r+0x9e/0x470
[ 2065.007809]  ? finish_automount+0xa90/0xa90
[ 2065.008842]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2065.009849]  ? _copy_from_user+0xfb/0x1b0
[ 2065.010827]  __x64_sys_mount+0x282/0x300
[ 2065.011730]  ? copy_mnt_ns+0xa00/0xa00
[ 2065.012585]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2065.013818]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2065.014952]  do_syscall_64+0x33/0x40
[ 2065.015806]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2065.016952] RIP: 0033:0x7f32cefd1b19
[ 2065.017778] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2065.021838] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2065.023466] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2065.025020] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2065.026561] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2065.028238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2065.029810] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
13:55:17 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2065.031466] CPU: 1 PID: 9779 Comm: syz-executor.1 Not tainted 5.10.245 #1
[ 2065.033267] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2065.035191] Call Trace:
[ 2065.035819]  dump_stack+0x107/0x167
[ 2065.036665]  should_fail.cold+0x5/0xa
[ 2065.037558]  ? create_object.isra.0+0x3a/0xa30
[ 2065.038604]  should_failslab+0x5/0x20
[ 2065.039471]  kmem_cache_alloc+0x5b/0x310
[ 2065.040417]  ? kernel_text_address+0xf2/0x120
[ 2065.041466]  create_object.isra.0+0x3a/0xa30
[ 2065.042471]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2065.043645]  kmem_cache_alloc_trace+0x151/0x320
[ 2065.044719]  p9_client_create+0xaf/0x1230
[ 2065.045674]  ? lock_downgrade+0x6d0/0x6d0
[ 2065.046642]  ? p9_client_flush+0x430/0x430
[ 2065.047621]  ? trace_hardirqs_on+0x5b/0x180
[ 2065.048621]  ? lockdep_init_map_type+0x2c7/0x780
[ 2065.049710]  ? __raw_spin_lock_init+0x36/0x110
[ 2065.050759]  v9fs_session_init+0x1dd/0x1680
[ 2065.051742]  ? lock_release+0x680/0x680
[ 2065.052659]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2065.053748]  ? v9fs_show_options+0x690/0x690
[ 2065.054771]  ? trace_hardirqs_on+0x5b/0x180
[ 2065.055768]  ? kasan_unpoison_shadow+0x33/0x50
[ 2065.056810]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2065.057988]  v9fs_mount+0x79/0x8f0
[ 2065.058813]  ? v9fs_write_inode+0x60/0x60
[ 2065.059765]  legacy_get_tree+0x105/0x220
[ 2065.060698]  vfs_get_tree+0x8e/0x300
[ 2065.061559]  path_mount+0x1490/0x21e0
[ 2065.062438]  ? strncpy_from_user+0x9e/0x470
[ 2065.063421]  ? finish_automount+0xa90/0xa90
[ 2065.064410]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2065.065487]  ? _copy_from_user+0xfb/0x1b0
[ 2065.066431]  __x64_sys_mount+0x282/0x300
[ 2065.067371]  ? copy_mnt_ns+0xa00/0xa00
[ 2065.068276]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2065.069492]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2065.070686]  do_syscall_64+0x33/0x40
[ 2065.071542]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2065.072726] RIP: 0033:0x7f70af30cb19
[ 2065.073601] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2065.077853] RSP: 002b:00007f70ac882188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2065.079626] RAX: ffffffffffffffda RBX: 00007f70af41ff60 RCX: 00007f70af30cb19
[ 2065.081275] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2065.082918] RBP: 00007f70ac8821d0 R08: 0000000020000280 R09: 0000000000000000
[ 2065.084557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2065.086196] R13: 00007ffc0122b36f R14: 00007f70ac882300 R15: 0000000000022000
13:55:35 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 28)

13:55:35 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x0, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2082.973845] FAULT_INJECTION: forcing a failure.
[ 2082.973845] name failslab, interval 1, probability 0, space 0, times 0
[ 2082.976377] CPU: 0 PID: 9796 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2082.977896] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2082.980133] Call Trace:
[ 2082.980869]  dump_stack+0x107/0x167
[ 2082.981892]  should_fail.cold+0x5/0xa
[ 2082.982937]  should_failslab+0x5/0x20
[ 2082.983976]  __kmalloc_track_caller+0x79/0x370
[ 2082.985232]  ? match_number+0xaf/0x1d0
[ 2082.986290]  kmemdup_nul+0x2d/0xa0
[ 2082.987485]  match_number+0xaf/0x1d0
[ 2082.988503]  ? match_u64+0x190/0x190
[ 2082.989522]  ? __kmalloc_track_caller+0x2c6/0x370
[ 2082.990818]  ? memcpy+0x39/0x60
[ 2082.991646]  parse_opts.part.0+0x1f3/0x340
[ 2082.992730]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2082.993776]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2082.994897]  ? trace_hardirqs_on+0x5b/0x180
[ 2082.995829]  ? kfree+0xd7/0x340
[ 2082.996668]  p9_fd_create+0x98/0x4a0
[ 2082.997492]  ? p9_conn_create+0x510/0x510
[ 2082.998388]  ? p9_client_create+0x798/0x1230
[ 2082.999333]  ? kfree+0xd7/0x340
[ 2083.000073]  ? do_raw_spin_unlock+0x4f/0x220
[ 2083.001050]  p9_client_create+0x7ff/0x1230
[ 2083.001952]  ? p9_client_flush+0x430/0x430
[ 2083.002845]  ? trace_hardirqs_on+0x5b/0x180
[ 2083.003765]  ? lockdep_init_map_type+0x2c7/0x780
[ 2083.004760]  ? __raw_spin_lock_init+0x36/0x110
[ 2083.005732]  v9fs_session_init+0x1dd/0x1680
[ 2083.006646]  ? lock_release+0x680/0x680
[ 2083.007498]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2083.008516]  ? v9fs_show_options+0x690/0x690
[ 2083.009454]  ? trace_hardirqs_on+0x5b/0x180
[ 2083.010365]  ? kasan_unpoison_shadow+0x33/0x50
[ 2083.011324]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2083.012086] FAULT_INJECTION: forcing a failure.
