ 1042.509086] ? trace_hardirqs_on+0x5b/0x190 [ 1042.510202] ? kasan_quarantine_put+0x87/0x1e0 [ 1042.511380] ? mt_destroy_walk+0xa72/0xe30 [ 1042.512324] ? kmem_cache_free+0xe0/0x420 [ 1042.513192] ? mt_destroy_walk+0xc9/0xe30 [ 1042.514030] ? lock_acquire+0x41c/0x4d0 [ 1042.514837] ? vm_area_alloc+0xf0/0xf0 [ 1042.515633] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1042.516752] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1042.518033] ? mas_update_gap+0x910/0x910 [ 1042.518900] ? rwlock_bug.part.0+0x90/0x90 [ 1042.519757] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1042.520881] ? mas_find+0x203/0xdd0 [ 1042.521663] __split_vma+0xa2/0x540 [ 1042.522409] do_mas_align_munmap.constprop.0+0x25e/0xc00 [ 1042.523501] ? __split_vma+0x540/0x540 [ 1042.524302] ? mas_walk+0x48a/0x670 [ 1042.525046] ? mas_find+0x203/0xdd0 [ 1042.525802] do_mas_munmap+0x1ed/0x2c0 [ 1042.526597] do_munmap+0xc3/0x100 [ 1042.527297] ? vm_brk+0x20/0x20 [ 1042.527975] __do_sys_mremap+0x1145/0x14f0 [ 1042.528829] ? move_vma.constprop.0+0xf40/0xf40 [ 1042.529531] FAULT_INJECTION: forcing a failure. [ 1042.529531] name failslab, interval 1, probability 0, space 0, times 0 [ 1042.529802] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1042.532109] ? fput+0x2a/0x50 [ 1042.532736] ? ksys_write+0x1a5/0x250 [ 1042.533534] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1042.534539] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1042.535605] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1042.536645] do_syscall_64+0x3b/0x90 [ 1042.537431] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1042.538468] RIP: 0033:0x7fe3cdd6fb19 [ 1042.539220] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1042.542902] RSP: 002b:00007fe3cb2e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1042.544448] RAX: ffffffffffffffda RBX: 00007fe3cde82f60 RCX: 00007fe3cdd6fb19 [ 1042.545877] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1042.547307] RBP: 00007fe3cb2e51d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1042.548724] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1042.550158] R13: 00007fffdf0ea1bf R14: 00007fe3cb2e5300 R15: 0000000000022000 [ 1042.551581] [ 1042.552038] CPU: 0 PID: 9407 Comm: syz-executor.1 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1042.553120] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1042.554361] Call Trace: [ 1042.554640] [ 1042.554884] dump_stack_lvl+0x8b/0xb3 [ 1042.555310] should_fail.cold+0x5/0xa [ 1042.555733] ? anon_vma_clone+0xd3/0x560 [ 1042.556187] ? create_object.isra.0+0x3a/0xa20 [ 1042.556694] should_failslab+0x5/0x10 [ 1042.557105] kmem_cache_alloc+0x5b/0x480 [ 1042.557559] create_object.isra.0+0x3a/0xa20 [ 1042.558050] ? kasan_unpoison+0x23/0x50 [ 1042.558497] kmem_cache_alloc+0x239/0x480 [ 1042.558956] anon_vma_clone+0xd3/0x560 [ 1042.559394] __split_vma+0x16d/0x540 [ 1042.559804] do_mas_align_munmap.constprop.0+0x25e/0xc00 [ 1042.560379] ? __split_vma+0x540/0x540 [ 1042.560815] ? mas_walk+0x48a/0x670 [ 1042.561211] ? mas_find+0x203/0xdd0 [ 1042.561620] do_mas_munmap+0x1ed/0x2c0 [ 1042.562034] do_munmap+0xc3/0x100 [ 1042.562418] ? vm_brk+0x20/0x20 15:48:13 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 14) 15:48:13 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}}) [ 1042.562772] __do_sys_mremap+0x1145/0x14f0 [ 1042.563408] ? move_vma.constprop.0+0xf40/0xf40 [ 1042.563905] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1042.564513] ? fput+0x2a/0x50 [ 1042.564848] ? ksys_write+0x1a5/0x250 [ 1042.565283] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1042.565831] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1042.566398] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1042.566972] do_syscall_64+0x3b/0x90 [ 1042.567373] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1042.567942] RIP: 0033:0x7ff16643bb19 [ 1042.568328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1042.570365] RSP: 002b:00007ff1639b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1042.571204] RAX: ffffffffffffffda RBX: 00007ff16654ef60 RCX: 00007ff16643bb19 [ 1042.571988] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1042.572773] RBP: 00007ff1639b11d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1042.573567] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1042.574351] R13: 00007fffc2898d3f R14: 00007ff1639b1300 R15: 0000000000022000 [ 1042.575140] [ 1042.580165] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:48:13 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x3, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:48:13 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000300)={0x0, 0x1}) 15:48:13 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x5, 0x2, &(0x7f00000001c0)=[{&(0x7f00000000c0)="50a8ea72c187e7c87f6ce1a94fe70dd79bd20598021204c8934bdd0d577752bc52ce154b1d62831cff10370152443e8183ef98df60fdb767c110488b70cabb6bc31cfa30b045a911a7e32323c5d5d2a6e122a10f75ca2e7cdcfb32f3c499d18a9cdc93f1205670aedb5c6f2febc6c78c4ee92deedfc5599eade7102eb296929c", 0x80, 0x7}, {&(0x7f0000000140)="8a715837f88b200009123dd66d1db3940a554bd3fb75ec1c1bf0da7b9af270833b800ae89aecd273a28f5ab37f863330604a211e5e9971193295e95d4f38fbba28fbce054e87f722fd1ece0fff7946ec4902faa22a55cd", 0x57, 0x9}], 0x101000, &(0x7f0000000200)={[{@block={'block', 0x3d, 0xc00}}, {@map_off}, {@session={'session', 0x3d, 0x4c}}, {@check_strict}, {@uid={'uid', 0x3d, 0xffffffffffffffff}}], [{@defcontext={'defcontext', 0x3d, 'staff_u'}}, {@obj_type={'obj_type', 0x3d, '.^]'}}, {@obj_role={'obj_role', 0x3d, '/dev/sr0\x00'}}, {@subj_role={'subj_role', 0x3d, '+\\/%&.(.[\xd1\'--\xff\x00'}}]}) flock(r1, 0x2) r2 = socket$inet6_udp(0xa, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r3, &(0x7f0000000140)={0x37}, 0x14) ioctl$INCFS_IOC_PERMIT_FILL(r2, 0x40046721, &(0x7f0000000d40)={r3}) sendmsg$AUDIT_SET(r0, &(0x7f0000000d00)={&(0x7f0000000c40)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000c80)={0x38, 0x3e9, 0x100, 0x70bd2d, 0x25dfdbfd, {0x32, 0x0, 0x0, 0x0, 0xfffffffd, 0x9, 0x2, 0xfffffffd, 0x0, 0x1}, ["", "", "", "", "", "", ""]}, 0x38}, 0x1, 0x0, 0x0, 0x4099}, 0x840) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r4, &(0x7f0000000140)={0x37}, 0x14) flock(r4, 0x1) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) mount$9p_fd(0x0, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300), 0xc410, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_user}, {@debug={'debug', 0x3d, 0x6}}, {@afid={'afid', 0x3d, 0x2}}, {@cachetag={'cachetag', 0x3d, 'defcontext'}}]}}) ioctl$DVD_WRITE_STRUCT(r0, 0x5390, &(0x7f0000000400)=@type=0x2) 15:48:13 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 15) 15:48:13 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x4, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:48:13 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x9, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 1042.702990] FAULT_INJECTION: forcing a failure. [ 1042.702990] name failslab, interval 1, probability 0, space 0, times 0 [ 1042.704404] CPU: 0 PID: 9429 Comm: syz-executor.1 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1042.705486] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1042.706701] Call Trace: [ 1042.706984] [ 1042.707228] dump_stack_lvl+0x8b/0xb3 [ 1042.707649] should_fail.cold+0x5/0xa [ 1042.708055] ? mas_alloc_nodes+0x2f4/0x600 [ 1042.708524] should_failslab+0x5/0x10 [ 1042.708934] kmem_cache_alloc+0x5b/0x480 [ 1042.709406] mas_alloc_nodes+0x2f4/0x600 [ 1042.709917] mas_node_count+0x101/0x130 [ 1042.710365] mas_root_expand.isra.0+0xe5/0xa60 [ 1042.710878] mas_wr_store_entry.isra.0+0x33c/0x10e0 [ 1042.711433] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1042.712049] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1042.712662] mas_store_gfp+0xca/0x1f0 [ 1042.713095] ? mtree_store+0x30/0x30 [ 1042.713507] do_mas_align_munmap.constprop.0+0x487/0xc00 [ 1042.714111] ? __split_vma+0x540/0x540 [ 1042.714548] ? mas_walk+0x48a/0x670 [ 1042.714949] ? mas_find+0x203/0xdd0 [ 1042.715353] do_mas_munmap+0x1ed/0x2c0 [ 1042.715784] do_munmap+0xc3/0x100 [ 1042.716164] ? vm_brk+0x20/0x20 [ 1042.716526] __do_sys_mremap+0x1145/0x14f0 [ 1042.716989] ? move_vma.constprop.0+0xf40/0xf40 [ 1042.717506] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1042.718110] ? fput+0x2a/0x50 [ 1042.718459] ? ksys_write+0x1a5/0x250 [ 1042.718877] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1042.719423] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1042.720011] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1042.720559] do_syscall_64+0x3b/0x90 [ 1042.720973] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1042.721549] RIP: 0033:0x7ff16643bb19 [ 1042.721946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1042.723946] RSP: 002b:00007ff1639b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1042.724777] RAX: ffffffffffffffda RBX: 00007ff16654ef60 RCX: 00007ff16643bb19 [ 1042.725570] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1042.726345] RBP: 00007ff1639b11d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1042.727118] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1042.727902] R13: 00007fffc2898d3f R14: 00007ff1639b1300 R15: 0000000000022000 [ 1042.728690] 15:48:13 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x5, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:48:13 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 13) 15:48:13 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x5, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) [ 1042.816726] loop5: detected capacity change from 0 to 260 15:48:13 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) [ 1042.826062] FAULT_INJECTION: forcing a failure. [ 1042.826062] name failslab, interval 1, probability 0, space 0, times 0 [ 1042.827292] CPU: 0 PID: 9441 Comm: syz-executor.1 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1042.828306] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1042.829512] Call Trace: [ 1042.829780] [ 1042.830020] dump_stack_lvl+0x8b/0xb3 [ 1042.830437] should_fail.cold+0x5/0xa [ 1042.830839] ? create_object.isra.0+0x3a/0xa20 [ 1042.831334] should_failslab+0x5/0x10 [ 1042.831737] kmem_cache_alloc+0x5b/0x480 [ 1042.832177] ? mas_destroy+0x391/0x8d0 [ 1042.832582] create_object.isra.0+0x3a/0xa20 [ 1042.833069] ? kasan_unpoison+0x23/0x50 [ 1042.833498] kmem_cache_alloc+0x239/0x480 [ 1042.833939] mas_alloc_nodes+0x2f4/0x600 [ 1042.834372] mas_node_count+0x101/0x130 [ 1042.834792] mas_root_expand.isra.0+0xe5/0xa60 [ 1042.835280] mas_wr_store_entry.isra.0+0x33c/0x10e0 [ 1042.835812] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1042.836408] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1042.836989] mas_store_gfp+0xca/0x1f0 [ 1042.837403] ? mtree_store+0x30/0x30 15:48:13 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) 15:48:13 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0xf, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:48:13 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 16) [ 1042.837804] do_mas_align_munmap.constprop.0+0x487/0xc00 [ 1042.838505] ? __split_vma+0x540/0x540 [ 1042.838920] ? mas_walk+0x48a/0x670 [ 1042.839308] ? mas_find+0x203/0xdd0 [ 1042.839693] do_mas_munmap+0x1ed/0x2c0 [ 1042.840108] do_munmap+0xc3/0x100 [ 1042.840475] ? vm_brk+0x20/0x20 [ 1042.840832] __do_sys_mremap+0x1145/0x14f0 [ 1042.841292] ? move_vma.constprop.0+0xf40/0xf40 [ 1042.841786] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1042.842370] ? fput+0x2a/0x50 [ 1042.842705] ? ksys_write+0x1a5/0x250 [ 1042.843117] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1042.843644] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1042.844211] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1042.844759] do_syscall_64+0x3b/0x90 [ 1042.845179] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1042.845719] RIP: 0033:0x7ff16643bb19 [ 1042.846110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1042.848043] RSP: 002b:00007ff1639b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1042.848844] RAX: ffffffffffffffda RBX: 00007ff16654ef60 RCX: 00007ff16643bb19 [ 1042.849596] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1042.850344] RBP: 00007ff1639b11d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1042.851100] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1042.851853] R13: 00007fffc2898d3f R14: 00007ff1639b1300 R15: 0000000000022000 [ 1042.852604] [ 1042.862033] FAULT_INJECTION: forcing a failure. [ 1042.862033] name failslab, interval 1, probability 0, space 0, times 0 [ 1042.864319] CPU: 1 PID: 9453 Comm: syz-executor.4 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1042.866274] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1042.868599] Call Trace: [ 1042.869132] [ 1042.869583] dump_stack_lvl+0x8b/0xb3 [ 1042.870365] should_fail.cold+0x5/0xa [ 1042.871122] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1042.872213] ? anon_vma_clone+0xd3/0x560 [ 1042.873039] should_failslab+0x5/0x10 [ 1042.873795] kmem_cache_alloc+0x5b/0x480 [ 1042.874633] anon_vma_clone+0xd3/0x560 [ 1042.875415] __split_vma+0x16d/0x540 [ 1042.876158] do_mas_align_munmap.constprop.0+0x25e/0xc00 [ 1042.877264] ? __split_vma+0x540/0x540 [ 1042.878047] ? mas_walk+0x48a/0x670 [ 1042.878764] ? mas_find+0x203/0xdd0 [ 1042.879483] do_mas_munmap+0x1ed/0x2c0 [ 1042.880254] do_munmap+0xc3/0x100 [ 1042.880945] ? vm_brk+0x20/0x20 [ 1042.881639] __do_sys_mremap+0x1145/0x14f0 [ 1042.882484] ? move_vma.constprop.0+0xf40/0xf40 [ 1042.883405] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1042.884485] ? fput+0x2a/0x50 [ 1042.885120] ? ksys_write+0x1a5/0x250 [ 1042.885879] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1042.886865] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1042.887912] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1042.888927] do_syscall_64+0x3b/0x90 [ 1042.889685] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1042.890695] RIP: 0033:0x7fe3cdd6fb19 [ 1042.891423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1042.895048] RSP: 002b:00007fe3cb2e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1042.896534] RAX: ffffffffffffffda RBX: 00007fe3cde82f60 RCX: 00007fe3cdd6fb19 [ 1042.897948] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1042.899345] RBP: 00007fe3cb2e51d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1042.900740] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1042.902148] R13: 00007fffdf0ea1bf R14: 00007fe3cb2e5300 R15: 0000000000022000 [ 1042.903550] [ 1042.908299] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:48:13 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) 15:48:13 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_io_uring_setup(0x4eff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @private1}}, 0x0) r4 = syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) r6 = syz_io_uring_setup(0x76e7, &(0x7f0000000340), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000280), &(0x7f00000003c0)) io_uring_register$IORING_UNREGISTER_PERSONALITY(r6, 0xa, 0x0, r5) syz_io_uring_submit(0x0, r2, &(0x7f00000000c0)=@IORING_OP_OPENAT={0x12, 0x5, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)='./file0\x00', 0x120, 0x101000, 0x12345, {0x0, r5}}, 0x3ff) [ 1043.673840] Bluetooth: hci6: command 0x0406 tx timeout 15:48:24 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 14) 15:48:24 executing program 6: syz_io_uring_setup(0x42a8, &(0x7f0000000040)={0x0, 0x943e, 0x20, 0x3, 0x27b}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) 15:48:24 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x4020110, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x1dfb, &(0x7f0000000080)={0x0, 0x5468, 0x10, 0x1, 0x359, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r4, &(0x7f0000000140)={0x37}, 0x14) syz_io_uring_submit(r2, r3, &(0x7f0000001c40)=@IORING_OP_SENDMSG={0x9, 0x4, 0x0, r4, 0x0, &(0x7f0000001c00)={&(0x7f0000000180)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e24, @multicast2}, 0x1, 0x4, 0x1, 0x1}}, 0x80, &(0x7f0000000740)=[{&(0x7f0000000200)="2ccd1f086736831df2a1ececed5a8295c0e25991c26a67f2315c28394f504b2e9569498832d6c42646959608341c2deba4e68931450ce6a6351a0d8b1c52baa7cd2cd98c4a1b77ddea02717c66afcbba006aee", 0x53}, {&(0x7f00000002c0)="a58c661d404d2b4c457857729ae5338307b24c12e0b2c78ee4c0df29548b295a9e9ad4ee658458b6527c2788c2b67020f13ab3e15401d82a90ea1b9e15643df718db237bdd81eabdf32c79e3319f13e7ac14b47d258151ece2a5989c6b4266c77bbd464872595ebf0962623d19a6fffa23aa6a01505083e5d4494449684a86890db402e3da1a216e2e2aabf65f1bba75b557371e221113792c", 0x99}, {&(0x7f0000000380)="781a50a5c11b7841cc098c2f9e841abf68009b3565dbaebc5da47d72592bdacfbcbbc55f616733a14a949b4caedb5644bcd7bb7cc6a6f2fd698d796db21c8fc72fde60b0a391e2bf2d9d9a7757545fa9d6cc2484ceda22a8fe9332ddd3fe319f4073091f682ab6c4097b58f008f2dadc1d0032cf7f17552d7e1cc2d3f05cb00499d63af98ed501e4a7786bfebd", 0x8d}, {&(0x7f0000000440)="e1cc6f92985a5d1dc10bc8fa99caf2d190e9e8a39976c1bea64810a1d255fef32ea8b09c3f4008ad4b4dc1dc9fb30e6bbe6e5e582c12a57f407e5d5e6899e724bbace5916fd18e8d22c243c82983f6f92a4696ff8e2c6db73ee40c34f2237f4fed84423ebd2ff8e9ae06486436ad8f52e0652632fc97f71d715a492f126fd888364ec6715f6b63e73bf5bfbf855cf726884fadd8f29911681587857c13422db77436e8f0e93838992c5b489394b9bbdf4527290d23efe3ae1c344c20d5101944d387a27c92", 0xc5}, {&(0x7f0000000540)="28ce603f02b8cb79231807cc2c1b937df89f901730ffcb51a7a7a98c3c5acba2b1f7d5da86c9d5336de06b9ac1b1747d67ce6d0e0285c5f98ccbacff20d46b97eddb9499e96297c1f726d85639cd746ba9de5d82a266f6cc5edb045f808478323b0df7db5bd2c0ed8593415529a65d49fb769a0654f725a950f1f1660b79258531080c411f48c33bafe507842c43bff3127b799644500bb8af9a66883a", 0x9d}, {&(0x7f0000000600)="b8170e9d1f0ec194b42b7b5a19e0abd66a98c43c91b090c1f1f34dd347b0151d9fc2462bd4ab0c43ca9d16412fa6b3d54099b5c822e79a11cd884ad1825d9b62b8986c5ac5588c9602fbc0f6a5ec1c13b44dc977be3fb01bfa009dde645a0e05c030ae792bf09d915e242c64970bdf25a6b4fefec41c77337abe4e6da7dbd7f0217612e9420bcf870d6d070bf46ffc15374c4384b6dc0d910b295c3240b4aede0be03b1f2a924cf4d8ed7c5090039398348753ecee490b6d8d1baba7305c7672ff", 0xc1}, {&(0x7f0000000700)="80d306363f67fa6d8a364982ae93fd00ce35aedeeeb763c06c7ed3dc65be4a8a6305fbbe7f8aeb803c0c5eccfe9d06caf2", 0x31}], 0x7, &(0x7f00000007c0)=[{0x1010, 0x11b, 0x1f, "fb01b509c8b8e1f21e01f03d64c7bb9a218ef6242b7463ef9f1b4f2f504c7ae5ec2f559bfc21aec5bccfc7f0b02f8513be33d6988461de4c18e0c4586488d8fdf014d946c5cd5f7d45a7791a443a7d259dd5ca19fdb200254e929081213299765b787f5f0960c0e90478d4e024968bd0faf21a1b6674835bbc43008327974006b944ec78a7f2252c70c344bef55ef0442d0928717fe0d73e71bc52b9353680222362ca125800103043d6207c7b690fede9a0bc6795c756a4b9c32f8695e7d8c2c4d96f118ff2ec304c25aedee9f337c856d9fa79846e83c9a4691cbe59522571e0fb3aaad2cc4c0f29ff888a2c890b55a7a34ba89237f02d8a1804cbe075b16c52f50b5f5d5c187a57028078a6f7be83782d3cc201a413b3b30b86837eb9f061f86b8a6dbe32c95a14496b4021b657f40a72615da83e40f688f87fadf7355bc9d3b24551111aa62f57d1905fbeedc21a0cb2cdf15562ed6e3fd95ca4969f535ed0733f62dd3943b0b60f8484cff479498b781742a635346cf5484371f666c53184d033b4d02f966af5ce1088cdf81a9ea11bfc85e501b87db806c63f7eec03dd6040bd763bf69f17ee8cb65256149bdb312923fbc0d12c01cdd43444a8e0001acc0e467165938b721ced3deed4038fb499b5fbe5237935f8ffd4321ce5f5e8a7c46c1046bc092460d63575461b8b93d91fbe071be5f2f6de5c1ed875077c1a0ee940d8d2fc7f253a38f8a6207687a50de3c5f4e61b8eddec818d42e7731381f5cdfadccfc00272496291f93ee73e266e35d4d048b84996cf55d3c8f62ba2f26452d770fe64723197042d009e259713e52b54b120c7257bdd51f373289dbeecbd1bc1bc96a936550b702f17c06c513a75ecc7976bd74129e2cc053fd4d049d96678e114146454faf13bbc38f4a07b7983645a69b716af7baf4bba267510a5f60ab37b62c253457ffd2532210a7afb12a0b22a5aba283b1beda97f0ed785ef8af653b0892d5b81ba317aa2b458da33b0fb0de629ade5e8ef48b51c706585150a49f8862da2d849a5a5bb4392277ad63915b0eddd8f279447961c29eeaa7d9baeb63bead15f1cf6223ab57d9a54de166903afa5a86d995224dffe677e3b084f4969e752d684d908bf29112f6b2bdbaadbd8cec774603e43cb16b37f4f53910cb0076a707ea3150458bfcfde5ef58037f79a089e7f0335559fbbaf08f8e113d60466da36b40e7de09fd2e0d26c191f5b4264eb5784bd3abdea0817f6b3957a5cb333e07735559ea19b3d2b3745608a283de4d8d93fbc53a44b83eabb6a3029fb454d35aaac7bd2bcdfd280db19e462d2bf02bc806db82541b3bed782d7b8aacd5ae314f28c38f46becd1fc2d03ddcbff39166f6bf32f6290edb079be13aabea06434cc409afadc7c53e416c6a43d5e9fb3ab64f50c12a491c75eac828310147db399566e631886c6ab3623d37c45be1876dfe05fe6923149f7f00ee9c14234df313612f5160d0125c540cc3c55523e9703e31fe238fafd0f00bffd434b5120c351a044de0e316a63a4a24c28c66bdf24e5d0c5718b64960ce3b5dda75365719a46e0dae1707b825b8fd8b355286f68b9e4e72bcf1dd09d5acc206022b9df2da1500f5fc72744c0ad074d9a10359ad4a1cbe807b1bfed9e3470f111f42e71037d8c90bb49d8a42e843c4fb1ea598fc73de171a2e7ca73a04d9930c6f303b6a34f8fdbc4791616ef7a4c23eeee434309e44347aaab5e64791d4eb8d63c02d426a565b2f8838057835d82296cb2b2b4263824c98f35f8b1a9572c9e9f3c3cb5e354aa6627c6b75f58238eed91ce8dfd0c261e65c3b1298c54a2b354b531ab0135490fca90698c4213ec7a7293c3429c76e4db3e1d3ca3fcf6f06d7b5c3da1db6749e1fb694c851144a3b5bc028f6bc62759d9028d216e35c5b1fac1cb3bd343068ddb21bb97d1a75ab946983277fb327cdb9ef586824e0acea73a8d3f319131bfb222cb3a0253f7d85c84de50cc4e958a087a1fd6d42866888bc4bacdea64c6a684a836588655d4f2f7f43fcf6fe9aea9fa17952e3b4c0ef9ce3feb57a9cc6c65cca3bba756f648543f207903330d2312e5b47a33483751d4da83641aa183bda0bd1824bee001fc05155b7af01c9d8cfc648a3e8c3740d3fccee06ce4d6e2dcb06c855a743bb0cb6d882aad79b8219e87a35767e6947fdca00be2666f688637cb6609335750e91df74073b082b90e76006e607f368398efd2019cf330a76d013dda19a77eb8367f7949d58441017bff7b1bf445f1755f29a20c02613e86a07f44daf33070f13af4fb71e81d944780915b7d6cbb80a12902f052aa5582f4ba2f11ad11b1eb9c90503093e707c99584d0c9c29541ae73fd5006d91b82229b1d6f59dba9befde40692ca2c2d11e3935543ea8b556ea8e3ebebe0d5add2e723d55b49f0daf2769fb7cf6989a6f241801934254ab3cf8ac52793a2205f809cbd123ac563f514425b8df7ffdb271d744f3b585f6ca51fd57dcda03176076c6e1f8ea00a89f5458864db6e57381e91573d66aa1991dd27413faf511907b9f1a07d6fc4ee177e1ce0fdab6e57ed2fd054b2ac901c0fadb4deb5b4633a45f94aec848d351c66205803b6db1c4c542b09a5e35b943961a4a8dd7769e0d7a5e774c07db65e5426811c0ca8d5b74d30f99330cc84aca6623fb6e2997d8e96aec59e4f3f49b6da6b47fc250de33dee6ac43d18c4903014eceb2fee8e9986419e0e44456b71ec19aabeff8e348441f4bb961e118e6244c933de36e06c19cb44c4edf94db6d65bd0c6ac1005798a45a4276edf4ae2555136e8e56074c5aa8577a417e624d3b1d9e74816eed1ddbcfff027ffaf4dea529c423f82cbe86ac11582c496f407d816e2dc07a3fda62a52bf9826b6d7dc58ce379a221e2481d573d43c9624763b23aacb76bd4d857e378703903981bd24aea082aaa292b265174f7f48db514a71d8704d4d34336b94e0b2ba7996c0ea678911899aa6a5ad8f4389d7eb2cc00fe088bf0c00bfbb18e48e42d6690252612de21c3e01ab8d68b18b8575c3309669fcb7035013af969706ccb774cf0a5e48575eb64a243aea7e80befcb63f8a5df4e486c5cd0b2d946ae7250e12d016225046c06bec070eefaf75ed5d264df61dd5a4b20da61fbc644f271a60153c2ce28240ce4832d83d812db22e7b7b974e7cf0d4041266fe4899d1fd0515da195eace17ca9a37a9b7d8ac461ce2ec2d90ba9214b6a5aab78ebfd80b0eefd8c42b0d67a885d1c016d31754be19116339545f89dfab1b31727751495c338a5dd5ee38966f65558cf162a8cd74aa5cb2924f0ba1d7a37e866e59fb6d40df20e4e5b70f9c69aad30cfb9f25409e96181e43080032e09f52a1b1390ec2d126bb2e01009be174d4633d89edee7fd5793df5bde23f3f3de9ca60a5580c86e665cfadd63f200eb1ba847205fc063744dbb30f1bac8554bcce494d3b04593ed345bda480a6a9403d7401aff2fb0d671e25005e5b8b78be3cdfc1fbf12892afc584aa5ab5747894da1295eb3095f7346e9a5a8f7c302ca32c18a84239d2039a63b956c6ae55c8c94b465352753ea778760978b567927a3f14ced95bd255a7c19f8e610227e6f2abbb0adaf23de5722ddeccaba415130a923315eb8ecc71a427ac46cd7bb5a032542804f02ea000dd6895a6dbe1c8175c9ae39a82e3f182c195eb506a5bb51239f0708ccd32ba6686b9f3fcf079113f165019fb08f0dd75cf0fb343c21190ae658df87d72dc53d32b46d028540ef77357ff93bf712aa95eb636535de966f955fe018a17f1f51ade8322d86b5dc42b8b43d72c48cf59455932cf7550076a9877ab3bdd5dd6e2f7956f22231bd33c675cb7a748b974c1bbeebc9bbff24276fe70b18b9c6ea3a206ba0f2db87dec068dbeeb08504a57972639ff77a13a0197702224a219078d4a85d879eba64374babf54351701a7a324055e7545eac6ea95b6d9c77e9b1b7d99dcb140af106560d5e189b45cf6dbd54cee042a64af84ddff76e33b2eaf1799091294848f4a940e76f0ad6f4f94693b6013399dfd48e7048d77a2d564557dd23cabca2f07b2de4c97ec7fa45eb7262784c17a4e81c8e3d5c4a42e96ced5ebbb1fd3f4da8d18c4b6fb65e028452913aef553a52c778a6a7629ed2019b764f93c728d422c3ad0b0008bb5f4f7c5b4f8ae504f064bd401f950437b3b17bd71ff45caf87a99c1659d6e5a62a8ba9bcb2fff982bf6683048ee39e43cf34e3c7babe6feaf9a6e8204ede800593dbfff7566cf590a1330e593882bb235bdcdacb2e4cc5d832c61444354392d440576d1706254b84eef075d3153f805616894629b1357962f12b5837afb2546213f98045e5d177eb27f610623cac0264a5a2e9e6f8cc715d2e53898fefa044a3fa38667474759c2eb263ef838916abcccb966ba95e7cba0aebaa213f6b19c6c2ff1e1fa332ec9a482438bbe9613d0647eef1b6f599228657a33982d5e6487ead7aeb0c9d4c17a7781881c76d3d6406cab9844504a29424ef6311db21e565c4e4149bafd51f7dd2e054ee8078b4b1bc5adfff57842723b58c6d5b03fc0f2727172918b31a87af01340b77a5d1527aefef8d826a3094e0c437b473d4868aced216784f2e1ebfcd6805d65d0c1effe54e156474f3a17675bda278d361950e14c574d8984e9e5823e01b6c5fbe6945abec1a4ff31442f57554c5dae013a7914805f62190fdd2c0fd51384dbae6585bd6223c6e2cb2463020f1e28c1ad19841fc15de535528ee8b713ed5fc25cd9c30091847c5455af6ec481efab5511e54bbd5c2a0101c07862391bd0ff14009ceae1575345e7607d15a0c8a655d2f2ac2406e9b1fe333c023b3edf0679949847a22c63fece02cd6fd17dca8d1c1617571ad25d310a1ae7e8c975995588942e569922e3c3e126ae107b243488e824569ad5d7e2f835424ebc9e79f6fcc305677913a6b716900950511d539ad4081b349311cc2304ef212d4fc6b8335ff897beb7a2eec6da51714c67db187f53d27990a171f08a0ae64e1cf432b5c7aae073514812a134b7826546f6e92b5d368c5097518402a5216a5f9b0c742eef7132b5ee5a28a308cd52a0558b8912fe84bde36db3537dbdbb5186e2308b225b193169a73091bfd2070ba2d21563a514a719b116903dfc2de599f335c611b38cd0ceb2b2533943c2cd8295646b8bc9cf4ae3b4a77b8810377892edebceda2d2f7b15c6e92666f43d341c2cc1ab8f0254b1fba23d9731b676a392547a14a73b40a5b35b1e5ff8859f19ea70c57dd0852638102ab82508259f13b5c310d14f44d8c6dc73e2fcaeb63c61e750a1a84eb6ef61206b22b5edab819ec540d3252287db2c6c248208795238cead33817779090739911649dd1dff2d18141c7e9e6fb84674a2ba812bfc8db627faebb66f666e1e8e7090a3224a8522a7491d96ef71e94e9dee06adac892301ae0980f2a44a80726ab87ffe56f715d46042558231885fa35bea8ea54da1a85f03f290b0f997e70c829677730811ee071f90909cb797a1b6db6d05a7aafafccdc2d4db47551d66ffda7edffd2b67c9a334e69272906b60dd5416822a3d38ea440e6b5e024ec0d94b484cb2e07d36384212696eabaa62a2efa484488bf097d34ae2f7e7f3d8e9292aec0ad5306a1d44af901bbaf937a6fc56155c10c7a3166f88d4fb2640268207eb2e99cf20170398783a951352ece72dcd5905c8a2c4d2519a5fa192b0a4a2ed14e742737baceac69342e9951c4afd026e8fcdbf6cd2f"}, {0x58, 0x101, 0x8, "13ea9094566f3ef85eb7a499854d96d5ad193d819c6c901abb2b0a96ea4331cbd56a92299cf78ac37e0df26d0c95c8de07af267279135cde025e19ecd6d59f7b375d58"}, {0x108, 0x10d, 0xfff, "f81fcf5f7bf85b946958984d79775e2f4d8332bf4672bad902e28127fd7cb840cd832806d3a15de6096f5e53c2e0ba369e59b3784357daae6a5a5854d8e9d712be27ca1f3e3722d084f5db53b741f5f774a09659ae8c9fcb5b8d4e62dbe059c6609f9aecd2879add0122235801674f1763749d9f39c5fb34de81bc2e6f51a43a18300f582e5971b30cc846766cee1ef3bdfb8fb435fd48b58f53cb41ba757efe392c84260c3642289e08db3af02ecc0134a7eba85d475088f1588e15fa36c2e9b6b0db29bf5f41d30417d3c2bf1d71bb8de7b3cb68e07625a90610383de913c1e39297b2b3b1321a16ae52450ae59c253b771814c444"}, {0x70, 0x101, 0x3, "07c563066b73cb4f463be21186efb41cdee029d9919fa1adbfdee971bb7196f2182c639c990e05eaf3e27b91514124bf66790a27eb4212ba2c0d95b776da65b46b5d029ecd1e72609faa836364726848dae88e424fc0560242"}, {0x88, 0x1, 0x5, "f0d35d3b6ba789da02d82cb7c9c4078c9abe880334114f8c4b82081d5deda5dcbf420c54a074c4369c535c5f38ef9cfb3d5f02bcf5d5335e303112194dee053f18743e7a7c64bfd24b7e480811adfadad72cae0b8c22a0c48bce6b9e92638969f7228ead4916410bf2186257419c9f4ccd"}, {0xa0, 0x117, 0x7, "904d901e433ef8b60690cba31f3b438717e41058b9ce6d825e9b4e4547a409b9b5c20e38520fe1f3457637124d66f49efc146cf156f85cdab1c4adfddf7b96d4868ac9f71eaa76fd2fbb68eae8805cffa262c882be8d389198c86900d5e99de60a02c715a07da1ff9ef1bc8b27818d4c7ae1ecc9b6b6a141022e94f4cb7cb29f686167a947093aaa55bf5bdaca"}, {0x48, 0x11, 0x80000000, "3e4e29b0d77e916c854cec0e603b1b6e0ca46fa24e2b3c3ebcb6a01d20171dbbbefacd180f862b6e1d60babb3a7581d340eab087167226"}, {0xc8, 0x10e, 0x800, "22ad2bd80f68b047e6ac5ec78c0caf46f9c5f21d8301060028a2bc1ec38ccad2707a43bd9d6f71abf87b269ce3a5919d24d5f80f814d4920d2793b406c95e396e4dab0c1855111947ec605afaafda32a7f38d2d6bae96af9e0b057327b36cec528479db787b2c4471b15589eadb5db81bf9e99079014717dc3868bec23d8c2792225696fc186f45f35723e6aabaf77bc46e0ce390c467adf2964c1fb05cc5200b129535ea581a750cf21296c904869760652"}, {0x28, 0x0, 0xa4, "9d454c86e9f2707835f83384c668792b21caba0119"}], 0x1440}, 0x0, 0x8000}, 0x3) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) [ 1053.574910] FAULT_INJECTION: forcing a failure. [ 1053.574910] name failslab, interval 1, probability 0, space 0, times 0 [ 1053.577902] CPU: 1 PID: 9465 Comm: syz-executor.4 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1053.580350] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1053.583177] Call Trace: [ 1053.583779] 15:48:24 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0xf0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:48:24 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) 15:48:24 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x7, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:48:24 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 17) 15:48:24 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) [ 1053.584303] dump_stack_lvl+0x8b/0xb3 [ 1053.585395] should_fail.cold+0x5/0xa [ 1053.586159] ? lock_downgrade+0x6d0/0x6d0 [ 1053.587003] ? create_object.isra.0+0x3a/0xa20 [ 1053.587954] should_failslab+0x5/0x10 [ 1053.588560] loop5: detected capacity change from 0 to 260 [ 1053.588737] kmem_cache_alloc+0x5b/0x480 [ 1053.590169] create_object.isra.0+0x3a/0xa20 [ 1053.591060] ? kasan_unpoison+0x23/0x50 [ 1053.591856] kmem_cache_alloc+0x239/0x480 [ 1053.592679] anon_vma_clone+0xd3/0x560 [ 1053.593492] __split_vma+0x16d/0x540 [ 1053.594308] do_mas_align_munmap.constprop.0+0x25e/0xc00 [ 1053.595467] ? __split_vma+0x540/0x540 [ 1053.596242] ? mas_walk+0x48a/0x670 [ 1053.596959] ? mas_find+0x203/0xdd0 [ 1053.597689] do_mas_munmap+0x1ed/0x2c0 [ 1053.598473] do_munmap+0xc3/0x100 [ 1053.599163] ? vm_brk+0x20/0x20 [ 1053.599829] __do_sys_mremap+0x1145/0x14f0 [ 1053.600675] ? move_vma.constprop.0+0xf40/0xf40 [ 1053.601608] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1053.602693] ? fput+0x2a/0x50 [ 1053.603316] ? ksys_write+0x1a5/0x250 [ 1053.604073] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1053.605055] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1053.606129] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1053.607007] FAULT_INJECTION: forcing a failure. [ 1053.607007] name failslab, interval 1, probability 0, space 0, times 0 [ 1053.607173] do_syscall_64+0x3b/0x90 [ 1053.610269] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1053.611291] RIP: 0033:0x7fe3cdd6fb19 [ 1053.612017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1053.615649] RSP: 002b:00007fe3cb2e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1053.617144] RAX: ffffffffffffffda RBX: 00007fe3cde82f60 RCX: 00007fe3cdd6fb19 [ 1053.618556] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1053.619955] RBP: 00007fe3cb2e51d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1053.621370] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1053.622773] R13: 00007fffdf0ea1bf R14: 00007fe3cb2e5300 R15: 0000000000022000 [ 1053.624189] [ 1053.624644] CPU: 0 PID: 9471 Comm: syz-executor.1 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1053.627098] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1053.630111] Call Trace: [ 1053.630677] [ 1053.631180] dump_stack_lvl+0x8b/0xb3 [ 1053.632023] should_fail.cold+0x5/0xa [ 1053.632824] ? vm_area_dup+0x7f/0x220 [ 1053.633713] should_failslab+0x5/0x10 [ 1053.634568] kmem_cache_alloc+0x5b/0x480 [ 1053.635423] vm_area_dup+0x7f/0x220 [ 1053.636233] ? mt_find+0x33d/0xfb0 [ 1053.637034] ? mas_next_nentry+0xb30/0xb30 [ 1053.638012] ? mas_next+0x224/0xd90 [ 1053.638809] ? vm_area_alloc+0xf0/0xf0 [ 1053.639621] ? find_vma+0x108/0x1a0 [ 1053.640439] ? can_vma_merge_before.constprop.0+0x220/0x220 [ 1053.641734] ? find_vma_prev+0xe0/0x160 [ 1053.642620] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1053.643733] ? can_vma_merge_before.constprop.0+0x83/0x220 [ 1053.644988] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1053.646258] ? vma_merge+0x382/0x8c0 [ 1053.647097] copy_vma+0x33b/0x750 [ 1053.647870] ? __install_special_mapping+0x370/0x370 [ 1053.648983] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1053.650128] move_vma.constprop.0+0x6a9/0xf40 [ 1053.651151] ? move_page_tables+0x1e70/0x1e70 [ 1053.652162] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1053.653254] ? cap_mmap_addr+0x50/0x300 [ 1053.654134] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1053.655366] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1053.656531] ? security_mmap_addr+0x79/0xa0 [ 1053.657538] __do_sys_mremap+0x78f/0x14f0 [ 1053.658485] ? move_vma.constprop.0+0xf40/0xf40 [ 1053.659473] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1053.660690] ? fput+0x2a/0x50 [ 1053.661432] ? ksys_write+0x1a5/0x250 [ 1053.662303] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1053.663364] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1053.664527] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1053.665723] do_syscall_64+0x3b/0x90 [ 1053.666571] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1053.667727] RIP: 0033:0x7ff16643bb19 [ 1053.668491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1053.672677] RSP: 002b:00007ff1639b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1053.674409] RAX: ffffffffffffffda RBX: 00007ff16654ef60 RCX: 00007ff16643bb19 [ 1053.675987] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1053.677538] RBP: 00007ff1639b11d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1053.679154] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1053.680743] R13: 00007fffc2898d3f R14: 00007ff1639b1300 R15: 0000000000022000 [ 1053.682307] [ 1053.693228] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:48:24 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 15) 15:48:24 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 18) 15:48:24 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) 15:48:24 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNGETFILTER(r0, 0x801054db, &(0x7f00000000c0)=""/111) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000001580)=[{&(0x7f0000000180)=""/122, 0x7a}, {&(0x7f00000002c0)=""/227, 0xe3}, {&(0x7f00000003c0)=""/174, 0xae}, {&(0x7f0000000200)=""/56, 0x38}, {&(0x7f0000000480)=""/111, 0x6f}, {&(0x7f0000000500)=""/4096, 0x1000}, {&(0x7f0000000240)=""/11, 