[ 2083.012086] name failslab, interval 1, probability 0, space 0, times 0
[ 2083.012384]  v9fs_mount+0x79/0x8f0
[ 2083.012411]  ? v9fs_write_inode+0x60/0x60
[ 2083.016337]  legacy_get_tree+0x105/0x220
[ 2083.017209]  vfs_get_tree+0x8e/0x300
[ 2083.017991]  path_mount+0x1490/0x21e0
[ 2083.018788]  ? strncpy_from_user+0x9e/0x470
[ 2083.019680]  ? finish_automount+0xa90/0xa90
[ 2083.020591]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2083.021566]  ? _copy_from_user+0xfb/0x1b0
[ 2083.022433]  __x64_sys_mount+0x282/0x300
[ 2083.023281]  ? copy_mnt_ns+0xa00/0xa00
[ 2083.024113]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2083.025233]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2083.026321]  do_syscall_64+0x33/0x40
[ 2083.027103]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2083.028177] RIP: 0033:0x7f32cefd1b19
[ 2083.028955] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2083.032830] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2083.034446] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2083.035955] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2083.037468] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2083.038976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2083.040482] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
[ 2083.042028] CPU: 1 PID: 9803 Comm: syz-executor.5 Not tainted 5.10.245 #1
[ 2083.043517] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2083.045308] Call Trace:
[ 2083.045871]  dump_stack+0x107/0x167
[ 2083.046647]  should_fail.cold+0x5/0xa
[ 2083.047470]  ? create_object.isra.0+0x3a/0xa30
13:55:35 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 27)

13:55:35 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', 0x0})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:55:35 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x0, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:55:35 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x0, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:55:35 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 25)

13:55:35 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 23)

[ 2083.048734]  should_failslab+0x5/0x20
[ 2083.049736]  kmem_cache_alloc+0x5b/0x310
[ 2083.050665]  create_object.isra.0+0x3a/0xa30
[ 2083.051585]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2083.052662]  __kmalloc_track_caller+0x177/0x370
[ 2083.053650]  ? p9_client_create+0x51e/0x1230
[ 2083.054594]  kmemdup_nul+0x2d/0xa0
[ 2083.055355]  p9_client_create+0x51e/0x1230
[ 2083.056261]  ? p9_client_flush+0x430/0x430
[ 2083.057178]  ? trace_hardirqs_on+0x5b/0x180
[ 2083.058097]  ? lockdep_init_map_type+0x2c7/0x780
[ 2083.059122]  ? __raw_spin_lock_init+0x36/0x110
[ 2083.060109]  v9fs_session_init+0x1dd/0x1680
[ 2083.061042]  ? lock_release+0x680/0x680
[ 2083.061905]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2083.062929]  ? v9fs_show_options+0x690/0x690
[ 2083.063877]  ? trace_hardirqs_on+0x5b/0x180
[ 2083.064793]  ? kasan_unpoison_shadow+0x33/0x50
[ 2083.065776]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2083.066857]  v9fs_mount+0x79/0x8f0
[ 2083.067625]  ? v9fs_write_inode+0x60/0x60
[ 2083.068506]  legacy_get_tree+0x105/0x220
[ 2083.069375]  vfs_get_tree+0x8e/0x300
[ 2083.070171]  path_mount+0x1490/0x21e0
[ 2083.070987]  ? strncpy_from_user+0x9e/0x470
[ 2083.071907]  ? finish_automount+0xa90/0xa90
[ 2083.072823]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2083.073821]  ? _copy_from_user+0xfb/0x1b0
[ 2083.074707]  __x64_sys_mount+0x282/0x300
[ 2083.075569]  ? copy_mnt_ns+0xa00/0xa00
[ 2083.076393]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2083.077530]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2083.078633]  do_syscall_64+0x33/0x40
[ 2083.079433]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2083.080525] RIP: 0033:0x7f414f134b19
[ 2083.081326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2083.085281] RSP: 002b:00007f414c6aa188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2083.086897] RAX: ffffffffffffffda RBX: 00007f414f247f60 RCX: 00007f414f134b19
[ 2083.088419] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2083.089949] RBP: 00007f414c6aa1d0 R08: 0000000020000280 R09: 0000000000000000
[ 2083.091466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2083.092982] R13: 00007ffd33b81f5f R14: 00007f414c6aa300 R15: 0000000000022000
[ 2083.096877] FAULT_INJECTION: forcing a failure.
[ 2083.096877] name failslab, interval 1, probability 0, space 0, times 0
[ 2083.099604] CPU: 1 PID: 9804 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2083.100803] FAULT_INJECTION: forcing a failure.