0xb}, {&(0x7f0000001500)=""/87, 0x57}], 0x8) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'veth0_virt_wifi\x00'}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'veth1_to_hsr\x00'}) 15:48:24 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) 15:48:24 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x8, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:48:24 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/tty/ldiscs\x00', 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') r3 = perf_event_open$cgroup(&(0x7f00000002c0)={0x4, 0x80, 0x2, 0x1, 0xad, 0x2, 0x0, 0x7ff, 0x100, 0xb, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x81, 0x3, @perf_config_ext={0x7ff, 0x1}, 0x404, 0x8, 0xffe00000, 0xd, 0x100, 0xda8, 0x1, 0x0, 0x9, 0x0, 0x9}, r0, 0x3, r1, 0x5) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r4, &(0x7f0000000140)={0x37}, 0x14) ioctl$PERF_EVENT_IOC_RESET(r4, 0x2403, 0x8) sendfile(r3, r1, &(0x7f0000000340)=0x101, 0x8) write$P9_RMKNOD(r2, &(0x7f0000000140)={0x37}, 0x14) ioctl$VFAT_IOCTL_READDIR_SHORT(r2, 0x82307202, &(0x7f0000000080)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) [ 1053.811465] FAULT_INJECTION: forcing a failure. [ 1053.811465] name failslab, interval 1, probability 0, space 0, times 0 [ 1053.813867] CPU: 1 PID: 9486 Comm: syz-executor.4 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1053.815799] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1053.818064] Call Trace: [ 1053.818585] [ 1053.819029] dump_stack_lvl+0x8b/0xb3 [ 1053.819813] should_fail.cold+0x5/0xa [ 1053.820596] ? mas_alloc_nodes+0x2f4/0x600 [ 1053.821472] should_failslab+0x5/0x10 [ 1053.822239] kmem_cache_alloc+0x5b/0x480 [ 1053.823055] mas_alloc_nodes+0x2f4/0x600 [ 1053.823893] mas_node_count+0x101/0x130 [ 1053.824714] mas_root_expand.isra.0+0xe5/0xa60 [ 1053.825668] mas_wr_store_entry.isra.0+0x33c/0x10e0 [ 1053.826673] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1053.827772] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1053.828874] mas_store_gfp+0xca/0x1f0 [ 1053.829660] ? mtree_store+0x30/0x30 [ 1053.830419] do_mas_align_munmap.constprop.0+0x487/0xc00 [ 1053.831510] ? __split_vma+0x540/0x540 [ 1053.832285] ? mas_walk+0x48a/0x670 [ 1053.833018] ? mas_find+0x203/0xdd0 [ 1053.833780] do_mas_munmap+0x1ed/0x2c0 [ 1053.834584] do_munmap+0xc3/0x100 [ 1053.835284] ? vm_brk+0x20/0x20 [ 1053.835957] __do_sys_mremap+0x1145/0x14f0 [ 1053.836819] ? move_vma.constprop.0+0xf40/0xf40 [ 1053.837779] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1053.838884] ? fput+0x2a/0x50 [ 1053.839525] ? ksys_write+0x1a5/0x250 [ 1053.840281] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1053.841294] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1053.842382] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1053.843430] do_syscall_64+0x3b/0x90 [ 1053.844180] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1053.845219] RIP: 0033:0x7fe3cdd6fb19 [ 1053.845963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1053.849632] RSP: 002b:00007fe3cb2e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1053.851148] RAX: ffffffffffffffda RBX: 00007fe3cde82f60 RCX: 00007fe3cdd6fb19 [ 1053.852581] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1053.854015] RBP: 00007fe3cb2e51d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1053.855449] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1053.856868] R13: 00007fffdf0ea1bf R14: 00007fe3cb2e5300 R15: 0000000000022000 [ 1053.858310] [ 1053.884305] FAULT_INJECTION: forcing a failure. [ 1053.884305] name failslab, interval 1, probability 0, space 0, times 0 [ 1053.886885] CPU: 1 PID: 9496 Comm: syz-executor.1 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1053.888859] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1053.891133] Call Trace: [ 1053.891650] [ 1053.892089] dump_stack_lvl+0x8b/0xb3 [ 1053.892881] should_fail.cold+0x5/0xa [ 1053.893679] ? create_object.isra.0+0x3a/0xa20 [ 1053.894672] should_failslab+0x5/0x10 [ 1053.895438] kmem_cache_alloc+0x5b/0x480 [ 1053.896244] create_object.isra.0+0x3a/0xa20 [ 1053.897134] ? kasan_unpoison+0x23/0x50 [ 1053.897982] kmem_cache_alloc+0x239/0x480 [ 1053.898828] vm_area_dup+0x7f/0x220 [ 1053.899570] ? mt_find+0x33d/0xfb0 [ 1053.900276] ? mas_next_nentry+0xb30/0xb30 [ 1053.901122] ? mas_next+0x224/0xd90 [ 1053.901880] ? vm_area_alloc+0xf0/0xf0 [ 1053.902670] ? find_vma+0x108/0x1a0 [ 1053.903409] ? can_vma_merge_before.constprop.0+0x220/0x220 [ 1053.904545] ? find_vma_prev+0xe0/0x160 [ 1053.905361] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1053.906407] ? can_vma_merge_before.constprop.0+0x83/0x220 [ 1053.907535] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1053.908635] ? vma_merge+0x382/0x8c0 [ 1053.909428] copy_vma+0x33b/0x750 [ 1053.910131] ? __install_special_mapping+0x370/0x370 [ 1053.911166] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1053.912171] move_vma.constprop.0+0x6a9/0xf40 [ 1053.913082] ? move_page_tables+0x1e70/0x1e70 [ 1053.914014] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1053.915025] ? cap_mmap_addr+0x50/0x300 [ 1053.915858] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1053.916957] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1053.918087] ? security_mmap_addr+0x79/0xa0 [ 1053.918970] __do_sys_mremap+0x78f/0x14f0 [ 1053.919817] ? move_vma.constprop.0+0xf40/0xf40 [ 1053.920764] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1053.921872] ? fput+0x2a/0x50 [ 1053.922520] ? ksys_write+0x1a5/0x250 [ 1053.923280] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1053.924288] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1053.925388] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1053.926431] do_syscall_64+0x3b/0x90 [ 1053.927178] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1053.928216] RIP: 0033:0x7ff16643bb19 [ 1053.928962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1053.932652] RSP: 002b:00007ff1639b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1053.934174] RAX: ffffffffffffffda RBX: 00007ff16654ef60 RCX: 00007ff16643bb19 [ 1053.935600] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1053.937027] RBP: 00007ff1639b11d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1053.938487] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1053.939900] R13: 00007fffc2898d3f R14: 00007ff1639b1300 R15: 0000000000022000 [ 1053.941337] [ 1053.977234] loop5: detected capacity change from 0 to 260 [ 1053.991736] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:48:33 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x9, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:48:33 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000040)={0x785, 0x0, 0x5, 0x1000, 0x401}, 0xc) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) preadv(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/40, 0x28}], 0x1, 0x7ff, 0x80000001) [ 1062.930775] FAULT_INJECTION: forcing a failure. [ 1062.930775] name failslab, interval 1, probability 0, space 0, times 0 [ 1062.933145] CPU: 1 PID: 9510 Comm: syz-executor.1 Tainted: G B 5.17.0-rc5-next-20220225 #1 15:48:33 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x175, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:48:33 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 19) 15:48:33 executing program 7: ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) 15:48:33 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0xf, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:48:33 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 16) 15:48:33 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) r2 = signalfd(r1, &(0x7f0000000200)={[0xffffffff]}, 0x8) syz_io_uring_setup(0x4eff, &(0x7f00000002c0)={0x0, 0xfffffffd, 0x10, 0x8000, 0x0, 0x0, r2}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @private1}}, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') ioctl$TUNSETTXFILTER(r6, 0x400454d1, &(0x7f0000000340)={0x1, 0x1, [@random="020fa3cbc73d"]}) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f00000003c0)={0x5, &(0x7f0000000380)=[{0x2, 0x20, 0x9, 0x2}, {0x2, 0x30, 0x1, 0x2a9}, {0xf2, 0x4, 0x0, 0x24}, {0x7, 0x61, 0x67, 0x957d}, {0x0, 0x40, 0x2, 0x7}]}) write$P9_RMKNOD(r6, &(0x7f0000000140)={0x37}, 0x14) fcntl$getflags(0xffffffffffffffff, 0x40a) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000180)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x3, 0x0, r6, 0x0, &(0x7f0000000080)="4271f92ffaa1b34deb2170d89a28afc30cadb7ddcc6fce7ff4b66315b024975846426b008fc47fc28bc1bad80712bb55117fca0d9170cc9f25c0ac276d806960842b6c48e7aeff348b2bec2f8980ab7206c4b444864f5edcd7df635548c48cd38ecd628cab6082dae659a369ae6456db4f56af0d0de5793239108340ad57705b46041e4f8225fa5c610a96f32948f496ce4b9575b6d0f6e4b5da7a01fb9549e47bce253c2f2fb1f4db235cd6323efe76fd10bf4f3c468ceb95af3a2a70a52fc1513a5d8bc850ec382bb8e34c94e7566d1fb3f94c9d78e909c2333cebeb09c6206c7a5671b314879f1a2b328c", 0xec, 0x40002000, 0x1, {0x0, r7}}, 0x8) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) ioctl$SIOCGIFHWADDR(r2, 0x8927, &(0x7f0000000240)={'bond0\x00'}) [ 1062.935073] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1062.937474] Call Trace: [ 1062.937977] [ 1062.938412] dump_stack_lvl+0x8b/0xb3 [ 1062.939183] should_fail.cold+0x5/0xa [ 1062.939938] ? anon_vma_clone+0xd3/0x560 [ 1062.940744] should_failslab+0x5/0x10 [ 1062.941501] kmem_cache_alloc+0x5b/0x480 [ 1062.942313] anon_vma_clone+0xd3/0x560 [ 1062.943088] copy_vma+0x3e0/0x750 [ 1062.943778] ? __install_special_mapping+0x370/0x370 [ 1062.944788] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1062.945808] move_vma.constprop.0+0x6a9/0xf40 [ 1062.946698] ? move_page_tables+0x1e70/0x1e70 [ 1062.947579] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1062.948555] ? cap_mmap_addr+0x50/0x300 [ 1062.949351] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1062.950427] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1062.951505] ? security_mmap_addr+0x79/0xa0 [ 1062.952356] __do_sys_mremap+0x78f/0x14f0 [ 1062.953178] ? move_vma.constprop.0+0xf40/0xf40 [ 1062.954103] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1062.955180] ? fput+0x2a/0x50 [ 1062.955800] ? ksys_write+0x1a5/0x250 [ 1062.956552] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1062.957548] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1062.958591] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1062.959503] loop5: detected capacity change from 0 to 260 [ 1062.959600] do_syscall_64+0x3b/0x90 [ 1062.960905] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1062.961921] RIP: 0033:0x7ff16643bb19 [ 1062.962644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1062.966251] RSP: 002b:00007ff1639b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1062.967733] RAX: ffffffffffffffda RBX: 00007ff16654ef60 RCX: 00007ff16643bb19 [ 1062.969123] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1062.970537] RBP: 00007ff1639b11d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1062.971929] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1062.973327] R13: 00007fffc2898d3f R14: 00007ff1639b1300 R15: 0000000000022000 [ 1062.974727] [ 1062.979372] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) [ 1062.999146] FAULT_INJECTION: forcing a failure. [ 1062.999146] name failslab, interval 1, probability 0, space 0, times 0 [ 1063.001444] CPU: 0 PID: 9525 Comm: syz-executor.4 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1063.003380] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1063.005655] Call Trace: [ 1063.006165] [ 1063.006610] dump_stack_lvl+0x8b/0xb3 [ 1063.007391] should_fail.cold+0x5/0xa [ 1063.008167] ? create_object.isra.0+0x3a/0xa20 [ 1063.009093] should_failslab+0x5/0x10 [ 1063.009859] kmem_cache_alloc+0x5b/0x480 [ 1063.010725] ? mas_destroy+0x391/0x8d0 [ 1063.011593] create_object.isra.0+0x3a/0xa20 [ 1063.012588] ? kasan_unpoison+0x23/0x50 [ 1063.013558] kmem_cache_alloc+0x239/0x480 [ 1063.014500] mas_alloc_nodes+0x2f4/0x600 [ 1063.015423] mas_node_count+0x101/0x130 [ 1063.016324] mas_root_expand.isra.0+0xe5/0xa60 [ 1063.017367] mas_wr_store_entry.isra.0+0x33c/0x10e0 [ 1063.018498] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1063.019687] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1063.020811] mas_store_gfp+0xca/0x1f0 [ 1063.021625] ? mtree_store+0x30/0x30 [ 1063.022392] do_mas_align_munmap.constprop.0+0x487/0xc00 [ 1063.023487] ? __split_vma+0x540/0x540 [ 1063.024278] ? mas_walk+0x48a/0x670 [ 1063.025008] ? mas_find+0x203/0xdd0 [ 1063.025748] do_mas_munmap+0x1ed/0x2c0 [ 1063.026538] do_munmap+0xc3/0x100 [ 1063.027243] ? vm_brk+0x20/0x20 [ 1063.027920] __do_sys_mremap+0x1145/0x14f0 [ 1063.028840] ? move_vma.constprop.0+0xf40/0xf40 [ 1063.029903] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1063.031133] ? fput+0x2a/0x50 [ 1063.031844] ? ksys_write+0x1a5/0x250 [ 1063.032704] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1063.033837] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1063.035026] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1063.036185] do_syscall_64+0x3b/0x90 [ 1063.037023] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1063.038185] RIP: 0033:0x7fe3cdd6fb19 [ 1063.039009] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1063.043111] RSP: 002b:00007fe3cb2e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1063.044792] RAX: ffffffffffffffda RBX: 00007fe3cde82f60 RCX: 00007fe3cdd6fb19 [ 1063.046394] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1063.047975] RBP: 00007fe3cb2e51d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1063.049564] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1063.051159] R13: 00007fffdf0ea1bf R14: 00007fe3cb2e5300 R15: 0000000000022000 [ 1063.052746] 15:48:44 executing program 7: ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) 15:48:44 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x300, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:48:44 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) pipe2$9p(&(0x7f0000000040), 0x0) r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x12000, 0x0) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r2, &(0x7f0000000140)={0x37}, 0x14) clock_gettime(0x7, &(0x7f0000002ec0)={0x0, 0x0}) recvmmsg$unix(r1, &(0x7f0000002d80)=[{{&(0x7f0000000140)=@abs, 0x6e, &(0x7f0000000440)=[{&(0x7f00000001c0)=""/235, 0xeb}, {&(0x7f00000002c0)=""/26, 0x1a}, {&(0x7f0000000300)=""/175, 0xaf}, {&(0x7f00000003c0)=""/102, 0x66}], 0x4, &(0x7f0000000480)}}, {{0x0, 0x0, &(0x7f0000001700)=[{&(0x7f00000004c0)=""/4096, 0x1000}, {&(0x7f00000014c0)=""/88, 0x58}, {&(0x7f0000001540)=""/179, 0xb3}, {&(0x7f0000001600)=""/181, 0xb5}, {&(0x7f00000016c0)=""/50, 0x32}], 0x5, &(0x7f0000001780)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x40}}, {{0x0, 0x0, &(0x7f0000001940)=[{&(0x7f00000017c0)=""/168, 0xa8}, {&(0x7f0000001880)=""/131, 0x83}], 0x2, &(0x7f0000001980)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x60}}, {{&(0x7f0000001a00), 0x6e, &(0x7f0000001a80), 0x0, &(0x7f0000001ac0)=[@cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x78}}, {{&(0x7f0000001b40)=@abs, 0x6e, &(0x7f0000002c00)=[{&(0x7f0000001bc0)=""/8, 0x8}, {&(0x7f0000001c00)=""/4096, 0x1000}], 0x2, &(0x7f0000002c40)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0}}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x120}}], 0x5, 0x2, &(0x7f0000002f00)={r3, r4+60000000}) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x280000, &(0x7f0000002f40)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@mmap}], [{@pcr={'pcr', 0x3d, 0x14}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@obj_user={'obj_user', 0x3d, '!'}}, {@fowner_gt={'fowner>', r5}}]}}) 15:48:44 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 20) 15:48:44 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) r1 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000080), 0xc8a001, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000100)={0x0, @tick=0xa50000, 0x40, {0xbb}, 0x6, 0x0, 0x8}) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'ip6gre0\x00'}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), r1) [ 1073.688506] FAULT_INJECTION: forcing a failure. [ 1073.688506] name failslab, interval 1, probability 0, space 0, times 0 [ 1073.690832] CPU: 0 PID: 9539 Comm: syz-executor.1 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1073.692771] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1073.695069] Call Trace: [ 1073.695586] [ 1073.696042] dump_stack_lvl+0x8b/0xb3 [ 1073.696819] should_fail.cold+0x5/0xa [ 1073.697590] ? lock_downgrade+0x6d0/0x6d0 [ 1073.698418] ? create_object.isra.0+0x3a/0xa20 [ 1073.699356] should_failslab+0x5/0x10 [ 1073.700120] kmem_cache_alloc+0x5b/0x480 [ 1073.700941] create_object.isra.0+0x3a/0xa20 [ 1073.701301] FAULT_INJECTION: forcing a failure. [ 1073.701301] name failslab, interval 1, probability 0, space 0, times 0 [ 1073.701863] ? kasan_unpoison+0x23/0x50 [ 1073.703887] kmem_cache_alloc+0x239/0x480 [ 1073.704723] anon_vma_clone+0xd3/0x560 [ 1073.705535] copy_vma+0x3e0/0x750 [ 1073.706242] ? __install_special_mapping+0x370/0x370 [ 1073.707268] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1073.708274] move_vma.constprop.0+0x6a9/0xf40 [ 1073.709186] ? move_page_tables+0x1e70/0x1e70 [ 1073.710108] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1073.711111] ? cap_mmap_addr+0x50/0x300 [ 1073.711920] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1073.713023] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1073.714142] ? security_mmap_addr+0x79/0xa0 [ 1073.715018] __do_sys_mremap+0x78f/0x14f0 [ 1073.715858] ? move_vma.constprop.0+0xf40/0xf40 [ 1073.716800] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1073.717913] ? fput+0x2a/0x50 [ 1073.718547] ? ksys_write+0x1a5/0x250 [ 1073.719321] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1073.720322] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1073.721395] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1073.722452] do_syscall_64+0x3b/0x90 [ 1073.723209] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1073.724252] RIP: 0033:0x7ff16643bb19 [ 1073.724994] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1073.728689] RSP: 002b:00007ff1639b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1073.730221] RAX: ffffffffffffffda RBX: 00007ff16654ef60 RCX: 00007ff16643bb19 [ 1073.731648] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1073.733072] RBP: 00007ff1639b11d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1073.734516] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1073.735952] R13: 00007fffc2898d3f R14: 00007ff1639b1300 R15: 0000000000022000 [ 1073.737387] [ 1073.737874] CPU: 1 PID: 9542 Comm: syz-executor.4 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1073.738868] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1073.740051] Call Trace: [ 1073.740318] [ 1073.740547] dump_stack_lvl+0x8b/0xb3 [ 1073.740961] should_fail.cold+0x5/0xa [ 1073.741359] ? vm_area_dup+0x7f/0x220 [ 1073.741791] should_failslab+0x5/0x10 [ 1073.742191] kmem_cache_alloc+0x5b/0x480 [ 1073.742632] vm_area_dup+0x7f/0x220 [ 1073.743022] ? mt_find+0x33d/0xfb0 [ 1073.743394] ? mas_next_nentry+0xb30/0xb30 [ 1073.743827] ? mas_next+0x224/0xd90 [ 1073.744207] ? vm_area_alloc+0xf0/0xf0 [ 1073.744612] ? find_vma+0x108/0x1a0 [ 1073.745000] ? can_vma_merge_before.constprop.0+0x220/0x220 [ 1073.745604] ? find_vma_prev+0xe0/0x160 [ 1073.746025] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1073.746553] ? can_vma_merge_before.constprop.0+0x83/0x220 [ 1073.747147] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1073.747717] ? vma_merge+0x382/0x8c0 [ 1073.748109] copy_vma+0x33b/0x750 [ 1073.748477] ? __install_special_mapping+0x370/0x370 [ 1073.749003] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1073.749531] move_vma.constprop.0+0x6a9/0xf40 [ 1073.750002] ? move_page_tables+0x1e70/0x1e70 [ 1073.750471] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1073.750991] ? cap_mmap_addr+0x50/0x300 [ 1073.751413] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1073.751975] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1073.752562] ? security_mmap_addr+0x79/0xa0 [ 1073.753016] __do_sys_mremap+0x78f/0x14f0 [ 1073.753457] ? move_vma.constprop.0+0xf40/0xf40 [ 1073.753953] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1073.754515] ? fput+0x2a/0x50 [ 1073.754840] ? ksys_write+0x1a5/0x250 [ 1073.755233] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1073.755742] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1073.756298] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1073.756835] do_syscall_64+0x3b/0x90 [ 1073.757235] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1073.757774] RIP: 0033:0x7fe3cdd6fb19 [ 1073.758164] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 15:48:44 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0xa, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:48:44 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 17) 15:48:44 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) r1 = dup2(r0, 0xffffffffffffffff) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000180), 0x8000, 0x0) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r4) ioctl$LOOP_CTL_ADD(r2, 0x4c80, r4) syz_io_uring_setup(0x3b5f, &(0x7f0000000080)={0x0, 0xc207, 0x10, 0x1, 0xd4, 0x0, r1}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)) [ 1073.760036] RSP: 002b:00007fe3cb2e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1073.761008] RAX: ffffffffffffffda RBX: 00007fe3cde82f60 RCX: 00007fe3cdd6fb19 [ 1073.761767] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1073.762506] RBP: 00007fe3cb2e51d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1073.763256] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1073.763996] R13: 00007fffdf0ea1bf R14: 00007fe3cb2e5300 R15: 0000000000022000 [ 1073.764745] [ 1073.769745] loop5: detected capacity change from 0 to 260 [ 1073.792235] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:48:44 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 21) 15:48:44 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0xb0a80693f8fefaa5, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) r1 = accept4$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000080)=0xffffffffffffff88, 0x800) ioctl$AUTOFS_IOC_READY(r1, 0x9360, 0x800) 15:48:44 executing program 7: ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) 15:48:44 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 18) 15:48:44 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) 15:48:44 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x57a1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x19b}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:48:44 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x500, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 1073.871805] FAULT_INJECTION: forcing a failure. [ 1073.871805] name failslab, interval 1, probability 0, space 0, times 0 [ 1073.873081] CPU: 1 PID: 9562 Comm: syz-executor.4 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1073.874101] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1073.875282] Call Trace: [ 1073.875547] [ 1073.875789] dump_stack_lvl+0x8b/0xb3 [ 1073.876206] should_fail.cold+0x5/0xa [ 1073.876604] ? create_object.isra.0+0x3a/0xa20 [ 1073.877093] should_failslab+0x5/0x10 [ 1073.877503] kmem_cache_alloc+0x5b/0x480 [ 1073.877930] create_object.isra.0+0x3a/0xa20 [ 1073.878386] ? kasan_unpoison+0x23/0x50 [ 1073.878815] kmem_cache_alloc+0x239/0x480 [ 1073.879248] vm_area_dup+0x7f/0x220 [ 1073.879628] ? mt_find+0x33d/0xfb0 [ 1073.880007] ? mas_next_nentry+0xb30/0xb30 [ 1073.880446] ? mas_next+0x224/0xd90 [ 1073.880822] ? vm_area_alloc+0xf0/0xf0 [ 1073.881220] ? find_vma+0x108/0x1a0 [ 1073.881631] ? can_vma_merge_before.constprop.0+0x220/0x220 [ 1073.882227] ? find_vma_prev+0xe0/0x160 [ 1073.882642] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1073.883174] ? can_vma_merge_before.constprop.0+0x83/0x220 [ 1073.883755] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1073.884335] ? vma_merge+0x382/0x8c0 [ 1073.884736] copy_vma+0x33b/0x750 [ 1073.885108] ? __install_special_mapping+0x370/0x370 [ 1073.885649] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1073.886184] move_vma.constprop.0+0x6a9/0xf40 [ 1073.886656] ? move_page_tables+0x1e70/0x1e70 [ 1073.887137] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1073.887655] ? cap_mmap_addr+0x50/0x300 [ 1073.888083] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1073.888660] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1073.889237] ? security_mmap_addr+0x79/0xa0 [ 1073.889702] __do_sys_mremap+0x78f/0x14f0 [ 1073.890141] ? move_vma.constprop.0+0xf40/0xf40 [ 1073.890635] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1073.891212] ? fput+0x2a/0x50 [ 1073.891547] ? ksys_write+0x1a5/0x250 [ 1073.891955] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1073.892478] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1073.893034] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1073.893584] do_syscall_64+0x3b/0x90 [ 1073.893989] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1073.894536] RIP: 0033:0x7fe3cdd6fb19 [ 1073.894920] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1073.896823] RSP: 002b:00007fe3cb2e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1073.897607] RAX: ffffffffffffffda RBX: 00007fe3cde82f60 RCX: 00007fe3cdd6fb19 [ 1073.898352] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1073.899086] RBP: 00007fe3cb2e51d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1073.899810] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1073.900538] R13: 00007fffdf0ea1bf R14: 00007fe3cb2e5300 R15: 0000000000022000 [ 1073.901281] 15:48:44 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0xb, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:48:44 executing program 7: socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) [ 1073.927955] FAULT_INJECTION: forcing a failure. [ 1073.927955] name failslab, interval 1, probability 0, space 0, times 0 [ 1073.930651] CPU: 1 PID: 9574 Comm: syz-executor.1 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1073.932909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1073.935551] Call Trace: [ 1073.936152] [ 1073.936671] dump_stack_lvl+0x8b/0xb3 [ 1073.937609] should_fail.cold+0x5/0xa [ 1073.938411] ? vm_area_dup+0x7f/0x220 [ 1073.939177] should_failslab+0x5/0x10 [ 1073.939931] kmem_cache_alloc+0x5b/0x480 [ 1073.940735] ? arch_stack_walk+0x99/0xf0 [ 1073.941553] vm_area_dup+0x7f/0x220 [ 1073.942279] ? stack_trace_save+0x8c/0xc0 [ 1073.943100] ? filter_irq_stacks+0x90/0x90 [ 1073.943944] ? __stack_depot_save+0x35/0x450 [ 1073.944820] ? rcu_read_lock_sched_held+0xd/0x70 [ 1073.945771] ? lock_acquire+0x41c/0x4d0 [ 1073.946552] ? rcu_read_lock_sched_held+0xd/0x70 [ 1073.947485] ? lock_release+0x505/0x6f0 [ 1073.948262] ? unwind_next_frame+0xc8b/0x2250 [ 1073.949160] ? __is_insn_slot_addr+0x122/0x250 [ 1073.950077] ? vm_area_alloc+0xf0/0xf0 [ 1073.950845] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1073.951828] ? mas_is_span_wr+0x14f/0x260 [ 1073.952649] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1073.953736] ? mas_wr_walk+0x842/0xbd0 [ 1073.954512] __split_vma+0xa2/0x540 [ 1073.955231] ? mas_destroy+0x391/0x8d0 [ 1073.955989] do_mas_align_munmap.constprop.0+0x25e/0xc00 [ 1073.957076] ? __split_vma+0x540/0x540 [ 1073.957868] ? mas_walk+0x48a/0x670 [ 1073.958580] ? mas_find+0x203/0xdd0 [ 1073.959292] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1073.960381] ? get_old_pud+0xc9/0x3a0 [ 1073.961141] ? alloc_new_pud.constprop.0+0x202/0x310 [ 1073.962152] ? move_page_tables+0xb06/0x1e70 [ 1073.963029] do_mas_munmap+0x1ed/0x2c0 [ 1073.963807] do_munmap+0xc3/0x100 [ 1073.964500] ? vm_brk+0x20/0x20 [ 1073.965161] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1073.966162] move_vma.constprop.0+0x887/0xf40 [ 1073.967067] ? move_page_tables+0x1e70/0x1e70 [ 1073.967953] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1073.968945] ? cap_mmap_addr+0x50/0x300 [ 1073.969753] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1073.970839] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1073.971919] ? security_mmap_addr+0x79/0xa0 [ 1073.972772] __do_sys_mremap+0x78f/0x14f0 [ 1073.973602] ? move_vma.constprop.0+0xf40/0xf40 [ 1073.974536] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1073.975624] ? fput+0x2a/0x50 [ 1073.976249] ? ksys_write+0x1a5/0x250 [ 1073.977006] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1073.978002] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1073.979046] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1073.980055] do_syscall_64+0x3b/0x90 [ 1073.980791] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1073.981807] RIP: 0033:0x7ff16643bb19 [ 1073.982528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1073.986140] RSP: 002b:00007ff1639b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1073.987649] RAX: ffffffffffffffda RBX: 00007ff16654ef60 RCX: 00007ff16643bb19 [ 1073.989044] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1073.990462] RBP: 00007ff1639b11d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1073.991858] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1073.993254] R13: 00007fffc2898d3f R14: 00007ff1639b1300 R15: 0000000000022000 [ 1073.994662] 15:48:44 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) 15:48:44 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0xd, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:48:44 executing program 7: socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) 15:48:44 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x600, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:48:55 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 19) 15:48:55 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) 15:48:55 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) r1 = accept$inet(r0, 0x0, &(0x7f0000000540)) preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001900)=""/4096, 0x1000}, {&(0x7f0000001580)=""/137, 0x89}, {&(0x7f0000001640)=""/231, 0xe7}, {&(0x7f0000001740)=""/186, 0xba}, {&(0x7f0000001800)}, {&(0x7f0000001840)=""/56, 0x38}], 0x6, 0x6, 0x8) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) preadv(r0, &(0x7f00000004c0)=[{&(0x7f0000000040)=""/229, 0xe5}, {&(0x7f0000000140)=""/163, 0xa3}, {&(0x7f0000000200)=""/141, 0x8d}, {&(0x7f00000002c0)=""/155, 0x9b}, {&(0x7f0000000380)=""/29, 0x1d}, {&(0x7f00000003c0)=""/234, 0xea}], 0x6, 0x4, 0x80000001) 15:48:55 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 22) 15:48:55 