[ 2083.100803] name failslab, interval 1, probability 0, space 0, times 0
[ 2083.101058] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2083.101063] Call Trace:
[ 2083.101083]  dump_stack+0x107/0x167
[ 2083.101108]  should_fail.cold+0x5/0xa
[ 2083.107335]  ? create_object.isra.0+0x3a/0xa30
[ 2083.108302]  should_failslab+0x5/0x20
[ 2083.109117]  kmem_cache_alloc+0x5b/0x310
[ 2083.109977]  ? legacy_get_tree+0x105/0x220
[ 2083.110865]  ? vfs_get_tree+0x8e/0x300
[ 2083.111687]  create_object.isra.0+0x3a/0xa30
[ 2083.112614]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2083.113710]  __kmalloc_track_caller+0x177/0x370
[ 2083.114685]  ? parse_opts.part.0+0x8e/0x340
[ 2083.115607]  kstrdup+0x36/0x70
[ 2083.116281]  parse_opts.part.0+0x8e/0x340
[ 2083.117164]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2083.118124]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2083.119225]  ? quarantine_put+0x8b/0x1a0
[ 2083.120081]  ? trace_hardirqs_on+0x5b/0x180
[ 2083.121006]  ? kfree+0xd7/0x340
[ 2083.121697]  p9_fd_create+0x98/0x4a0
[ 2083.122475]  ? p9_conn_create+0x510/0x510
[ 2083.123340]  ? p9_client_create+0x798/0x1230
[ 2083.124264]  ? kfree+0xd7/0x340
[ 2083.124942]  ? do_raw_spin_unlock+0x4f/0x220
[ 2083.125883]  p9_client_create+0x7ff/0x1230
[ 2083.126791]  ? p9_client_flush+0x430/0x430
[ 2083.127670]  ? trace_hardirqs_on+0x5b/0x180
[ 2083.128579]  ? lockdep_init_map_type+0x2c7/0x780
[ 2083.129588]  ? __raw_spin_lock_init+0x36/0x110
[ 2083.130569]  v9fs_session_init+0x1dd/0x1680
[ 2083.131480]  ? lock_release+0x680/0x680
[ 2083.132332]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2083.133357]  ? v9fs_show_options+0x690/0x690
[ 2083.134303]  ? trace_hardirqs_on+0x5b/0x180
[ 2083.135227]  ? kasan_unpoison_shadow+0x33/0x50
[ 2083.136179]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2083.137259]  v9fs_mount+0x79/0x8f0
[ 2083.138013]  ? v9fs_write_inode+0x60/0x60
[ 2083.138876]  legacy_get_tree+0x105/0x220
[ 2083.139734]  vfs_get_tree+0x8e/0x300
[ 2083.140522]  path_mount+0x1490/0x21e0
[ 2083.141337]  ? strncpy_from_user+0x9e/0x470
[ 2083.142245]  ? finish_automount+0xa90/0xa90
[ 2083.143156]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2083.144132]  ? _copy_from_user+0xfb/0x1b0
[ 2083.145029]  __x64_sys_mount+0x282/0x300
[ 2083.145905]  ? copy_mnt_ns+0xa00/0xa00
[ 2083.146734]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2083.147842]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2083.148932]  do_syscall_64+0x33/0x40
[ 2083.149735]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2083.150827] RIP: 0033:0x7f3f98f8db19
[ 2083.151606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2083.155514] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2083.157119] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2083.158628] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2083.160122] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2083.161632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2083.163125] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
[ 2083.164653] CPU: 0 PID: 9793 Comm: syz-executor.1 Not tainted 5.10.245 #1
[ 2083.164943] 9pnet: Insufficient options for proto=fd
[ 2083.166160] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2083.166166] Call Trace:
[ 2083.166194]  dump_stack+0x107/0x167
[ 2083.166218]  should_fail.cold+0x5/0xa
[ 2083.171118]  ? create_object.isra.0+0x3a/0xa30
[ 2083.172083]  should_failslab+0x5/0x20
[ 2083.172885]  kmem_cache_alloc+0x5b/0x310
[ 2083.173754]  ? lock_downgrade+0x6d0/0x6d0
[ 2083.174640]  create_object.isra.0+0x3a/0xa30
[ 2083.175562]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2083.176649]  __kmalloc_track_caller+0x177/0x370
[ 2083.177644]  ? p9_client_create+0x41d/0x1230
[ 2083.178567]  kstrdup+0x36/0x70
[ 2083.179250]  p9_client_create+0x41d/0x1230
[ 2083.180145]  ? lock_downgrade+0x6d0/0x6d0
[ 2083.181034]  ? p9_client_flush+0x430/0x430
[ 2083.181923]  ? trace_hardirqs_on+0x5b/0x180
[ 2083.182831]  ? lockdep_init_map_type+0x2c7/0x780
[ 2083.183832]  ? __raw_spin_lock_init+0x36/0x110
[ 2083.184800]  v9fs_session_init+0x1dd/0x1680
[ 2083.185726]  ? lock_release+0x680/0x680
[ 2083.186575]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2083.187591]  ? v9fs_show_options+0x690/0x690
[ 2083.188532]  ? trace_hardirqs_on+0x5b/0x180
[ 2083.189444]  ? kasan_unpoison_shadow+0x33/0x50
[ 2083.190403]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2083.191472]  v9fs_mount+0x79/0x8f0
[ 2083.192217]  ? v9fs_write_inode+0x60/0x60
[ 2083.193093]  legacy_get_tree+0x105/0x220
[ 2083.193944]  vfs_get_tree+0x8e/0x300
[ 2083.194726]  path_mount+0x1490/0x21e0
[ 2083.195540]  ? strncpy_from_user+0x9e/0x470
[ 2083.196447]  ? finish_automount+0xa90/0xa90
[ 2083.197373]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2083.198355]  ? _copy_from_user+0xfb/0x1b0
[ 2083.199237]  __x64_sys_mount+0x282/0x300
[ 2083.200090]  ? copy_mnt_ns+0xa00/0xa00
[ 2083.200914]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2083.202036]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2083.203127]  do_syscall_64+0x33/0x40
[ 2083.203910]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2083.205006] RIP: 0033:0x7f70af30cb19
[ 2083.205799] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2083.209715] RSP: 002b:00007f70ac882188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2083.211316] RAX: ffffffffffffffda RBX: 00007f70af41ff60 RCX: 00007f70af30cb19
[ 2083.212822] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2083.214346] RBP: 00007f70ac8821d0 R08: 0000000020000280 R09: 0000000000000000
[ 2083.215851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2083.217360] R13: 00007ffc0122b36f R14: 00007f70ac882300 R15: 0000000000022000
13:55:36 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 29)

[ 2083.258125] FAULT_INJECTION: forcing a failure.
[ 2083.258125] name failslab, interval 1, probability 0, space 0, times 0
[ 2083.260799] CPU: 1 PID: 9810 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2083.262270] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2083.264039] Call Trace:
[ 2083.264604]  dump_stack+0x107/0x167
[ 2083.265390]  should_fail.cold+0x5/0xa
[ 2083.266204]  ? create_object.isra.0+0x3a/0xa30
[ 2083.267178]  should_failslab+0x5/0x20
[ 2083.267982]  kmem_cache_alloc+0x5b/0x310
[ 2083.268852]  create_object.isra.0+0x3a/0xa30
[ 2083.269784]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2083.270863]  __kmalloc_track_caller+0x177/0x370
[ 2083.271858]  ? match_number+0xaf/0x1d0
[ 2083.272682]  kmemdup_nul+0x2d/0xa0
[ 2083.273435]  match_number+0xaf/0x1d0
[ 2083.274232]  ? match_u64+0x190/0x190
[ 2083.275016]  ? __kmalloc_track_caller+0x2c6/0x370
[ 2083.276035]  ? memcpy+0x39/0x60
[ 2083.276743]  parse_opts.part.0+0x1f3/0x340
[ 2083.277641]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2083.278593]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2083.279699]  ? trace_hardirqs_on+0x5b/0x180
[ 2083.280609]  ? kfree+0xd7/0x340
[ 2083.281316]  p9_fd_create+0x98/0x4a0
[ 2083.282098]  ? p9_conn_create+0x510/0x510
[ 2083.282975]  ? p9_client_create+0x798/0x1230
[ 2083.283904]  ? kfree+0xd7/0x340
[ 2083.284600]  ? do_raw_spin_unlock+0x4f/0x220
[ 2083.285550]  p9_client_create+0x7ff/0x1230
[ 2083.286452]  ? p9_client_flush+0x430/0x430
[ 2083.287340]  ? trace_hardirqs_on+0x5b/0x180
[ 2083.288249]  ? lockdep_init_map_type+0x2c7/0x780
[ 2083.289259]  ? __raw_spin_lock_init+0x36/0x110
[ 2083.290231]  v9fs_session_init+0x1dd/0x1680
[ 2083.291138]  ? lock_release+0x680/0x680
[ 2083.291988]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2083.293041]  ? v9fs_show_options+0x690/0x690
[ 2083.293982]  ? trace_hardirqs_on+0x5b/0x180
[ 2083.294896]  ? kasan_unpoison_shadow+0x33/0x50
[ 2083.295850]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2083.296917]  v9fs_mount+0x79/0x8f0
[ 2083.297672]  ? v9fs_write_inode+0x60/0x60
[ 2083.298548]  legacy_get_tree+0x105/0x220
[ 2083.299410]  vfs_get_tree+0x8e/0x300
[ 2083.300191]  path_mount+0x1490/0x21e0
[ 2083.301010]  ? strncpy_from_user+0x9e/0x470
[ 2083.301920]  ? finish_automount+0xa90/0xa90
[ 2083.302827]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2083.303817]  ? _copy_from_user+0xfb/0x1b0
[ 2083.304702]  __x64_sys_mount+0x282/0x300
[ 2083.305566]  ? copy_mnt_ns+0xa00/0xa00
[ 2083.306389]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2083.307502]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2083.308603]  do_syscall_64+0x33/0x40
[ 2083.309405]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2083.310483] RIP: 0033:0x7f32cefd1b19
[ 2083.311268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2083.315148] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2083.316745] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2083.318256] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2083.319747] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2083.321252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2083.322749] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
13:55:36 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x0, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:55:36 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x0, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:55:36 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x0, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:55:36 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 28)

13:55:36 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', 0x0})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2083.530247] FAULT_INJECTION: forcing a failure.