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) write$tun(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0304000008000000050003000f824d32609403dfa8a55e8067122bdce40ffcf4c1b7c8ee00076f983b42eee47d65cebe6043ffa0f8b00510b665c73ba8cb35c85d404442abb2dbf066e12de4adfab5f04dae73daf0326dc4b577ff9fa69892d97984517fbcd32cea81fb92ae45e7f9f4cddfa549011cec05f6ade7c15abce6972e200c28b778c3b24efaba730eb8d6a4cf903b08e378566062e6d3fcd9e58ca1c171e106de11e483fa94801c8ac230688b08bb70e09c3a8d0a458f8ca7fdf93a3be20b5c057883768dbbb026d04a292a9603f203af0e0a444b882a0df40243570b9631e30fc01f09976f9580bec85690e41f702c500c7f9d125faa1f241726d890b2d869a56df2210a214d1bc4385c4ed818f5698e9c04fd0de7f0459a30de0f83e5095f00d7cfbf8a84779520540c3009d4cdcd70e0b61c5f46a9c55d9ecec331620a07b096e88799af9471ff13c691e97fa68e0dfeeeede6652acab611360dc5fda5245d4d3ca9bc535d989e8a9afa6521f86d58a5d44468c049352cc9eab12b1ceb1e225aef05384bff45d66f21da3ff8e3b54174a2b9f429e193bc84af136495f9cd5b7cfb41ffbc27d48ca278f660dd8a220aab8dfc7d882d3f2c525b6625afffa5519a19adeda0a35276e346e15d050569b41d7ecdbbdd253226d8bf2fa91fa7b2de7b51092b27fa1a4a3adccb1a3b32948dc34bc3e4ae251c9c0e54319a94016dd4ce4973a7a20dd02a6b848839e38a6d11ae456cfff4f5d0f64e122c4f81f077d802bc3ed035dc5a6c309b9d5e7fcb0094075f9b89440533dbb419b9712ccd5c052cd0e80ad4a880f71dc45607268acc6b223fb6fd4cf1b7b291ca5763c07003bd8e2ba500d8f8bd4c034496a2c9dd4dcabccea4bbe82f42a89b7e5bb12e0ff875c83d108656a4c79bfb874bf52abce3ce286aa56aff86a8110c387f1a843b8e671c65089b210d8f8e7175fcc2d76fe9ffc940b0b9ff5cce6c1e7bf27bb15c47f536950ff80f36722626472845caf801c13da0105ad462fe0e5d7b74016a2ebce178cfccc8765034eafc7d8ec0e4278b2a35dcb4f0ff24d4ffd7db9e3cfc4211a67247455765caafdfcc76e03a5605e1090f5b53b9372fb4ce24a6c06a44408fe59424d228b01ac51a2079a83041859f85e34707c6fa42d15caf88a7349063dac0b311f60b1ec4c4fb3144fdd8e2581e6984cae347b4f4cd981df65508e08f2f3a5e4349d84a68b6f00edfa370582affa0c18c398cf01d93ed2b13c77cac28dd24997b5928327e4f96b4cc88307ffc80d82be59d57301b01666abfb8adff316d79b7af0454fe7185bcd89d21fec013488c550a4b6dc5ecc3a1c47f3bfa67fccd373c73fd031797fb580718e113731fb4ecca7bfdcf4245633b10d7724530e91b5bb042d85b5a19386e3037ba6ce41f6f308331c4f5a9090db89910e124bab283072677db7018d4b07678ce3c7bc71e4cbd346ec4ce84a4f7013b339c8f39fb567c22bc48f45d89a597140504c66faef5ad6362e0af4de2419eda5022c7d7f4641bd6ed722fc1158d0c397aa3e36624f09e0c76f5a4303b61d34f63df92d94f2decb2f8718555841e391ca52f39934da0de80ca433ecd1a5f04023a2e2461cf03015d005c6e694a89c489c9714647acbde58335059d2e665a03b06e3eb4fddb01ada913ef7100b0121f2bc0c6de37cc9d90b96eac5146b62316862f00e26fc4d0d7b8fa0a23668339c7e55b2204d7b4c78a05e02ee633594096d762ca0f236b947d2adb02547309e05ec35ccc9d0213b744c555add8e2022b44a7af513fa773868c958ccce60339987e2e96d2b893a3b14c48d630dacde640cef26b49edd70e1483524367d304f6ca1d48647966883abc931c33171d565b98021289066ef42c8f6d7d302a560081cc3d1b681107ee621e99f88bdd7153961565e8d7b79f2578cb63e552cd5a6fe01a2e492f9d3597bb593c4706b1a9b40a5342dfdd10747a2233340353f2f45993357f7daa6a70aa0154e64865c757b13ba7394c30fd01a9226d70f67a402362f3618c48ae46210c1b4486778c5ba366cd48301580c9a76e6707fbd40346f7b9fca632f629a0590d6e659263f187fb41fa7164daadd7ce2cb5d961065e09616483f0f5635f93490ba443bf62c832326f75704a1d7c09ccce708d6ff3caaaac4967be03e2c8ad1252f000dc97e1fa92d2c7da5cfd699139b461daeebf46da4772c83f48e7d47ebc0d8cfbdffe5012a9196832dbf5bbaaaa4fa4966cd6f48f71378fcac83acdf6eb8e645d137e4126d4600d3a664efc8ccbba71694411d3fbf645030d8d3324537ebd7135ffd1aa2052ff67e15661e5bfd630ed377bf990fa0e325aa26747e4a380236fd09697e40340d69a320fd0a07242640e1c2bd4ba94886c3f47e0b3ef1364259ac079e7ec1f715fc3c6b1ef274020713908f77ee911b028840665d645ba5cf40e4588c6174114111901a96d254e0128106fc293bf60f146cbbefa2d4cf31f7be99a5d960bfc38c7bf87a063a11390250d51ecd3523933e282959b0be45b41996c0046dda01bf0626c7e4433e3ab1cd723c7b8d7a10461150b8ec0b8206d68ee7cebe0ceee2c0ea1b25f16abb1e3a227a10a26ba00a586b2f9c6f637c258acbd07e85cc283cc717362d471788b0d9d5f15f1f29f6b27290df98c68fd20b5206e6cbeb21b41aec9dc86d1fff87c122b8dd2f48842397e2548ca842abadb4c4811ed8154af10ae506acb5db5f14e5397acb2dc4dc6c13b03c2a3d74d78e1a860a483a814b6b22ce71f81a430b86b8e38dcf1fda6cbb5478f517af210e18c5cd8dbca7650fd3092c6ba7cc7e642e7ba347f274349dbb90b9aa746997e53d795f8027df7b8285a16112ced040b2a2a4d9d42e85a90d8d72f5e2b294bcf4fa9c220ac6a94c8792ef69f002bb3aa1cd48bc9a9a168d4492398d5ed099e756ed33cb88a3cb62aaa5f9d465b8770696d90ef9a1dc8ddf13ed84f919191a7c2763efaef466b616ceeed3215fb2243e472418f271c4b76dc266d2f15d83266b63a259e5f8e5ff188d499fdfaf0e8568ad28e5a6a81495a7ef8f68921911cceb8d377381fb788b1f2d955e2978d7ba67ae665859ceca75958483e82e5df34949782e73ae1fc0ac67b8eec959c11fd0a254a04ad62d20ec8b9e8b2a871ea2c0fd7540bea4caa11f0cf50ec0746f632d054f6a0638dc613456fe0f73ec4205de40fcae667dda44fbeda2ddefae234d956691fc51afa071fa9cc72bce2835074cdb8fb3e8f73370262417cf7488e22f2db3af78fc9335ab46113b18bdf1e24079189f0d63080d8ee292eec8b37a9eeeeb30b9abcd464c9faff49ea0a50e3111a819eb561b06a84b82673fc3b10175018320b648acf20fd975834be2820159790be4ec9cd8328931d91547d425e928257769999e54275835618c82ad9fa13067fa90eaa3ff748e66d29296d25042bd4f132796ab7195fc0c1ae6bf27edb95905371de3c3e1143a4d5041cdc15aff548b4a60c238f8599f6eefc65e6b616a3959d660746ff251cce91c1e3fb977b84f7bc2c07536636771e9f993308ce1150107b5d8b2f43e9757a4767f5808f48a8907d12d55e1d7e1490809c849c68e2bd850c27ce4bc726bf7daf335f7e9ea40104f4a485238a776b6435a92ef7c38699081403bcc75468a5fdd0045f4343529a9becedd471ab0bb0a81b3805e8f825dff0876d06e330b5d7e1c1b227a3011c7dd11526acc903fef253de49fe4b2b993c409be881b427aa7b8a9160d163b4c821414b3bda2354962ccafbf2db7715174b9c20cce56cd59eccb13981c328c71f569b76e9179f99da1511c35e6801bcb695bd7cb3a9b765a760cb222e9c592593d7b8d438e41fcb652e8e1bb22a890b2b8827ae6ae132c1ef13f9e877d1ffe4b0078ceb273896a06aa766280fb9d984b80da0c675ff7f8b85ee00d0917388ea669ecbb6f543f0b4e0d51dd4a0b033027428dd241595bc99ff7a1e56fb2b713204f4ba903171d3f929f9cd45691c1226108f2e14ccf8910dd6227d5404f91afe0a7dccd868fa5d2ae12eb94340e556820872f77ffbb8bad988afff66f665e4e2da59b946f18dccfd2abcf68a8d25e486846df19fcd21eb587635f5b520c5f593b9bc2f1bd6e0117e5b0530eca4115d43d3ec28d2d42cb053d56e1bf42ade66afbf053a4f2c67a1413a68c7b1826bcd78ab30711c149f784f045ecd37375ba411d306aeef8718338685a4f82357edc47a3a2b68762301b1a3f4f94c206f2f6ce79eaddf9e4704c77436726a11b1a1aafaf8b68635f9d2788ee950148f517cdeddb08dfed33fe0b799eb46b0ae3c84f1647ff7f13d94328202f784ab21f17cc5e2f8bddc843138254232f5691bbce2e287d6999121987871f815f78a8e2964b48eab074c5a1c1f5fc785f5c116880dc82b4e1af92a64973d46a05c762038c0749f2a98f0095459d638ed192f9ceb93cec6a06066e0143c54f3bca76c2aea0bc3898889629524f1ab62c3db6a9ee317897c2dc2d032d89e34792459d6354be855afdd6ed816a746d7bb037d8a53f913d68c8eaf8da856109756181c2979d9256ceaf57c4597c9dda27641573d163582863d4d14a297713c3fde02103658f4bba28c9b7c76a450465648d0bef53efbe64584333bceac84b4d96541e8abebd5d969c951932d704c986c52a3fa1472f8523995736d09b27df7455ef9b669df4b95aa853b37cc2a21b4fde83086a05d4c7a88f16b206b476563f914562cdee0edbcc7928e6285b9592e18dc9f7b209a4802e96d9c4bcec15a9babe5b685c5538a10f72fc91ad1ee6e544c1d1cbd3016d16cc3e9c808bd059f11f2d5b30c6f2bc85cc5d2ba5af09852e7367eec8aedd546fd32d318b69d2e8eb6fe8284402f6f98fe1693fafa9b392c35c916a8dd9c161aa16a5d21d4eed4cf611f606a03e481b9ddf6b1e548f67e35230ec1130ea7b69ebeabf157e71b13b8b43618ab360c5edc2b1640fa7c30797883bb9ae432fcdb6951fe7679c44f4bd0019a2bb7ebb2201c6296048a6e8bfa1325f614ce08992e57a35215f9c2b0410fc5e870b171314bcd9c640d9c225d90cab07ecb03f1d9c0cc100fe5b0a3aeef2bd358f2e17ca60f8cb962269e4bbfb34b2cd82f87c03e8f8197b7bf4915987e8cd2bd012cb30b721727e09afa9a1f0ea11134972c663402d87b747726bb586621f05744a2c7de2192974ebba6a48cee3e040000001c282c0daae49b6c4c7c8810c4e04b767619163afb8cdddb6410b94dee7e84774557b77c612964aef325ffd06a7b69731efed5d78f4195f612de422ea59a0c799aa0cf1487a496114c290abb8a17cb697f3892c26247347ab97d40046416faf316d5f07666a74402caaf0817acfddff3ba6747c3be00dbe552dbf691a8bd9ea9423fac33f3ee24b41816e10aaa7c0e30f7827353c48d47913f5a791fb13b29c7ef8866ce54dab1223eb9cfcd0a8f81db3949ce7b6f9dab612748ff36821b28b1d7bba2f6d23d96626cf7436825911a1833ac1369eb6008537686e517f82561fb412603c450bc5407034d9c06e7702e4d954680978200b0aff2e5791a1fd887ca42242a9c1a88badc12ebf15237d8a952a9fc15e9d43c73fef106d6b728a07fc79611621924682829aa266a55f8d334093d99e1c87490f37f80e293541d879726a334cf429a79099db3187d53217a4e19e9c5682cd9595ff101e47bf2f208035556557f8ff4365fea17e70cf603e69b3b23856dee8cfaa13e9d03dc3de0c3a5bd90d182e92e1c22b0d326aa58b0"], 0x100d) 15:48:55 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0xe, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:48:55 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x700, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:48:55 executing program 7: socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) [ 1084.621173] FAULT_INJECTION: forcing a failure. [ 1084.621173] name failslab, interval 1, probability 0, space 0, times 0 [ 1084.623775] CPU: 0 PID: 9597 Comm: syz-executor.1 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1084.625976] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1084.628546] Call Trace: [ 1084.628838] FAULT_INJECTION: forcing a failure. [ 1084.628838] name failslab, interval 1, probability 0, space 0, times 0 [ 1084.629137] [ 1084.629146] dump_stack_lvl+0x8b/0xb3 [ 1084.631697] should_fail.cold+0x5/0xa [ 1084.632578] ? create_object.isra.0+0x3a/0xa20 [ 1084.633626] should_failslab+0x5/0x10 [ 1084.634497] kmem_cache_alloc+0x5b/0x480 [ 1084.635429] create_object.isra.0+0x3a/0xa20 [ 1084.636428] ? kasan_unpoison+0x23/0x50 [ 1084.637335] kmem_cache_alloc+0x239/0x480 [ 1084.638273] vm_area_dup+0x7f/0x220 [ 1084.639096] ? stack_trace_save+0x8c/0xc0 [ 1084.640022] ? filter_irq_stacks+0x90/0x90 [ 1084.640965] ? __stack_depot_save+0x35/0x450 [ 1084.641971] ? rcu_read_lock_sched_held+0xd/0x70 [ 1084.643020] ? lock_acquire+0x41c/0x4d0 [ 1084.643899] ? rcu_read_lock_sched_held+0xd/0x70 [ 1084.644945] ? lock_release+0x505/0x6f0 [ 1084.645836] ? unwind_next_frame+0xc8b/0x2250 [ 1084.646826] ? __is_insn_slot_addr+0x122/0x250 [ 1084.647843] ? vm_area_alloc+0xf0/0xf0 [ 1084.648708] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1084.649831] ? mas_is_span_wr+0x14f/0x260 [ 1084.650755] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1084.651971] ? mas_wr_walk+0x842/0xbd0 [ 1084.652843] __split_vma+0xa2/0x540 [ 1084.653653] ? mas_destroy+0x391/0x8d0 [ 1084.654508] do_mas_align_munmap.constprop.0+0x25e/0xc00 [ 1084.655702] ? __split_vma+0x540/0x540 [ 1084.656567] ? mas_walk+0x48a/0x670 [ 1084.657363] ? mas_find+0x203/0xdd0 [ 1084.658225] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1084.659421] ? get_old_pud+0xc9/0x3a0 [ 1084.660253] ? alloc_new_pud.constprop.0+0x202/0x310 [ 1084.661363] ? move_page_tables+0xb06/0x1e70 [ 1084.662339] do_mas_munmap+0x1ed/0x2c0 [ 1084.663192] do_munmap+0xc3/0x100 [ 1084.663949] ? vm_brk+0x20/0x20 [ 1084.664677] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1084.665772] move_vma.constprop.0+0x887/0xf40 [ 1084.666759] ? move_page_tables+0x1e70/0x1e70 [ 1084.667738] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1084.668826] ? cap_mmap_addr+0x50/0x300 [ 1084.669718] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1084.670923] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1084.672127] ? security_mmap_addr+0x79/0xa0 [ 1084.673071] __do_sys_mremap+0x78f/0x14f0 [ 1084.673997] ? move_vma.constprop.0+0xf40/0xf40 [ 1084.675014] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1084.676221] ? fput+0x2a/0x50 [ 1084.676914] ? ksys_write+0x1a5/0x250 [ 1084.677766] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1084.678854] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1084.680012] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1084.681132] do_syscall_64+0x3b/0x90 [ 1084.681952] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1084.683072] RIP: 0033:0x7ff16643bb19 [ 1084.683891] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1084.687868] RSP: 002b:00007ff1639b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1084.689506] RAX: ffffffffffffffda RBX: 00007ff16654ef60 RCX: 00007ff16643bb19 [ 1084.691057] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1084.692600] RBP: 00007ff1639b11d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1084.694151] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1084.695680] R13: 00007fffc2898d3f R14: 00007ff1639b1300 R15: 0000000000022000 [ 1084.697226] [ 1084.697739] CPU: 1 PID: 9601 Comm: syz-executor.4 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1084.699645] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1084.702533] Call Trace: [ 1084.703166] [ 1084.703712] dump_stack_lvl+0x8b/0xb3 [ 1084.703814] loop5: detected capacity change from 0 to 260 [ 1084.704660] should_fail.cold+0x5/0xa [ 1084.706563] ? anon_vma_clone+0xd3/0x560 [ 1084.707175] should_failslab+0x5/0x10 [ 1084.707725] kmem_cache_alloc+0x5b/0x480 [ 1084.708328] anon_vma_clone+0xd3/0x560 [ 1084.708914] copy_vma+0x3e0/0x750 [ 1084.709436] ? __install_special_mapping+0x370/0x370 [ 1084.710192] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1084.710932] move_vma.constprop.0+0x6a9/0xf40 [ 1084.711611] ? move_page_tables+0x1e70/0x1e70 [ 1084.712280] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1084.713008] ? cap_mmap_addr+0x50/0x300 [ 1084.713597] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1084.714407] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1084.715210] ? security_mmap_addr+0x79/0xa0 [ 1084.715843] __do_sys_mremap+0x78f/0x14f0 [ 1084.716457] ? move_vma.constprop.0+0xf40/0xf40 [ 1084.717142] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1084.717963] ? fput+0x2a/0x50 [ 1084.718358] ? ksys_write+0x1a5/0x250 [ 1084.718755] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1084.719262] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1084.719820] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1084.720348] do_syscall_64+0x3b/0x90 [ 1084.720740] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1084.721274] RIP: 0033:0x7fe3cdd6fb19 [ 1084.721657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1084.723521] RSP: 002b:00007fe3cb2e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1084.724298] RAX: ffffffffffffffda RBX: 00007fe3cde82f60 RCX: 00007fe3cdd6fb19 [ 1084.725019] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1084.725760] RBP: 00007fe3cb2e51d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1084.726489] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1084.727215] R13: 00007fffdf0ea1bf R14: 00007fe3cb2e5300 R15: 0000000000022000 [ 1084.727945] 15:48:55 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x900, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 1084.749561] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:48:55 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 23) 15:48:55 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0xf, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) [ 1084.808916] FAULT_INJECTION: forcing a failure. [ 1084.808916] name failslab, interval 1, probability 0, space 0, times 0 [ 1084.810231] CPU: 1 PID: 9620 Comm: syz-executor.1 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1084.811231] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1084.812409] Call Trace: [ 1084.812671] [ 1084.812903] dump_stack_lvl+0x8b/0xb3 [ 1084.813316] should_fail.cold+0x5/0xa [ 1084.813730] ? anon_vma_clone+0xd3/0x560 [ 1084.814157] should_failslab+0x5/0x10 [ 1084.814548] kmem_cache_alloc+0x5b/0x480 [ 1084.814974] anon_vma_clone+0xd3/0x560 [ 1084.815385] __split_vma+0x16d/0x540 [ 1084.815776] ? mas_destroy+0x391/0x8d0 [ 1084.816179] do_mas_align_munmap.constprop.0+0x25e/0xc00 [ 1084.816747] ? __split_vma+0x540/0x540 [ 1084.817152] ? mas_walk+0x48a/0x670 [ 1084.817528] ? mas_find+0x203/0xdd0 [ 1084.817913] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1084.818484] ? get_old_pud+0xc9/0x3a0 [ 1084.818875] ? alloc_new_pud.constprop.0+0x202/0x310 [ 1084.819394] ? move_page_tables+0xb06/0x1e70 [ 1084.819848] do_mas_munmap+0x1ed/0x2c0 [ 1084.820256] do_munmap+0xc3/0x100 [ 1084.820622] ? vm_brk+0x20/0x20 [ 1084.820966] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1084.821477] move_vma.constprop.0+0x887/0xf40 [ 1084.821962] ? move_page_tables+0x1e70/0x1e70 [ 1084.822419] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1084.822930] ? cap_mmap_addr+0x50/0x300 [ 1084.823345] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1084.823909] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1084.824473] ? security_mmap_addr+0x79/0xa0 [ 1084.824923] __do_sys_mremap+0x78f/0x14f0 [ 1084.825351] ? move_vma.constprop.0+0xf40/0xf40 [ 1084.825843] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1084.826411] ? fput+0x2a/0x50 [ 1084.826734] ? ksys_write+0x1a5/0x250 [ 1084.827131] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1084.827642] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1084.828201] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1084.828726] do_syscall_64+0x3b/0x90 [ 1084.829111] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1084.829635] RIP: 0033:0x7ff16643bb19 [ 1084.830026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1084.831899] RSP: 002b:00007ff1639b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1084.832673] RAX: ffffffffffffffda RBX: 00007ff16654ef60 RCX: 00007ff16643bb19 [ 1084.833397] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1084.834131] RBP: 00007ff1639b11d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1084.834873] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1084.835602] R13: 00007fffc2898d3f R14: 00007ff1639b1300 R15: 0000000000022000 [ 1084.836341] [ 1084.845303] loop5: detected capacity change from 0 to 260 [ 1084.849883] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:49:04 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, 0x0) 15:49:04 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0xfffffffe, 0x4, 0xfffffffe, 0x2f5}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x4000000000003, 0x1, &(0x7f0000000200)=[{&(0x7f00000000c0)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}], 0x2810000, &(0x7f0000000240)=ANY=[]) r2 = openat(r1, &(0x7f0000000040)='./file0\x00', 0x101200, 0x100) chdir(&(0x7f0000000140)='./file0\x00') syz_io_uring_setup(0x4eff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @private1}}, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000240)=@IORING_OP_OPENAT={0x12, 0x3, 0x0, r2, 0x0, &(0x7f0000000080)='./file0\x00', 0x185, 0x40840, 0x23456}, 0x87) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB="0078fd45b277059f5498bd6b415ec3ae410000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009d2ce40d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000002000000000000000008000000ab6914741d631841a6b4b888a25873feaf179ca4f405990d2b50b3b38c536de09c1faa7d6530d25a693c3f5dc97c494c7d7daff11ae68b6e5e92a0ef2c54166e7a61a23355e2eca9f0539ef7c623c68781d0d51423cf9e20d047cff3eafab98405b6ac236326f3ddc99c07fe5154f2ade5ab8565612cfda6010835ab8f16dc9b94bffd175f72907c790bfa45b3f16fc96148d8b86f04f60f2b8de66dc375d96a43667c7c4b64242d5b9aff24bfcfda33f5d3d365afad58d6b96aedcc48c0a2cd271d1e412c6378a8812a44b3a84817ea8034b90000000000000000"], 0x120) write$binfmt_aout(r7, &(0x7f0000000080)=ANY=[], 0x220) sendfile(r7, r6, 0x0, 0xfffffdef) r8 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r8, &(0x7f0000000140)={0x37}, 0x14) pwrite64(r8, &(0x7f0000001040)="c3308b6f1ae2d28df151275ca00a49cc38c8d74abdf089e46fe10d66273a539e797e763a0516f9aab049936c31c913c5558d8c84fab51f8b1f6e4bbb11b2067c7dae65fd0a00e72ecad7a926fb5fc8cc72a38f39ad42827ba7bc714924adfa286311be0593b443e5d4a324033fe56a7fef7d43eec5a31e7ef0182a993662732a4bac9b285e1446946f5ded0af019da0cda3b5d56405e915cdd358129d729f1b61722fd436448d9b015638cedc28d325803ad9e0e9ab4028ac62f70cd20d5425d465de711610ad5435757ec3ad6ef270710bc5f09120cdbf8761db18d51f4254a18661359001f112217ed84f72e3f7153b9d68d6d40f69081b28a3a534fca3990ae9fd8e15cee74ee29b5a675a1388d5537df95cce93dc3abf0340fffa8d668fc9ff53137e361c7c1b3813c8d732c7001b1c3bc809224253c96a2ae35cd5a03db1a8c19b13d89e1b23f74f0ec9dd2dd034fda38a214da2f4367772b6a7ab2b874362df016b1ed263c5462738c37cccb8bc15bb28ce16b76cfe1279c8b37139d4099249850a97485e9d7ac4e38403d85014262ec3ed74dfdaeb65bf4906f32a404b5f97988908a564a1eb22768317a4ee42ebbc467db59894e4d9d3bd0bdedbac7801a97ed5fe8cb2bb12bc5398306a4709e76b7997b88917dd741a697041d3b3fb400d0768840c7df57d561f50c8c336a42074df3e32fcc2cc4d9141edbb54578dc912175ecab40e2a721bd87bab0be7f8cbcc1421135e39dab7bba9d2c8eede28e2a2ac1e8d1d0549281c0e0b5435219a10f0dca5be3482b6c959089c02fc50c2e8c8bf56316b98e0cdbaa09cbcab97dea698a3cb55026d77d6720349dc3bea034db495284e66821958fd3cc74c37ff03c0d78ad073bd1961d61c89bc78b6b440a3896b8a3db1526197593cd544ad9f3ce26a99205c900a55722685feb46b902b0a860f73ebf7bc8855f81f0ef38ff16a7453227ca1305fd078ffc4c152ba3b2f5edc1571c1f3f5ef271a07ab6286caa45c3085c907d67bb44dcc5fb9bf630ef1c3a9f16adc21d00dac44b97b1df2a157b125610d5199ca515d9ff381ffe424b8c3f4ab23bbce0e19051c6d6ab0e0d48267b9fbb29ee36061118eedd5cfd0d04dd73cd234ce7793af498b6918d5495fd9fed343dcec3ca4772430f12d4db8e6a7fb4690eea6c066018f18cbec832827fe3bbfacbecf4976c18462ffad3045b671cc34be72a293f508d24ddc26d2b19f67fcaa7338f48925855a48e7ba2ddc01ee66e455c0fcefc851859ef3cc7388c1c07c6b828ddc817acc9c7ab61285826f37fe7d7e61ce77b3f19480f0631c84a09dde94a74d26e02e33fb1c9fca2a8ac3544985be414f14f5a5f7b1c3318e1b6650da879a3c392ee21858efdd88e546906cede13b2d116663f689215063920f8735209787763ab70d35cce55bbca56e3e00ff49ae79b2b64ba583c4130b36de2710751a7260cc50b2d7ecc2284c466d68d62be68fea4f51ae832d75271e4006dac7b940c49acde64517b9b30bbafc8934afe6f64bc7e96a3211cd4391c9e0846d071cda84d3db699cb392c1068740eab5e100430e7772dd63f8dd5cee9ab9283e724de055c1d0ec7ebcc47c10a505a0da720aa8c9004609d24da168444bef4f7622ef439a14058f9691aa8e3b06b8d45baa992bc1c3f9656238774d1762be1d5115d0a238c3743bef9a73a7cadcaf0697fe5273bcf5b3a8f9772137d3ebf2199e943bc46621fe6886dbc2816e3be8425c19da3601d7ed9b90796195c52226847372c7770197bd1bbbe61d0f2014df323a81bb200b736de73f632debe44f3c96c8b25411b65faa1286b4a5488575c5720d85fc8a9c3454b23fe9f1f47d8ac30101b506a1af97c0bb05fc5f7d3ee6815f08ae61aaab90cc9df3f16c632e19adade0f5c547f39d61a3bb8fb1b0d581ae154d310bc80e30a1e982a1cff03bb778156d1dab0c05ad6ae33e8587cb32ae6b997605af20252439648bc8382d94f5ee658ac9554e85b54cea70f68e92859204d5f77179702230d46b8125ba767abe2ed0c2876a45ea910d6026f6ab66ea47a8648f2d4a8f14eb677934b1d84fce9d8e3e6e9498d5acb17ee92e53c008f201c80407f57891956311b6ba0c7ab64de1c4ba02d8756cc3ee5968583cf417b85aa495bc71f035e8d00f611d50771d624ca97fd00916527d22539c1b3a7fcda61ed9fffb12381252f574afb88e66688a13813bc2d80d86b6c56346ca98c9cf7d52d1536dff9641dec0fe34a18f2dafd0c0e608843935f920d647d9d3b0e6b81fd377ebaed03f73c1b653bd594f53d4cc1c6fd525b24b7e38ca8164b17f63e84c7224d0eb98f42ae654ff09665c0aaee972b546512f5663bae30a7e8c357b33e8817f230561bf91166f2f8f0c4e3a205c662661dd044bfe540daa711f13f6b10dbb98d4c1d2da78bd6d6e7169045389f1a37fe6d6cd0da040e5c7d625f93de8e4d44e68b0694d51d5e2bb5136dfbc0444e1413e26e74912a59ae2b858648aa5bd06b61064ac044730bd43cba0cf7a0b7a666805ab9d2429095d0bfefb810831fa0143317e228cd35830db5d033c7243b9a838689426e6ae44516dfb8b8b0fd4a47255ed459d1e1f6e945103c03c2e9ef1a3e754d62576a7d98becba2ace9e4dc4bff3209a4f69416c8ecd873d019cdb075c7a409e02f1f5c37bc8da620e87e94a818e6d5b123cd7b29d7cb14eb363d1730f832695f23aa3c2b70004f5c5d939856ac1cde4c2d9f2047780fe6fe8a8a95d862f6018daa9b33e8812db0ebe0f0fb20a8b7392d8dc4a3ef5e73d22ef14327875c105f26cdee01618409d06e0cf86386d3ce5fc85ed32c48a5a439e6e26d2dec339c92205b7c31722dd3c47c56241a659b738afa0677b5389f663ee02db0563ebe788a7dee1eed83e2d7ac24c36545322daf722e61c390460d630b0c3d0d6cf884fa1c617082994d71a09a0c345744571ac306e1cb87c01561817f7f6315db6792c68b5cb09d1fdb80ca930b443e6f99639a3c6c66b5f77d8fd0a0a91ebf08a6e3fd339b0a1d673b01ad8c1bccf32e9d15c6552d62544fb382b8168d87711fcdbcd414568a8f3ad25e4375a1882d1344462f1263c341974c0ebb1941375b9fa7b7356071abbfad84c5164af5690c88cc571de30585e7b6992357c2a5282cb2c21dfa125de571504b05aa8ac86c750b49d46bc9ef697c5351521b6f9118fb908fda38e1542e9a815cf08d68919a20f545df64f2ae1a6de3236a1e97a81e5ceb7dcbb844cfb9ebb78fdfb1587d4b3d8b10cc0a95b7247af5c36bf868f15d62807c319b1c420966d2edc46fc39eebcb5ab0de0f01b0378ee1c402840d96cd79a5596afd327a72f6e06e40e607c82abfe547c899114ba023a9f4183ad78aacfce4d519bd530eaff64bc73d7f89b02c3d601dd9fae05b683fa074f0d2e15440088db2239e09c497469a65923a70c68ad2b8452c902ee63880797fe29a46388a774751b9949169ce41d95517b168022613a69fd9c0d95606c188995d38e664c21a814f7160fe1225e21e7326c977aa24bdd5caa9f3ac362b619a28171995c00684a6047c3dcbed9aa5a7c451a277cd24b1513dacb8850ff44ee2fa6bd78bf31c2ff9583ce1f29d4a4e5564511b0977991a7c933404e6d2935cdb1603b1df4ac173c5e8202b3162a526db79cd3c6675eac0e8534b90637b1535ae7892fd56a50c19b88d4d712f5d2d68000f98c60064bae8de40cdf4f739f1272e80d57ec7357880fda3bf5216ff6a8da78bccc45f9af0f22f12858becb4d23f3d592b488cc6bd9935e517f65b50dd018c12158bdf15ab855fa8762a7fd54b585cfbe712bad4dc66394b0cb7ecde84585cf94a76a68b76f910abebf600f81fc5be6925b85a87c22fb9899d0d5be3736dfd8947ea54b357f0b79616c78e60677595a02c3c57fe1b438b919ebd4937c56533f86b8dbb1eee19c8ed338ea08e2e31f2b6806be3ae28c45808720c2a30cfa2d3a710b6ccf5ffa4fc50761fe6778401e779bc13c132a44bdc9a8d4762cb44e4a8e0c18d7a4cc0cdbc9954ea1b9adef9772e953ccd7f707b50c38c2de5921697919f05fa8ff0c6025f98f13f2049ca108b6b2d306f1fc0a566a9f912c3b124a9b70e312efc13730490caae550a3a7a5f51128335b6bcfc706f60aea2cef51ba52d01c8eee77792174a14f418a692debfc68e962221ad8e50dfc9a5a8a4f2cb2cc69de2efdbe493c2ad01e41d038c012d4c7534210052885bcf2a683e05afef6b8dfce8ae6887c4224c92847d68c32314e1ed5b283e94bbe5a3db351f8b25a701da28da9c03e1d0d389b721cda481b83ee41593b2c54695366b8281c5f86ecf08870967e86d0ac1cf6431c94c6230f2573c31e0f71a8e0f81f36db174320c59a2740d4333bde5ef7915868d3a7e8d2ddf0cc0fa574e80d066d138d71fd7b54086bdc9d00c0af130c2b8fc7b113cdae1f892fd7691eeab20c05a9b79e3dc6a982075dc8637a808393d389aaee0e5570effc0bac01178be8638edb1f5dfb8af6055d91e4feaaaa17de5c4baf1121de42aca1dbfff1f94f3914ba597852475d3fadfce5f559786db966d91acbe9de29619f9ac9c1ca925546491666d54fb1d6e1aa8b8193a94bbf144b86d55b555f3d8ef2cc4b94475752620fa086488e0ce46c5af26f6793b3ee9191a8e1905b5f5d77d03fdc23b9470e0470a1e966f0eab28d914382f8c393e3b40a6e1567881bd18348e72adc1c26f2f397b58013e2430d69defe1831b34aa727fc71809343fd49a81ef43a14a9a32d9297a0ab444d77143f360d8784db5753d9a995304c778ae06e6323c3d34b3bb32b688cb2b08a6410c7db4a0a3b34287ed4f1d11d1bb605b616b7f9931ef47694c5316d8c6e211ac293cb7e081483a5d398c42d2419b117996a8d8846e5b1c691b1ccda950e8d7a4337cbc6923ba8e0f5bf5f0e396d6a56e40e4864afb8fc4b74781fc168bbf824e0640d108deca19bc9858f55b14c25e3597cd6bbb3c4ef051b862b4181cf7844a0e7d1c2d8da72bed073e6b0efd7c2f72ac058c3ebd199ae8cd3af9e433c2aaa7c00344a1dfb1167804a2f50b03b4729bad5626896d508d8bc7960fd04a957d31ac84c28b5a5b2a493452850edd7fa7e853ea7fdd3cac59c9665722a34d29c0657c9c5c181d3d4e7b03adb2322c81e8582982d8766b2b13fb0a73051cd5c9c0e67d0e6d3ca426a2be7d011aba94786ad63463b9e5819bcdd0976f438ac345ed6cb504e08ddc64ad2c59c6689c6500609fd9084977dbd896bb2ea05d7ba96072c6ba1d66a2547b650e99ddd5c9246125b2862c0ebadfb5a83a301c508c5c7ab30f06605962d03338cdf184b997c56ba4da5c06008cc8f043d742d145a651f47a0e96eda68a0a26f991ce9e266f0a2e156875d99bdb2cac3c1f7e52e3029421f2036d8cd4eb9455a0767e3acba5a3d1a441c1bab0e1bd88d66add95086260fed1e0b6550e40c3010c7ed07f0465859f895521d9497bcfd0d1506a2f5aea97bd4deeae0211765677eb43e381e53ca9031e97e37f991e53b2ae2ec30dcc49a13a2c10323ebb0702a46a4e3cb0555c945687d81b0c801afe6695d1f7f85a1cf9b9a8407423443c01b5463f4f5f874cbf021a87eda44781d776978655d4d01de03c72a49239e0c1c5914dd356c8f46243210e78adec59a3d7083698c422a900d2cba3312f3accb26d223c968a4d2d2147bdd6157b85fa8a51189c8420075c8079d618cd1613e781d4024d7d6485a38641626e11", 0xfff, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:49:04 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 24) 15:49:04 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) r1 = pidfd_getfd(r0, r0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000040)={0x0, 0x0}) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r3, &(0x7f0000000140)={0x37}, 0x14) openat$incfs(r3, &(0x7f0000000100)='.log\x00', 0x10001, 0x100) syz_io_uring_setup(0x4eff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_submit(r4, r5, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @private1}}, 0x0) socketpair(0x27, 0x0, 0x1, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(0x0, r5, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x1, 0x0, r7, 0x0, &(0x7f00000001c0)="fb1fa0baee80590dbaa9e1ac9e3a7aa7992bfdb32b7b5c55d97653dd9a07f18fb4b64056d3b541077b3c788bc2251bc1bed69b1c2eeeae19db99838f1b6930e521cecff4ab7e179833bcdf5bcc15c98cffd72e932c80a0775852558bd74370bf165ce73d0c53461f3b78cc4aef595f0a352694d475d755119b6930d137d745d8d4f19525bf5f4dd76b2af51f30f24e0567a21e34227469a6008b64b0492ee47e495730f3ec0567518ee9d2f345ea0703a16e781278cbb15265e983aec05a578444fa9dd6204f8509c4414a1d45e4b875645f3d72a28aee4b0e18ac3a42db64510a584375c9813ac986dbc831c3f53eecc2", 0xf1, 0x1, 0x1}, 0x400) r8 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r8, &(0x7f0000000140)={0x37}, 0x14) ioctl$FAT_IOCTL_SET_ATTRIBUTES(r8, 0x40047211, &(0x7f00000000c0)=0x1) fcntl$setown(r1, 0x8, r2) ioctl$CDROMMULTISESSION(r1, 0x5312, 0x0) fsync(r0) 15:49:04 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 20) 15:49:04 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) 15:49:04 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x10, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:49:04 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0xf00, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 1094.286221] loop5: detected capacity change from 0 to 260 [ 1094.295510] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) [ 1094.298630] FAULT_INJECTION: forcing a failure. [ 1094.298630] name failslab, interval 1, probability 0, space 0, times 0 [ 1094.299946] CPU: 0 PID: 9640 Comm: syz-executor.4 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1094.300959] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1094.302169] Call Trace: [ 1094.302442] [ 1094.302676] dump_stack_lvl+0x8b/0xb3 [ 1094.303101] should_fail.cold+0x5/0xa [ 1094.303507] ? lock_downgrade+0x6d0/0x6d0 [ 1094.303950] ? create_object.isra.0+0x3a/0xa20 [ 1094.304435] should_failslab+0x5/0x10 [ 1094.304838] kmem_cache_alloc+0x5b/0x480 [ 1094.305276] create_object.isra.0+0x3a/0xa20 [ 1094.305757] ? kasan_unpoison+0x23/0x50 [ 1094.306197] kmem_cache_alloc+0x239/0x480 [ 1094.306644] anon_vma_clone+0xd3/0x560 [ 1094.307074] copy_vma+0x3e0/0x750 [ 1094.307441] ? __install_special_mapping+0x370/0x370 [ 1094.307982] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1094.308508] move_vma.constprop.0+0x6a9/0xf40 [ 1094.308998] ? move_page_tables+0x1e70/0x1e70 [ 1094.309481] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1094.310448] ? cap_mmap_addr+0x50/0x300 [ 1094.310890] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1094.311488] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1094.311917] FAULT_INJECTION: forcing a failure. [ 1094.311917] name failslab, interval 1, probability 0, space 0, times 0 [ 1094.312089] ? security_mmap_addr+0x79/0xa0 [ 1094.314789] __do_sys_mremap+0x78f/0x14f0 [ 1094.315241] ? move_vma.constprop.0+0xf40/0xf40 [ 1094.315756] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1094.316356] ? fput+0x2a/0x50 [ 1094.316699] ? ksys_write+0x1a5/0x250 [ 1094.317119] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1094.317660] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1094.318253] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1094.318818] do_syscall_64+0x3b/0x90 [ 1094.319227] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1094.319790] RIP: 0033:0x7fe3cdd6fb19 [ 1094.320192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1094.322196] RSP: 002b:00007fe3cb2e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1094.322993] RAX: ffffffffffffffda RBX: 00007fe3cde82f60 RCX: 00007fe3cdd6fb19 [ 1094.323768] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1094.324533] RBP: 00007fe3cb2e51d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1094.325300] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1094.326087] R13: 00007fffdf0ea1bf R14: 00007fe3cb2e5300 R15: 0000000000022000 [ 1094.326867] [ 1094.327126] CPU: 1 PID: 9645 Comm: syz-executor.1 Tainted: G B 5.17.0-rc5-next-20220225 #1 15:49:04 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x57a1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x19b}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) [ 1094.329278] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1094.331728] Call Trace: [ 1094.332236] [ 1094.332678] dump_stack_lvl+0x8b/0xb3 [ 1094.333451] should_fail.cold+0x5/0xa [ 1094.334222] ? anon_vma_clone+0xd3/0x560 [ 1094.335045] ? create_object.isra.0+0x3a/0xa20 [ 1094.335966] should_failslab+0x5/0x10 [ 1094.336717] kmem_cache_alloc+0x5b/0x480 [ 1094.337526] create_object.isra.0+0x3a/0xa20 [ 1094.338433] ? kasan_unpoison+0x23/0x50 [ 1094.339238] kmem_cache_alloc+0x239/0x480 [ 1094.340076] anon_vma_clone+0xd3/0x560 [ 1094.340859] __split_vma+0x16d/0x540 [ 1094.341593] ? mas_destroy+0x391/0x8d0 [ 1094.342376] do_mas_align_munmap.constprop.0+0x25e/0xc00 [ 1094.343451] ? __split_vma+0x540/0x540 15:49:04 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x11, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) [ 1094.344231] ? mas_walk+0x48a/0x670 [ 1094.345061] ? mas_find+0x203/0xdd0 [ 1094.345774] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1094.346895] ? get_old_pud+0xc9/0x3a0 [ 1094.347655] ? alloc_new_pud.constprop.0+0x202/0x310 [ 1094.348665] ? move_page_tables+0xb06/0x1e70 [ 1094.349551] do_mas_munmap+0x1ed/0x2c0 [ 1094.350334] do_munmap+0xc3/0x100 [ 1094.351030] ? vm_brk+0x20/0x20 [ 1094.351696] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1094.352693] move_vma.constprop.0+0x887/0xf40 [ 1094.353597] ? move_page_tables+0x1e70/0x1e70 [ 1094.354493] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1094.355491] ? cap_mmap_addr+0x50/0x300 [ 1094.356291] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1094.357387] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1094.358496] ? security_mmap_addr+0x79/0xa0 [ 1094.359356] __do_sys_mremap+0x78f/0x14f0 [ 1094.360190] ? move_vma.constprop.0+0xf40/0xf40 [ 1094.361129] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1094.362231] ? fput+0x2a/0x50 [ 1094.362862] ? ksys_write+0x1a5/0x250 [ 1094.363622] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 15:49:04 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, 0x0) [ 1094.364615] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1094.365873] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1094.366905] do_syscall_64+0x3b/0x90 [ 1094.367655] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1094.368678] RIP: 0033:0x7ff16643bb19 [ 1094.369409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1094.373084] RSP: 002b:00007ff1639b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1094.374595] RAX: ffffffffffffffda RBX: 00007ff16654ef60 RCX: 00007ff16643bb19 [ 1094.376003] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1094.377403] RBP: 00007ff1639b11d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1094.378837] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1094.380249] R13: 00007fffc2898d3f R14: 00007ff1639b1300 R15: 0000000000022000 [ 1094.381666] 15:49:04 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x300, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 1094.439887] loop5: detected capacity change from 0 to 260 [ 1094.491212] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:49:04 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, 0x0) [ 1094.508596] FAULT_INJECTION: forcing a failure. [ 1094.508596] name failslab, interval 1, probability 0, space 0, times 0 [ 1094.510852] CPU: 1 PID: 9665 Comm: syz-executor.4 Tainted: G B 5.17.0-rc5-next-20220225 #1 15:49:05 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 21) 15:49:05 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x7501, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 1094.512738] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1094.515398] Call Trace: [ 1094.516026] [ 1094.516569] dump_stack_lvl+0x8b/0xb3 [ 1094.517498] should_fail.cold+0x5/0xa [ 1094.518357] ? vm_area_dup+0x7f/0x220 [ 1094.519196] should_failslab+0x5/0x10 [ 1094.520016] kmem_cache_alloc+0x5b/0x480 [ 1094.520980] ? arch_stack_walk+0x99/0xf0 [ 1094.521893] vm_area_dup+0x7f/0x220 [ 1094.522624] ? stack_trace_save+0x8c/0xc0 [ 1094.523454] ? filter_irq_stacks+0x90/0x90 [ 1094.524398] ? __stack_depot_save+0x35/0x450 [ 1094.525458] ? rcu_read_lock_sched_held+0xd/0x70 [ 1094.526489] ? lock_acquire+0x41c/0x4d0 [ 1094.527519] ? rcu_read_lock_sched_held+0xd/0x70 [ 1094.528589] ? lock_release+0x505/0x6f0 [ 1094.529562] ? unwind_next_frame+0xc8b/0x2250 [ 1094.530715] ? __is_insn_slot_addr+0x122/0x250 [ 1094.531840] ? vm_area_alloc+0xf0/0xf0 [ 1094.532780] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1094.533997] ? mas_is_span_wr+0x14f/0x260 [ 1094.534936] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1094.536239] ? mas_wr_walk+0x842/0xbd0 [ 1094.537146] __split_vma+0xa2/0x540 [ 1094.538036] ? mas_destroy+0x391/0x8d0 [ 1094.538923] do_mas_align_munmap.constprop.0+0x25e/0xc00 [ 1094.540025] ? __split_vma+0x540/0x540 [ 1094.540971] ? mas_walk+0x48a/0x670 [ 1094.541740] ? mas_find+0x203/0xdd0 [ 1094.542644] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1094.543952] ? get_old_pud+0xc9/0x3a0 [ 1094.544828] ? alloc_new_pud.constprop.0+0x202/0x310 [ 1094.546079] ? move_page_tables+0xb06/0x1e70 [ 1094.547141] do_mas_munmap+0x1ed/0x2c0 [ 1094.548039] do_munmap+0xc3/0x100 [ 1094.548912] ? vm_brk+0x20/0x20 [ 1094.549692] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1094.550910] move_vma.constprop.0+0x887/0xf40 [ 1094.551892] ? move_page_tables+0x1e70/0x1e70 [ 1094.552961] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1094.554123] ? cap_mmap_addr+0x50/0x300 [ 1094.554970] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1094.556275] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1094.557532] ? security_mmap_addr+0x79/0xa0 [ 1094.558551] __do_sys_mremap+0x78f/0x14f0 [ 1094.559514] ? move_vma.constprop.0+0xf40/0xf40 [ 1094.560529] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1094.561888] ? fput+0x2a/0x50 [ 1094.562684] ? ksys_write+0x1a5/0x250 [ 1094.563523] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1094.564690] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1094.565920] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1094.567181] do_syscall_64+0x3b/0x90 [ 1094.568008] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1094.569259] RIP: 0033:0x7fe3cdd6fb19 [ 1094.570096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1094.574299] RSP: 002b:00007fe3cb2e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1094.576381] RAX: ffffffffffffffda RBX: 00007fe3cde82f60 RCX: 00007fe3cdd6fb19 [ 1094.578415] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1094.580314] RBP: 00007fe3cb2e51d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1094.582351] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1094.584347] R13: 00007fffdf0ea1bf R14: 00007fe3cb2e5300 R15: 0000000000022000 [ 1094.586355] 15:49:05 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 25) [ 1094.659218] FAULT_INJECTION: forcing a failure. [ 1094.659218] name failslab, interval 1, probability 0, space 0, times 0 [ 1094.661650] CPU: 0 PID: 9675 Comm: syz-executor.1 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1094.663687] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1094.665959] Call Trace: [ 1094.666468] [ 1094.666912] dump_stack_lvl+0x8b/0xb3 [ 1094.667687] should_fail.cold+0x5/0xa [ 1094.668461] ? mas_alloc_nodes+0x2f4/0x600 [ 1094.669326] should_failslab+0x5/0x10 [ 1094.670097] kmem_cache_alloc+0x5b/0x480 [ 1094.670917] mas_alloc_nodes+0x2f4/0x600 [ 1094.671738] mas_node_count+0x101/0x130 [ 1094.672540] mas_root_expand.isra.0+0xe5/0xa60 [ 1094.673441] mas_wr_store_entry.isra.0+0x33c/0x10e0 [ 1094.674476] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1094.675548] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1094.676642] mas_store_gfp+0xca/0x1f0 [ 1094.677383] ? mtree_store+0x30/0x30 [ 1094.678152] do_mas_align_munmap.constprop.0+0x487/0xc00 [ 1094.679247] ? __split_vma+0x540/0x540 [ 1094.680044] ? mas_walk+0x48a/0x670 [ 1094.680772] ? mas_find+0x203/0xdd0 [ 1094.681501] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1094.682613] ? get_old_pud+0xc9/0x3a0 [ 1094.683370] ? alloc_new_pud.constprop.0+0x202/0x310 [ 1094.684394] ? move_page_tables+0xb06/0x1e70 [ 1094.685286] do_mas_munmap+0x1ed/0x2c0 [ 1094.686086] do_munmap+0xc3/0x100 [ 1094.686793] ? vm_brk+0x20/0x20 [ 1094.687453] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1094.688457] move_vma.constprop.0+0x887/0xf40 [ 1094.689379] ? move_page_tables+0x1e70/0x1e70 [ 1094.690298] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1094.691320] ? cap_mmap_addr+0x50/0x300 [ 1094.692127] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1094.693240] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1094.694349] ? security_mmap_addr+0x79/0xa0 [ 1094.695209] __do_sys_mremap+0x78f/0x14f0 [ 1094.696049] ? move_vma.constprop.0+0xf40/0xf40 [ 1094.697000] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1094.698117] ? fput+0x2a/0x50 [ 1094.698749] ? ksys_write+0x1a5/0x250 [ 1094.699520] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1094.700636] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1094.702001] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1094.703042] do_syscall_64+0x3b/0x90 [ 1094.703794] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1094.704822] RIP: 0033:0x7ff16643bb19 [ 1094.705558] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1094.709229] RSP: 002b:00007ff1639b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1094.710778] RAX: ffffffffffffffda RBX: 00007ff16654ef60 RCX: 00007ff16643bb19 [ 1094.712183] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1094.713585] RBP: 00007ff1639b11d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1094.715004] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1094.716407] R13: 00007fffc2898d3f R14: 00007ff1639b1300 R15: 0000000000022000 [ 1094.717824] 15:49:17 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x2e, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:49:17 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffffffffffff9, 0xcae8}) 15:49:17 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') r2 = fsmount(r0, 0x1, 0x0) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000d40), 0x2) ioctl$AUTOFS_DEV_IOCTL_VERSION(r2, 0xc0189371, &(0x7f0000000d80)={{0x1, 0x1, 0x18, r3}, './file0\x00'}) ioctl$BTRFS_IOC_ADD_DEV(r4, 0x5000940a, &(0x7f0000000ec0)={{r3}, "c618edbae2557dcc82404b0a7497cc020553dad50edeee840d2f549526f07ed631ad1fa6413dcd0585ecf8ef87dc38b79b057545fb60898ecea3bebb42724452a493d4ec2047df331ff8e3982500fb19da2d0df94ae646ade2f9162c79f354015ae825437e1c29d95479a8b13ab971fed0a5aaf9986167c1076f09577e264243cf36227c643df93132b66445ab6dbb0458b4978ed43a69836c36354ff9782c8bfa8a708bc10664b2410eebf5572487401a6912466cf5f7c8e4391df25fd402453ac8edbb7757b296acd50c8d0674a5daf513b23db4cdca3e52c1e2cd70aec71a72820f1f8e1db6bc03b832b9bfd152ebf8dbdcac63ef6357a00515ac99b6fe9c51bd88578c91513673839eca3ce39a402b63dac02f2fbe7a1ea718b1654df00d1d8df226b8a70d88218282efda8d8175d1a673bbfaf55703302c979d2b5b2c5859818c789140512091be7f44fc6613e508c6d730f4a61297429b8fff988d1961c105c69eba988ce164d7138e7c7a443f4338dc5dbbd884a9f58215e6a20c510d8b6be6f41e3be88f4c35f34d3d40f94dbee99b76e36d62ea9d0219222cbe3c92b0a3e9558486274a0a0c249580486c7c04bc654ccad35d39f5ced294b2bee201f005dad3bf7908a35cca15ddb9f1b5c2b5d66cc65ab69d0c984de0d5db50069322fd3c08e034dd5c491c6698b2cb14eadac67afcea22bb6bf193b11f9189165b5431cbd9238365ce1e75e31c0e7425486a2f0e28834cee73f1f1fedca643724003504361f98d12f9189ac2662e7ff42b6ad1351d1da0761fa157c96b0698fa5ce034010d1a7507b1648f52d5ef35ee3d18f06b127899eccb562ea7a14f6704dafdf580b985717395d78ea6039665901eb59bdbd57da91d9910b86c397ffa5175ed63df1e9a89dd0995ee719dc2dbc4ec1201b1e155a8c9b6320af035c081929ee093d6bcbec2a181e2809b3e2227d816c0be9d343cca330a4321389e89d44ac7652900e368f4adb2b29e800d4d24bcb3a69bff7235273b0f1365229304fb3584f8d853d10453e7d0c3fc928c4297545e48b98b10424ab84a937f6b5f11de560f744b523b024ed4fd7adc89084418c930c4677738ce1b4c4a073b6743f010b95f1057eb858036e39a48fe7f05514b1d6854b58ef82fc4cc65bafb673215f59a67ae7af1c33ad45c79d7d310893d5883f337bde064fd7dcda8b77a3ceb8ceed23ffba148f8a3cacf604ff4f9e385eaa7303dd7b6b0e944eb913df0400c518773adaba7c1947c8a323e1c93a847c70070231b601ed914f18d0e352d8b9cf9ee331e6d9e7a4222a6c85b75b24eed9cd4669b64b8c3ca62d059e41d718033cb3c89991c865d57ccc8ac98e156b0b519cd148e004286bcbcec9da235c885231a9e31481f8d901eae1db6874506b25fd4fe49f36e934f373f663d84d2dc1fbf4a7f2a0502310f0f966a94c256b814eca77d5b5bccd9971d0f6087c9cc4c713bc7271aba369f3a36b2d6bea8141d192035a6d36f367d1d453c1d437be828d35b5557df406590be6e2c0d20168120941afe2ae0752d2876dbe5f6404d0d89f3a11253b3d824039603e7624cec1e9b974a5fb1373c6f09cacc44913dc1524dd19f27f82aab808139af3dfc3d042cff576e8c46b2dd7ee0c5df34f3aad395e5feaee0c15d51571c6e394f1ca3f19e88027bd2e72c4c0fd9b0f3db0f721e891c539e55a0ae6390e571483bd6653172c37516995b5a3e34f85bda01ea62bc504e902faf6a4301f1e061214599f63291a66547ffdf8b444ad06ee5c678d4e992363b72e1669c2a8644500df9e0e81f046d1a42e62295eac49f654cdaca74d8e48f569dc1f245c085ccbd0011bc133a684d5abf6084dbc15536126f5dede6d20e37b11e1c6a2bcb488a4f229823ed07787bb516f2aab527faf0a101b8e458b395ed7fa5f8543954c07f64792ab9f4ba2a969238badc84783f9b3c641f33ad532885df875b191147935b8f4a03282c85bfd15322eb45607e600e7969730a61f8ff94326c6426ad61576fa400b4916c82a7a66f3b0764b4940e38806bb71cc45b6cda748f6aa42728ed58d153bdab6fc1138300d989fcd0eb3b47955b8c2768a221b2cfc79e0c0806e5f68cd86533297e50f9965730208e5f6210b97513d2a82c5f1c435e3532fef8e3c413918b8fd3499be123d747470101e24a0fb3de53c4059184a1e57e70bbb27121f732148662562f94446f6bd58046030c8879edae5f4802ed70745e92ccfb4ee554c08d14752bd8c196851c665e995f97c18e88d5a7c0e3983aff951cb0b7580900386b4da7af6baada272354b0052e589c74d9b283c0079cd2595fd496ba187ad2ee3bdedcc27141a6142e2e8947c5b1a0cb6846a414ae932ca979ca85c60f1f7da6779320e31893ae3096459bda8ace4b89f7f5df7a0b9a47818fbb3dd898a53c68ce0409e2f60325d441a1e09731b82416e5fb6cc10fe42227d1b3a8506d74f6d357c92b94a278215b0d51e987e7abd6c1cb0f06bf644fa776198d72e67cd04a0991b6c446b562981546627f0ed193b8eea0fead5d65ef807878f5ab92e754924a89448437c8069b3a41d9aeefaacdfcf81c7643b3a5bfc4f4daaed77226642dcd13e4e0f0ee67356f54e9d617cbbdca1a3862fd0862143478ecb990e4deb0a5bb6f70f5ac2dfeda21212a067457be56da02e0258c3ec1479b19681535d2eb58ae30edecec0d625c32dd3b96ebf12ae930dc22b0eaf9225fc37e59fad1d214d338ef564d1d8f63a91e532ef17fb7b020368bcf47b5d09839a785d0995b5aef477543ebaf0a109dd2025d13347c74d40a5b9b7b573168d58b80ed52e973f2c102273e11802c9362060d6c3232085fe7de69ddb9c22a28d4e48682bab241f78bab8a533891ae65d38baedbcd22811efc3c02265612302029f203ba6e8a6d66a2e7759910bfc1e066c8097548e1e6d97caf1f71f1e7a5ea98ce39464adf94e537a5612c45f593ac3b17f414680e3983dfda41a0bc10400d32c66aa252e2b9dbde4e56aa0cab98e985ec7bc0eeba722fed63830e34768631cee35991dddd78964ef06a61653755208231b3719aae18415a65465c9035eed97ed6bac4aa36e4d045ea7644514e88ab90a87c29dcf35a6993a35c0e961631b5ca633f3b04e64a89b7e88c83327eb25fabc05cfb35d6c8b4f7632128c7abb7a6e3f632d7f4ce4cf646c34539773dc9730ee9baaf769aae25938d6b6ee3252fc0c00b80d7f2f84128dc8d55fdfe9cdabed6057bcb1d953d0f4215a27f32b29d48ad541a6918a6ba265a650b062f39083445fd33a59a05bc258ab9cc7006d2cfa5028d9abc1d994e5bd05007e99d85891d0bf4db8a30d1c73fbcf97171330459e354b23081874f8a0acde96bf86402c6a2a6480dcd2260b34d93cdef545869118769fe64706b80a1c6c138ecc8926c3e8dcc0825323fcd884593470de1a418dc14e4770b62490cd57d6e28792a3d8024560eee2ba49bc102a29b6023d84159b09cdf089435bac1d10a0e4e12cd0343432f90eb856a42793d08df92eb6ca9bebc74a747dac5106aa8b40ca5940e14b3b9190316d46e6ddfbf76e0779f67e96237ecd2d26813aa486cc2f9cc7cc1bc00b5936adf5fafc971aff24813182444b46d73f77d8a4c6579ef2c57b8598d2f3dc33a1bafb22e9d951a8f30b600875e60a1dec0c6eb858e0ef87d28b2f8def1326632ac10faccef26f8363a3a2dc1abc8ae5e029176963d71c853eb464ca903e1692c6e028dfea3086d8747cf0fc20a9523ef94a9027b578fc6563509670014194977507374ac52525a1e76e0aadeaf3856d75b064f6f12d4b3bfeaf57453d638c5172cd98c7470828fb557afc8353b7d8e561c79917d86549de1f0f20a2f84da4336895ac882f02cf0bf6d925d464389741213ea7d6247ba0f8cf94af350a4ffdf3fa55bb9747329ab031953012443028d37f0bddb7fa452b0056157bbf0b6720dc7944ffc440705b2006555da13d7edb67ff6a91a639513fb67dad4964ba3f71418345479c0222d2de79078e02139e7e4a6314e86a6fdea8c615276ef78c527d3b0c77a7662203c338b0a9320db0321f2263e2ce7ecc5304ed5c38f372c5d868684647e5d942b7a810b698dc67f5ba02a1681886ca5a45e2ec8ec52d63efb12c968edc74e9d8113b5510f027a6dd3e4be4c05ea309246a0ae2a6e7dca4764395562cc36917f40da136fb95c66a7572f1b19ca5c5a13c3fa8d5d9ec2a82d380120349f2947b3de39a231aee04762989661ad34edca340392f3b2f85a5aefb28216411b381dbd2fcfffa2d4072b98698014c4b6b1bd028149a61a2b937d3ea567599c261b627640a6f44c658530fd4a660feccf2984b605d90fc04f7823de561b1d466b7b135cdcd31cdaf9c641400a606bbb600e19892acae13a8c2587f5d4f201e7bc06bcf386bd606cd8f1ded9dbfc14a6822f8d20aa8cff2c588755dcdbb9b45c059ddbb05d742397e8dcb37ce0cbf97e02efcac20e1ba7d9c3c21bf6bd1edb46c633b70a3bbfed5f7eedda349e9cf0892fd84dddab7a91dd0307e06c9f39166a5cffb71fb83fd6e8649c3e7510129858f443cdcef1092dfeb606056a89c15c891c575afe1b3181d52dad84b2c25bf1b4dea1a59e43a590d73b15e15b7be20eb220a89a1c865db06993a2380a27095972476aa82f91e38fea97485a02d12e98409e43252e8511fefdcaf4c9b9bc33be7516b799e8cbde87e53e70b4b5d78d9c984798ac74e3f6987d53acbf6668ca2d3030e8de5a16ec601524ed16e540ea9f111719838db2d6cdfb8d8d4acbf8622af1a49785614537c2c2c494e1944be8c3a8f57f7494265d8d6482329a2cca9238aa051f0171c458dcfd6c7f285773f4e42dd27bafecef3b023851a4e354dea1c50d944cdab5f4c72040d56e669f5c724cb804a53b6d19df059b7124e2e48d9260549744eb7c5007149a779cc89cfb9697fcd651d7f8497314978c7c86610bb3d8dd1289fdff5d4af96e2803eb7fc58cc3de7c2d3f26b2f8f69fd9b582b53f3a2f139c503be0bd35881fe65dea9d437d6b25a8d8eae80aa5524846fef0b231ec48629df956e928126f9cc0722201badc685d9f5d6b78226d0f36c685d24d4b393ad18512ccaf06d6a890d8ad9c71e87f0c48694da60d29168f351d50857f6654af56c3d41b04d658f0f98f0bccef3251fe500d070dc6083a842847f4912cfa5ad593d27935796d351ddcdca511f048e7d8a425197cde44e033d6c4aec032b7dfb0443cec05dab7d1768e5ed999b847df888213514061725534f931b347419b7018cfe892c6e6fa180c5d22c601be9d41ee65f272f549f1739efd772b18a867f51599eba113e514f14cd759a8734380e6f99e11ca9338be4ba9785b02388a1cb516f3b7ca0aeaa043d6faa6b92122ef56a58b125370f31f941dedbc25d2faafdbd55f6875a7dcf237a4084e4c6879738e7665b9f8f8721aaae79c494424e45cac9046ff45fcae1db2444b4ba7e14e3059eb5b79202f530db73f3b3310b7c37b42f153b3117d38f1b801267e775256aefe944d9ae902a016d455bbee58c48823f1c71508a7efd9a4901fc398fca969b997f31d2b7eee187006b371899b0c79bb7518098d037393caa5f657c3da94001d57f1c75dbf79b7b084cc041ca8a4921a71d12c1998b286993518f88d1348922a5f190e4f5c27ec43877d8e90bdf3cb50d6ebf485f3e3b9a2cd710b7c9f828c9d4b23e8159b8d022116299e7c3dfd51e445f4"}) ioctl$CDROMREADCOOKED(0xffffffffffffffff, 0x5315, &(0x7f00000001c0)) write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) r5 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r5, &(0x7f0000000140)={0x37}, 0x14) sendmsg$NFNL_MSG_ACCT_GET(r5, &(0x7f0000000d00)={&(0x7f0000000c40)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000c80)={0x14, 0x1, 0x7, 0x101, 0x0, 0x0, {0x3, 0x0, 0x9}}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x81) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000dc0)={0xe0, 0x3, 0x8, 0x801, 0x0, 0x0, {0x2}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_DATA={0x3c, 0x4, 0x0, 0x1, @icmpv6=[@CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0xcb}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x8}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x7fffffff}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x1ff}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x2802}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0xfffffeff}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x5}]}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x201}, @CTA_TIMEOUT_DATA={0x1c, 0x4, 0x0, 0x1, @gre=[@CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x7ff}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x6}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x9}]}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x86dd}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0xfbfb}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x88f8}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x88}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x84}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x9000}]}, 0xe0}, 0x1, 0x0, 0x0, 0x4044004}, 0x20000000) 15:49:17 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x8000, 0x0) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r2, 0x29, 0x41, &(0x7f00000013c0)=ANY=[@ANYBLOB="66696c746572000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e68f70f9c4df2758d9f8d605a39434277e2fa696f130defaca30c33069c54e95ab2d49d386de67038bea9b8abb810da5211161815aec90c6aedd5135c272ac76a548ee99de431b7e870fb8cbdc8675da2437b2eb6743410fb5eb51dde8c6c30596f3cfa858b5c6226b659da2df54f15b36965ae5d23efef57ea1dc4938962c81b8854ac21eb381eab1e0e48cde2435c93640b2e5"], 0x68) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000001980)={0x0, 0x3, 0x0, 0x2, 0x7f}) r3 = syz_io_uring_setup(0x51f3, &(0x7f0000000080)={0x0, 0xa6e9, 0x0, 0x2, 0x3b, 0x0, r1}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)) r5 = syz_io_uring_setup(0x4eff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r7 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r7, &(0x7f0000000140)={0x37}, 0x14) r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x5, 0x4010, r3, 0x0) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) syz_io_uring_submit(r8, r6, &(0x7f00000019c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x3, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x0, {0x0, r9}}, 0x9) syz_io_uring_submit(r4, r6, &(0x7f0000001280)=@IORING_OP_SEND={0x1a, 0x5, 0x0, r7, 0x0, &(0x7f0000000280)="2c215211d3fede84f8b8339531011c7cf5f2838a63f0076ec219f2c05bcd4d89d07c0e9b4be7dc5a7a55d6e6cb990d1c1291d636058ba4bec97ef224690a271c36e5820a48767e1dda90106f0bb81bb7d41db965ee62f03010807ed854b217bd2cf611ca1b23027357428bd5b7a5d5579456790c8d462db6b4b73a171344f296fc054a4d350efee36bf06cca6e8606a0ae7359f7c427d83a61e1726c98a34f6845ab07d100db477a53338f83afa33bbd6e26a934248e71ce289234c3f1633ff0944785750bbbf87061c7a106f7f419ea1ef9d7c8733d3e5d38a2acd0b5e09d5d624b139e4ed48dbf6c3d7247b25e5f722b10a727bba162925cc53c2154d04242a8644f35dc42e67697f409a96cf82fec4f6b8d62669ada2c788d80d5027865b19c362d7867e922c1c71d5e43f125cae68676280df630fb56096f28da34175349c033194feadc3cf82a206baed9dc11e8c9f1c1f87dd885203fe2d17fa9de81dcecc4af47b83b24364497adb3ff59d7fd0b9dbd6674897c677beef94e7c60fe4052626a1e4e1d16243128659dfc44de444278cac167cd5cb648f1b90f1d99a87723677beeff9c98d50fc37cfdb72ad614d891c8297a592dca98a3b7513c94aaff5f523b44f645ab2330c2fbb5993656e40c6b2549121b3a9b96bb231c956d3d041db19c87b7e6f290991ba494d88494be056f2eac7bd02068344805b8e22f1cd21f73a05596bec26e5b50597a3f84219ccd8cf84b93348d10c9770bea3b23178dd2ddde177bd54bf51757d79f453e0a90e1ec2dd48df55944dfa9ddfbf2c761c2ada17dc4694ad9a968a24902c9c69e919030107c3df679c092c07bfd0d70273e091c0394f75c5c7ed873780281c55b77cf704f1237c0aae750365708814de3a7791938084d50e4f6bc51d4c4e78a7d11d228996faaf3dbdfa2244dcea823611429c5831338e5eb37475860c4c838507c95dccd6a51f0cca8568e9cd0afcee7030bea5ce34c7dcd850c23786ff712ec3f55d85fc98b23fc60da6bd90ffa8ccc53ea56b95a5710fea68b028691a29c0eec7776a861af8f2154720c883d3827ecd9690d412f87c24a739bc3cbb45b1dec8bf9c8a8c5e4078cea0090144ade7e74b6e3530103078ba4eed86b7d02de550e3586aaa65155ba328397c4278c7fe29b6cdbf58b7ca91bb4c58251f18f59523a8cd255c83965cbdc366fa4c49ed30b0847f5df66edbe236c11b59b69e7f63d5d76a9977e6a2ed288d50c59497b7be677f7adfde8b6fc5a817204ae7a492d4c34691da2272f3949a6ed65e52c09dc3bd33e44eb77834ce7eb05000dd226abb90b2b06eabe01ebbe052a1918d70aa34a153d40452485a57526114004429c2987ccf2a0c850d06dc8e448730572f5cff5523ea2bff7aee6a1472d893f09d654d8d00fccb4182027b4c746974512a32b4b143153f365a8fe47653117ee093f670e3cc56b3236bb88b58ce21753150849061d4cde340d9e0a902abdadfc45ad8034628021099c131f42263aaafb8713701c592ce722315d38484acb9f3c59ff1114a1a1dc09a1064cc983e90d880ad3bf76255a0073aa5ef728393887c81f0322f4a7d6d3ee2af9214c333688c185a50b0dca305487aef93f7ac8a02ce3f88eba857658e4dbd276ab559f601be1aa6d118f0ee10a9b66917912f30f8faee8f5cf7bcc646f5567b57ac6a77ec67c0bdf97d2f815470a7fb65d483cde9d921b58cffec1e4ae8f585c454f5d7747980cc4ea0c2f450cd9d09e2151bea19a47ca5a804d0624663b2fa2a1c281ea51d60eb1f9b6edfad550c7500512eb0e9ff80adbdc7cc7a90e205db698cbefbbbfb4beb90e4e1147afc7168239563a990690c20d1a354672253dfd98c106f10429870b403a4d884cd7da63f4241de8b23d308d2ab07f08d0a39084e0ec599cbdd727799127feee0baf1d3829c9973c1facd93c65f1ac011e22a8388e6684133ac89b13fd8296aa8b29d5f13285c63a0ba106c464fa194351dafad904b372fd5f645370787055f2524e6f577b92601b22b20c7104bf4b1ce036d3d5cc5c564962b4534cbb01d7c2c143d54226d8e7d75d192f63011df448a1acc574ad89e61d4937e60e963f47f56fe2964554b6c6c16126c2e13a101e764de734080ae7c73e2387c650a795538b4b0fdebe7b898dc881f824fdb96a05e1f3e59451b30e0b3d05277702ad25f1b908ee33a6022bbfdc30c00250e840da41b2100097834b1e9fad9e788592026c74e8321cebe43a09347a44325d5f180b5c5401effa8ba8ec647ff84fd4b976c4b05cc308388227518bb4abe167e0a063c4593de5d9c1de56795473c2e1866c0ef8df523047431f9042c1360e499432e517cc94c6e81074ac01e507291a358053462a740c57114cfe3d9d9cbd53828d12f7ce5cef76a444164929aabce0307ae5a51c54e132cdf4968fd02bd3576eb0a9ae96b06ece64720c1d5f1f9fd56f0fe7259c295bbfb4275186492c3075c81bb6a0d94ab40df1aa5627dd43d02ff3c91f0080e94ec5821cdad7ced270bc202261b7faa077943942310b8efd0304948c621a29fd644aaffc4be9db9742cfd2ace7d66797468feb52893723c8ccc63af570204e8be19eb8d50abf39f569d205df0990db2362be8ca6bbf3865153e35716050532a4c940009d94fb0478022bb0353d6dbf7c21bed14d170d4b686a9b752eb1ab74215368131819ef80e435cffcbbb2811d1d50c8084910956c48424f83e1bb32eea6f8ba0d2e5c5f3f169554cab48924e9baf8ec446be8bb15c5154f7a807b1da7ec95183f3c8135f603e621d1dc7c03c8c58c70985208d0586b3ed1d9055b34d86ba2a0532bad18bf65e403cf895239ff97035f722625b1eb9d9ca8e61e0d08ee49a22fa051c678d9e9b4d4ef3ee6003753be1a22d8653d8b221e2bbdf7e523fbcfe39d6c21198e25bd61052189d404c7ef7211d495199421c2a5d80f19a156b8fedd9b46b214ea5de6aa07d7596bbd088294eb8680142d4700461067596b54a0bae2de471a6e3debaa4e0d4e5df7f9eac6f67d4e0cdb99227b7bb050a1ef455cf22224ea912948cd4db953dc507064bb74b9d7b431b7c78ef86ac8d268309ab33a083402117e8ada9ea6a2688f3e0f34dea18363f993dc578fea4fca8e65e5e8f1f37a1495f79c66f72cf6efdd45d55a8dc657f795b6d5a8b8e56c8ddfd55c55f80ccf8f2894c90767b5d203bf1c27c99e54b314ff2d9320e87f198423cf7cad0bee15ac7163c34ea9f01f35f815dc65ddbf4773b69aef2395cae54ed4e4025418868b0fb86836685f798ddc66a67cd3699e470f793f79aec493d11509ae712e22ae2639261c63c151376df4c5b97ba16c0cce459cdaf12e2d159dd1f65aeca6564816086058e200b7bc6633c91165f4174e1b207825fc3aefaee399b07821f74e11a5799af5b631644b4d5c387757dda2820e7673c84d109a13f4494c70beef9d1372acbef1f1bcf7cb6fa8dbf90bbd15f995dabe0404dc2d81feb86e9570b4fd1ea221f7f497545aba9b8507fc256209afc5c72ca34205d192a225a188b9f6aef6d96f108536b9de88e1284060f279a5c115199fbe001149b638b4bef10bcec15961e1715e6ca9b53d4acd0d48b937a5f83381942c798864f96aa0b115bdc8fbf6fe83f4ec90f209b79bc2cbd7adc8e0891edd1789c0a1a6305392389b7fe7750af172bd91fedf92c8635a6742ae083282214c5fd807005ef91d8b01cea7c4439bac200b15b3dbe30105dcb7f6914065716bef6d9de4041ee37a5e18ec0d35d8b4bb3d39074bba9cf4cf6c6db540116960e53a932f1678d63d5a66fe8f3056ba3ec8c08b5e2533bba1ea4db40a7841848899f3c1ec38f1030733c913309ac59ff440af49fbf0af2a3acf5bb0677f36ab7b6daefc911713cf0b0b3c744d5918852e9a56f074708fbe246ff29505442daf85aa0a26d7132f23a65b4a59da142c81dac426972a989fb8eb1ec8f2ce25e97045bd5b754db6fb940507d933f331aa2b200dc878319371b55ae847e586704a8e52ed9439c99549d776457a97272da5d5b0184672e0902756793412ae60641e3c281ef1a050b1e75eab4c862ae4f0baf7472e92b02226b1f07d2f16a1de3485848b0f63bafb3849a5c950d9c0ba4aaac6f1802357a306437eacc0e00595bf76d31fc4347cb2b60f4d6d09d91bdfe462bf909a0b57f6f067af44311f207a309c638984659a7d8c53495873e1a7a1b1cf899a90fa4ba3ecf0ae6a3afcdb7924b114bb14b9d54536df5d0ed380d4d15fce4750f408a4b2c27c5e1d6743b4cc2afc9a93a40d1f3d850ba3b26dbb6353f5e141213268fb18940afb934f374464982a2517b4822b9c06c521b6a48c5d638323081366b4500da211b62f8a0fd658553a5af0e73a6cba37640358808ad09e7c1e4068c2fd196f8273d2b99f85db8aa0d367eac9b80573f2dade8f2df304b92f26779d0a8f500cf96724a97959cfe31c95b22ac9c3bf2aab8aaa5b1de02b5ea62f7b830e034f4bee4201418b1cb16d822b33e4cf97ad1845ac74d23ef87b847c3480c59281c67b9148d7b0c7711bcae716e5e1ddf9e35ff64e61cdd033eec83f743810a98f7b4e5970554e342ad739e21640f589fe982fa80bd328c953e8e8aefc66cff84ec12000d2d42d7a413614e2c92f2d8b8737ba2b98b9b88466d3e423e53a6354306c447141ad8e0022c6dc957a69db14f354340998122e5d6267de2a371e66c6fd7d1c4b3100f01254f4dd992f9e76c262466720721cc16cff5c2f70da68f446d8afdd4af588724a169015cc2ca3ea72e9d52d9fa61a2d03f860efb722ad2b1161e39d12aac6fd5820c229a3a06b35f97fdd07088e6c2c82ad4c008d47b6c0f341f5529b60e593a302669ca93582691848cde595c6b946bc2343de1357db4b2b42783d409c26a9e5ec59e0a2b85d9fb732d17863f0f42437f1560b84de5e13748e1c0a10e7cc91e37211224dc3ff4773638bb498fe39a628f5e422e3a807c018e1a29e7327b79309cee9a85f821c2b037501772f4d3fde0696201a77a259c939e27e2822dbddead8a4e00481866ebec9efadf998ba99206fa8c477ab1e14fad560974024b8024d2a38dc8c8f3ef232209c43b3fba83fd371e62653ace17f937e661508e47e8f840520cb872b0b6e0d02651634e8eda8f62eae6986f60d4dd6536e016a379a396a65475df81add3a61ae3cfdea6234616a8ab583464cacb3d1ea4a8d7f18bebdf73b5805a23be8379dfa5ffc2cb79fb8661e73a1e3bae99e446732b84f59677f59cc97ade4b17b42a50430b56a181e2c539ce9a688061a56672f073fcbdf889a6d7d06d472a1370927d633b8c795bb42e9710fd1b852c9470e4ac3af79f69940c5c2d963674d168dd758c6f9e74be7faf58c855365dce048afaccaf193c007fe0750226007315c8436c31d42757784a8ad1dc66c2078b996174e443e0669ed08ce4b47e1a68deb149ef96e903f4cf7e1cca013218b89f60deb80e2bc4386d0d6ba14a7fb091cdb0f0b1ab62140a19d3713ead805ee6c656ec23e6eaa8775957ca819f48afe0060e862c9a7a20b0249c896cccc25872f3844015f2c58481b622473bf7e921c75ea22753430b2adf2347f2af69788767ca4dd7e76a93c47214012037cae886d0f5ed4102e3c5f57f6749583522d8764075fa65306e7cdc815de1b84745f124a2871504fe70d0e47594cb41c1bca0762b957f7fc69cb8653287a4ee5ecd8ab7aeed4325f5617a84440b0e0fce806b876bf29", 0x1000, 0x4, 0xd7f9ea71b7db31e6}, 0x1) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) r10 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r10, &(0x7f0000000140)={0x37}, 0x14) preadv(r10, &(0x7f0000001900)=[{&(0x7f00000012c0)=""/137, 0x89}, {&(0x7f00000001c0)=""/98, 0x62}, {&(0x7f00000014c0)=""/254, 0xfe}, {&(0x7f00000015c0)=""/218, 0xda}, {&(0x7f00000016c0)=""/161, 0xa1}, {&(0x7f0000001380)=""/63, 0x3f}, {&(0x7f0000001780)=""/93, 0x5d}, {&(0x7f0000001800)=""/216, 0xd8}], 0x8, 0x5, 0x8) r11 = syz_open_dev$mouse(&(0x7f0000000180), 0x6, 0x12800) fcntl$dupfd(r0, 0x0, r11) 15:49:17 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0xf000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 1107.327175] FAULT_INJECTION: forcing a failure. [ 1107.327175] name failslab, interval 1, probability 0, space 0, times 0 [ 1107.329422] CPU: 0 PID: 9687 Comm: syz-executor.4 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1107.331313] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1107.333535] Call Trace: [ 1107.334058] 15:49:17 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 22) [ 1107.334447] dump_stack_lvl+0x8b/0xb3 [ 1107.335356] should_fail.cold+0x5/0xa [ 1107.336118] ? create_object.isra.0+0x3a/0xa20 [ 1107.337020] should_failslab+0x5/0x10 [ 1107.337754] kmem_cache_alloc+0x5b/0x480 [ 1107.338575] create_object.isra.0+0x3a/0xa20 [ 1107.339435] ? kasan_unpoison+0x23/0x50 [ 1107.340221] kmem_cache_alloc+0x239/0x480 [ 1107.341034] vm_area_dup+0x7f/0x220 [ 1107.341750] ? stack_trace_save+0x8c/0xc0 [ 1107.342593] ? filter_irq_stacks+0x90/0x90 [ 1107.343425] ? __stack_depot_save+0x35/0x450 [ 1107.344292] ? rcu_read_lock_sched_held+0xd/0x70 [ 1107.345212] ? lock_acquire+0x41c/0x4d0 [ 1107.345988] ? rcu_read_lock_sched_held+0xd/0x70 [ 1107.346926] ? lock_release+0x505/0x6f0 15:49:17 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 26) 15:49:17 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) r1 = syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) r4 = syz_io_uring_setup(0x76e7, &(0x7f0000000340), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000280), &(0x7f00000003c0)) syz_io_uring_setup(0x4eff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r7, 0x80, &(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @private1}}, 0x0) syz_io_uring_submit(r2, r6, &(0x7f0000000180)=@IORING_OP_FALLOCATE={0x11, 0x4, 0x0, @fd_index=0x6, 0x1, 0x0, 0x7, 0x0, 0x1}, 0x5) io_uring_register$IORING_UNREGISTER_PERSONALITY(r4, 0xa, 0x0, r3) syz_io_uring_setup(0x4eff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r10 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_submit(r8, r9, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r10, 0x80, &(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @private1}}, 0x0) syz_io_uring_submit(0x0, r9, &(0x7f0000000080)=@IORING_OP_CLOSE={0x13, 0x1, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r3}}, 0xfffffffa) r11 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0), 0x200, 0x0) ioctl$TUNSETIFF(r11, 0x400454ca, &(0x7f0000000100)={'geneve0\x00'}) [ 1107.347691] ? unwind_next_frame+0xc8b/0x2250 [ 1107.348620] ? __is_insn_slot_addr+0x122/0x250 [ 1107.349418] loop5: detected capacity change from 0 to 260 [ 1107.349507] ? vm_area_alloc+0xf0/0xf0 [ 1107.351346] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1107.352306] ? mas_is_span_wr+0x14f/0x260 [ 1107.353111] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1107.354182] ? mas_wr_walk+0x842/0xbd0 [ 1107.354950] __split_vma+0xa2/0x540 [ 1107.355654] ? mas_destroy+0x391/0x8d0 [ 1107.356400] do_mas_align_munmap.constprop.0+0x25e/0xc00 [ 1107.357446] ? __split_vma+0x540/0x540 [ 1107.358219] ? mas_walk+0x48a/0x670 [ 1107.358915] ? mas_find+0x203/0xdd0 [ 1107.359607] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1107.360666] ? get_old_pud+0xc9/0x3a0 [ 1107.361405] ? alloc_new_pud.constprop.0+0x202/0x310 [ 1107.362396] ? move_page_tables+0xb06/0x1e70 [ 1107.363249] do_mas_munmap+0x1ed/0x2c0 [ 1107.364003] do_munmap+0xc3/0x100 [ 1107.364672] ? vm_brk+0x20/0x20 [ 1107.365314] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1107.366291] move_vma.constprop.0+0x887/0xf40 [ 1107.367162] ? move_page_tables+0x1e70/0x1e70 [ 1107.368027] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1107.368977] ? cap_mmap_addr+0x50/0x300 [ 1107.369740] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1107.370795] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1107.371841] ? security_mmap_addr+0x79/0xa0 [ 1107.372663] __do_sys_mremap+0x78f/0x14f0 [ 1107.373460] ? move_vma.constprop.0+0xf40/0xf40 [ 1107.374354] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1107.375402] ? fput+0x2a/0x50 [ 1107.375999] ? ksys_write+0x1a5/0x250 [ 1107.376725] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1107.377670] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1107.378694] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1107.379674] do_syscall_64+0x3b/0x90 [ 1107.380388] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1107.381362] RIP: 0033:0x7fe3cdd6fb19 [ 1107.382067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1107.385549] RSP: 002b:00007fe3cb2e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1107.387047] RAX: ffffffffffffffda RBX: 00007fe3cde82f60 RCX: 00007fe3cdd6fb19 [ 1107.388396] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1107.389741] RBP: 00007fe3cb2e51d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1107.391095] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1107.392427] R13: 00007fffdf0ea1bf R14: 00007fe3cb2e5300 R15: 0000000000022000 [ 1107.393766] [ 1107.413203] FAULT_INJECTION: forcing a failure. [ 1107.413203] name failslab, interval 1, probability 0, space 0, times 0 [ 1107.415524] CPU: 0 PID: 9700 Comm: syz-executor.1 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1107.417382] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1107.419547] Call Trace: [ 1107.420060] [ 1107.420498] dump_stack_lvl+0x8b/0xb3 [ 1107.421254] should_fail.cold+0x5/0xa [ 1107.422020] ? create_object.isra.0+0x3a/0xa20 [ 1107.422912] should_failslab+0x5/0x10 [ 1107.423655] kmem_cache_alloc+0x5b/0x480 [ 1107.424436] ? mas_destroy+0x391/0x8d0 [ 1107.425159] create_object.isra.0+0x3a/0xa20 [ 1107.425997] ? kasan_unpoison+0x23/0x50 [ 1107.426726] kmem_cache_alloc+0x239/0x480 [ 1107.427506] mas_alloc_nodes+0x2f4/0x600 [ 1107.428248] mas_node_count+0x101/0x130 [ 1107.429000] mas_root_expand.isra.0+0xe5/0xa60 [ 1107.429821] mas_wr_store_entry.isra.0+0x33c/0x10e0 [ 1107.430764] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1107.431795] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1107.432824] mas_store_gfp+0xca/0x1f0 [ 1107.433533] ? mtree_store+0x30/0x30 [ 1107.434247] do_mas_align_munmap.constprop.0+0x487/0xc00 [ 1107.435274] ? __split_vma+0x540/0x540 [ 1107.436000] ? mas_walk+0x48a/0x670 [ 1107.436668] ? mas_find+0x203/0xdd0 [ 1107.437343] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1107.438369] ? get_old_pud+0xc9/0x3a0 [ 1107.439088] ? alloc_new_pud.constprop.0+0x202/0x310 [ 1107.440034] ? move_page_tables+0xb06/0x1e70 [ 1107.440861] do_mas_munmap+0x1ed/0x2c0 [ 1107.441598] do_munmap+0xc3/0x100 [ 1107.442255] ? vm_brk+0x20/0x20 [ 1107.442892] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1107.443822] move_vma.constprop.0+0x887/0xf40 [ 1107.444661] ? move_page_tables+0x1e70/0x1e70 [ 1107.445498] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1107.446439] ? cap_mmap_addr+0x50/0x300 [ 1107.447184] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1107.448205] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1107.449230] ? security_mmap_addr+0x79/0xa0 [ 1107.450044] __do_sys_mremap+0x78f/0x14f0 [ 1107.450816] ? move_vma.constprop.0+0xf40/0xf40 [ 1107.451151] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) [ 1107.451675] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1107.454314] ? fput+0x2a/0x50 [ 1107.454895] ? ksys_write+0x1a5/0x250 [ 1107.455600] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1107.456515] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1107.457497] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1107.458461] do_syscall_64+0x3b/0x90 [ 1107.459152] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1107.460095] RIP: 0033:0x7ff16643bb19 [ 1107.460769] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1107.464178] RSP: 002b:00007ff1639b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1107.465571] RAX: ffffffffffffffda RBX: 00007ff16654ef60 RCX: 00007ff16643bb19 [ 1107.466895] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1107.468198] RBP: 00007ff1639b11d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1107.469506] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1107.470820] R13: 00007fffc2898d3f R14: 00007ff1639b1300 R15: 0000000000022000 [ 1107.472133] 15:49:18 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0xf0ffff, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:49:18 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffffffffffff9, 0xcae8}) 15:49:18 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x103, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:49:18 executing program 6: sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000000203050000000000400000000a000000af6b85b3d268b1d27798c89ba66869a450929b1f74db5f6919faf296b62255acf7a621f7c81563b5710c43515ee554"], 0x14}}, 0x24000800) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$CDROM_SEND_PACKET(r1, 0x5393, &(0x7f0000000200)={"8755d5eed74b6e0e33d1e0ca", &(0x7f0000000040)="49d26dbb36bab85cfe38cfab5868e820d26dbab585a3dbdaf53611321d0e3bf88d0af73d676c5b29b2a993", 0x2b, 0x101, &(0x7f00000000c0)={0x38, 0x1, 0x6, 0x2, 0x0, 0x0, 0x0, "2301adb0", 0x7f, "9cb4cce3", 0xff, 0x3, 0x80, "3d0980", "29dc1b7f1724eaedb0b1be9644532a0b876d01ba7bb7eb9b8ae6708bf73df3648918452c09f4a3c35e016e4cd89e"}, 0x2, 0x6, 0x7fff, &(0x7f00000001c0)}) 15:49:18 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffffffffffff9, 0xcae8}) 15:49:18 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 27) 15:49:18 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x1000000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:49:18 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffffffffffff9, 0xcae8}) 15:49:18 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) r2 = fsopen(&(0x7f0000000080)='zonefs\x00', 0x0) ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000d00)={0x0, 0x4, 0xfed, 0x1}) ioctl$BTRFS_IOC_DEV_REPLACE(r2, 0xca289435, &(0x7f00000002c0)={0x2, 0x8, @start={r3, 