[ 2083.530247] name failslab, interval 1, probability 0, space 0, times 0
[ 2083.532819] CPU: 0 PID: 9821 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2083.534292] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2083.536043] Call Trace:
[ 2083.536620]  dump_stack+0x107/0x167
[ 2083.537420]  should_fail.cold+0x5/0xa
[ 2083.538254]  should_failslab+0x5/0x20
[ 2083.539082]  __kmalloc_track_caller+0x79/0x370
[ 2083.540065]  ? match_number+0xaf/0x1d0
[ 2083.540911]  kmemdup_nul+0x2d/0xa0
[ 2083.541690]  match_number+0xaf/0x1d0
[ 2083.542492]  ? match_u64+0x190/0x190
[ 2083.543298]  ? __kmalloc_track_caller+0x2c6/0x370
[ 2083.544335]  ? memcpy+0x39/0x60
[ 2083.545056]  parse_opts.part.0+0x1f3/0x340
[ 2083.545973]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2083.546931]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2083.548040]  ? trace_hardirqs_on+0x5b/0x180
[ 2083.548956]  ? kfree+0xd7/0x340
[ 2083.549667]  p9_fd_create+0x98/0x4a0
[ 2083.550456]  ? p9_conn_create+0x510/0x510
[ 2083.551332]  ? p9_client_create+0x798/0x1230
[ 2083.552258]  ? kfree+0xd7/0x340
[ 2083.552945]  ? do_raw_spin_unlock+0x4f/0x220
[ 2083.553888]  p9_client_create+0x7ff/0x1230
[ 2083.554790]  ? p9_client_flush+0x430/0x430
[ 2083.555684]  ? trace_hardirqs_on+0x5b/0x180
[ 2083.556599]  ? lockdep_init_map_type+0x2c7/0x780
[ 2083.557613]  ? __raw_spin_lock_init+0x36/0x110
[ 2083.558587]  v9fs_session_init+0x1dd/0x1680
[ 2083.559512]  ? lock_release+0x680/0x680
[ 2083.560363]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2083.561392]  ? v9fs_show_options+0x690/0x690
[ 2083.562337]  ? trace_hardirqs_on+0x5b/0x180
[ 2083.563249]  ? kasan_unpoison_shadow+0x33/0x50
[ 2083.564214]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2083.565294]  v9fs_mount+0x79/0x8f0
[ 2083.566050]  ? v9fs_write_inode+0x60/0x60
[ 2083.566924]  legacy_get_tree+0x105/0x220
[ 2083.567778]  vfs_get_tree+0x8e/0x300
[ 2083.568567]  path_mount+0x1490/0x21e0
[ 2083.569383]  ? strncpy_from_user+0x9e/0x470
[ 2083.570291]  ? finish_automount+0xa90/0xa90
[ 2083.571203]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2083.572183]  ? _copy_from_user+0xfb/0x1b0
[ 2083.573066]  __x64_sys_mount+0x282/0x300
[ 2083.573920]  ? copy_mnt_ns+0xa00/0xa00
[ 2083.574740]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2083.575843]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2083.576934]  do_syscall_64+0x33/0x40
[ 2083.577722]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2083.578801] RIP: 0033:0x7f3f98f8db19
[ 2083.579586] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2083.583502] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2083.585117] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2083.586620] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2083.588115] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2083.589628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2083.591139] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
[ 2083.609469] 9pnet: Insufficient options for proto=fd
13:55:36 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 26)

13:55:36 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 29)

[ 2083.660018] FAULT_INJECTION: forcing a failure.
[ 2083.660018] name failslab, interval 1, probability 0, space 0, times 0
[ 2083.662467] CPU: 0 PID: 9823 Comm: syz-executor.5 Not tainted 5.10.245 #1
[ 2083.663908] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2083.665664] Call Trace:
[ 2083.666228]  dump_stack+0x107/0x167
[ 2083.667001]  should_fail.cold+0x5/0xa
[ 2083.667807]  should_failslab+0x5/0x20
[ 2083.668615]  __kmalloc_track_caller+0x79/0x370
[ 2083.669590]  ? parse_opts.part.0+0x8e/0x340
[ 2083.670504]  kstrdup+0x36/0x70
[ 2083.671181]  parse_opts.part.0+0x8e/0x340
[ 2083.672058]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2083.673021]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2083.674126]  ? quarantine_put+0x8b/0x1a0
[ 2083.674981]  ? trace_hardirqs_on+0x5b/0x180
[ 2083.675893]  ? kfree+0xd7/0x340
[ 2083.676594]  p9_fd_create+0x98/0x4a0
[ 2083.677390]  ? p9_conn_create+0x510/0x510
[ 2083.678259]  ? p9_client_create+0x798/0x1230
[ 2083.679179]  ? kfree+0xd7/0x340
[ 2083.679868]  ? do_raw_spin_unlock+0x4f/0x220
[ 2083.680801]  p9_client_create+0x7ff/0x1230
[ 2083.681697]  ? p9_client_flush+0x430/0x430
[ 2083.682590]  ? trace_hardirqs_on+0x5b/0x180
[ 2083.683500]  ? lockdep_init_map_type+0x2c7/0x780
[ 2083.684497]  ? __raw_spin_lock_init+0x36/0x110
[ 2083.685474]  v9fs_session_init+0x1dd/0x1680
[ 2083.686387]  ? lock_release+0x680/0x680
[ 2083.687227]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2083.688236]  ? v9fs_show_options+0x690/0x690
[ 2083.689184]  ? trace_hardirqs_on+0x5b/0x180
[ 2083.690099]  ? kasan_unpoison_shadow+0x33/0x50