0x1, "9dbe835af6629aa05f546bfe59f26ea4623bbd5094ea8a0a80ccf4f422974f066d97838716030f7350046711fb153f268df1805b4ca0c86730a93e4c4896854382db6112277590dbd7ac093fe22fca20f60c0ad096e40bbdbf14c61e5664659390e2d14e235382ffa5c8b9a661b5690a044928e1deb4c767cc1c980bbe568f981b7f4a4a395d0c416d768c3c513ade94e76e5af924b90af85dbe3aaa5e5e41d35a1b5aa8cfd0a86d1d3e7c263c67be590b829dc9e4196eb835a99c7194d9641bbacd04259ca96b2a6c91fecd93e4bc1025741d417901b7cbdf4a2c3695c7b0930b44d55bde2beaf90ddaac4adf950d1ed5e000b8b893dc893343ec3c5b7ae43a5431b5ba20f40c4cbee8ca321ba677923c8480b232c8eeaba74b1070ba4f000c122a8e8be200d4120114c2f0ea15d6efd658055c042177209ebac60d1240171e33109928ebc0110f325009f0021b8fd3b43983be2b4a9e0124ca6ada629b01f7d00afb297f3dcddcf156943e44d9ea386d7143ad885e99567556a65f7982e649adbe4660a99a7a18d754bd98d7e3a30979ac9d2a8bd622d1643435c28aa3fcb67a9073e57bf10d995dc94a678e7130fefab0399ac93eb50be9c108d7fc62b49fd69472ed27e62015d7bd9419da65b07c1b411dd18aaa5c6dbb07a1a67abb1f004b9b56888453197d2cebe12d0404a3ea31c0e67b8863f46dac51abcf79ca7eac5812f3291cb79ca05a891627e05ffde512dab4192116264f9a0ad022d2a9820dd47a693c495eeb3fe461a587de5d993cf58681a31e9a252215a3525db60451a9af22f91af2a3cacb463e948ce87376d709243d5a721e5aadae2a444c32ee6b2d9237937a21c6eafe5590c9c3ccd14063328e5b901309474ea8e54ab6d593df58d0f1f859b097d2e95add67a174b9a8743b2e1993017201abc115a1052e5c2626e4dabfc4a01cb2f97e6d7418f154c3f3c2856109c987afcdae24e8a1ccf305c1e0ccfe5ded4c3e5ad3a2676a8d666db9e9fe7550a1ee4eed326fc9537069fdcbfb658c572f96ebcae44743f2e1594f076fa5947a418f4c773c6695408b46d8fe058b68b64b30d011ab2877e73737238a2ff6dcd8438b6fd249f6fbab01447bb8b316ff51c28c4092e198d864078fbaa881f1bbe33e0029ca8911983b4f8ff0a580cae260cf099333fcc2ee32f2c3232689afdbb2adce2dfd0e327aef06cdaeca08bfdf5d4f7f6a1896795d5ff3a980a8b213eac6420f71924966018412cdde528ec11a3d91e81b49626bd635ccac83b6b0d64efc7a28b871a421eb7ae28cd7db85d5560553138134fbcb06a320be30db5f6899ea0e3e1dd6c4e848d7b3f34c94fdbdaee0469763a02342622d7ab72b7332237987bc86a2b4b17901e1ec74af1a772f5f1feb1c072542ef07a136147277789890172d516850ff1a09cd95de0fca98", "6c4f29a94187ce24b1bb45d2ae3f2531f4003cbad2b400744aebd7f91ea2e303be64a04690de10d511b1c196f9d1e889fb1ffafb99823f521f26900643d87a4036587e56b66b3e9c40f379226567456bc3c3764084a89167fc71707b397dd9f7694a6e8787255a5b4f04b2c0a5bdd8007376cf0523679b300975b754221c5034242d4e55f4efeedfe2ac09d3d9106438d8b60a31edb5c88c3a1d5532d9aaf040a045f3feaf39add4ed5964e100c330c924adc12f5f401838928cecc313f3e2bab0f93d73678dab14a8f4577f23594ec2ea8ee60c866ef938c05a0ffb652b7d2a1f8e70fc91181b769a95e9ea4990c36091edc7c93be3f536fd5d3a5752385d3133df4ae6be7332fb2259d1d150f9ec55971b1cd7ce29289b17b77d259fad9c127d325b0f5c3a1e8ddab7a4c0f894f385f20d52d3b65a31813f0e7dbcfc85281720e6e9de43dd7520ab6f2effabd853bcd082cfbbbd4cabc9e318f17faecd1d909b94d42168fc90c89f1ffba07215551c82d91cb87e82d15ba0cabc66d7a40e9b8db409b09efbcca2c0c31d3946deff8e354ef8d7678c2a3d6fd3518a9ebb7034416cea07f4dbe7bb505d44dfe2b45c9e0fcd4202302a29b3a19b246da0e0207f488ec657a8bc9f0be212349ed6fdb924ca228b87da6812bee28746e6403d97dfaa06d748785ca4c5e54410c0d1b328f853d7ff141d7d92fe0371716ebfa09616741322c394418715f52e389abfeb226b6f51b60ecf064ae6ef6eeece8ffeda33edfbbc40193156a352432ab0491934599920e60c895e1b0a018ad21bf057b3dea1f93394c2bdfb6795b286f6558d9c56688937e9f84cab0bfebb3ac7e237e9bf0bf92c10428b705d8528eba0bed3ff1191d74ea7d56870dab476191942551914802320ad968e58e20d6161b537bf2e09ba87b0a333dd4eebc950c96112c11f35e6b4a5ae42a5296a30e8f5b6f1e32634f7b8ac6fb08642e42dc1d97e5cbbabc6e87d55ca288b8578b8545cc92a79e194f61894e9bf44eda8809a6757ba2632de5118777f76c848f46aec5b20f6a5766f95b538c4fe41e9dfe33a76e96ac2f4c93d46d5af4dca51805767537131ef69bac435428103ad7a19a2e1f14c8da2a6d365adc41d9c7a1bf3da46ee1127ddc0c4c2d30842af136917fe623f8fdbc74453e7091c7824a5d5b59fea741bacb4b845cc69c36e78b7f4f9c5d009d82eb3bed036b36ff55c2b48cd65cf8c8ac0cf8d81da28d0fa396b268814024e8a4d5be67d44ece7abe1f3f54b92583711ae35db0b22d2f7d607c70f97f18b1e5e3b60d74ff0a465f380a8fdf95bf8507539657defb7b56f62faee6f0c822268a3840f74c2c8ccd9146b404ee20428614b93b2d82e9f0536d34cf9e7264374ba336e39146e48ffc932e58be7ad6c9ed3ae35b9b5672d4aefde0ca106b7c7bc76f9db67d9b8db"}, [0x7fffffff, 0x4, 0x8, 0x2, 0x8, 0xe1ea, 0x3ff, 0x1f, 0x9, 0x4, 0x100, 0x9, 0x8e4, 0x10001, 0x9, 0x3, 0x80000001, 0x80, 0x4, 0x9, 0x29, 0xfffffffffffffff9, 0xfffffffffffffff9, 0xe02, 0x4, 0xffffffff, 0x800, 0x6, 0x8, 0xfffffffffffffff7, 0x4, 0xffffffff, 0xfffffffffffffff8, 0x7, 0xab, 0x0, 0x5, 0x5, 0x4ab, 0xffffffffffffffc1, 0x2f05b42c, 0x9, 0x20, 0x2, 0x40, 0x9, 0xa143, 0x200, 0x7fffffff, 0x0, 0x6, 0x80, 0x2, 0x100000000, 0xd95, 0x7f, 0x20, 0x6, 0x20, 0x8, 0x100, 0x1, 0x2, 0x9]}) 15:49:18 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 23) [ 1107.681427] FAULT_INJECTION: forcing a failure. [ 1107.681427] name failslab, interval 1, probability 0, space 0, times 0 [ 1107.683708] CPU: 1 PID: 9727 Comm: syz-executor.1 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1107.685594] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1107.687805] Call Trace: [ 1107.688308] [ 1107.688742] dump_stack_lvl+0x8b/0xb3 [ 1107.689509] should_fail.cold+0x5/0xa [ 1107.690279] ? create_object.isra.0+0x3a/0xa20 [ 1107.691185] should_failslab+0x5/0x10 [ 1107.691923] kmem_cache_alloc+0x5b/0x480 [ 1107.692710] ? mas_destroy+0x391/0x8d0 [ 1107.693463] create_object.isra.0+0x3a/0xa20 [ 1107.694340] ? kasan_unpoison+0x23/0x50 [ 1107.695126] kmem_cache_alloc+0x239/0x480 [ 1107.695942] mas_alloc_nodes+0x2f4/0x600 [ 1107.696744] mas_node_count+0x101/0x130 [ 1107.697543] mas_root_expand.isra.0+0xe5/0xa60 [ 1107.698465] mas_wr_store_entry.isra.0+0x33c/0x10e0 [ 1107.699443] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1107.700520] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1107.701600] mas_store_gfp+0xca/0x1f0 [ 1107.702132] FAULT_INJECTION: forcing a failure. [ 1107.702132] name failslab, interval 1, probability 0, space 0, times 0 [ 1107.702354] ? mtree_store+0x30/0x30 [ 1107.704806] do_mas_align_munmap.constprop.0+0x487/0xc00 [ 1107.705878] ? __split_vma+0x540/0x540 [ 1107.706673] ? mas_walk+0x48a/0x670 [ 1107.707377] ? mas_find+0x203/0xdd0 [ 1107.708093] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1107.709176] ? get_old_pud+0xc9/0x3a0 [ 1107.709934] ? alloc_new_pud.constprop.0+0x202/0x310 [ 1107.710943] ? move_page_tables+0xb06/0x1e70 [ 1107.711829] do_mas_munmap+0x1ed/0x2c0 [ 1107.712585] do_munmap+0xc3/0x100 [ 1107.713279] ? vm_brk+0x20/0x20 [ 1107.713933] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1107.714935] move_vma.constprop.0+0x887/0xf40 [ 1107.715820] ? move_page_tables+0x1e70/0x1e70 [ 1107.716712] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1107.717684] ? cap_mmap_addr+0x50/0x300 [ 1107.718479] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1107.719550] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1107.720636] ? security_mmap_addr+0x79/0xa0 [ 1107.721476] __do_sys_mremap+0x78f/0x14f0 [ 1107.722317] ? move_vma.constprop.0+0xf40/0xf40 [ 1107.723238] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1107.724318] ? fput+0x2a/0x50 [ 1107.724933] ? ksys_write+0x1a5/0x250 [ 1107.725682] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1107.726662] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1107.727709] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1107.728708] do_syscall_64+0x3b/0x90 [ 1107.729444] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1107.730466] RIP: 0033:0x7ff16643bb19 [ 1107.731187] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1107.734748] RSP: 002b:00007ff1639b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1107.736232] RAX: ffffffffffffffda RBX: 00007ff16654ef60 RCX: 00007ff16643bb19 [ 1107.737630] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1107.739034] RBP: 00007ff1639b11d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1107.740445] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1107.741857] R13: 00007fffc2898d3f R14: 00007ff1639b1300 R15: 0000000000022000 [ 1107.743283] [ 1107.743741] CPU: 0 PID: 9729 Comm: syz-executor.4 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1107.745266] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1107.747137] Call Trace: [ 1107.747562] [ 1107.747921] dump_stack_lvl+0x8b/0xb3 [ 1107.748524] should_fail.cold+0x5/0xa [ 1107.749135] ? anon_vma_clone+0xd3/0x560 [ 1107.749799] should_failslab+0x5/0x10 [ 1107.750437] kmem_cache_alloc+0x5b/0x480 [ 1107.751097] anon_vma_clone+0xd3/0x560 [ 1107.751736] __split_vma+0x16d/0x540 [ 1107.752317] ? mas_destroy+0x391/0x8d0 [ 1107.752899] do_mas_align_munmap.constprop.0+0x25e/0xc00 [ 1107.753725] ? __split_vma+0x540/0x540 [ 1107.754328] ? mas_walk+0x48a/0x670 [ 1107.754866] ? mas_find+0x203/0xdd0 [ 1107.755402] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1107.756244] ? get_old_pud+0xc9/0x3a0 [ 1107.756816] ? alloc_new_pud.constprop.0+0x202/0x310 [ 1107.757577] ? move_page_tables+0xb06/0x1e70 [ 1107.758261] do_mas_munmap+0x1ed/0x2c0 [ 1107.758860] do_munmap+0xc3/0x100 [ 1107.759391] ? vm_brk+0x20/0x20 [ 1107.759903] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1107.760659] move_vma.constprop.0+0x887/0xf40 [ 1107.761371] ? move_page_tables+0x1e70/0x1e70 [ 1107.762086] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1107.762867] ? cap_mmap_addr+0x50/0x300 [ 1107.763508] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1107.764377] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1107.765274] ? security_mmap_addr+0x79/0xa0 [ 1107.765964] __do_sys_mremap+0x78f/0x14f0 [ 1107.766649] ? move_vma.constprop.0+0xf40/0xf40 [ 1107.767387] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1107.768261] ? fput+0x2a/0x50 [ 1107.768767] ? ksys_write+0x1a5/0x250 [ 1107.769385] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1107.770181] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1107.770980] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1107.771797] do_syscall_64+0x3b/0x90 [ 1107.772401] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1107.773223] RIP: 0033:0x7fe3cdd6fb19 [ 1107.773811] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1107.776767] RSP: 002b:00007fe3cb2e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1107.778004] RAX: ffffffffffffffda RBX: 00007fe3cde82f60 RCX: 00007fe3cdd6fb19 [ 1107.779144] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1107.780282] RBP: 00007fe3cb2e51d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1107.781429] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1107.782574] R13: 00007fffdf0ea1bf R14: 00007fe3cb2e5300 R15: 0000000000022000 [ 1107.783715] 15:49:27 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') r3 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r3, &(0x7f0000000140)={0x37}, 0x14) ioctl$TUNSETIFINDEX(r3, 0x400454da, &(0x7f0000000180)) write$P9_RMKNOD(r2, &(0x7f0000000140)={0x37}, 0x14) flock(r2, 0xa) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f0000000080)={{0x1, 0x1, 0x18, r1, {0x1}}, './file0\x00'}) write$eventfd(r4, &(0x7f00000000c0)=0x3, 0x8) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:49:27 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 24) 15:49:27 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffffffffffff9, 0xcae8}) 15:49:27 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 28) 15:49:27 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x104, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:49:27 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x2000000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:49:27 executing program 6: r0 = syz_open_dev$vcsn(&(0x7f00000000c0), 0x6, 0x240) syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), r0) openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) 15:49:27 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x0, 0xfffffffffffffff9, 0xcae8}) [ 1117.003898] loop5: detected capacity change from 0 to 260 [ 1117.019276] FAULT_INJECTION: forcing a failure. [ 1117.019276] name failslab, interval 1, probability 0, space 0, times 0 [ 1117.021503] CPU: 1 PID: 9754 Comm: syz-executor.4 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1117.023399] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1117.024464] FAULT_INJECTION: forcing a failure. [ 1117.024464] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1117.025574] Call Trace: [ 1117.025581] [ 1117.025588] dump_stack_lvl+0x8b/0xb3 [ 1117.029606] should_fail.cold+0x5/0xa [ 1117.030368] ? lock_downgrade+0x6d0/0x6d0 [ 1117.031186] ? create_object.isra.0+0x3a/0xa20 [ 1117.032092] should_failslab+0x5/0x10 [ 1117.032837] kmem_cache_alloc+0x5b/0x480 [ 1117.033636] create_object.isra.0+0x3a/0xa20 [ 1117.034528] ? kasan_unpoison+0x23/0x50 [ 1117.035315] kmem_cache_alloc+0x239/0x480 [ 1117.036128] anon_vma_clone+0xd3/0x560 [ 1117.036903] __split_vma+0x16d/0x540 [ 1117.037628] ? mas_destroy+0x391/0x8d0 [ 1117.038397] do_mas_align_munmap.constprop.0+0x25e/0xc00 [ 1117.039470] ? __split_vma+0x540/0x540 [ 1117.040236] ? mas_walk+0x48a/0x670 [ 1117.040941] ? mas_find+0x203/0xdd0 [ 1117.041648] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1117.042729] ? get_old_pud+0xc9/0x3a0 [ 1117.043481] ? alloc_new_pud.constprop.0+0x202/0x310 [ 1117.044485] ? move_page_tables+0xb06/0x1e70 [ 1117.045359] do_mas_munmap+0x1ed/0x2c0 [ 1117.046141] do_munmap+0xc3/0x100 [ 1117.046822] ? vm_brk+0x20/0x20 [ 1117.047471] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1117.048476] move_vma.constprop.0+0x887/0xf40 [ 1117.049359] ? move_page_tables+0x1e70/0x1e70 [ 1117.050255] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1117.051229] ? cap_mmap_addr+0x50/0x300 [ 1117.052043] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1117.053124] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1117.054201] ? security_mmap_addr+0x79/0xa0 [ 1117.055059] __do_sys_mremap+0x78f/0x14f0 [ 1117.055873] ? move_vma.constprop.0+0xf40/0xf40 [ 1117.056788] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1117.057866] ? fput+0x2a/0x50 [ 1117.058498] ? ksys_write+0x1a5/0x250 [ 1117.059251] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1117.060240] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1117.061257] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1117.062269] do_syscall_64+0x3b/0x90 [ 1117.062992] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1117.063993] RIP: 0033:0x7fe3cdd6fb19 [ 1117.064712] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1117.068291] RSP: 002b:00007fe3cb2e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1117.069787] RAX: ffffffffffffffda RBX: 00007fe3cde82f60 RCX: 00007fe3cdd6fb19 [ 1117.071200] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1117.072643] RBP: 00007fe3cb2e51d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1117.074091] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1117.075527] R13: 00007fffdf0ea1bf R14: 00007fe3cb2e5300 R15: 0000000000022000 [ 1117.076972] [ 1117.077449] CPU: 0 PID: 9757 Comm: syz-executor.1 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1117.079492] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1117.081786] Call Trace: [ 1117.082324] [ 1117.082770] dump_stack_lvl+0x8b/0xb3 [ 1117.083578] should_fail.cold+0x5/0xa [ 1117.084358] _copy_from_user+0x2a/0x170 [ 1117.085174] kstrtouint_from_user+0xac/0x160 [ 1117.086079] ? kstrtouint+0x120/0x120 [ 1117.086895] ? rcu_read_lock_sched_held+0xd/0x70 [ 1117.087880] ? lock_acquire+0x41c/0x4d0 [ 1117.088694] proc_fail_nth_write+0x78/0x220 [ 1117.089596] ? proc_task_getattr+0x1f0/0x1f0 [ 1117.090526] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1117.091670] ? proc_task_getattr+0x1f0/0x1f0 [ 1117.092584] vfs_write+0x26a/0xad0 [ 1117.093328] ksys_write+0x12d/0x250 [ 1117.094080] ? __ia32_sys_read+0xb0/0xb0 [ 1117.094942] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1117.095965] ? fpregs_assert_state_consistent+0xbc/0xe0 15:49:27 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x3000000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 1117.097063] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1117.098269] do_syscall_64+0x3b/0x90 [ 1117.099055] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1117.100109] RIP: 0033:0x7ff1663ee5ff [ 1117.100863] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 1117.104643] RSP: 002b:00007ff1639b1170 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 1117.106216] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff1663ee5ff [ 1117.107682] RDX: 0000000000000001 RSI: 00007ff1639b11e0 RDI: 0000000000000004 [ 1117.109140] RBP: 00007ff1639b11d0 R08: 0000000000000000 R09: 0000000000000000 [ 1117.110610] R10: 0000000000000003 R11: 0000000000000293 R12: 0000000000000002 [ 1117.112070] R13: 00007fffc2898d3f R14: 00007ff1639b1300 R15: 0000000000022000 [ 1117.113537] [ 1117.115216] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:49:27 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x0, 0xfffffffffffffff9, 0xcae8}) 15:49:27 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x112, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:49:27 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffffffffffff9, 0xcae8}) 15:49:27 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:49:27 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x4000000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:49:27 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x0, 0xfffffffffffffff9, 0xcae8}) 15:49:27 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 25) 15:49:27 executing program 2: syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x8734, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) mlock2(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r0, &(0x7f0000000140)={0x37}, 0x14) ioctl$TUNDETACHFILTER(r0, 0x401054d6, 0x0) pipe2$9p(&(0x7f00000000c0), 0x44800) r1 = mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) syz_io_uring_submit(0x0, r1, &(0x7f0000000080)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, {0x2}}, 0x9) [ 1117.305086] loop5: detected capacity change from 0 to 260 [ 1117.327109] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:49:27 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) mount$9p_fd(0x0, &(0x7f0000000240)='./file0/../file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@debug={'debug', 0x3d, 0x8000}}, {@access_any}, {@nodevmap}, {@cache_fscache}], [{@func={'func', 0x3d, 'FILE_MMAP'}}, {@fowner_lt={'fowner<', 0xee01}}, {@dont_measure}, {@uid_lt={'uid<', 0xffffffffffffffff}}, {@fowner_lt={'fowner<', 0xee01}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x65, 0x62, 0x30, 0x34, 0x62, 0x61, 0x35], 0x2d, [0x36, 0xd, 0x31, 0x54], 0x2d, [0x30, 0x32, 0x62, 0x7], 0x2d, [0x63, 0x33, 0x30, 0x37], 0x2d, [0x63, 0x38, 0x65, 0x0, 0x66, 0x31, 0x32, 0x33]}}}, {@fowner_gt={'fowner>', 0xffffffffffffffff}}]}}) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/bus/usb', 0x10000, 0x43) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r3, &(0x7f0000000140)={0x37}, 0x14) fcntl$dupfd(r1, 0x0, r3) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r3, 0xc018937e, &(0x7f0000000280)={{0x1, 0x1, 0x18, r2, @in_args={0x4}}, './file0/../file0\x00'}) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) [ 1117.339171] FAULT_INJECTION: forcing a failure. [ 1117.339171] name failslab, interval 1, probability 0, space 0, times 0 [ 1117.341582] CPU: 0 PID: 9787 Comm: syz-executor.4 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1117.343514] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1117.345993] Call Trace: [ 1117.346524] [ 1117.346991] dump_stack_lvl+0x8b/0xb3 [ 1117.347766] should_fail.cold+0x5/0xa [ 1117.348594] ? mas_alloc_nodes+0x2f4/0x600 [ 1117.349472] should_failslab+0x5/0x10 [ 1117.350274] kmem_cache_alloc+0x5b/0x480 [ 1117.351116] mas_alloc_nodes+0x2f4/0x600 [ 1117.351959] mas_node_count+0x101/0x130 [ 1117.352773] mas_root_expand.isra.0+0xe5/0xa60 [ 1117.353737] mas_wr_store_entry.isra.0+0x33c/0x10e0 [ 1117.354769] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1117.355988] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1117.357116] mas_store_gfp+0xca/0x1f0 [ 1117.357903] ? mtree_store+0x30/0x30 [ 1117.358675] do_mas_align_munmap.constprop.0+0x487/0xc00 [ 1117.359796] ? __split_vma+0x540/0x540 [ 1117.360594] ? mas_walk+0x48a/0x670 [ 1117.361337] ? mas_find+0x203/0xdd0 [ 1117.362083] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1117.363224] ? get_old_pud+0xc9/0x3a0 [ 1117.364008] ? alloc_new_pud.constprop.0+0x202/0x310 [ 1117.365051] ? move_page_tables+0xb06/0x1e70 [ 1117.365966] do_mas_munmap+0x1ed/0x2c0 [ 1117.366789] do_munmap+0xc3/0x100 [ 1117.367509] ? vm_brk+0x20/0x20 [ 1117.368195] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1117.369220] move_vma.constprop.0+0x887/0xf40 [ 1117.370169] ? move_page_tables+0x1e70/0x1e70 [ 1117.371096] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1117.372113] ? cap_mmap_addr+0x50/0x300 [ 1117.372939] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1117.374066] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1117.375202] ? security_mmap_addr+0x79/0xa0 [ 1117.376088] __do_sys_mremap+0x78f/0x14f0 [ 1117.376946] ? move_vma.constprop.0+0xf40/0xf40 [ 1117.377907] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1117.379054] ? fput+0x2a/0x50 [ 1117.379694] ? ksys_write+0x1a5/0x250 [ 1117.380482] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1117.381502] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1117.382605] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1117.383660] do_syscall_64+0x3b/0x90 [ 1117.384433] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1117.385484] RIP: 0033:0x7fe3cdd6fb19 [ 1117.386253] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1117.390008] RSP: 002b:00007fe3cb2e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1117.391570] RAX: ffffffffffffffda RBX: 00007fe3cde82f60 RCX: 00007fe3cdd6fb19 [ 1117.393028] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1117.394485] RBP: 00007fe3cb2e51d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1117.395943] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1117.397388] R13: 00007fffdf0ea1bf R14: 00007fe3cb2e5300 R15: 0000000000022000 [ 1117.398874] 15:49:38 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 26) 15:49:38 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2002, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:49:38 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x5000000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:49:38 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0x0, 0xcae8}) 15:49:38 executing program 0: ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffffffffffff9, 0xcae8}) 15:49:38 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x54d601, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) 15:49:38 executing program 2: ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(0xffffffffffffffff, 0x80489439, 0xfffffffffffffffc) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_io_uring_setup(0x200, &(0x7f0000000000)={0x0, 0x0, 0x1, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r2, &(0x7f0000000140)={0x37}, 0x14) syz_io_uring_setup(0x6d87, &(0x7f0000000200)={0x0, 0x3168, 0x8, 0x1, 0x1de, 0x0, r2}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f00000002c0), &(0x7f0000000300)) io_uring_enter(r1, 0x10000, 0xfcc8, 0x0, &(0x7f0000000080)={[0x1]}, 0x1) ioctl$FS_IOC_SETVERSION(r1, 0x40087602, &(0x7f00000000c0)=0x100000000) r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r3) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0, {0x1}}, './file0\x00'}) r5 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r5, &(0x7f0000000140)={0x37}, 0x14) ppoll(&(0x7f0000000140)=[{r4, 0x86}, {r5, 0x400}, {r1, 0x3000}], 0x3, &(0x7f0000000180)={0x77359400}, &(0x7f00000001c0)={[0x101]}, 0x8) 15:49:38 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x300, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) [ 1128.219892] FAULT_INJECTION: forcing a failure. [ 1128.219892] name failslab, interval 1, probability 0, space 0, times 0 [ 1128.221174] CPU: 0 PID: 9811 Comm: syz-executor.4 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1128.222176] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1128.223398] Call Trace: [ 1128.223672] [ 1128.223913] dump_stack_lvl+0x8b/0xb3 [ 1128.224331] should_fail.cold+0x5/0xa [ 1128.224733] ? create_object.isra.0+0x3a/0xa20 [ 1128.225222] should_failslab+0x5/0x10 [ 1128.225631] kmem_cache_alloc+0x5b/0x480 [ 1128.226060] ? mas_destroy+0x391/0x8d0 [ 1128.226371] loop5: detected capacity change from 0 to 260 [ 1128.226482] create_object.isra.0+0x3a/0xa20 [ 1128.228133] ? kasan_unpoison+0x23/0x50 [ 1128.228566] kmem_cache_alloc+0x239/0x480 [ 1128.229001] mas_alloc_nodes+0x2f4/0x600 [ 1128.229438] mas_node_count+0x101/0x130 [ 1128.229863] mas_root_expand.isra.0+0xe5/0xa60 [ 1128.230375] mas_wr_store_entry.isra.0+0x33c/0x10e0 [ 1128.230897] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1128.231507] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1128.232085] mas_store_gfp+0xca/0x1f0 [ 1128.232484] ? mtree_store+0x30/0x30 [ 1128.232888] do_mas_align_munmap.constprop.0+0x487/0xc00 [ 1128.233468] ? __split_vma+0x540/0x540 [ 1128.233881] ? mas_walk+0x48a/0x670 [ 1128.234267] ? mas_find+0x203/0xdd0 [ 1128.234657] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1128.235252] ? get_old_pud+0xc9/0x3a0 [ 1128.235664] ? alloc_new_pud.constprop.0+0x202/0x310 [ 1128.236203] ? move_page_tables+0xb06/0x1e70 [ 1128.236676] do_mas_munmap+0x1ed/0x2c0 [ 1128.237095] do_munmap+0xc3/0x100 [ 1128.237469] ? vm_brk+0x20/0x20 [ 1128.237819] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1128.238359] move_vma.constprop.0+0x887/0xf40 [ 1128.238841] ? move_page_tables+0x1e70/0x1e70 [ 1128.239316] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1128.239844] ? cap_mmap_addr+0x50/0x300 [ 1128.240271] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 1128.240853] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1128.241435] ? security_mmap_addr+0x79/0xa0 [ 1128.241897] __do_sys_mremap+0x78f/0x14f0 [ 1128.242361] ? move_vma.constprop.0+0xf40/0xf40 [ 1128.242858] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1128.243447] ? fput+0x2a/0x50 [ 1128.243778] ? ksys_write+0x1a5/0x250 [ 1128.244185] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1128.244707] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1128.245273] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1128.245819] do_syscall_64+0x3b/0x90 [ 1128.246222] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1128.246777] RIP: 0033:0x7fe3cdd6fb19 [ 1128.247173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1128.249121] RSP: 002b:00007fe3cb2e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1128.249915] RAX: ffffffffffffffda RBX: 00007fe3cde82f60 RCX: 00007fe3cdd6fb19 [ 1128.250669] RDX: 0000000000001000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1128.251424] RBP: 00007fe3cb2e51d0 R08: 0000000020ffc000 R09: 0000000000000000 [ 1128.252180] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1128.252933] R13: 00007fffdf0ea1bf R14: 00007fe3cb2e5300 R15: 0000000000022000 [ 1128.253683] 15:49:38 executing program 6: ioctl$CDROMMULTISESSION(0xffffffffffffffff, 0x5312, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x400c6615, &(0x7f0000000000)={0x0, @adiantum}) 15:49:38 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x6000000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:49:38 executing program 0: ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffffffffffff9, 0xcae8}) 15:49:38 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0x0, 0xcae8}) [ 1128.307605] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:49:49 executing program 2: ioctl$FIONREAD(0xffffffffffffffff, 0x541b, &(0x7f0000000100)) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x982, 0x0) r1 = syz_open_dev$ptys(0xc, 0x3, 0x0) ioctl$KDSKBSENT(r1, 0x4b49, &(0x7f00000002c0)={0x3, "d27a280f630521174ea06741c6df5106b71f5f918f682e2a1f0e03c9aada23315be44aa0ea023a71574dcc138894b7a004f503486daabf09f92a6c1f9d2baba1158e434e335e18b014e1654c9b9736da8b9afb022320f7a49ea3f89a0b63faa3be1d202baa63a34d0f56772d264c00d27f480152c05346ee946352c9195b6bfe01df79eb93ebd9d59e54190d295002058d737d3f0a071f1340052b5becd6535b58a9cb9fed75ecb07801614cc38ee4ad28abfd0fb4ae4f28b95093a94382139dfb0490cbd84684cc7670f717b4f2da50c8f4069b018e515a2df7ea517f5e4709ca3aab7bdc6aa0de148f51d769939937dde48e61e5492b5a6c0bdafe3ead7b7944445399102381a5dc4d363b1050795beeccb1773e6add46a2b94618d9398dcfd48ddd5c5c9edc05f44fbf6c63b7bc84fdf960756947d4b3240ace6ce2812207f782419d15f8ab5e42c611e83bab9d9427430a3afa70b9ecb45b2f61f8c7cf3ab26cae5d520cfb9f6333621415ebd6c987034b4fe3561e94db6053c2274bd805794118b82db054e6e88e07f66e56806571d0f6001b620d9169c5c2d38f443c7e1f821e70e0a5c6fdc821009b205b0260cd23f7eac9b4bfd9924abc4485ff096103e73ca600800d13c34f51cefd46710f22915de80d1ccaac845281e4e3809085a7ee92ef2c7a5beecba84aab31f4a19e18c4d2e2235b42e3eed14089e3adaa7c"}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'veth0_to_bond\x00'}) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000001500)=ANY=[@ANYBLOB="011100003f00000000000000982aa3a70b51dabbc88595d5b7c6e2900bcbe4e868903738260000caf018c1e39a7c327fd92481886cd060ab3cdd00755a7865d724048072a4711cfd033634f2fa7c6c8066f4b30e00d4c5961fcb93ca333cc0c891d81d6229c1d234762fce1aa214376e5adca2862b696dd45fc4abbd192b0d470d7c27d1ec80b015565c79e6e35f3c1a9f7d0e4bfc13223cea50bfae1ed9feef199a17", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00./file0\x00']) r2 = syz_io_uring_setup(0xfffc, &(0x7f0000000000)={0x0, 0x3c69, 0x4, 0x1, 0xb7}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r0, 0x5000943f, &(0x7f0000000500)={{r2}, 0x0, 0x4, @inherit={0x90, &(0x7f00000001c0)={0x1, 0x9, 0x6, 0x8, {0x18, 0x99, 0x9, 0xffff, 0x4d}, [0x0, 0x8, 0x9, 0x128dee27, 0x0, 0x5, 0xba, 0x7, 0x7fff]}}, @subvolid}) 15:49:49 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) sendfile(r0, r0, &(0x7f0000000040)=0xffffffff, 0x1) 15:49:49 executing program 0: ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffffffffffff9, 0xcae8}) 15:49:49 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x7000000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:49:49 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2003, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:49:49 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0x0, 0xcae8}) 15:49:49 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x301, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:49:49 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) (fail_nth: 27) [ 1139.447722] FAULT_INJECTION: forcing a failure. [ 1139.447722] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1139.450501] CPU: 1 PID: 9835 Comm: syz-executor.4 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1139.452651] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1139.455202] Call Trace: [ 1139.455776] [ 1139.456275] dump_stack_lvl+0x8b/0xb3 [ 1139.457162] should_fail.cold+0x5/0xa [ 1139.458044] _copy_to_user+0x2a/0x140 [ 1139.458940] simple_read_from_buffer+0xcc/0x160 [ 1139.460074] proc_fail_nth_read+0x194/0x220 [ 1139.461068] ? proc_exe_link+0x1d0/0x1d0 [ 1139.462001] ? security_file_permission+0xb1/0xd0 [ 1139.463109] ? proc_exe_link+0x1d0/0x1d0 [ 1139.464033] vfs_read+0x1f0/0x5e0 [ 1139.464826] ksys_read+0x12d/0x250 [ 1139.465633] ? __ia32_sys_pwrite64+0x230/0x230 [ 1139.466690] ? fpregs_restore_userregs+0x164/0x380 [ 1139.467795] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1139.468958] do_syscall_64+0x3b/0x90 [ 1139.469807] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1139.470966] RIP: 0033:0x7fe3cdd2269c [ 1139.471789] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 1139.475894] RSP: 002b:00007fe3cb2e5170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1139.477591] RAX: ffffffffffffffda RBX: 0000000020ffc000 RCX: 00007fe3cdd2269c [ 1139.479193] RDX: 000000000000000f RSI: 00007fe3cb2e51e0 RDI: 0000000000000004 [ 1139.480776] RBP: 00007fe3cb2e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1139.482356] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1139.483964] R13: 00007fffdf0ea1bf R14: 00007fe3cb2e5300 R15: 0000000000022000 [ 1139.485574] [ 1139.488650] loop5: detected capacity change from 0 to 260 15:49:49 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2004, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:49:50 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2009, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) [ 1139.513095] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:49:50 executing program 0: socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffffffffffff9, 0xcae8}) 15:49:50 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9}) 15:49:50 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:49:50 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x200a, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:49:50 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x9000000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:49:50 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x405, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:49:50 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r1, 0xf503, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r2, &(0x7f0000000140)={0x37}, 0x14) sendmsg$IPSET_CMD_SAVE(r2, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x38, 0x8, 0x6, 0x101, 0x0, 0x0, {0x7, 0x0, 0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x38}, 0x1, 0x0, 0x0, 0x4001}, 0xa1) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) 15:49:50 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$TUNDETACHFILTER(r1, 0x401054d6, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r2, &(0x7f0000000140)={0x37}, 0x14) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r3, &(0x7f0000000140)={0x37}, 0x14) r4 = syz_io_uring_setup(0x136, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2, 0x2a9, 0x0, r2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) io_uring_register$IORING_REGISTER_PROBE(0xffffffffffffffff, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003a2b0af60000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009284e41c1d3fce2d7517e99f05a195a30422295db963f87abb27133a6b89bc6f8e9224b42a888cb5281c87401b0679b937566856fa5dd315e2eb2603cfc609fbe4b960fb5f4e15a2356665763df8ea8ee9877ccac5ffd188736667cd6e76bbfff7d35a9aca0f6b7886cb8aaa6502367c26a0878ddd82d80dad935d42711abb4c2ce00cd49db9eb1e81beec002b054619b1ceada62b6507f7b28ad585f3833da7c7c08b0dace4b60525ddf6a7bfa582a819d0b27b"], 0x16) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) r5 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r5, &(0x7f0000000140)={0x37}, 0x14) ioctl$TUNGETFEATURES(r5, 0x800454cf, &(0x7f0000000180)) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x540, 0x0) r6 = openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x84000, 0x130) fstat(r4, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TUNSETGROUP(r6, 0x400454ce, r7) 15:49:50 executing program 0: socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffffffffffff9, 0xcae8}) [ 1139.629016] loop5: detected capacity change from 0 to 260 [ 1139.641547] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:50:01 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2002, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:50:01 executing program 0: socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffffffffffff9, 0xcae8}) 15:50:01 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'vlan1\x00'}) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r2, &(0x7f0000000140)={0x37}, 0x14) mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x4, 0x20010, r2, 0x10000000) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:50:01 executing program 6: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r0, 0xc0189378, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {0xffffffffffffffff}}, './file0\x00'}) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0xfff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7ff}, 0x1c) write$P9_RMKNOD(r0, &(0x7f0000000140)={0x37}, 0x14) readv(r1, &(0x7f0000001500)=[{&(0x7f0000000180)=""/78, 0x4e}, {&(0x7f0000000200)=""/154, 0x9a}, {&(0x7f00000002c0)=""/100, 0x64}, {&(0x7f0000000340)=""/4096, 0x1000}, {&(0x7f0000001340)=""/153, 0x99}, {&(0x7f0000001400)=""/220, 0xdc}], 0x6) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x57) ioctl$CDROMMULTISESSION(r2, 0x5312, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r3, &(0x7f0000000140)={0x37}, 0x14) fcntl$setown(r3, 0x8, 0x0) connect$inet6(r3, &(0x7f0000001780)={0xa, 0x4e22, 0xee79, @private1={0xfc, 0x1, '\x00', 0x1}, 0x3}, 0x1c) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r4, &(0x7f0000000140)={0x37}, 0x14) r5 = fsmount(r1, 0x0, 0x80) write$binfmt_elf64(r5, &(0x7f0000001580)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x1, 0x1, 0x6, 0x5, 0x2, 0x3, 0x4, 0xc, 0x40, 0x2b1, 0xfffff7f0, 0x3, 0x38, 0x2, 0x4, 0x5, 0x7ff}, [{0x6, 0x7, 0x81, 0x6, 0x8, 0x40, 0x1, 0x1}], "0968c6351c33c8d5e42b51aa5ace3dde8207bce0f65b1ab9d51f0930cd5f93cc", ['\x00']}, 0x198) ioctl$INCFS_IOC_PERMIT_FILL(r2, 0x40046721, &(0x7f0000000100)={r4}) 15:50:01 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x4f9, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:50:01 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9}) 15:50:01 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x200b, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:50:01 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0xf000000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:50:01 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x200c, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) [ 1151.227017] audit: type=1400 audit(1645890601.753:24): avc: denied { execute } for pid=9891 comm="syz-executor.2" path="/proc/9891/coredump_filter" dev="proc" ino=34789 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=file permissive=1 [ 1151.235458] loop5: detected capacity change from 0 to 260 [ 1151.254512] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:50:01 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, 0x0) 15:50:01 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9}) 15:50:01 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2003, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:50:01 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x75010000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:50:01 executing program 6: openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) 15:50:01 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x500, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:50:01 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x200d, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:50:01 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) pipe2(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84800) r2 = syz_io_uring_setup(0x0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x1ce, 0x0, r1}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000080)=@IORING_OP_READ_FIXED={0x4, 0x1, 0x6000, @fd_index, 0x6, 0x800, 0x8001, 0x14, 0x1, {0x3}}, 0x6) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) ioctl$FS_IOC_SETVERSION(r2, 0x40087602, &(0x7f00000000c0)=0xff) 15:50:10 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:50:10 executing program 7: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'vlan1\x00'}) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r2, &(0x7f0000000140)={0x37}, 0x14) mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x4, 0x20010, r2, 0x10000000) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:50:10 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, 0x0) 15:50:10 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2004, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:50:10 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x300, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:50:10 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x9effffff, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:50:10 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$CDROM_SEND_PACKET(r1, 0x5393, &(0x7f00000001c0)={"eeaa407f01cb6f0c8e9dff2c", &(0x7f0000000040)="ed216a21d9babe230cc180f3584cea0eff7f0a3415a4dcd8127566ae6bf88e94ba8bc9a88816eaf3ee82ba95d9a4e958b4584b3a19fa708768dd1f1149de729b1a298ea3e47585a3f2de85d5f25aae0d4195368bbd1ed64038b8b6c7a8d5ade434deb3b524a9ad4f71e3b1353f5cbc473fbef6fdb348f323a15675f537df85c3476a34f72a22ba852b7b7c4459770edd23821337a20240b6a6f666db1370766dd4e5e6bf5b5500cd02ac3d7c0654964c89fd14e643cb2eccc2c0f12ec7755f49b46ebefe9a0b5b2e1d282bdc463b9d", 0xcf, 0x62b0, &(0x7f0000000140)={0x8, 0x1, 0x2, 0x3, 0x0, 0x0, 0x0, "647320cc", 0x3, "166a2d1e", 0xff, 0x7, 0xfb, "bdc859", "98b16d21731e12cc3089d78b5f68fe01896d4ad3417441346be93395d4c58e638f3ed1b487e47601c27d4fdb07c5"}, 0x3, 0xffff, 0x0, &(0x7f0000000180)}) 15:50:10 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x504, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) [ 1160.441184] loop5: detected capacity change from 0 to 260 [ 1160.451993] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:50:11 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2009, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:50:11 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x505, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:50:11 executing program 7: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x7000000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:50:11 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, 0x0) 15:50:11 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$TIOCSBRK(r1, 0x5427) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) ioctl$BTRFS_IOC_START_SYNC(r1, 0x80089418, &(0x7f0000000080)) 15:50:11 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x500, 0x3, &(0x7f0000ffc000/0x1000)=nil) [ 1160.544870] loop5: detected capacity change from 0 to 260 15:50:11 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0xf0ffffff, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 1160.557547] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:50:21 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0xfcffffff, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:50:21 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x200a, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:50:21 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$TIOCSBRK(r1, 0x5427) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) ioctl$BTRFS_IOC_START_SYNC(r1, 0x80089418, &(0x7f0000000080)) 15:50:21 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0xcae8}) 15:50:21 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x506, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:50:21 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0xa00, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:50:21 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000040), 0x220620, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) r1 = syz_io_uring_setup(0x4eff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000140)={0x37}, 0x14) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000001440)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {r4}}, './file0\x00'}) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x8, 0x4010, r1, 0x0) syz_io_uring_setup(0x3d4f, &(0x7f0000000080)={0x0, 0x86e5, 0x4, 0x0, 0x2ef, 0x0, r1}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000280), &(0x7f0000000340)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000380)=@IORING_OP_WRITE_FIXED={0x5, 0x4, 0x4004, @fd_index=0xa, 0x6, 0x1000, 0x6, 0x4, 0x0, {0x4001}}, 0x7fffffff) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r4, 0x80, &(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @private1}}, 0x0) syz_io_uring_setup(0x4eff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r10 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_submit(r8, r9, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r10, 0x80, &(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @private1}}, 0x0) syz_io_uring_submit(r2, r9, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r0, 0x0, &(0x7f0000000180)="b5b5890163d65870ab3ec546287d2bc5038784917e4cbefaea138756f443da83db3e25e6da87e2441be299ce82fceb4269104b5070d06b8032bf988ac6e956c327fff88117fe7e6950ce1eb2a4672945617000e5405d584b753db9e463da20163d029304ada40700646595f801b478752e57860456a1e7741135153738113dbc821983f62205d258ff77493bbebf78f96e2e2617d06b21f9b4d8290960be222f75e988a83c193c7820d74ca6b9baa0b2984e038a80cd38ecb43abb6374a0e4661c78a10a80337a41231bf96c616036f9a431ddaf3326cec96c3e4658694163489dfadee7", 0xe4, 0x60}, 0x0) r11 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r11, &(0x7f00000013c0)={0x14, 0x13, 0x1, {0x2, 0x0, 0x3}}, 0x14) fallocate(r11, 0x2, 0x2, 0x7) r12 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r12, &(0x7f0000000140)={0x37}, 0x14) ioctl$BTRFS_IOC_SNAP_DESTROY(r12, 0x5000940f, &(0x7f00000003c0)={{r10}, "e9d9c9a29442f9b23ef6b69aeca0c862848d2036c896b0fe859da20b86471525c82f185ee2439d1fc6b85dd675d724fd4dcaa3c40953b01994bc97647091fff8955950fb9abaea41cc5ad853217efbd51efece07157e5438674cdf177a2c36d7407a141bfe9bdf0d1aa421a365539b55fdbd165feee076c9a62abbd049aadaf5f27235bdf3a3f83edbc1b70953bc7cdae5205fb610c7578e0e0ceda6e22a88e6bdf2e81eacda8ffa3288625e79246f3b7a81d17a396aea93a51065c9628266e6c3ebf7dff570986a7b56f5c0d2662a05bbe2d43a3a0c511f0692ccc4bd1428aed4c3bbae3482a37a7429617ed0a3e75f297cb7670b27a24e54ec55de5a9e5717a7f1ca37774a2c3fedf068380015a1317c9bc896190706a823deefb6b2225cbd388f9418f0c19780e1083ea16bb32ff5a3399403836aee80860f3e5eb443089775c286463afddece7de8383f39f5c41696f22771b079a9cf7a789bafc93cad32d66822ace3b2ec425b34249089d1f4ec7a8d800d89227cd8341c30be65eeb5ccd870d5eb4f615bd614b635337fb84d5825c4f73111695a6da3e660af61523cb15ba73af22003ce5b61afa8b19772dd8fd0aa8ce25854f7afbb1ab919de0d1076dac3c966ec9e87e7a6085c3da33635dad6bf3f7ec7ffb1390565ccc695fe3aae72e0b050e6dafc3769d509d4f278c9ccbb62d1cf0cb4637ff7a9602769effed702f86bdb870a83603a31764bbfcf8fd33d735d850ec5f3a128836e9d11cd20e3164216fe7835f663edb1d940d76138c3c2680aaae219658f9587307fc18941ec645b5a305740901b4d9ac59d06a57d98fd815482dfdc043c74a97fa2c303e3aeef6094bcb3aa2ce8c53112884f919e31bff79eea4394b072e0fd3faad79ef7bd1b92eb63512642429192f3a5968aeb03967b34df3e007bf093ac1aa6c47fb0e3b175bf92ecfcaa27c87c3a822d5c285baf2aae5071743c35a840c723dece4a1e0ae4c68b7d38611253dcbd1f6d7a630e33f023b74663682d1261d8a5e77d2c284c0c7c3321bf3e8cfabd6f1f8312d920ced197c0173e680a44577cecfe7a5f86bfa4807eaa9bae96075908da4bd82b7858d372a445719e28709ffbd9ce26b553be345353f6a62f6ef81e4441033bd2dcc5eb7c500aca55fdf6ba759654000f0c867d163f2c8593dab9f7060022a9e86a691bc36658f98ee408a278203b5ebc258ac7b9cbcd0b1bf22ddde280b764355f49b8f6aec4ba5250c6b5e7c4aaac4fd6c1540f8fabdb15927a1f9fab5d07939af6af966fce3fa7c852cff1a7e89e2160c61cc16edc1ccff8d9cbeb539b889647d5d9e6700b96cb259f642c03beda8fffc4d2d691025eb7976accd050f4d2bac5ab8bf24fadfa11962e839b230e22463c7e08dc7319a2397ce44895575d35d652ed443e8d9c7c2de2735a6cd072bfc334c709c4b7c4e699c9baec08145edc0a2f314b86d9d2a14a69b0c173e6e85c4f063c22395f43cc594530ccdd9e1004018b12feb21a53a7df35d4c5e5d9403eea45bd763c632b0602bfd3008e680e1ecccb6f584d22f390048a83191e6ff02181ea63d4f74b70dc59c9167fee38efcb32fa98e84dc791c0ad43769b7af34dd8474ca160b66fe4ba1d40019ff5bf26e370113fccfef2a8116aaa19aa9e60349ff3f8f651e0edaf5e5bf463176df84c66371fe21a9fa04be15943a2596dae577f3786a76a969a1b387e9156b2ec7c945c0c4ef763bc1926b3d09794aa77a7eeeb8fd55797ee4376f03ca228212831adfa25dcb7b2e81a739492cc29feee59d70e1988c7add62a8a47a3f65eaddd992d9b1b735e7659352c001c410a820fe6e2a8fa1414f7d7041133b39e466de1e0614c6a82f760da80c2abfa6ca70872c51c3d2c4e978f31d4d99134daf343e568ec195eb816553654a1931146174fec8de36da48b6ff0d6f7bea2260ce48bf46a481c9adabed6793cbd0f04ca691158bc5fa41ef02eeb3b436ec12fa662badd7d2f20b50d381eb0c1393ab814fa77364abf35f0f68f550b2b773ceb23a21fabc10a1d095c14bab739e73e426396db38a856098cc2e69be66cac66d4862084d925138dde803e9d195b556e8845463e779729e433cda306f268f43b454bb63355d4ae82868685ee06bc831db98f7219c911d0cf5bebf97921c436428d6b9714528ae26d55ee61ae1de2c1556c425a8ab09b73bc9adf4535075c94e397860edad203b99d6ea6a0064785fe22c9e221e191ef02a788e88bd3d3f322fc28deb43c60cffbf28f1993d51dce500673a73560145728af4d26c2db0dfa3a3a5dcc3220634a69ed9dd6d7f6c9a899090cd6ce5772dcc69722d7fcf835bc091654349646af69c0603031efe1058eeb4ef7036b47941dbc196572837481dcc83bf98b1488df45688c005f4fdc78ffbb7cc66f3dc08f9ce28b086d310b052815400858e284142773890324aa3463782d5aaa4b229a7826fd5ada80e0f50cfd1673ae89e53cfd9d7a99f57299a1f99b795fe65ff554948973a27b7cd766dcb61ade121ca6df12157808ee3d06981a6ca590862fc505c3aa0919f3fc59f849391b40e7c2f5470645f87f0b9142024e2e10647b2c308582c1ef4973c53d8e49be753bc4f2034a133ee92883409b73ed4688b4c951dda39637de147a57c66a00a715f4fdd25412f941f34323ac9c1b1039fb567c674e420646f36302b1ceaffbdbdc4da75244af37d329301a1937d778f8670483fb3d080bcba6ecafc7c020b5df201f28ea4750b080361bd27cc7bac8236fd98110da0015c2b20d18705025d437a2e289aafb322bd8b87d66c643aa48c2371a0a71693b4173cc92793210e578d1395c000c06ff18a747b268129f91b64637ce87a8011b86bdd36a9085c8a5cd71d76583887ea1159fa77dff8f368f9fc3f55d42a9f8df88691f04cad4d8ed05c6d27a16a7b49e2ad737e79a319a72549fa7a3852d006cde30292c4dae98356a436955af325f8559314475cff9b4434bcddc2eca370ccc5be40d44147db9bc382489152061652f2d79a43303dc06e44dc1fd8137575d04ae6dfe8e2369e1a478a41d92dc8a422146c0e46109a2b81534fafda62fc834d59e3a7ab119a6ec0bcb9af48fe337379dd806bd3606429cdeee06e694c65d4a5ba8d93084419457d4b5035dcda5b4313e4b7fb050e3f06719ce6d40aeb858016d0ef270da5562be786752d98b4ea1b819a401d4fcc468131674631f31606b549a1dd5c1ad25ec86206d7e81315a9c31e060ee4ad3cadf6241a489ed9dd5c0490e3df82aafea309b3bb8b504fdb5242d0c07fbf2232874083b6532217dc538422cc5283111687b26a6706a12562d6a69fe0a58c91f9fe65091d0e4a34fb5a586f40fcdd4bff2a75f90f965acee4a71161ee2d3ecfb811b16d329deb41045e56629d9369397305cd4501e6801e4432c9e644aa7ed0a1f656b30d2880999be0d0fc4e235095827463101d4a936c298321248138862fef1b419d952534fbde1c0dacdd4b61a388dcdac9d8504fae3661b70449d9b1d5331ddb0680eb05ada35f4f637853ee2b201b19f62f5aabae801fd07394138238af38c3a3770cf565c878caac4e54bee83c48589c8f59483481ba7bc041b54f19329eca64f44dd580342359c47a313fb62441a053678476b7748d0f274e6f67691762edbe3fef0cf0f6f1f5f6f80d38e6b55395a810d9f8f2189cb385ad40cdb9a23070cddeca7399aff2e86f0bbddc359a5678c1e02a84926d734479c93b64bd34f2837ff54eec2ee9742509e8702d7b6d05a081b9afc58cab7f9849100111e2dc9cacf29efc50b871244987c9473d33bb8b89bd5743bdeb9cb1e9269f627abd851db8a7ccfb0d701f9a4ff6e2c21cc777baa7152fddc69701e46f0084679ea1d1494b1f95e8385313ac3201eb29b2940bc1282280d2c43376478153df86aa0ec55b9c7d35cf251e9b135d2a673bce93c31df9805d1655e3a94be2983caa381f4c6606378cfdb284aa5660364dd4bd9322880c15c53a1aafeb77373e7c65363df53ab34d3a4b8f524cf4a3e016656d0cbf334a64236d87c1eb12839047054d052d4684fcee42dd1ef8ddd65563095ba0086aa287a5c6ed99336300fe7de05b08d3907a830a7f0461fe720428595be653604ea64efb458ec7812c54f579a7925002bd9966e4ebb791d03fa2549ba322287a8f0713f93021c39f17c43a2d55d937221094a6bb9188a935f5212a137cae69d80b06c84e27b9f227210c3e241191d4e92927e9a30b1ecae568570ca3ed9111a7ae9e4cf616068c95dd9276ac5a0a549a6274354b116c50144743df87201c2c83386bb9b7d93b4e91cc47ee62fd6badbf04bb9ea59202240fb6f8cfe3ae5db0fc172fee97cc9bf8f6515aba000fb9f0a10d8e9d00cad7be0f2aeabf926a8066590f20e297e5fa0f621d7837f3989e1c4582e6c17118d3403aa5bec1f4f5fd894d75e3144626875ec9649e281ab2129e3ed2dfa6c57b5711bc8d377b3fada68f5a83e3e207812688ef0da95287b0b4fdb64dfce63df84675c987234cf2b29e57a39855aa40ededc03e83c55f95595cd468eb5cd5de7cc9c1b67786cfe8098b738daae284d14033e62c7a6eea557829d36c6b7b0c072a5693765c3af4ae419d0eda99aae1897887ca4a7da1671db5d07dae54912d3956de77b0ef656bcdd99db5e0241fdb89090d0901fd7dd331f1eda13a4be038b4c5494ae8e1c32ab07fb4d3686629db6c6c2914187eb77d3782403f0a4736c5c6c02fafa5385345e3c2a3b5c1d9200f6fc4fe5e05808eba363c7955b1e57c66b1ccf49512cf37ef63b23c612a3f0333d7c70c7c9c1d4dfb7c3d1549ef53bd700208bb21b539aaec0cc84545164af894d0e02b3298e3cbb3d075eb9bca1dd12e3d96d3738d82edcfc7f4bd643100b22043b5ba21884d276a523fb7bb9e388533fd1dfcd6ae04e93858f0f9553f1b72f2accc05fd34c775f4b043126f03f82decf3e5a2226830a2b8463bdb8a2202aa664195f1d7cfcb41b49c30a19fbc73f09fcd411a57f9ecc23d0a3fee4afca5688a5d6b1a6d9f751992b19710bfd684cadb6d01a232fe2327815fd06bc5ac41042e506eb7707be51ff74c4244adfc804fdcd68b370e7c6f7b5b6ac893f7ed98843cebdd5cb58d37af0f9ffe274e28461e7b20dc151295495005ea5258fc9e2daf343fed1b96615aadaadccf6feb75d5dda8d5e9fb0c2384ed3199c9fe11611f32453c9df1a1830ff3aafbb6c8f642a4d7f96fb8ae3a6d73935e2e60dc34aafaf0690427a63580f5bae168660102e717c2233916f5e4d7470f1c605fc90531815cdb5a746cc64b4c3cf3ea6b8f38381eb2387df3ddb28a7c32a5a256d26cf2f7ea356e2a6e912011833a78fb2981d81ef8d86e880bbb6ef31834772a885538022e417dbb1148ebcf3c679667145736598b46f7273cd0e51644f19c4d0a9e5ab9099c1ba0f7debd6d1d7d0979b3c821274d1b58a7023dcca6d9ce48e9412f37a761d9455e45818c1dd689113b46424c7eb5cd83ba450da4f2936ce93db40762381197742dd51710032c81f7c7f393387e5653f98927f48834855e1a9192d8419fa14a14fefe037adaf214c3ea08f85897e509056c4da6d9e655e76d9f7c8adf72a447be6e06b3baec3dd99a97c69e2a1751a22608ccc8f4b8e52ea394c72b41ea5ba9fa4593820225427b597599b858eef15ee415a6120fe63839cc3fb0a58320a38328993676a64620131b9df29c7ac41617dc419dec141dd"}) 15:50:21 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x20480, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000080), 0x10040, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'wg2\x00'}) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000100)={'veth0_macvtap\x00'}) 15:50:21 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0xfffff000, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 1170.648929] loop5: detected capacity change from 0 to 260 [ 1170.653961] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:50:21 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0xffffff7f, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:50:21 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0xb00, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:50:21 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x200b, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:50:21 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x508, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:50:21 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0xc00, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:50:21 executing program 7: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$TIOCSBRK(r1, 0x5427) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) ioctl$BTRFS_IOC_START_SYNC(r1, 0x80089418, &(0x7f0000000080)) 15:50:21 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcae8}) [ 1170.810702] loop5: detected capacity change from 0 to 260 [ 1170.817922] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:50:31 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x200c, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:50:31 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) ioctl$SIOCGIFHWADDR(r0, 0x8927, &(0x7f0000000080)={'veth0_to_batadv\x00'}) 15:50:31 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0xffffff9e, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:50:31 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x509, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:50:31 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0xd00, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:50:31 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}}) 15:50:31 executing program 6: openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r0, &(0x7f0000000140)={0x37}, 0x14) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) sendfile(r1, r0, 0x0, 0x7) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r2, &(0x7f0000000140)={0x37}, 0x14) ioctl$sock_SIOCSIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r2, 0x8983, &(0x7f0000000080)) 15:50:32 executing program 7: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x300, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) [ 1181.509363] loop7: detected capacity change from 0 to 260 [ 1181.511735] loop5: detected capacity change from 0 to 260 [ 1181.524153] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:50:32 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x200d, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) [ 1181.536992] FAT-fs (loop7): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:50:32 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1002, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:50:32 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0xfffffff0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:50:32 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x300, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:50:32 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0xffffff9e, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:50:32 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x50a, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:50:32 executing program 6: ioctl$CDROMREADALL(0xffffffffffffffff, 0x5318, &(0x7f0000000040)) r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) 15:50:32 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x0, 0xfffffffffffffff9, 0xcae8}) [ 1181.687588] loop5: detected capacity change from 0 to 260 15:50:32 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x2, &(0x7f0000000000)={0x0, 0x80, 0x0, 0x3, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) [ 1181.712959] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:50:32 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0xfffffffe, 0x4, 0xfffffffe, 0x2f5}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x0, 0x0) r1 = syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x4000000000003, 0x1, &(0x7f0000000200)=[{&(0x7f00000000c0)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}], 0x2810000, &(0x7f0000000240)=ANY=[]) r2 = openat(r1, &(0x7f0000000040)='./file0\x00', 0x101200, 0x100) chdir(&(0x7f0000000140)='./file0\x00') syz_io_uring_setup(0x4eff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @private1}}, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000240)=@IORING_OP_OPENAT={0x12, 0x3, 0x0, r2, 0x0, &(0x7f0000000080)='./file0\x00', 0x185, 0x40840, 0x23456}, 0x87) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB="0078fd45b277059f5498bd6b415ec3ae410000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009d2ce40d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000002000000000000000008000000ab6914741d631841a6b4b888a25873feaf179ca4f405990d2b50b3b38c536de09c1faa7d6530d25a693c3f5dc97c494c7d7daff11ae68b6e5e92a0ef2c54166e7a61a23355e2eca9f0539ef7c623c68781d0d51423cf9e20d047cff3eafab98405b6ac236326f3ddc99c07fe5154f2ade5ab8565612cfda6010835ab8f16dc9b94bffd175f72907c790bfa45b3f16fc96148d8b86f04f60f2b8de66dc375d96a43667c7c4b64242d5b9aff24bfcfda33f5d3d365afad58d6b96aedcc48c0a2cd271d1e412c6378a8812a44b3a84817ea8034b90000000000000000"], 0x120) write$binfmt_aout(r7, &(0x7f0000000080)=ANY=[], 0x220) sendfile(r7, r6, 0x0, 0xfffffdef) r8 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r8, &(0x7f0000000140)={0x37}, 0x14) pwrite64(r8, &(0x7f0000001040)="c3308b6f1ae2d28df151275ca00a49cc38c8d74abdf089e46fe10d66273a539e797e763a0516f9aab049936c31c913c5558d8c84fab51f8b1f6e4bbb11b2067c7dae65fd0a00e72ecad7a926fb5fc8cc72a38f39ad42827ba7bc714924adfa286311be0593b443e5d4a324033fe56a7fef7d43eec5a31e7ef0182a993662732a4bac9b285e1446946f5ded0af019da0cda3b5d56405e915cdd358129d729f1b61722fd436448d9b015638cedc28d325803ad9e0e9ab4028ac62f70cd20d5425d465de711610ad5435757ec3ad6ef270710bc5f09120cdbf8761db18d51f4254a18661359001f112217ed84f72e3f7153b9d68d6d40f69081b28a3a534fca3990ae9fd8e15cee74ee29b5a675a1388d5537df95cce93dc3abf0340fffa8d668fc9ff53137e361c7c1b3813c8d732c7001b1c3bc809224253c96a2ae35cd5a03db1a8c19b13d89e1b23f74f0ec9dd2dd034fda38a214da2f4367772b6a7ab2b874362df016b1ed263c5462738c37cccb8bc15bb28ce16b76cfe1279c8b37139d4099249850a97485e9d7ac4e38403d85014262ec3ed74dfdaeb65bf4906f32a404b5f97988908a564a1eb22768317a4ee42ebbc467db59894e4d9d3bd0bdedbac7801a97ed5fe8cb2bb12bc5398306a4709e76b7997b88917dd741a697041d3b3fb400d0768840c7df57d561f50c8c336a42074df3e32fcc2cc4d9141edbb54578dc912175ecab40e2a721bd87bab0be7f8cbcc1421135e39dab7bba9d2c8eede28e2a2ac1e8d1d0549281c0e0b5435219a10f0dca5be3482b6c959089c02fc50c2e8c8bf56316b98e0cdbaa09cbcab97dea698a3cb55026d77d6720349dc3bea034db495284e66821958fd3cc74c37ff03c0d78ad073bd1961d61c89bc78b6b440a3896b8a3db1526197593cd544ad9f3ce26a99205c900a55722685feb46b902b0a860f73ebf7bc8855f81f0ef38ff16a7453227ca1305fd078ffc4c152ba3b2f5edc1571c1f3f5ef271a07ab6286caa45c3085c907d67bb44dcc5fb9bf630ef1c3a9f16adc21d00dac44b97b1df2a157b125610d5199ca515d9ff381ffe424b8c3f4ab23bbce0e19051c6d6ab0e0d48267b9fbb29ee36061118eedd5cfd0d04dd73cd234ce7793af498b6918d5495fd9fed343dcec3ca4772430f12d4db8e6a7fb4690eea6c066018f18cbec832827fe3bbfacbecf4976c18462ffad3045b671cc34be72a293f508d24ddc26d2b19f67fcaa7338f48925855a48e7ba2ddc01ee66e455c0fcefc851859ef3cc7388c1c07c6b828ddc817acc9c7ab61285826f37fe7d7e61ce77b3f19480f0631c84a09dde94a74d26e02e33fb1c9fca2a8ac3544985be414f14f5a5f7b1c3318e1b6650da879a3c392ee21858efdd88e546906cede13b2d116663f689215063920f8735209787763ab70d35cce55bbca56e3e00ff49ae79b2b64ba583c4130b36de2710751a7260cc50b2d7ecc2284c466d68d62be68fea4f51ae832d75271e4006dac7b940c49acde64517b9b30bbafc8934afe6f64bc7e96a3211cd4391c9e0846d071cda84d3db699cb392c1068740eab5e100430e7772dd63f8dd5cee9ab9283e724de055c1d0ec7ebcc47c10a505a0da720aa8c9004609d24da168444bef4f7622ef439a14058f9691aa8e3b06b8d45baa992bc1c3f9656238774d1762be1d5115d0a238c3743bef9a73a7cadcaf0697fe5273bcf5b3a8f9772137d3ebf2199e943bc46621fe6886dbc2816e3be8425c19da3601d7ed9b90796195c52226847372c7770197bd1bbbe61d0f2014df323a81bb200b736de73f632debe44f3c96c8b25411b65faa1286b4a5488575c5720d85fc8a9c3454b23fe9f1f47d8ac30101b506a1af97c0bb05fc5f7d3ee6815f08ae61aaab90cc9df3f16c632e19adade0f5c547f39d61a3bb8fb1b0d581ae154d310bc80e30a1e982a1cff03bb778156d1dab0c05ad6ae33e8587cb32ae6b997605af20252439648bc8382d94f5ee658ac9554e85b54cea70f68e92859204d5f77179702230d46b8125ba767abe2ed0c2876a45ea910d6026f6ab66ea47a8648f2d4a8f14eb677934b1d84fce9d8e3e6e9498d5acb17ee92e53c008f201c80407f57891956311b6ba0c7ab64de1c4ba02d8756cc3ee5968583cf417b85aa495bc71f035e8d00f611d50771d624ca97fd00916527d22539c1b3a7fcda61ed9fffb12381252f574afb88e66688a13813bc2d80d86b6c56346ca98c9cf7d52d1536dff9641dec0fe34a18f2dafd0c0e608843935f920d647d9d3b0e6b81fd377ebaed03f73c1b653bd594f53d4cc1c6fd525b24b7e38ca8164b17f63e84c7224d0eb98f42ae654ff09665c0aaee972b546512f5663bae30a7e8c357b33e8817f230561bf91166f2f8f0c4e3a205c662661dd044bfe540daa711f13f6b10dbb98d4c1d2da78bd6d6e7169045389f1a37fe6d6cd0da040e5c7d625f93de8e4d44e68b0694d51d5e2bb5136dfbc0444e1413e26e74912a59ae2b858648aa5bd06b61064ac044730bd43cba0cf7a0b7a666805ab9d2429095d0bfefb810831fa0143317e228cd35830db5d033c7243b9a838689426e6ae44516dfb8b8b0fd4a47255ed459d1e1f6e945103c03c2e9ef1a3e754d62576a7d98becba2ace9e4dc4bff3209a4f69416c8ecd873d019cdb075c7a409e02f1f5c37bc8da620e87e94a818e6d5b123cd7b29d7cb14eb363d1730f832695f23aa3c2b70004f5c5d939856ac1cde4c2d9f2047780fe6fe8a8a95d862f6018daa9b33e8812db0ebe0f0fb20a8b7392d8dc4a3ef5e73d22ef14327875c105f26cdee01618409d06e0cf86386d3ce5fc85ed32c48a5a439e6e26d2dec339c92205b7c31722dd3c47c56241a659b738afa0677b5389f663ee02db0563ebe788a7dee1eed83e2d7ac24c36545322daf722e61c390460d630b0c3d0d6cf884fa1c617082994d71a09a0c345744571ac306e1cb87c01561817f7f6315db6792c68b5cb09d1fdb80ca930b443e6f99639a3c6c66b5f77d8fd0a0a91ebf08a6e3fd339b0a1d673b01ad8c1bccf32e9d15c6552d62544fb382b8168d87711fcdbcd414568a8f3ad25e4375a1882d1344462f1263c341974c0ebb1941375b9fa7b7356071abbfad84c5164af5690c88cc571de30585e7b6992357c2a5282cb2c21dfa125de571504b05aa8ac86c750b49d46bc9ef697c5351521b6f9118fb908fda38e1542e9a815cf08d68919a20f545df64f2ae1a6de3236a1e97a81e5ceb7dcbb844cfb9ebb78fdfb1587d4b3d8b10cc0a95b7247af5c36bf868f15d62807c319b1c420966d2edc46fc39eebcb5ab0de0f01b0378ee1c402840d96cd79a5596afd327a72f6e06e40e607c82abfe547c899114ba023a9f4183ad78aacfce4d519bd530eaff64bc73d7f89b02c3d601dd9fae05b683fa074f0d2e15440088db2239e09c497469a65923a70c68ad2b8452c902ee63880797fe29a46388a774751b9949169ce41d95517b168022613a69fd9c0d95606c188995d38e664c21a814f7160fe1225e21e7326c977aa24bdd5caa9f3ac362b619a28171995c00684a6047c3dcbed9aa5a7c451a277cd24b1513dacb8850ff44ee2fa6bd78bf31c2ff9583ce1f29d4a4e5564511b0977991a7c933404e6d2935cdb1603b1df4ac173c5e8202b3162a526db79cd3c6675eac0e8534b90637b1535ae7892fd56a50c19b88d4d712f5d2d68000f98c60064bae8de40cdf4f739f1272e80d57ec7357880fda3bf5216ff6a8da78bccc45f9af0f22f12858becb4d23f3d592b488cc6bd9935e517f65b50dd018c12158bdf15ab855fa8762a7fd54b585cfbe712bad4dc66394b0cb7ecde84585cf94a76a68b76f910abebf600f81fc5be6925b85a87c22fb9899d0d5be3736dfd8947ea54b357f0b79616c78e60677595a02c3c57fe1b438b919ebd4937c56533f86b8dbb1eee19c8ed338ea08e2e31f2b6806be3ae28c45808720c2a30cfa2d3a710b6ccf5ffa4fc50761fe6778401e779bc13c132a44bdc9a8d4762cb44e4a8e0c18d7a4cc0cdbc9954ea1b9adef9772e953ccd7f707b50c38c2de5921697919f05fa8ff0c6025f98f13f2049ca108b6b2d306f1fc0a566a9f912c3b124a9b70e312efc13730490caae550a3a7a5f51128335b6bcfc706f60aea2cef51ba52d01c8eee77792174a14f418a692debfc68e962221ad8e50dfc9a5a8a4f2cb2cc69de2efdbe493c2ad01e41d038c012d4c7534210052885bcf2a683e05afef6b8dfce8ae6887c4224c92847d68c32314e1ed5b283e94bbe5a3db351f8b25a701da28da9c03e1d0d389b721cda481b83ee41593b2c54695366b8281c5f86ecf08870967e86d0ac1cf6431c94c6230f2573c31e0f71a8e0f81f36db174320c59a2740d4333bde5ef7915868d3a7e8d2ddf0cc0fa574e80d066d138d71fd7b54086bdc9d00c0af130c2b8fc7b113cdae1f892fd7691eeab20c05a9b79e3dc6a982075dc8637a808393d389aaee0e5570effc0bac01178be8638edb1f5dfb8af6055d91e4feaaaa17de5c4baf1121de42aca1dbfff1f94f3914ba597852475d3fadfce5f559786db966d91acbe9de29619f9ac9c1ca925546491666d54fb1d6e1aa8b8193a94bbf144b86d55b555f3d8ef2cc4b94475752620fa086488e0ce46c5af26f6793b3ee9191a8e1905b5f5d77d03fdc23b9470e0470a1e966f0eab28d914382f8c393e3b40a6e1567881bd18348e72adc1c26f2f397b58013e2430d69defe1831b34aa727fc71809343fd49a81ef43a14a9a32d9297a0ab444d77143f360d8784db5753d9a995304c778ae06e6323c3d34b3bb32b688cb2b08a6410c7db4a0a3b34287ed4f1d11d1bb605b616b7f9931ef47694c5316d8c6e211ac293cb7e081483a5d398c42d2419b117996a8d8846e5b1c691b1ccda950e8d7a4337cbc6923ba8e0f5bf5f0e396d6a56e40e4864afb8fc4b74781fc168bbf824e0640d108deca19bc9858f55b14c25e3597cd6bbb3c4ef051b862b4181cf7844a0e7d1c2d8da72bed073e6b0efd7c2f72ac058c3ebd199ae8cd3af9e433c2aaa7c00344a1dfb1167804a2f50b03b4729bad5626896d508d8bc7960fd04a957d31ac84c28b5a5b2a493452850edd7fa7e853ea7fdd3cac59c9665722a34d29c0657c9c5c181d3d4e7b03adb2322c81e8582982d8766b2b13fb0a73051cd5c9c0e67d0e6d3ca426a2be7d011aba94786ad63463b9e5819bcdd0976f438ac345ed6cb504e08ddc64ad2c59c6689c6500609fd9084977dbd896bb2ea05d7ba96072c6ba1d66a2547b650e99ddd5c9246125b2862c0ebadfb5a83a301c508c5c7ab30f06605962d03338cdf184b997c56ba4da5c06008cc8f043d742d145a651f47a0e96eda68a0a26f991ce9e266f0a2e156875d99bdb2cac3c1f7e52e3029421f2036d8cd4eb9455a0767e3acba5a3d1a441c1bab0e1bd88d66add95086260fed1e0b6550e40c3010c7ed07f0465859f895521d9497bcfd0d1506a2f5aea97bd4deeae0211765677eb43e381e53ca9031e97e37f991e53b2ae2ec30dcc49a13a2c10323ebb0702a46a4e3cb0555c945687d81b0c801afe6695d1f7f85a1cf9b9a8407423443c01b5463f4f5f874cbf021a87eda44781d776978655d4d01de03c72a49239e0c1c5914dd356c8f46243210e78adec59a3d7083698c422a900d2cba3312f3accb26d223c968a4d2d2147bdd6157b85fa8a51189c8420075c8079d618cd1613e781d4024d7d6485a38641626e11", 0xfff, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:50:43 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x500, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:50:43 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1003, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:50:43 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) (fail_nth: 1) [ 1193.439664] loop5: detected capacity change from 0 to 260 [ 1193.446607] FAULT_INJECTION: forcing a failure. [ 1193.446607] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1193.449785] CPU: 1 PID: 10084 Comm: syz-executor.7 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1193.452197] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1193.454526] Call Trace: [ 1193.455059] [ 1193.455531] dump_stack_lvl+0x8b/0xb3 15:50:43 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x200000a, 0x13, r1, 0x8000000) syz_io_uring_setup(0x4eff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @private1}}, 0x0) syz_io_uring_submit(r2, r4, &(0x7f0000000200)=@IORING_OP_STATX={0x15, 0x5, 0x0, 0xffffffffffffffff, &(0x7f00000000c0), &(0x7f00000001c0)='./file0\x00', 0x200, 0x1000, 0x1}, 0x7) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) io_uring_setup(0x1d3f, &(0x7f0000000340)={0x0, 0x1ea2, 0x0, 0x0, 0x48}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETOFFLOAD(r6, 0x400454d0, 0x0) 15:50:43 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x605, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:50:43 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}}) (fail_nth: 1) 15:50:43 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0xff, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0xfff, 0x2}, 0xe) 15:50:43 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0xfffffffc, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 1193.456338] should_fail.cold+0x5/0xa [ 1193.457389] _copy_from_user+0x2a/0x170 [ 1193.458256] inet_ioctl+0x2b9/0x380 [ 1193.459013] ? inet_dgram_connect+0x220/0x220 [ 1193.459965] ? rcu_read_lock_sched_held+0xd/0x70 [ 1193.460949] ? lock_release+0x505/0x6f0 [ 1193.461783] ? __might_fault+0xd1/0x170 [ 1193.462616] ? lock_downgrade+0x6d0/0x6d0 [ 1193.463489] ? lock_downgrade+0x6d0/0x6d0 [ 1193.464351] ? __mod_lruvec_page_state+0x1ef/0x450 [ 1193.465379] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1193.466525] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1193.467571] ? kstrtouint+0xd2/0x120 [ 1193.468349] ? _kstrtoul+0xf0/0xf0 [ 1193.469107] ? rcu_read_lock_sched_held+0xd/0x70 [ 1193.470091] ? lock_acquire+0x41c/0x4d0 [ 1193.470919] ? rcu_read_lock_sched_held+0xd/0x70 [ 1193.471922] sock_do_ioctl+0xd2/0x230 [ 1193.472733] ? put_user_ifreq+0xb0/0xb0 [ 