[ 2083.691068]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2083.692142]  v9fs_mount+0x79/0x8f0
[ 2083.692894]  ? v9fs_write_inode+0x60/0x60
[ 2083.693781]  legacy_get_tree+0x105/0x220
[ 2083.694638]  vfs_get_tree+0x8e/0x300
[ 2083.695426]  path_mount+0x1490/0x21e0
[ 2083.696238]  ? strncpy_from_user+0x9e/0x470
[ 2083.697164]  ? finish_automount+0xa90/0xa90
[ 2083.698073]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2083.699055]  ? _copy_from_user+0xfb/0x1b0
[ 2083.699938]  __x64_sys_mount+0x282/0x300
[ 2083.700798]  ? copy_mnt_ns+0xa00/0xa00
[ 2083.701640]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2083.702748]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2083.703840]  do_syscall_64+0x33/0x40
[ 2083.704633]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2083.705730] RIP: 0033:0x7f414f134b19
[ 2083.706511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2083.710416] RSP: 002b:00007f414c6aa188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2083.712026] RAX: ffffffffffffffda RBX: 00007f414f247f60 RCX: 00007f414f134b19
[ 2083.713556] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2083.715062] RBP: 00007f414c6aa1d0 R08: 0000000020000280 R09: 0000000000000000
[ 2083.716571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2083.718080] R13: 00007ffd33b81f5f R14: 00007f414c6aa300 R15: 0000000000022000
[ 2083.721022] 9pnet: Insufficient options for proto=fd
13:55:36 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 24)

13:55:36 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x0, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2083.799415] FAULT_INJECTION: forcing a failure.
[ 2083.799415] name failslab, interval 1, probability 0, space 0, times 0
[ 2083.802211] CPU: 1 PID: 9826 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2083.803812] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2083.805761] Call Trace:
[ 2083.806381]  dump_stack+0x107/0x167
[ 2083.807241]  should_fail.cold+0x5/0xa
[ 2083.808132]  ? create_object.isra.0+0x3a/0xa30
[ 2083.809209]  should_failslab+0x5/0x20
[ 2083.810103]  kmem_cache_alloc+0x5b/0x310
[ 2083.811064]  create_object.isra.0+0x3a/0xa30
[ 2083.812105]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2083.813305]  __kmalloc_track_caller+0x177/0x370
[ 2083.814392]  ? match_number+0xaf/0x1d0
[ 2083.815308]  kmemdup_nul+0x2d/0xa0
[ 2083.816141]  match_number+0xaf/0x1d0
[ 2083.817023]  ? match_u64+0x190/0x190
[ 2083.817892]  ? __kmalloc_track_caller+0x2c6/0x370
[ 2083.819017]  ? memcpy+0x39/0x60
[ 2083.819796]  parse_opts.part.0+0x1f3/0x340
[ 2083.820782]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2083.821836]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2083.823049]  ? trace_hardirqs_on+0x5b/0x180
[ 2083.824048]  ? kfree+0xd7/0x340
[ 2083.824816]  p9_fd_create+0x98/0x4a0
[ 2083.825684]  ? p9_conn_create+0x510/0x510
[ 2083.826651]  ? p9_client_create+0x798/0x1230
[ 2083.827670]  ? kfree+0xd7/0x340
[ 2083.828430]  ? do_raw_spin_unlock+0x4f/0x220
[ 2083.829465]  p9_client_create+0x7ff/0x1230
[ 2083.830461]  ? p9_client_flush+0x430/0x430
[ 2083.831444]  ? trace_hardirqs_on+0x5b/0x180
[ 2083.832449]  ? lockdep_init_map_type+0x2c7/0x780
[ 2083.833562]  ? __raw_spin_lock_init+0x36/0x110
[ 2083.834637]  v9fs_session_init+0x1dd/0x1680
[ 2083.835651]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2083.836769]  ? v9fs_show_options+0x690/0x690
[ 2083.837812]  ? trace_hardirqs_on+0x5b/0x180
[ 2083.838816]  ? kasan_unpoison_shadow+0x33/0x50
[ 2083.839870]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2083.841055]  v9fs_mount+0x79/0x8f0
[ 2083.841886]  ? v9fs_write_inode+0x60/0x60
[ 2083.842843]  legacy_get_tree+0x105/0x220
[ 2083.843784]  vfs_get_tree+0x8e/0x300
[ 2083.844646]  path_mount+0x1490/0x21e0
[ 2083.845536]  ? strncpy_from_user+0x9e/0x470
[ 2083.846526]  ? finish_automount+0xa90/0xa90
[ 2083.847515]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2083.848584]  ? _copy_from_user+0xfb/0x1b0
[ 2083.849560]  __x64_sys_mount+0x282/0x300
[ 2083.850501]  ? copy_mnt_ns+0xa00/0xa00
[ 2083.851404]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2083.852612]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2083.853807]  do_syscall_64+0x33/0x40
[ 2083.854664]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2083.855851] RIP: 0033:0x7f3f98f8db19
[ 2083.856711] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2083.860974] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2083.862735] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2083.864392] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2083.866035] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2083.867663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2083.869309] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
[ 2083.878743] FAULT_INJECTION: forcing a failure.