1193.473592] ? vfs_fileattr_set+0xb80/0xb80 [ 1193.474493] ? selinux_file_ioctl+0x418/0x5d0 [ 1193.475438] ? selinux_file_ioctl+0x10f/0x5d0 [ 1193.476374] ? lock_downgrade+0x6d0/0x6d0 [ 1193.477242] sock_ioctl+0x41c/0x670 [ 1193.477983] ? br_ioctl_call+0xb0/0xb0 [ 1193.478811] ? __fget_files+0x28d/0x470 [ 1193.479648] ? __x64_sys_ioctl+0x97/0x210 [ 1193.480519] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1193.481690] ? br_ioctl_call+0xb0/0xb0 [ 1193.482506] __x64_sys_ioctl+0x196/0x210 [ 1193.483382] do_syscall_64+0x3b/0x90 [ 1193.484171] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1193.485238] RIP: 0033:0x7f96bd0c4b19 [ 1193.485999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1193.489815] RSP: 002b:00007f96ba63a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1193.491418] RAX: ffffffffffffffda RBX: 00007f96bd1d7f60 RCX: 00007f96bd0c4b19 [ 1193.492904] RDX: 0000000020000100 RSI: 000000000000890b RDI: 0000000000000003 [ 1193.494373] RBP: 00007f96ba63a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1193.495867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1193.497342] R13: 00007ffdf81da1ff R14: 00007f96ba63a300 R15: 0000000000022000 [ 1193.498812] [ 1193.503251] FAULT_INJECTION: forcing a failure. [ 1193.503251] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1193.505829] CPU: 1 PID: 10096 Comm: syz-executor.0 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1193.507899] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1193.510358] Call Trace: [ 1193.510914] [ 1193.511413] dump_stack_lvl+0x8b/0xb3 [ 1193.512255] should_fail.cold+0x5/0xa [ 1193.513098] _copy_from_user+0x2a/0x170 [ 1193.513903] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) [ 1193.513965] inet_ioctl+0x2b9/0x380 [ 1193.515573] ? inet_dgram_connect+0x220/0x220 [ 1193.516561] ? rcu_read_lock_sched_held+0xd/0x70 [ 1193.517594] ? lock_release+0x505/0x6f0 [ 1193.518460] ? __might_fault+0xd1/0x170 [ 1193.519348] ? lock_downgrade+0x6d0/0x6d0 [ 1193.520259] ? lock_downgrade+0x6d0/0x6d0 [ 1193.521163] ? __mod_lruvec_page_state+0x1ef/0x450 [ 1193.522234] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1193.523451] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 1193.524548] ? kstrtouint+0xd2/0x120 [ 1193.525365] ? _kstrtoul+0xf0/0xf0 [ 1193.526151] ? rcu_read_lock_sched_held+0xd/0x70 [ 1193.527186] ? lock_acquire+0x41c/0x4d0 [ 1193.528069] ? rcu_read_lock_sched_held+0xd/0x70 [ 1193.529103] sock_do_ioctl+0xd2/0x230 [ 1193.529951] ? put_user_ifreq+0xb0/0xb0 [ 1193.530821] ? vfs_fileattr_set+0xb80/0xb80 [ 1193.531786] ? selinux_file_ioctl+0x418/0x5d0 [ 1193.532767] ? selinux_file_ioctl+0x10f/0x5d0 [ 1193.533751] ? lock_downgrade+0x6d0/0x6d0 [ 1193.534812] sock_ioctl+0x41c/0x670 [ 1193.535627] ? br_ioctl_call+0xb0/0xb0 [ 1193.536618] ? __fget_files+0x28d/0x470 [ 1193.537465] ? __x64_sys_ioctl+0x97/0x210 [ 1193.538427] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1193.539603] ? br_ioctl_call+0xb0/0xb0 [ 1193.540416] __x64_sys_ioctl+0x196/0x210 [ 1193.541264] do_syscall_64+0x3b/0x90 [ 1193.542056] entry_SYSCALL_64_after_hwframe+0x44/0xae 15:50:44 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x700, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) [ 1193.543137] RIP: 0033:0x7f5554867b19 [ 1193.544094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1193.548081] RSP: 002b:00007f5551ddd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1193.550116] RAX: ffffffffffffffda RBX: 00007f555497af60 RCX: 00007f5554867b19 [ 1193.552025] RDX: 0000000020000100 RSI: 000000000000890b RDI: 0000000000000003 [ 1193.553888] RBP: 00007f5551ddd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1193.555386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1193.556867] R13: 00007ffd20da8e0f R14: 00007f5551ddd300 R15: 0000000000022000 [ 1193.558381] [ 1193.580972] loop5: detected capacity change from 0 to 260 [ 1193.587791] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:50:54 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}}) (fail_nth: 2) 15:50:54 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0xffffffff, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:50:54 executing program 6: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)={0x30, r1, 0xd0b, 0x0, 0x0, {}, [@ETHTOOL_A_RINGS_RX_MINI={0x8, 0xa, 0xf7d}, @ETHTOOL_A_RINGS_TX={0x8, 0x9, 0x8}, @ETHTOOL_A_RINGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x30}}, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000800)={&(0x7f0000000080)={0x77c, r1, 0x300, 0x70bd26, 0x25dfdbfb, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}]}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0x2}, @ETHTOOL_A_LINKMODES_OURS={0x258, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_VALUE={0x26, 0x4, "9f3d15b6bdda95903703f1bb8076cf0d372fecb6c18090a1945196f70dc7335c4bf9"}, @ETHTOOL_A_BITSET_VALUE={0x6, 0x4, ')V'}, @ETHTOOL_A_BITSET_MASK={0xac, 0x5, "27bcafdf791811a4a2dff313c9d8cd3a6bab2ebd4508bf1019a07a7711c623fa176406a259735b0a4f916b030f1c986bffed87e51e24db076ddcdcf3c8a72d30d8d4bdb336196d0bbf501aa06f4977dbacc5447c850d5ad7644f853d47edac416f95bba8badf96eaa35c5b35aeb2a86ea94cd9ce0d793df91a68a8140dcc8eed495d74927137df1513946f9340651208773a686adb5b11b51208fe951a800fe2e3f348b7306d99c5"}, @ETHTOOL_A_BITSET_VALUE={0xf4, 0x4, "676c2bd02cabbda5adec9a3db7166dea2aa7157c8c9ae22ab56eafda8ec65e190e8262366cd8449dcd174fd8beadf7d36db1c4d1632d08b4d6cffc22bc374bcb4761b0d2bd6dddc455c36f765487c7a2507c61b01d0e5ff38fae06cd206f1c0883678da99abcc270b9deead949f9efb3a5ec9d0c5af3f365a1d28d1c3e821c639bb45690568c0925a2c85e4c02bddacf65f95b9a9a01dbfa4c4f0528b2d76bebc5c1b5b6b4e7ef1f2cd27ad693c3ae93df8f6733ff714a418a05e5814105e3ca6fe00a788c4d44c66a459f445584830fdea2082ef3f7606ac6188fa8414ae7eba4cc0a8d78d049416214523aae5bf188"}, @ETHTOOL_A_BITSET_MASK={0x7b, 0x5, "1dc827e3d343e5d8d0b4695707c10b0bab1453f89145fe37c1fc20b6aac32b64a9c8f74c83300697ecffc4bdabac8f3844341b1d725a602cc1ebe54bfcd8efe7f83063c5f01948f181eba7bf023cf68b8c069ce0a1a9e72a7000d08939881fbc7c880a72fedca20222915a0a5d7d05c9afb622e12fa512"}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_LINKMODES_OURS={0xa8, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x8001}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_MASK={0x89, 0x5, "0d2cb0f23369d2d63ffd75a68eff0c61f894ed7e64952eff01c3ceb26eea5d9c7bce4b3b95f045790952a4a65ff852cc07c58644111ae6c09fd0b9d70b4764a11b7bdd8f8f14121c3b7234f56c9c09f1141b7ca0c840aeeab74c21646cda1ea5686416b172778a8478a08c3358812cc67df6d9edc36ac6eb41fff755ec7bace9696bc90383"}]}, @ETHTOOL_A_LINKMODES_OURS={0x190, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x18c, 0x3, 0x0, 0x1, [{0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x80}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '\xa1&)\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0xe, 0x2, '(-.)$)-+.\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x935}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}]}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, '/dev/sr0\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, '*--&,$\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1ff}]}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, ':\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x10000}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x40}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '%\x00'}]}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x40}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}, @ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, '/dev/sr0\x00'}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, '/dev/sr0\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, '/dev/sr0\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '+:,\\$\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3}, @ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, '/dev/sr0\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, '/dev/sr0\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, '/dev/sr0\x00'}]}]}]}, @ETHTOOL_A_LINKMODES_OURS={0x2a0, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x3}, @ETHTOOL_A_BITSET_BITS={0x8c, 0x3, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x400}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1a5}]}, {0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '}}..]\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1ff}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}]}, {0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x80000}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_BITS={0x54, 0x3, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7fff}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}]}, {0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, '/dev/sr0\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, '/dev/sr0\x00'}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}]}]}, @ETHTOOL_A_BITSET_BITS={0x1b0, 0x3, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, '/dev/sr0\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, '/dev/sr0\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}, @ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, '/dev/sr0\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x401}]}, {0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x401}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, '/dev/sr0\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, '/dev/sr0\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, ':\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1000}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x11, 0x2, '/---:[\\)%!/@\x00'}]}, {0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, '/dev/sr0\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7fff}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, ':}:{{\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x80}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, '/dev/sr0\x00'}]}, {0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7f}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x10000}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x10000}, @ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, '/dev/sr0\x00'}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}]}, {0x8, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x400}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, '/dev/sr0\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x80}]}]}]}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x3}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0x2}]}, 0x77c}}, 0x20000041) r4 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMMULTISESSION(r4, 0x5312, 0x0) 15:50:54 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) (fail_nth: 2) 15:50:54 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0xa00, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:50:54 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_io_uring_setup(0x2, &(0x7f0000000000)={0x0, 0x76ba, 0x0, 0x2, 0x2001ce}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff4000/0x7000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) r2 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) socketpair(0x1d, 0x6, 0x4e1, &(0x7f0000000100)={0xffffffffffffffff}) io_uring_register$IORING_REGISTER_FILES_UPDATE(r1, 0x6, &(0x7f0000000180)={0x3, 0x0, &(0x7f0000000140)=[r2, r1, r1, r1, r3]}, 0x5) r4 = fsmount(0xffffffffffffffff, 0x0, 0x82) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000080)={'sit0\x00'}) 15:50:54 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x805, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:50:54 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1004, 0x3, &(0x7f0000ffc000/0x1000)=nil) [ 1203.934612] FAULT_INJECTION: forcing a failure. [ 1203.934612] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1203.937390] CPU: 0 PID: 10114 Comm: syz-executor.0 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1203.939592] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1203.942186] Call Trace: [ 1203.942770] [ 1203.943277] dump_stack_lvl+0x8b/0xb3 [ 1203.944178] should_fail.cold+0x5/0xa [ 1203.945063] _copy_from_user+0x2a/0x170 [ 1203.945990] ip_rt_ioctl+0x2dd/0x1370 [ 1203.946875] ? fib_validate_source+0x500/0x500 [ 1203.947963] inet_ioctl+0x2dd/0x380 [ 1203.948797] ? inet_dgram_connect+0x220/0x220 [ 1203.949830] ? rcu_read_lock_sched_held+0xd/0x70 [ 1203.950918] ? lock_release+0x505/0x6f0 [ 1203.951848] ? __might_fault+0xd1/0x170 [ 1203.952770] ? lock_downgrade+0x6d0/0x6d0 [ 1203.953720] ? lock_downgrade+0x6d0/0x6d0 [ 1203.954662] ? rcu_read_lock_sched_held+0xd/0x70 [ 1203.955763] ? lock_acquire+0x41c/0x4d0 [ 1203.956680] ? rcu_read_lock_sched_held+0xd/0x70 [ 1203.957760] sock_do_ioctl+0xd2/0x230 [ 1203.958644] ? put_user_ifreq+0xb0/0xb0 [ 1203.958941] loop5: detected capacity change from 0 to 260 [ 1203.959567] ? vfs_fileattr_set+0xb80/0xb80 [ 1203.961162] ? selinux_file_ioctl+0x418/0x5d0 [ 1203.962192] ? selinux_file_ioctl+0x10f/0x5d0 [ 1203.963199] ? lock_downgrade+0x6d0/0x6d0 [ 1203.964168] sock_ioctl+0x41c/0x670 [ 1203.964991] ? br_ioctl_call+0xb0/0xb0 [ 1203.965867] ? __fget_files+0x28d/0x470 [ 1203.966769] ? __x64_sys_ioctl+0x97/0x210 [ 1203.967718] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1203.968970] ? br_ioctl_call+0xb0/0xb0 [ 1203.969848] __x64_sys_ioctl+0x196/0x210 [ 1203.970755] do_syscall_64+0x3b/0x90 [ 1203.971630] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1203.972790] RIP: 0033:0x7f5554867b19 [ 1203.973612] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1203.977787] RSP: 002b:00007f5551ddd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1203.979503] RAX: ffffffffffffffda RBX: 00007f555497af60 RCX: 00007f5554867b19 [ 1203.981105] RDX: 0000000020000100 RSI: 000000000000890b RDI: 0000000000000003 [ 1203.982690] RBP: 00007f5551ddd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1203.984296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1203.986039] R13: 00007ffd20da8e0f R14: 00007f5551ddd300 R15: 0000000000022000 [ 1203.987962] [ 1203.989319] FAULT_INJECTION: forcing a failure. [ 1203.989319] name failslab, interval 1, probability 0, space 0, times 0 [ 1203.991605] CPU: 1 PID: 10116 Comm: syz-executor.7 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1203.993712] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1203.996435] Call Trace: [ 1203.996991] [ 1203.997473] dump_stack_lvl+0x8b/0xb3 [ 1203.998338] should_fail.cold+0x5/0xa [ 1203.999360] ? fib_create_info+0xdb4/0x4840 [ 1204.000531] should_failslab+0x5/0x10 [ 1204.001334] __kmalloc+0x72/0x440 [ 1204.002014] fib_create_info+0xdb4/0x4840 [ 1204.002839] ? finish_task_switch.isra.0+0x2ba/0x880 [ 1204.003879] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1204.004945] ? trace_fib_table_lookup+0x1b7/0x250 [ 1204.005872] ? fib_result_prefsrc+0x4c0/0x4c0 [ 1204.006746] ? rcu_read_lock_sched_held+0xd/0x70 [ 1204.007668] ? lock_release+0x505/0x6f0 [ 1204.008442] ? __inet_dev_addr_type+0x247/0x790 [ 1204.009345] ? lock_downgrade+0x6d0/0x6d0 [ 1204.010147] fib_table_insert+0x198/0x1be0 [ 1204.010965] ? __inet_dev_addr_type+0x26e/0x790 [ 1204.011878] ? nl_fib_input+0x340/0x340 [ 1204.012655] ? fib_route_seq_show+0xe20/0xe20 [ 1204.013517] ? trace_hardirqs_on+0x5b/0x190 [ 1204.014383] ? ip_rt_ioctl+0x139/0x1370 [ 1204.015173] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1204.016169] ? fib_new_table+0xfb/0x460 [ 1204.017044] ip_rt_ioctl+0x917/0x1370 [ 1204.017878] ? fib_validate_source+0x500/0x500 [ 1204.018909] inet_ioctl+0x2dd/0x380 [ 1204.019706] ? inet_dgram_connect+0x220/0x220 [ 1204.020676] ? rcu_read_lock_sched_held+0xd/0x70 [ 1204.021704] ? lock_release+0x505/0x6f0 [ 1204.022561] ? __might_fault+0xd1/0x170 [ 1204.023453] ? lock_downgrade+0x6d0/0x6d0 [ 1204.024358] ? lock_downgrade+0x6d0/0x6d0 [ 1204.025262] ? rcu_read_lock_sched_held+0xd/0x70 [ 1204.026320] ? lock_acquire+0x41c/0x4d0 [ 1204.027188] ? rcu_read_lock_sched_held+0xd/0x70 [ 1204.028220] sock_do_ioctl+0xd2/0x230 [ 1204.029055] ? put_user_ifreq+0xb0/0xb0 [ 1204.029843] ? vfs_fileattr_set+0xb80/0xb80 [ 1204.030683] ? selinux_file_ioctl+0x418/0x5d0 [ 1204.031561] ? selinux_file_ioctl+0x10f/0x5d0 [ 1204.032467] ? lock_downgrade+0x6d0/0x6d0 [ 1204.033272] sock_ioctl+0x41c/0x670 [ 1204.033970] ? br_ioctl_call+0xb0/0xb0 [ 1204.034720] ? __fget_files+0x28d/0x470 [ 1204.035507] ? __x64_sys_ioctl+0x97/0x210 [ 1204.036305] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1204.037376] ? br_ioctl_call+0xb0/0xb0 [ 1204.038133] __x64_sys_ioctl+0x196/0x210 [ 1204.038920] do_syscall_64+0x3b/0x90 [ 1204.039657] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1204.040654] RIP: 0033:0x7f96bd0c4b19 [ 1204.041368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1204.044951] RSP: 002b:00007f96ba63a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1204.046453] RAX: ffffffffffffffda RBX: 00007f96bd1d7f60 RCX: 00007f96bd0c4b19 [ 1204.048002] RDX: 0000000020000100 RSI: 000000000000890b RDI: 0000000000000003 [ 1204.049532] RBP: 00007f96ba63a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1204.051061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1204.052596] R13: 00007ffdf81da1ff R14: 00007f96ba63a300 R15: 0000000000022000 [ 1204.054138] 15:50:54 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1009, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:50:54 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0xb00, 0x3, &(0x7f0000ffc000/0x1000)=nil) [ 1204.069939] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:50:54 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:50:54 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x900, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:50:54 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0xc00, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:50:54 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) (fail_nth: 3) 15:50:54 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x100a, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:50:54 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$DVD_WRITE_STRUCT(r0, 0x5390, &(0x7f0000000040)=@physical={0x0, 0x2, [{0x1, 0x5, 0x5, 0x4, 0x1, 0x1, 0x0, 0x5, 0x9, 0x0, 0xdd, 0x100, 0x80000000}, {0xb, 0x4, 0x0, 0x8, 0xc, 0x0, 0x0, 0x6, 0x6, 0x0, 0x9, 0x6ab8a96a, 0x1ff}, {0x3, 0x3, 0x6, 0x3, 0x9, 0x1, 0x2, 0x0, 0xd, 0x0, 0x7fff, 0x9}, {0x3, 0x4, 0x5, 0x9, 0xd, 0x0, 0x1, 0x8, 0x2, 0x0, 0xfffffc01, 0x7}]}) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) r1 = openat2(0xffffffffffffff9c, &(0x7f0000000880)='./file0\x00', &(0x7f00000008c0)={0x234402, 0x100, 0xc}, 0x18) ioctl$CDROMSEEK(r1, 0x5316, &(0x7f0000000900)={0xa1, 0x2, 0x20, 0x7, 0xff, 0x6}) pidfd_open(0x0, 0x0) r2 = clone3(&(0x7f0000000580)={0x40000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000540)=[0xffffffffffffffff], 0x1}, 0x58) clone3(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0], 0x8}, 0x58) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r3, &(0x7f0000000140)={0x37}, 0x14) r4 = perf_event_open(&(0x7f00000009c0)={0x0, 0x80, 0x80, 0x2, 0x1, 0xc1, 0x0, 0x6, 0x1a4, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7, 0x0, @perf_bp={&(0x7f0000000980), 0xa}, 0x14000, 0x2, 0x8, 0x3, 0x5, 0x101, 0x7, 0x0, 0x5, 0x0, 0x3ff}, 0xffffffffffffffff, 0xffffffffffffffff, r3, 0x0) fcntl$lock(r4, 0x7, &(0x7f0000000940)={0x0, 0x0, 0x1, 0x1, r2}) [ 1204.229239] loop5: detected capacity change from 0 to 260 [ 1204.241418] FAULT_INJECTION: forcing a failure. [ 1204.241418] name failslab, interval 1, probability 0, space 0, times 0 [ 1204.244560] CPU: 0 PID: 10151 Comm: syz-executor.0 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1204.247096] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1204.250038] Call Trace: [ 1204.250697] [ 1204.251272] dump_stack_lvl+0x8b/0xb3 [ 1204.252289] should_fail.cold+0x5/0xa [ 1204.253288] ? fib_create_info+0xdb4/0x4840 [ 1204.254431] should_failslab+0x5/0x10 [ 1204.255441] __kmalloc+0x72/0x440 [ 1204.256355] fib_create_info+0xdb4/0x4840 [ 1204.257451] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1204.258882] ? trace_fib_table_lookup+0x1aa/0x250 [ 1204.260135] ? fib_result_prefsrc+0x4c0/0x4c0 [ 1204.261285] ? rcu_read_lock_sched_held+0xd/0x70 [ 1204.262480] ? lock_release+0x505/0x6f0 [ 1204.263506] ? __inet_dev_addr_type+0x247/0x790 [ 1204.264700] ? lock_downgrade+0x6d0/0x6d0 [ 1204.265754] fib_table_insert+0x198/0x1be0 [ 1204.266824] ? __inet_dev_addr_type+0x26e/0x790 [ 1204.268024] ? nl_fib_input+0x340/0x340 [ 1204.269049] ? lock_release+0x505/0x6f0 [ 1204.270076] ? fib_route_seq_show+0xe20/0xe20 [ 1204.271195] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1204.272599] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1204.273858] ? fib_new_table+0xfb/0x460 [ 1204.274866] ip_rt_ioctl+0x917/0x1370 [ 1204.275848] ? fib_validate_source+0x500/0x500 [ 1204.277007] inet_ioctl+0x2dd/0x380 [ 1204.277916] ? inet_dgram_connect+0x220/0x220 [ 1204.279041] ? rcu_read_lock_sched_held+0xd/0x70 15:50:54 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}}) (fail_nth: 3) 15:50:54 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0xd00, 0x3, &(0x7f0000ffc000/0x1000)=nil) [ 1204.280407] ? lock_release+0x505/0x6f0 [ 1204.281431] ? __might_fault+0xd1/0x170 [ 1204.282423] ? lock_downgrade+0x6d0/0x6d0 [ 1204.283467] ? lock_downgrade+0x6d0/0x6d0 [ 1204.284510] ? rcu_read_lock_sched_held+0xd/0x70 [ 1204.285684] ? lock_acquire+0x41c/0x4d0 [ 1204.286676] ? rcu_read_lock_sched_held+0xd/0x70 [ 1204.287870] sock_do_ioctl+0xd2/0x230 [ 1204.288836] ? put_user_ifreq+0xb0/0xb0 [ 1204.289827] ? vfs_fileattr_set+0xb80/0xb80 [ 1204.290915] ? selinux_file_ioctl+0x418/0x5d0 [ 1204.292080] ? selinux_file_ioctl+0x10f/0x5d0 [ 1204.293218] ? lock_downgrade+0x6d0/0x6d0 [ 1204.294258] sock_ioctl+0x41c/0x670 [ 1204.295156] ? br_ioctl_call+0xb0/0xb0 [ 1204.296132] ? __fget_files+0x28d/0x470 [ 1204.297108] ? __x64_sys_ioctl+0x97/0x210 [ 1204.298123] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1204.299486] ? br_ioctl_call+0xb0/0xb0 [ 1204.300450] __x64_sys_ioctl+0x196/0x210 [ 1204.301465] do_syscall_64+0x3b/0x90 [ 1204.302398] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1204.303660] RIP: 0033:0x7f5554867b19 [ 1204.304565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1204.309078] RSP: 002b:00007f5551ddd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1204.310919] RAX: ffffffffffffffda RBX: 00007f555497af60 RCX: 00007f5554867b19 [ 1204.312661] RDX: 0000000020000100 RSI: 000000000000890b RDI: 0000000000000003 [ 1204.314406] RBP: 00007f5551ddd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1204.316135] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1204.317847] R13: 00007ffd20da8e0f R14: 00007f5551ddd300 R15: 0000000000022000 [ 1204.319588] [ 1204.326515] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:50:54 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x2, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 1204.370825] FAULT_INJECTION: forcing a failure. [ 1204.370825] name failslab, interval 1, probability 0, space 0, times 0 [ 1204.373686] CPU: 1 PID: 10158 Comm: syz-executor.7 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1204.375839] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1204.378373] Call Trace: [ 1204.378944] [ 1204.379443] dump_stack_lvl+0x8b/0xb3 [ 1204.380481] should_fail.cold+0x5/0xa [ 1204.381349] ? create_object.isra.0+0x3a/0xa20 [ 1204.382378] should_failslab+0x5/0x10 [ 1204.383218] kmem_cache_alloc+0x5b/0x480 [ 1204.384128] ? rcu_read_lock_sched_held+0xd/0x70 [ 1204.385180] create_object.isra.0+0x3a/0xa20 [ 1204.386183] ? kasan_unpoison+0x23/0x50 [ 1204.387079] __kmalloc+0x25b/0x440 [ 1204.387931] fib_create_info+0xdb4/0x4840 [ 1204.388937] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1204.390021] ? trace_fib_table_lookup+0x1b7/0x250 [ 1204.391080] ? fib_result_prefsrc+0x4c0/0x4c0 [ 1204.392067] ? rcu_read_lock_sched_held+0xd/0x70 [ 1204.393037] ? lock_release+0x505/0x6f0 [ 1204.393856] ? __inet_dev_addr_type+0x247/0x790 [ 1204.394775] ? lock_downgrade+0x6d0/0x6d0 [ 1204.395646] fib_table_insert+0x198/0x1be0 [ 1204.396527] ? __inet_dev_addr_type+0x26e/0x790 [ 1204.397573] ? nl_fib_input+0x340/0x340 [ 1204.398394] ? fib_route_seq_show+0xe20/0xe20 [ 1204.399302] ? trace_hardirqs_on+0x5b/0x190 [ 1204.400253] ? ip_rt_ioctl+0x641/0x1370 [ 1204.401059] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1204.402061] ? fib_new_table+0xfb/0x460 [ 1204.402885] ip_rt_ioctl+0x917/0x1370 [ 1204.403677] ? fib_validate_source+0x500/0x500 [ 1204.404697] inet_ioctl+0x2dd/0x380 [ 1204.405436] ? inet_dgram_connect+0x220/0x220 [ 1204.406407] ? rcu_read_lock_sched_held+0xd/0x70 [ 1204.407478] ? lock_release+0x505/0x6f0 [ 1204.408278] ? __might_fault+0xd1/0x170 [ 1204.409146] ? lock_downgrade+0x6d0/0x6d0 [ 1204.409962] ? lock_downgrade+0x6d0/0x6d0 [ 1204.410775] ? rcu_read_lock_sched_held+0xd/0x70 [ 1204.411700] ? lock_acquire+0x41c/0x4d0 [ 1204.412488] ? rcu_read_lock_sched_held+0xd/0x70 [ 1204.413423] sock_do_ioctl+0xd2/0x230 [ 1204.414195] ? put_user_ifreq+0xb0/0xb0 [ 1204.414990] ? vfs_fileattr_set+0xb80/0xb80 [ 1204.415850] ? selinux_file_ioctl+0x418/0x5d0 [ 1204.416725] ? selinux_file_ioctl+0x10f/0x5d0 [ 1204.417598] ? lock_downgrade+0x6d0/0x6d0 [ 1204.418408] sock_ioctl+0x41c/0x670 [ 1204.419133] ? br_ioctl_call+0xb0/0xb0 [ 1204.419907] ? __fget_files+0x28d/0x470 [ 1204.420671] ? __x64_sys_ioctl+0x97/0x210 [ 1204.421475] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1204.422541] ? br_ioctl_call+0xb0/0xb0 [ 1204.423291] __x64_sys_ioctl+0x196/0x210 [ 1204.424119] do_syscall_64+0x3b/0x90 [ 1204.424936] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1204.426045] RIP: 0033:0x7f96bd0c4b19 [ 1204.426845] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1204.430842] RSP: 002b:00007f96ba63a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1204.432489] RAX: ffffffffffffffda RBX: 00007f96bd1d7f60 RCX: 00007f96bd0c4b19 [ 1204.434038] RDX: 0000000020000100 RSI: 000000000000890b RDI: 0000000000000003 [ 1204.435582] RBP: 00007f96ba63a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1204.437126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1204.438658] R13: 00007ffdf81da1ff R14: 00007f96ba63a300 R15: 0000000000022000 [ 1204.440232] 15:50:54 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1002, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:51:05 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x38c0, &(0x7f0000000000)={0x0, 0x0, 0x20, 0x3, 0x109}, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:51:05 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x100b, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:51:05 executing program 6: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r0, &(0x7f0000000140)={0x37}, 0x14) setsockopt$inet6_tcp_int(r0, 0x6, 0x2, &(0x7f0000000000)=0x1, 0x4) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) sendfile(r0, r1, &(0x7f0000000080)=0x2, 0x8) ioctl$CDROMMULTISESSION(0xffffffffffffffff, 0x5312, 0x0) 15:51:05 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x3, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:51:05 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1003, 0x3, &(0x7f0000ffc000/0x1000)=nil) [ 1214.843188] loop5: detected capacity change from 0 to 260 [ 1214.848777] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) [ 1214.851820] FAULT_INJECTION: forcing a failure. [ 1214.851820] name failslab, interval 1, probability 0, space 0, times 0 [ 1214.852993] CPU: 1 PID: 10179 Comm: syz-executor.0 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1214.853964] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1214.855099] Call Trace: [ 1214.855360] [ 1214.855596] dump_stack_lvl+0x8b/0xb3 [ 1214.855992] should_fail.cold+0x5/0xa [ 1214.856373] ? create_object.isra.0+0x3a/0xa20 [ 1214.856833] should_failslab+0x5/0x10 [ 1214.857218] kmem_cache_alloc+0x5b/0x480 [ 1214.857626] create_object.isra.0+0x3a/0xa20 [ 1214.858085] ? kasan_unpoison+0x23/0x50 [ 1214.858487] __kmalloc+0x25b/0x440 [ 1214.858843] fib_create_info+0xdb4/0x4840 [ 1214.859267] ? finish_task_switch.isra.0+0x226/0x880 [ 1214.859788] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1214.860341] ? trace_fib_table_lookup+0x1aa/0x250 [ 1214.860824] ? fib_result_prefsrc+0x4c0/0x4c0 [ 1214.861287] ? rcu_read_lock_sched_held+0xd/0x70 [ 1214.861770] ? lock_release+0x505/0x6f0 [ 1214.862174] ? __inet_dev_addr_type+0x247/0x790 [ 1214.862669] ? lock_downgrade+0x6d0/0x6d0 [ 1214.863093] fib_table_insert+0x198/0x1be0 [ 1214.863543] ? __inet_dev_addr_type+0x26e/0x790 [ 1214.864052] ? nl_fib_input+0x340/0x340 [ 1214.864480] ? lock_release+0x505/0x6f0 [ 1214.864899] ? fib_route_seq_show+0xe20/0xe20 [ 1214.865359] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1214.865898] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1214.866400] ? fib_new_table+0xfb/0x460 [ 1214.866803] ip_rt_ioctl+0x917/0x1370 [ 1214.867196] ? fib_validate_source+0x500/0x500 [ 1214.867696] inet_ioctl+0x2dd/0x380 [ 1214.868061] ? inet_dgram_connect+0x220/0x220 [ 1214.868543] ? rcu_read_lock_sched_held+0xd/0x70 [ 1214.869015] ? lock_release+0x505/0x6f0 [ 1214.869424] ? __might_fault+0xd1/0x170 [ 1214.869850] ? lock_downgrade+0x6d0/0x6d0 [ 1214.870286] ? lock_downgrade+0x6d0/0x6d0 [ 1214.870729] ? rcu_read_lock_sched_held+0xd/0x70 [ 1214.871231] ? lock_acquire+0x41c/0x4d0 [ 1214.871647] ? rcu_read_lock_sched_held+0xd/0x70 [ 1214.872122] sock_do_ioctl+0xd2/0x230 [ 1214.872510] ? put_user_ifreq+0xb0/0xb0 [ 1214.872910] ? vfs_fileattr_set+0xb80/0xb80 [ 1214.873346] ? selinux_file_ioctl+0x418/0x5d0 [ 1214.873794] ? selinux_file_ioctl+0x10f/0x5d0 [ 1214.874247] ? lock_downgrade+0x6d0/0x6d0 [ 1214.874687] sock_ioctl+0x41c/0x670 [ 1214.875067] ? br_ioctl_call+0xb0/0xb0 [ 1214.875455] ? __fget_files+0x28d/0x470 [ 1214.875868] ? __x64_sys_ioctl+0x97/0x210 [ 1214.876281] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1214.876835] ? br_ioctl_call+0xb0/0xb0 [ 1214.877229] __x64_sys_ioctl+0x196/0x210 [ 1214.877643] do_syscall_64+0x3b/0x90 [ 1214.878013] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1214.878524] RIP: 0033:0x7f5554867b19 15:51:05 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}}) (fail_nth: 4) 15:51:05 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) (fail_nth: 4) 15:51:05 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x905, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) [ 1214.878893] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1214.880893] RSP: 002b:00007f5551ddd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1214.881638] RAX: ffffffffffffffda RBX: 00007f555497af60 RCX: 00007f5554867b19 [ 1214.882350] RDX: 0000000020000100 RSI: 000000000000890b RDI: 0000000000000003 [ 1214.883061] RBP: 00007f5551ddd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1214.883812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1214.884527] R13: 00007ffd20da8e0f R14: 00007f5551ddd300 R15: 0000000000022000 [ 1214.885281] 15:51:05 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0xa00, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) [ 1214.909547] FAULT_INJECTION: forcing a failure. [ 1214.909547] name failslab, interval 1, probability 0, space 0, times 0 15:51:05 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1004, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:51:05 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000040), 0x323800, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) ioctl$BTRFS_IOC_DEFRAG(r0, 0x50009402, 0x0) [ 1214.912044] CPU: 0 PID: 10176 Comm: syz-executor.7 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1214.914164] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1214.916685] Call Trace: [ 1214.917260] [ 1214.917797] dump_stack_lvl+0x8b/0xb3 [ 1214.918665] should_fail.cold+0x5/0xa [ 1214.919499] ? create_object.isra.0+0x3a/0xa20 [ 1214.920582] should_failslab+0x5/0x10 [ 1214.921461] kmem_cache_alloc+0x5b/0x480 [ 1214.922394] create_object.isra.0+0x3a/0xa20 [ 1214.923440] kmemleak_alloc_percpu+0xa0/0x100 [ 1214.924515] pcpu_alloc+0x7bf/0x1060 [ 1214.925406] fib_nh_init+0xc1/0x500 [ 1214.926258] fib_create_info+0x28b7/0x4840 [ 1214.927245] ? trace_fib_table_lookup+0x1aa/0x250 [ 1214.928368] ? fib_result_prefsrc+0x4c0/0x4c0 [ 1214.929406] ? rcu_read_lock_sched_held+0xd/0x70 [ 1214.930522] ? lock_release+0x505/0x6f0 [ 1214.931446] ? __inet_dev_addr_type+0x247/0x790 [ 1214.932529] ? lock_downgrade+0x6d0/0x6d0 [ 1214.933507] fib_table_insert+0x198/0x1be0 [ 1214.934503] ? __inet_dev_addr_type+0x26e/0x790 [ 1214.935610] ? nl_fib_input+0x340/0x340 [ 1214.936552] ? fib_route_seq_show+0xe20/0xe20 [ 1214.937749] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1214.939050] ? security_capable+0x95/0xc0 [ 1214.940074] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1214.941253] ? fib_new_table+0xfb/0x460 [ 1214.942201] ip_rt_ioctl+0x917/0x1370 [ 1214.943114] ? fib_validate_source+0x500/0x500 [ 1214.944239] inet_ioctl+0x2dd/0x380 [ 1214.945103] ? inet_dgram_connect+0x220/0x220 [ 1214.946141] ? rcu_read_lock_sched_held+0xd/0x70 [ 1214.947244] ? lock_release+0x505/0x6f0 [ 1214.948203] ? __might_fault+0xd1/0x170 [ 1214.949131] ? lock_downgrade+0x6d0/0x6d0 [ 1214.950093] ? lock_downgrade+0x6d0/0x6d0 [ 1214.951089] ? rcu_read_lock_sched_held+0xd/0x70 [ 1214.952236] ? lock_acquire+0x41c/0x4d0 [ 1214.953178] ? rcu_read_lock_sched_held+0xd/0x70 [ 1214.954311] sock_do_ioctl+0xd2/0x230 [ 1214.954958] loop5: detected capacity change from 0 to 260 [ 1214.955213] ? put_user_ifreq+0xb0/0xb0 [ 1214.956744] ? vfs_fileattr_set+0xb80/0xb80 [ 1214.957765] ? selinux_file_ioctl+0x418/0x5d0 [ 1214.958834] ? selinux_file_ioctl+0x10f/0x5d0 [ 1214.959917] ? lock_downgrade+0x6d0/0x6d0 [ 1214.960896] sock_ioctl+0x41c/0x670 [ 1214.961741] ? br_ioctl_call+0xb0/0xb0 [ 1214.962656] ? __fget_files+0x28d/0x470 [ 1214.963606] ? __x64_sys_ioctl+0x97/0x210 [ 1214.964576] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1214.965875] ? br_ioctl_call+0xb0/0xb0 [ 1214.966785] __x64_sys_ioctl+0x196/0x210 [ 1214.967755] do_syscall_64+0x3b/0x90 [ 1214.968657] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1214.969872] RIP: 0033:0x7f96bd0c4b19 [ 1214.970739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1214.975075] RSP: 002b:00007f96ba63a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 15:51:05 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1009, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:51:05 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) (fail_nth: 5) [ 1214.976818] RAX: ffffffffffffffda RBX: 00007f96bd1d7f60 RCX: 00007f96bd0c4b19 [ 1214.978533] RDX: 0000000020000100 RSI: 000000000000890b