[ 2083.878743] name failslab, interval 1, probability 0, space 0, times 0
[ 2083.881376] CPU: 1 PID: 9827 Comm: syz-executor.1 Not tainted 5.10.245 #1
[ 2083.882946] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2083.884857] Call Trace:
[ 2083.885467]  dump_stack+0x107/0x167
[ 2083.886287]  should_fail.cold+0x5/0xa
[ 2083.887164]  should_failslab+0x5/0x20
[ 2083.888035]  __kmalloc_track_caller+0x79/0x370
[ 2083.889081]  ? p9_client_create+0x51e/0x1230
[ 2083.890084]  kmemdup_nul+0x2d/0xa0
[ 2083.890899]  p9_client_create+0x51e/0x1230
[ 2083.891878]  ? p9_client_flush+0x430/0x430
[ 2083.892848]  ? trace_hardirqs_on+0x5b/0x180
[ 2083.893845]  ? lockdep_init_map_type+0x2c7/0x780
[ 2083.894926]  ? __raw_spin_lock_init+0x36/0x110
[ 2083.895971]  v9fs_session_init+0x1dd/0x1680
[ 2083.896954]  ? lock_release+0x680/0x680
[ 2083.897884]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2083.898986]  ? v9fs_show_options+0x690/0x690
[ 2083.899995]  ? trace_hardirqs_on+0x5b/0x180
[ 2083.900973]  ? kasan_unpoison_shadow+0x33/0x50
[ 2083.902033]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2083.903185]  v9fs_mount+0x79/0x8f0
[ 2083.903996]  ? v9fs_write_inode+0x60/0x60
[ 2083.904944]  legacy_get_tree+0x105/0x220
[ 2083.905866]  vfs_get_tree+0x8e/0x300
[ 2083.906714]  path_mount+0x1490/0x21e0
[ 2083.907584]  ? strncpy_from_user+0x9e/0x470
[ 2083.908554]  ? finish_automount+0xa90/0xa90
13:55:36 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x0, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2083.909533]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2083.910802]  ? _copy_from_user+0xfb/0x1b0
[ 2083.911745]  __x64_sys_mount+0x282/0x300
[ 2083.912646]  ? copy_mnt_ns+0xa00/0xa00
[ 2083.913533]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2083.914705]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2083.915861]  do_syscall_64+0x33/0x40
[ 2083.916697]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2083.917853] RIP: 0033:0x7f70af30cb19
[ 2083.918692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2083.922856] RSP: 002b:00007f70ac882188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2083.924580] RAX: ffffffffffffffda RBX: 00007f70af41ff60 RCX: 00007f70af30cb19
[ 2083.926183] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2083.927782] RBP: 00007f70ac8821d0 R08: 0000000020000280 R09: 0000000000000000
[ 2083.929391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2083.930985] R13: 00007ffc0122b36f R14: 00007f70ac882300 R15: 0000000000022000
13:55:51 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 27)

13:55:51 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 30)

[ 2098.436586] FAULT_INJECTION: forcing a failure.
[ 2098.436586] name failslab, interval 1, probability 0, space 0, times 0
[ 2098.438147] CPU: 0 PID: 9840 Comm: syz-executor.5 Not tainted 5.10.245 #1
[ 2098.439064] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2098.440181] Call Trace:
[ 2098.440549]  dump_stack+0x107/0x167
[ 2098.441045]  should_fail.cold+0x5/0xa
[ 2098.441572]  ? create_object.isra.0+0x3a/0xa30
[ 2098.442183]  should_failslab+0x5/0x20
[ 2098.442692]  kmem_cache_alloc+0x5b/0x310
[ 2098.443235]  ? legacy_get_tree+0x105/0x220
[ 2098.443804]  ? vfs_get_tree+0x8e/0x300
[ 2098.444333]  create_object.isra.0+0x3a/0xa30
[ 2098.444927]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2098.445636]  __kmalloc_track_caller+0x177/0x370
[ 2098.446268]  ? parse_opts.part.0+0x8e/0x340
[ 2098.446858]  kstrdup+0x36/0x70
[ 2098.447290]  parse_opts.part.0+0x8e/0x340
[ 2098.447854]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2098.448470]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2098.449185]  ? quarantine_put+0x8b/0x1a0
[ 2098.449737]  ? trace_hardirqs_on+0x5b/0x180
[ 2098.450317]  ? kfree+0xd7/0x340
[ 2098.450771]  p9_fd_create+0x98/0x4a0
[ 2098.451270]  ? p9_conn_create+0x510/0x510
[ 2098.451827]  ? p9_client_create+0x798/0x1230
[ 2098.452432]  ? kfree+0xd7/0x340
[ 2098.452876]  ? do_raw_spin_unlock+0x4f/0x220
[ 2098.453485]  p9_client_create+0x7ff/0x1230
[ 2098.454066]  ? p9_client_flush+0x430/0x430
[ 2098.454639]  ? trace_hardirqs_on+0x5b/0x180
[ 2098.455221]  ? lockdep_init_map_type+0x2c7/0x780
[ 2098.455854]  ? __raw_spin_lock_init+0x36/0x110
[ 2098.456472]  v9fs_session_init+0x1dd/0x1680
[ 2098.457050]  ? lock_release+0x680/0x680
[ 2098.457624]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2098.458273]  ? v9fs_show_options+0x690/0x690
[ 2098.458870]  ? trace_hardirqs_on+0x5b/0x180
[ 2098.459258] FAULT_INJECTION: forcing a failure.