RDI: 0000000000000003 [ 1214.980257] RBP: 00007f96ba63a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1214.981939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1214.983602] R13: 00007ffdf81da1ff R14: 00007f96ba63a300 R15: 0000000000022000 [ 1214.985294] [ 1214.989566] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:51:05 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x100c, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:51:05 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0xa05, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:51:05 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x100a, 0x3, &(0x7f0000ffc000/0x1000)=nil) [ 1215.079360] FAULT_INJECTION: forcing a failure. [ 1215.079360] name failslab, interval 1, probability 0, space 0, times 0 [ 1215.080583] CPU: 1 PID: 10197 Comm: syz-executor.0 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1215.081548] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1215.082714] Call Trace: [ 1215.082974] [ 1215.083201] dump_stack_lvl+0x8b/0xb3 [ 1215.083607] should_fail.cold+0x5/0xa [ 1215.083994] ? create_object.isra.0+0x3a/0xa20 [ 1215.084458] should_failslab+0x5/0x10 [ 1215.084840] kmem_cache_alloc+0x5b/0x480 [ 1215.085255] create_object.isra.0+0x3a/0xa20 [ 1215.085704] kmemleak_alloc_percpu+0xa0/0x100 [ 1215.086173] pcpu_alloc+0x7bf/0x1060 [ 1215.086562] fib_nh_init+0xc1/0x500 [ 1215.086941] fib_create_info+0x28b7/0x4840 [ 1215.087384] ? trace_fib_table_lookup+0x1aa/0x250 [ 1215.087875] ? fib_result_prefsrc+0x4c0/0x4c0 [ 1215.088336] ? rcu_read_lock_sched_held+0xd/0x70 [ 1215.088823] ? lock_release+0x505/0x6f0 [ 1215.089223] ? __inet_dev_addr_type+0x247/0x790 [ 1215.089706] ? lock_downgrade+0x6d0/0x6d0 [ 1215.090134] fib_table_insert+0x198/0x1be0 [ 1215.090563] ? __inet_dev_addr_type+0x26e/0x790 [ 1215.091038] ? nl_fib_input+0x340/0x340 [ 1215.091446] ? lock_release+0x505/0x6f0 [ 1215.091854] ? fib_route_seq_show+0xe20/0xe20 [ 1215.092311] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1215.092866] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1215.093369] ? fib_new_table+0xfb/0x460 [ 1215.093777] ip_rt_ioctl+0x917/0x1370 [ 1215.094166] ? fib_validate_source+0x500/0x500 [ 1215.094636] inet_ioctl+0x2dd/0x380 [ 1215.094998] ? inet_dgram_connect+0x220/0x220 [ 1215.095447] ? rcu_read_lock_sched_held+0xd/0x70 [ 1215.095940] ? lock_release+0x505/0x6f0 [ 1215.096339] ? __might_fault+0xd1/0x170 [ 1215.096738] ? lock_downgrade+0x6d0/0x6d0 [ 1215.097159] ? lock_downgrade+0x6d0/0x6d0 [ 1215.097574] ? rcu_read_lock_sched_held+0xd/0x70 [ 1215.098053] ? lock_acquire+0x41c/0x4d0 [ 1215.098454] ? rcu_read_lock_sched_held+0xd/0x70 [ 1215.098928] sock_do_ioctl+0xd2/0x230 [ 1215.099317] ? put_user_ifreq+0xb0/0xb0 [ 1215.099724] ? vfs_fileattr_set+0xb80/0xb80 [ 1215.100163] ? selinux_file_ioctl+0x418/0x5d0 [ 1215.100629] ? selinux_file_ioctl+0x10f/0x5d0 [ 1215.101083] ? lock_downgrade+0x6d0/0x6d0 [ 1215.101510] sock_ioctl+0x41c/0x670 [ 1215.101879] ? br_ioctl_call+0xb0/0xb0 [ 1215.102277] ? __fget_files+0x28d/0x470 [ 1215.102682] ? __x64_sys_ioctl+0x97/0x210 [ 1215.103095] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1215.103668] ? br_ioctl_call+0xb0/0xb0 [ 1215.104069] __x64_sys_ioctl+0x196/0x210 [ 1215.104473] do_syscall_64+0x3b/0x90 [ 1215.104857] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1215.105376] RIP: 0033:0x7f5554867b19 [ 1215.105753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1215.107603] RSP: 002b:00007f5551ddd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1215.108373] RAX: ffffffffffffffda RBX: 00007f555497af60 RCX: 00007f5554867b19 [ 1215.109097] RDX: 0000000020000100 RSI: 000000000000890b RDI: 0000000000000003 [ 1215.109815] RBP: 00007f5551ddd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1215.110524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1215.111231] R13: 00007ffd20da8e0f R14: 00007f5551ddd300 R15: 0000000000022000 [ 1215.111955] 15:51:15 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) (fail_nth: 6) 15:51:15 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40b01, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) ioctl$CDROM_SELECT_DISK(r0, 0x5322, 0x4) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00') write$P9_RMKNOD(r2, &(0x7f0000000140)={0x37}, 0x14) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x0) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000240), 0x240100, 0x0) r5 = openat$sr(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') openat$sr(0xffffffffffffff9c, &(0x7f0000000500), 0x131001, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) accept$inet6(r7, &(0x7f0000000540)={0xa, 0x0, 0x0, @initdev}, &(0x7f0000000580)=0x1c) write$P9_RMKNOD(r6, &(0x7f0000000140)={0x37}, 0x14) io_submit(0x0, 0x3, &(0x7f00000004c0)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x3, 0x0, r2, &(0x7f0000000140)="6c0a8adce310d4a20cc3884c5501e2ce1467bebaa489bdd5ef50b5cb47cc7f57c00dbeaed8c8348bbfec78fe62bb28c9cfc6746ae49af503717947166f596f7465070a39ea3f6abc5a9a7f89d07c575293c7e15b83baeeabdbd9caebc0dc08faef6dfb95cc6a", 0x66, 0x100000001, 0x0, 0x1, r3}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x6, 0x7, r4, &(0x7f0000000280)="b23ffcd1310706daf71554aa8c53256bd09da614c22905f7e24af782927aba458159f81327538077322543d270e8f5321148b025c242908a04becb11a82890d28e82242ac6576a0e8bca18ee2f598c7b801cffc6e54653b510149a3cc12057eae1bc73f995b87713631e9e2cca829ea3bfc6bb42c9ba3e57bc166f2f2bce22c8ac98e0cd870a94dcf8f4168095d9386be994ae807f4901a7", 0x98, 0x8, 0x0, 0x2, r5}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x80, r0, &(0x7f00000003c0)="384c229aa76d37e08cc64646d71372a9ec1bec91a76c73329a7373d7a870025c1e2260e22ceaf46a994676cee1f799585fff1265eca4c35df689b6a2afbed72fadfb4fdd8aeae20f66d030f68deac15303b83b559763c556bca6d4fb52aa5da414f2167d53312107527bec58a8e5324c560e4ec9b5f4659140bad0d4b8a5ff21302fbddc8e94d4f6e8f74b09376669f43f82cb9b5b4841a68892fa3381c981017de15e", 0xa3, 0x2, 0x0, 0x1, r6}]) ppoll(&(0x7f0000000080)=[{r0, 0x3210}, {r0, 0x21}, {r0, 0x2400}, {r0, 0x9024}, {r1, 0x100}, {r0, 0x4}], 0x6, &(0x7f00000000c0)={0x0, 0x3938700}, &(0x7f0000000100)={[0x1]}, 0x8) 15:51:15 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x4, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 1225.145193] FAULT_INJECTION: forcing a failure. [ 1225.145193] name failslab, interval 1, probability 0, space 0, times 0 [ 1225.147460] CPU: 1 PID: 10217 Comm: syz-executor.0 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1225.149369] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1225.151600] Call Trace: [ 1225.152108] [ 1225.152541] dump_stack_lvl+0x8b/0xb3 [ 1225.153303] should_fail.cold+0x5/0xa [ 1225.154063] ? create_object.isra.0+0x3a/0xa20 [ 1225.154970] should_failslab+0x5/0x10 [ 1225.155714] kmem_cache_alloc+0x5b/0x480 [ 1225.156549] create_object.isra.0+0x3a/0xa20 15:51:15 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x100b, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:51:15 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x100d, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:51:15 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0xb00, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:51:15 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}}) (fail_nth: 5) 15:51:15 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'dummy0\x00'}) 15:51:15 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f0000ffc000/0x1000)=nil) [ 1225.157429] ? _raw_spin_unlock_irqrestore+0x28/0x50 [ 1225.158777] ? trace_hardirqs_on+0x5b/0x190 [ 1225.159632] kmemleak_alloc_percpu+0xa0/0x100 [ 1225.160527] pcpu_alloc+0x7bf/0x1060 [ 1225.161266] fib_nh_init+0xc1/0x500 [ 1225.161988] fib_create_info+0x28b7/0x4840 [ 1225.162827] ? trace_fib_table_lookup+0x1aa/0x250 [ 1225.163767] ? fib_result_prefsrc+0x4c0/0x4c0 [ 1225.164643] ? rcu_read_lock_sched_held+0xd/0x70 [ 1225.165560] ? lock_release+0x505/0x6f0 [ 1225.166331] ? __inet_dev_addr_type+0x247/0x790 [ 1225.167236] ? lock_downgrade+0x6d0/0x6d0 [ 1225.168083] fib_table_insert+0x198/0x1be0 [ 1225.168904] ? __inet_dev_addr_type+0x26e/0x790 [ 1225.169809] ? nl_fib_input+0x340/0x340 [ 1225.170582] ? lock_release+0x505/0x6f0 [ 1225.171355] ? fib_route_seq_show+0xe20/0xe20 [ 1225.172238] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1225.173310] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1225.174285] ? fib_new_table+0xfb/0x460 [ 1225.175068] ip_rt_ioctl+0x917/0x1370 [ 1225.175832] ? fib_validate_source+0x500/0x500 [ 1225.176741] inet_ioctl+0x2dd/0x380 [ 1225.177450] ? inet_dgram_connect+0x220/0x220 [ 1225.178329] ? rcu_read_lock_sched_held+0xd/0x70 [ 1225.179257] ? lock_release+0x505/0x6f0 15:51:15 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x20ffc000, 0x3, &(0x7f0000ffc000/0x1000)=nil) [ 1225.180047] ? __might_fault+0xd1/0x170 [ 1225.180963] ? lock_downgrade+0x6d0/0x6d0 [ 1225.181776] ? lock_downgrade+0x6d0/0x6d0 15:51:15 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x100c, 0x3, &(0x7f0000ffc000/0x1000)=nil) [ 1225.182586] ? rcu_read_lock_sched_held+0xd/0x70 [ 1225.183619] ? lock_acquire+0x41c/0x4d0 [ 1225.184405] ? rcu_read_lock_sched_held+0xd/0x70 [ 1225.185321] sock_do_ioctl+0xd2/0x230 [ 1225.186070] ? put_user_ifreq+0xb0/0xb0 [ 1225.186855] ? vfs_fileattr_set+0xb80/0xb80 [ 1225.187690] ? selinux_file_ioctl+0x418/0x5d0 [ 1225.188581] ? selinux_file_ioctl+0x10f/0x5d0 [ 1225.189467] ? lock_downgrade+0x6d0/0x6d0 [ 1225.190274] sock_ioctl+0x41c/0x670 [ 1225.190977] ? br_ioctl_call+0xb0/0xb0 [ 1225.191753] ? __fget_files+0x28d/0x470 [ 1225.192533] ? __x64_sys_ioctl+0x97/0x210 [ 1225.193342] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1225.194418] ? br_ioctl_call+0xb0/0xb0 [ 1225.195178] __x64_sys_ioctl+0x196/0x210 [ 1225.195979] do_syscall_64+0x3b/0x90 [ 1225.196710] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1225.197704] RIP: 0033:0x7f5554867b19 [ 1225.198425] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1225.202004] RSP: 002b:00007f5551ddd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1225.203476] RAX: ffffffffffffffda RBX: 00007f555497af60 RCX: 00007f5554867b19 [ 1225.204877] RDX: 0000000020000100 RSI: 000000000000890b RDI: 0000000000000003 [ 1225.206262] RBP: 00007f5551ddd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1225.207635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1225.209021] R13: 00007ffd20da8e0f R14: 00007f5551ddd300 R15: 0000000000022000 [ 1225.210410] [ 1225.211963] FAULT_INJECTION: forcing a failure. [ 1225.211963] name failslab, interval 1, probability 0, space 0, times 0 [ 1225.213307] CPU: 0 PID: 10223 Comm: syz-executor.7 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1225.214387] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1225.215582] Call Trace: [ 1225.215882] [ 1225.216137] dump_stack_lvl+0x8b/0xb3 [ 1225.216573] should_fail.cold+0x5/0xa [ 1225.217007] ? create_object.isra.0+0x3a/0xa20 [ 1225.217524] should_failslab+0x5/0x10 [ 1225.217946] kmem_cache_alloc+0x5b/0x480 [ 1225.218405] create_object.isra.0+0x3a/0xa20 [ 1225.218899] ? _raw_spin_unlock_irqrestore+0x28/0x50 [ 1225.219465] ? trace_hardirqs_on+0x5b/0x190 [ 1225.219973] kmemleak_alloc_percpu+0xa0/0x100 [ 1225.220483] pcpu_alloc+0x7bf/0x1060 [ 1225.220916] fib_nh_init+0xc1/0x500 [ 1225.221324] fib_create_info+0x28b7/0x4840 [ 1225.221807] ? trace_fib_table_lookup+0x1aa/0x250 [ 1225.222342] ? fib_result_prefsrc+0x4c0/0x4c0 [ 1225.222830] ? rcu_read_lock_sched_held+0xd/0x70 [ 1225.223362] ? lock_release+0x505/0x6f0 [ 1225.223817] ? __inet_dev_addr_type+0x247/0x790 [ 1225.224332] ? lock_downgrade+0x6d0/0x6d0 [ 1225.224803] fib_table_insert+0x198/0x1be0 [ 1225.225277] ? __inet_dev_addr_type+0x26e/0x790 [ 1225.225814] ? nl_fib_input+0x340/0x340 [ 1225.226264] ? fib_route_seq_show+0xe20/0xe20 [ 1225.226761] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1225.227348] ? security_capable+0x95/0xc0 [ 1225.227814] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1225.228363] ? fib_new_table+0xfb/0x460 [ 1225.228810] ip_rt_ioctl+0x917/0x1370 [ 1225.229236] ? fib_validate_source+0x500/0x500 [ 1225.229755] inet_ioctl+0x2dd/0x380 [ 1225.230174] ? inet_dgram_connect+0x220/0x220 [ 1225.230674] ? rcu_read_lock_sched_held+0xd/0x70 [ 1225.231178] ? lock_release+0x505/0x6f0 [ 1225.231626] ? __might_fault+0xd1/0x170 [ 1225.232093] ? lock_downgrade+0x6d0/0x6d0 [ 1225.232552] ? lock_downgrade+0x6d0/0x6d0 [ 1225.233023] ? rcu_read_lock_sched_held+0xd/0x70 [ 1225.233547] ? lock_acquire+0x41c/0x4d0 [ 1225.233990] ? rcu_read_lock_sched_held+0xd/0x70 [ 1225.234524] sock_do_ioctl+0xd2/0x230 [ 1225.234965] ? put_user_ifreq+0xb0/0xb0 [ 1225.235402] loop5: detected capacity change from 0 to 260 [ 1225.235411] ? vfs_fileattr_set+0xb80/0xb80 [ 1225.236986] ? selinux_file_ioctl+0x418/0x5d0 [ 1225.237501] ? selinux_file_ioctl+0x10f/0x5d0 [ 1225.238006] ? lock_downgrade+0x6d0/0x6d0 [ 1225.238467] sock_ioctl+0x41c/0x670 [ 1225.238875] ? br_ioctl_call+0xb0/0xb0 [ 1225.239304] ? __fget_files+0x28d/0x470 [ 1225.239760] ? __x64_sys_ioctl+0x97/0x210 [ 1225.240206] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1225.240811] ? br_ioctl_call+0xb0/0xb0 [ 1225.241233] __x64_sys_ioctl+0x196/0x210 [ 1225.241691] do_syscall_64+0x3b/0x90 [ 1225.242118] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1225.242691] RIP: 0033:0x7f96bd0c4b19 [ 1225.243106] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1225.245166] RSP: 002b:00007f96ba63a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1225.246014] RAX: ffffffffffffffda RBX: 00007f96bd1d7f60 RCX: 00007f96bd0c4b19 [ 1225.246818] RDX: 0000000020000100 RSI: 000000000000890b RDI: 0000000000000003 [ 1225.247602] RBP: 00007f96ba63a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1225.248406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1225.249190] R13: 00007ffdf81da1ff R14: 00007f96ba63a300 R15: 0000000000022000 [ 1225.249994] [ 1225.267423] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:51:27 executing program 6: r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x10b01, 0x0) socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) fsetxattr$trusted_overlay_origin(r1, &(0x7f0000000080), &(0x7f00000000c0), 0x2, 0x0) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) 15:51:27 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x100d, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:51:27 executing program 2: openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000001c0), 0x10000, 0x0) syz_io_uring_setup(0x2494, &(0x7f0000000200)={0x0, 0xf105, 0x10, 0x2, 0x2f7, 0x0, r0}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000002c0), &(0x7f0000000300)) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x41, 0x32) 15:51:27 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x5, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:51:27 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x40000000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 15:51:27 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}}) (fail_nth: 6) 15:51:27 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) (fail_nth: 7) 15:51:27 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0xd00, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) [ 1236.976219] FAULT_INJECTION: forcing a failure. [ 1236.976219] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1236.978763] CPU: 0 PID: 10252 Comm: syz-executor.0 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1236.980825] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1236.983233] Call Trace: [ 1236.983782] [ 1236.984278] dump_stack_lvl+0x8b/0xb3 [ 1236.985109] should_fail.cold+0x5/0xa [ 1236.985932] _copy_to_user+0x2a/0x140 [ 1236.986754] simple_read_from_buffer+0xcc/0x160 [ 1236.987757] proc_fail_nth_read+0x194/0x220 15:51:27 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f0000ffc000/0x1000)=nil) [ 1236.988703] ? proc_exe_link+0x1d0/0x1d0 [ 1236.989678] ? security_file_permission+0xb1/0xd0 [ 1236.990733] ? proc_exe_link+0x1d0/0x1d0 [ 1236.991610] vfs_read+0x1f0/0x5e0 [ 1236.992390] ksys_read+0x12d/0x250 [ 1236.993163] ? __ia32_sys_pwrite64+0x230/0x230 [ 1236.994149] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 1236.995238] ? fpregs_assert_state_consistent+0xbc/0xe0 [ 1236.996402] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1236.997525] do_syscall_64+0x3b/0x90 [ 1236.998337] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1236.999455] RIP: 0033:0x7f555481a69c [ 1237.000272] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 1237.004249] RSP: 002b:00007f5551ddd170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1237.005871] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 00007f555481a69c [ 1237.007404] RDX: 000000000000000f RSI: 00007f5551ddd1e0 RDI: 0000000000000004 15:51:27 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x20ffc000, 0x3, &(0x7f0000ffc000/0x1000)=nil) [ 1237.008945] RBP: 00007f5551ddd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1237.010514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1237.012060] R13: 00007ffd20da8e0f R14: 00007f5551ddd300 R15: 0000000000022000 [ 1237.013600] 15:51:27 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x6, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) [ 1237.027381] loop5: detected capacity change from 0 to 260 15:51:27 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x40000000, 0x3, &(0x7f0000ffc000/0x1000)=nil) [ 1237.069009] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:51:27 executing program 6: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r2, &(0x7f0000000140)={0x37}, 0x14) dup3(r0, r2, 0x0) write$P9_RMKNOD(r1, &(0x7f0000000140)={0x14, 0x13, 0x1, {0x10, 0x2, 0xfffffffffffffffa}}, 0x10) ioctl$CDROMMULTISESSION(r0, 0x5312, 0x0) 15:51:27 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x7, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:51:27 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}}) 15:51:27 executing program 1: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x7fffdf003000, 0x3, &(0x7f0000ffc000/0x1000)=nil) [ 1237.143025] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 1237.144258] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 1237.145066] CPU: 1 PID: 10293 Comm: syz-executor.1 Tainted: G B 5.17.0-rc5-next-20220225 #1 [ 1237.146074] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1237.147247] RIP: 0010:mas_descend_adopt+0x589/0x1720 [ 1237.147796] Code: 8b 44 24 08 48 c1 e2 03 48 8d 1c 10 48 89 d8 48 c1 e8 03 42 80 3c 38 00 0f 85 07 0e 00 00 48 8b 03 30 c0 48 89 c1 48 c1 e9 03 <42> 80 3c 39 00 0f 85 16 0e 00 00 48 8b 00 41 8d 5d 01 30 c0 48 39 [ 1237.149736] RSP: 0018:ffff8880455c6d68 EFLAGS: 00010256 [ 1237.150287] RAX: 0000000000000000 RBX: ffff888009471e58 RCX: 0000000000000000 [ 1237.151030] RDX: 0000000000000008 RSI: ffffffff820f479a RDI: 0000000000000003 15:51:27 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0xe00, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:51:27 executing program 2: openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x133}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') r1 = syz_io_uring_setup(0x4eff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) io_uring_enter(r1, 0x480b, 0x57ac, 0x0, &(0x7f0000000340)={[0x9]}, 0x8) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x3f, &(0x7f0000000200), &(0x7f0000000240)=0x4) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r4, 0x80, &(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @private1}}, 0x0) r5 = accept4$inet(r0, &(0x7f0000000080)={0x2, 0x0, @multicast2}, &(0x7f00000000c0)=0x10, 0xc0800) syz_io_uring_submit(r2, 0x0, &(0x7f0000000180)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x2, 0x0, r5, 0x0, &(0x7f0000000100)="2d993b978f0fe144019fce9e5ad37c392f49161d0666058dffe1014430243be916f1f67a12665bfb5d7ae34b4e4f0b695aee1a", 0x33, 0x2001}, 0x2) write$P9_RMKNOD(r0, &(0x7f0000000140)={0x37}, 0x14) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'bond_slave_1\x00'}) [ 1237.151777] RBP: 0000000000000001 R08: 0000000000000000 R09: 00000000ffffff01 [ 1237.152734] R10: ffffffff820f478d R11: 0000000000000000 R12: ffffed1001f170e9 [ 1237.153471] R13: 0000000000000001 R14: ffff88800f8b8700 R15: dffffc0000000000 [ 1237.154214] FS: 00007ff1639b1700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 1237.155270] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1237.156370] CR2: 00007ff16654b000 CR3: 00000000442ae000 CR4: 0000000000350ee0 [ 1237.157395] Call Trace: [ 1237.157659] [ 1237.157892] ? mas_is_span_wr+0x260/0x260 [ 1237.158323] ? unwind_next_frame+0xc8b/0x2250 [ 1237.158789] ? unwind_get_return_address+0x51/0x90 [ 1237.159296] ? create_prof_cpu_mask+0x20/0x20 [ 1237.159761] ? arch_stack_walk+0x99/0xf0 [ 1237.160193] ? mas_destroy+0x2cd/0x8d0 [ 1237.160593] ? kill_rules+0x42/0x4f0 [ 1237.160976] ? mas_replace+0x2eb/0x12e0 [ 1237.161391] mas_spanning_rebalance.isra.0+0x5159/0x8b40 [ 1237.161960] ? mas_push_data+0x2700/0x2700 [ 1237.162397] ? unwind_get_return_address+0x51/0x90 [ 1237.162902] ? create_prof_cpu_mask+0x20/0x20 [ 1237.163362] ? arch_stack_walk+0x90/0xf0 [ 1237.163781] ? lock_acquire+0x41c/0x4d0 [ 1237.164203] ? do_raw_spin_lock+0x121/0x260 [ 1237.164650] ? mas_destroy+0x2cd/0x8d0 [ 1237.165051] ? memcpy+0x39/0x60 [ 1237.165402] ? memcpy+0x39/0x60 [ 1237.165744] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1237.166308] ? mas_mab_cp+0x2bf/0x5f0 [ 1237.166709] mas_wr_spanning_store.isra.0+0x559/0x1170 [ 1237.167247] ? mt_find_after+0x80/0x80 [ 1237.167643] ? rcu_read_lock_sched_held+0xd/0x70 [ 1237.168153] ? rcu_read_lock_sched_held+0xd/0x70 [ 1237.168637] ? lock_release+0x505/0x6f0 [ 1237.169048] ? unwind_next_frame+0xc8b/0x2250 [ 1237.169507] ? unwind_next_frame+0xc8b/0x2250 [ 1237.169969] ? mas_destroy+0x2cd/0x8d0 [ 1237.170372] ? mas_destroy+0x2cd/0x8d0 [ 1237.170784] ? mas_is_span_wr+0x14f/0x260 [ 1237.171212] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1237.171774] ? mas_wr_walk+0x842/0xbd0 [ 1237.172187] ? kasan_quarantine_put+0x3/0x1e0 [ 1237.172654] mas_wr_store_entry.isra.0+0xcb7/0x10e0 [ 1237.173166] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1237.173740] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1237.174307] mas_store_gfp+0xca/0x1f0 [ 1237.174695] ? mtree_store+0x30/0x30 [ 1237.175080] do_mas_align_munmap.constprop.0+0x5b5/0xc00 [ 1237.175642] ? __split_vma+0x540/0x540 [ 1237.176055] ? mas_walk+0x48a/0x670 [ 1237.176426] ? mas_find+0x203/0xdd0 [ 1237.176801] do_mas_munmap+0x1ed/0x2c0 [ 1237.177201] do_munmap+0xc3/0x100 [ 1237.177558] ? vm_brk+0x20/0x20 [ 1237.177905] __do_sys_mremap+0x1196/0x14f0 [ 1237.178346] ? move_vma.constprop.0+0xf40/0xf40 [ 1237.178610] loop5: detected capacity change from 0 to 260 [ 1237.178824] ? xfd_validate_state+0x59/0x180 [ 1237.178841] ? restore_fpregs_from_fpstate+0xcc/0x1e0 [ 1237.180997] ? __x64_sys_futex_time32+0x480/0x480 [ 1237.181494] ? fpregs_restore_userregs+0x164/0x380 [ 1237.182005] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1237.182542] do_syscall_64+0x3b/0x90 [ 1237.182933] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1237.183468] RIP: 0033:0x7ff16643bb19 [ 1237.183847] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1237.185762] RSP: 002b:00007ff1639b1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1237.186556] RAX: ffffffffffffffda RBX: 00007ff16654ef60 RCX: 00007ff16643bb19 [ 1237.187299] RDX: 00007fffdf003000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1237.188034] RBP: 00007ff166495f6d R08: 0000000020ffc000 R09: 0000000000000000 [ 1237.188761] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 1237.189496] R13: 00007fffc2898d3f R14: 00007ff1639b1300 R15: 0000000000022000 [ 1237.190235] [ 1237.190477] Modules linked in: [ 1237.191466] ---[ end trace 0000000000000000 ]--- [ 1237.192008] RIP: 0010:mas_descend_adopt+0x589/0x1720 [ 1237.192547] Code: 8b 44 24 08 48 c1 e2 03 48 8d 1c 10 48 89 d8 48 c1 e8 03 42 80 3c 38 00 0f 85 07 0e 00 00 48 8b 03 30 c0 48 89 c1 48 c1 e9 03 <42> 80 3c 39 00 0f 85 16 0e 00 00 48 8b 00 41 8d 5d 01 30 c0 48 39 [ 1237.194467] RSP: 0018:ffff8880455c6d68 EFLAGS: 00010256 [ 1237.195027] RAX: 0000000000000000 RBX: ffff888009471e58 RCX: 0000000000000000 [ 1237.195774] RDX: 0000000000000008 RSI: ffffffff820f479a RDI: 0000000000000003 [ 1237.196512] RBP: 0000000000000001 R08: 0000000000000000 R09: 00000000ffffff01 [ 1237.197250] R10: ffffffff820f478d R11: 0000000000000000 R12: ffffed1001f170e9 [ 1237.197991] R13: 0000000000000001 R14: ffff88800f8b8700 R15: dffffc0000000000 [ 1237.198737] FS: 00007ff1639b1700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 1237.199579] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1237.200189] CR2: 00007ff16654b000 CR3: 00000000442ae000 CR4: 0000000000350ee0 [ 1237.203004] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) 15:51:27 executing program 4: syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x0) mremap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x7fffdf003000, 0x3, &(0x7f0000ffc000/0x1000)=nil) [ 1237.228573] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#2] PREEMPT SMP KASAN NOPTI [ 1237.231085] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 1237.232720] CPU: 0 PID: 10302 Comm: syz-executor.4 Tainted: G B D 5.17.0-rc5-next-20220225 #1 [ 1237.234798] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1237.237254] RIP: 0010:mas_descend_adopt+0x589/0x1720 [ 1237.238375] Code: 8b 44 24 08 48 c1 e2 03 48 8d 1c 10 48 89 d8 48 c1 e8 03 42 80 3c 38 00 0f 85 07 0e 00 00 48 8b 03 30 c0 48 89 c1 48 c1 e9 03 <42> 80 3c 39 00 0f 85 16 0e 00 00 48 8b 00 41 8d 5d 01 30 c0 48 39 [ 1237.242333] RSP: 0018:ffff888042146d68 EFLAGS: 00010256 [ 1237.243469] RAX: 0000000000000000 RBX: ffff88800dd8f258 RCX: 0000000000000000 [ 1237.245011] RDX: 0000000000000008 RSI: ffffffff820f479a RDI: 0000000000000003 [ 1237.246531] RBP: 0000000000000001 R08: 0000000000000000 R09: 00000000ffffff01 [ 1237.248070] R10: ffffffff820f478d R11: 0000000000000000 R12: ffffed1008303549 [ 1237.249598] R13: 0000000000000001 R14: ffff88804181aa00 R15: dffffc0000000000 [ 1237.251139] FS: 00007fe3cb2e5700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 1237.252899] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1237.254141] CR2: 00007fe3cde7f000 CR3: 00000000467b2000 CR4: 0000000000350ef0 [ 1237.255667] DR0: 0000000000000101 DR1: 0000000000000000 DR2: 0000000000000000 [ 1237.257199] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 1237.258718] Call Trace: [ 1237.259263] [ 1237.259745] ? mas_is_span_wr+0x260/0x260 [ 1237.260652] ? unwind_next_frame+0xc8b/0x2250 [ 1237.261626] ? unwind_get_return_address+0x51/0x90 [ 1237.262670] ? create_prof_cpu_mask+0x20/0x20 [ 1237.263637] ? arch_stack_walk+0x99/0xf0 [ 1237.264526] ? mas_destroy+0x2cd/0x8d0 [ 1237.265376] ? kill_rules+0x42/0x4f0 [ 1237.266175] ? mas_replace+0x2eb/0x12e0 [ 1237.267037] mas_spanning_rebalance.isra.0+0x5159/0x8b40 [ 1237.268217] ? mas_push_data+0x2700/0x2700 [ 1237.269129] ? unwind_get_return_address+0x51/0x90 [ 1237.270179] ? create_prof_cpu_mask+0x20/0x20 [ 1237.271144] ? arch_stack_walk+0x90/0xf0 [ 1237.272028] ? lock_acquire+0x41c/0x4d0 [ 1237.272879] ? do_raw_spin_lock+0x121/0x260 [ 1237.273813] ? mas_destroy+0x2cd/0x8d0 [ 1237.274641] ? memcpy+0x39/0x60 [ 1237.275364] ? memcpy+0x39/0x60 [ 1237.276082] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 1237.277263] ? mas_mab_cp+0x2bf/0x5f0 [ 1237.278095] mas_wr_spanning_store.isra.0+0x559/0x1170 [ 1237.279215] ? mt_find_after+0x80/0x80 [ 1237.280050] ? rcu_read_lock_sched_held+0xd/0x70 [ 1237.281065] ? rcu_read_lock_sched_held+0xd/0x70 [ 1237.282079] ? lock_release+0x505/0x6f0 [ 1237.282938] ? unwind_next_frame+0xc8b/0x2250 [ 1237.283896] ? unwind_next_frame+0xc8b/0x2250 [ 1237.284869] ? mas_destroy+0x2cd/0x8d0 [ 1237.285715] ? mas_destroy+0x2cd/0x8d0 [ 1237.286571] ? mas_is_span_wr+0x14f/0x260 [ 1237.287467] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1237.288685] ? mas_wr_walk+0x842/0xbd0 [ 1237.289530] ? kasan_quarantine_put+0x3/0x1e0 [ 1237.290511] mas_wr_store_entry.isra.0+0xcb7/0x10e0 [ 1237.291580] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1237.292766] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 1237.293953] mas_store_gfp+0xca/0x1f0 [ 1237.294766] ? mtree_store+0x30/0x30 [ 1237.295571] do_mas_align_munmap.constprop.0+0x5b5/0xc00 [ 1237.296759] ? __split_vma+0x540/0x540 [ 1237.297601] ? mas_walk+0x48a/0x670 [ 1237.298380] ? mas_find+0x203/0xdd0 [ 1237.299164] do_mas_munmap+0x1ed/0x2c0 [ 1237.300013] do_munmap+0xc3/0x100 [ 1237.300763] ? vm_brk+0x20/0x20 [ 1237.301483] __do_sys_mremap+0x1196/0x14f0 [ 1237.302402] ? move_vma.constprop.0+0xf40/0xf40 [ 1237.303408] ? xfd_validate_state+0x59/0x180 [ 1237.304366] ? restore_fpregs_from_fpstate+0xcc/0x1e0 [ 1237.305476] ? __x64_sys_futex_time32+0x480/0x480 [ 1237.306514] ? fpregs_restore_userregs+0x164/0x380 [ 1237.307570] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1237.308694] do_syscall_64+0x3b/0x90 [ 1237.309504] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1237.310608] RIP: 0033:0x7fe3cdd6fb19 [ 1237.311399] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1237.315342] RSP: 002b:00007fe3cb2e5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1237.316976] RAX: ffffffffffffffda RBX: 00007fe3cde82f60 RCX: 00007fe3cdd6fb19 [ 1237.318500] RDX: 00007fffdf003000 RSI: 0000000000002000 RDI: 0000000020ffa000 [ 1237.320031] RBP: 00007fe3cddc9f6d R08: 0000000020ffc000 R09: 0000000000000000 [ 1237.321553] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 1237.323075] R13: 00007fffdf0ea1bf R14: 00007fe3cb2e5300 R15: 0000000000022000 [ 1237.324620] [ 1237.325114] Modules linked in: [ 1237.326358] ---[ end trace 0000000000000000 ]--- [ 1237.327467] RIP: 0010:mas_descend_adopt+0x589/0x1720 [ 1237.328610] Code: 8b 44 24 08 48 c1 e2 03 48 8d 1c 10 48 89 d8 48 c1 e8 03 42 80 3c 38 00 0f 85 07 0e 00 00 48 8b 03 30 c0 48 89 c1 48 c1 e9 03 <42> 80 3c 39 00 0f 85 16 0e 00 00 48 8b 00 41 8d 5d 01 30 c0 48 39 [ 1237.332597] RSP: 0018:ffff8880455c6d68 EFLAGS: 00010256 [ 1237.333754] RAX: 0000000000000000 RBX: ffff888009471e58 RCX: 0000000000000000 [ 1237.335298] RDX: 0000000000000008 RSI: ffffffff820f479a RDI: 0000000000000003 [ 1237.336856] RBP: 0000000000000001 R08: 0000000000000000 R09: 00000000ffffff01 [ 1237.338411] R10: ffffffff820f478d R11: 0000000000000000 R12: ffffed1001f170e9 [ 1237.339987] R13: 0000000000000001 R14: ffff88800f8b8700 R15: dffffc0000000000 [ 1237.341538] FS: 00007fe3cb2e5700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 1237.343290] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1237.344561] CR2: 00007fe3cde7f000 CR3: 00000000467b2000 CR4: 0000000000350ef0 [ 1237.346106] DR0: 0000000000000101 DR1: 0000000000000000 DR2: 0000000000000000 [ 1237.347650] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 15:51:27 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'caif0\x00'}) 15:51:27 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f0000000140)={0x37}, 0x14) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'sit0\x00'}) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:51:27 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) 15:51:27 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0xf00, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:51:27 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x2, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}}) 15:51:27 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0x9, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:51:27 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x2, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) 15:51:27 executing program 7: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x4b47, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}}) 15:51:27 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1ce}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) 15:51:27 executing program 5: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x1020, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c585d28646200088020000400000004f8000020004000454583559ba3330759", 0x21, 0x4}, {0x0, 0x0, 0x10400}], 0x0, &(0x7f0000000140)={[{@fat=@fmask}]}) 15:51:27 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x101, 0x0, 0xf, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 15:51:27 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x4b47, &(0x7f0000000100)={0x0, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}, {0x2, 0x0, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)='lo\x00', 0x7, 0xfffffffffffffff9, 0xcae8}) VM DIAGNOSIS: 15:51:17 Registers: info registers vcpu 0 RAX=1ffff1100d9c5683 RBX=ffff88806ce2b400 RCX=0000000000000000 RDX=ffff88800f8d4f80 RSI=ffffffff82136788 RDI=ffff88806ce2b418 RBP=ffff88806ce2b0a0 RSP=ffff88806ce09dc0 R8 =ffff88806ce2b0a0 R9 =0000000000000000 R10=ffffffff821366e4 R11=0000000000000000 R12=dffffc0000000000 R13=00000120069eafe2 R14=0000000000000001 R15=0000000000000000 RIP=ffffffff8213679e RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f3f4a0e88c0 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055740b2eff88 CR3=000000000daa0000 CR4=00350ef0 DR0=0000000000000101 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000600 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 ffff0000000000ff ffffff0000000000 YMM02=0000000000000000 0000000000000000 ffffff0f0e0d0c0b 0a09080706050403 YMM03=0000000000000000 0000000000000000 696e656420737365 636341002f737973 YMM04=0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f YMM05=0000000000000000 0000000000000000 000055740b2e04a0 000055740b2dea30 YMM06=0000000000000000 0000000000000000 000055740b2e6710 ffffffff00000002 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 2f63697361622f63 72732f2e2e000d0a YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000020000000 0000000020000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=0000000000000034 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff823b5af1 RDI=ffffffff873a46c0 RBP=ffffffff873a4680 RSP=ffff8880455c6750 R8 =0000000000000000 R9 =0000000000000034 R10=ffffffff823b76b3 R11=000000000000000a R12=0000000000000034 R13=0000000000000034 R14=ffffffff873a4680 R15=dffffc0000000000 RIP=ffffffff823b5b48 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007ff1639b1700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ff16654b000 CR3=00000000442ae000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM01=0000000000000000 0000000000000000 2323232323232323 2323232323232323 YMM02=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM03=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000