[ 2098.459258] name failslab, interval 1, probability 0, space 0, times 0
[ 2098.459458]  ? kasan_unpoison_shadow+0x33/0x50
[ 2098.462819]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2098.463503]  v9fs_mount+0x79/0x8f0
[ 2098.463980]  ? v9fs_write_inode+0x60/0x60
[ 2098.464532]  legacy_get_tree+0x105/0x220
[ 2098.465089]  vfs_get_tree+0x8e/0x300
[ 2098.465604]  path_mount+0x1490/0x21e0
[ 2098.466128]  ? strncpy_from_user+0x9e/0x470
[ 2098.466714]  ? finish_automount+0xa90/0xa90
[ 2098.467302]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2098.467952]  ? _copy_from_user+0xfb/0x1b0
[ 2098.468515]  __x64_sys_mount+0x282/0x300
[ 2098.469068]  ? copy_mnt_ns+0xa00/0xa00
[ 2098.469603]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2098.470311]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2098.471002]  do_syscall_64+0x33/0x40
[ 2098.471503]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2098.472187] RIP: 0033:0x7f414f134b19
[ 2098.472687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2098.475144] RSP: 002b:00007f414c6aa188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2098.476215] RAX: ffffffffffffffda RBX: 00007f414f247f60 RCX: 00007f414f134b19
[ 2098.477212] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2098.478181] RBP: 00007f414c6aa1d0 R08: 0000000020000280 R09: 0000000000000000
[ 2098.479141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2098.480137] R13: 00007ffd33b81f5f R14: 00007f414c6aa300 R15: 0000000000022000
[ 2098.481145] CPU: 1 PID: 9844 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2098.482876] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2098.484981] Call Trace:
[ 2098.485638]  dump_stack+0x107/0x167
[ 2098.486518]  should_fail.cold+0x5/0xa
[ 2098.487479]  should_failslab+0x5/0x20
[ 2098.488448]  __kmalloc_track_caller+0x79/0x370
[ 2098.489614]  ? match_number+0xaf/0x1d0
[ 2098.490590]  ? kfree+0xd7/0x340
[ 2098.491403]  kmemdup_nul+0x2d/0xa0
[ 2098.492267]  match_number+0xaf/0x1d0
[ 2098.493176]  ? match_u64+0x190/0x190
[ 2098.494124]  ? __kmalloc_track_caller+0x2c6/0x370
[ 2098.495344]  ? memcpy+0x39/0x60
[ 2098.496174]  parse_opts.part.0+0x1f3/0x340
[ 2098.497246]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2098.498399]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2098.499727]  ? trace_hardirqs_on+0x5b/0x180
[ 2098.500920]  ? kfree+0xd7/0x340
[ 2098.501964]  p9_fd_create+0x98/0x4a0
[ 2098.502949]  ? p9_conn_create+0x510/0x510
[ 2098.503984]  ? p9_client_create+0x798/0x1230
[ 2098.505074]  ? kfree+0xd7/0x340
[ 2098.505899]  ? do_raw_spin_unlock+0x4f/0x220
[ 2098.507034]  p9_client_create+0x7ff/0x1230
[ 2098.508114]  ? p9_client_flush+0x430/0x430
[ 2098.509204]  ? trace_hardirqs_on+0x5b/0x180
[ 2098.510314]  ? lockdep_init_map_type+0x2c7/0x780
[ 2098.511532]  ? __raw_spin_lock_init+0x36/0x110
13:55:51 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x0, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:55:51 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 25)

13:55:51 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 30)

13:55:51 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x0, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:55:51 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x0, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:55:51 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
[ 2098.513037]  v9fs_session_init+0x1dd/0x1680
[ 2098.514100]  ? lock_release+0x680/0x680
[ 2098.515066]  ? kmem_cache_alloc_trace+0x151/0x320
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', 0x0})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2098.516217]  ? v9fs_show_options+0x690/0x690
[ 2098.517502]  ? trace_hardirqs_on+0x5b/0x180
[ 2098.518564]  ? kasan_unpoison_shadow+0x33/0x50
[ 2098.519672]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2098.520904]  v9fs_mount+0x79/0x8f0
[ 2098.521784]  ? v9fs_write_inode+0x60/0x60
[ 2098.522783]  legacy_get_tree+0x105/0x220
[ 2098.523774]  vfs_get_tree+0x8e/0x300
[ 2098.524677]  path_mount+0x1490/0x21e0
[ 2098.525615]  ? strncpy_from_user+0x9e/0x470
[ 2098.526660]  ? finish_automount+0xa90/0xa90
[ 2098.527715]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2098.528856]  ? _copy_from_user+0xfb/0x1b0
[ 2098.529886]  __x64_sys_mount+0x282/0x300
[ 2098.530886]  ? copy_mnt_ns+0xa00/0xa00
[ 2098.531844]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2098.533119]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2098.534383]  do_syscall_64+0x33/0x40
[ 2098.535298]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2098.536536] RIP: 0033:0x7f3f98f8db19
[ 2098.537487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2098.541907] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2098.543757] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2098.545469] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2098.547197] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2098.548931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2098.550674] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
[ 2098.553644] 9pnet: Insufficient options for proto=fd
[ 2098.564866] FAULT_INJECTION: forcing a failure.
[ 2098.564866] name failslab, interval 1, probability 0, space 0, times 0
[ 2098.566479] CPU: 0 PID: 9843 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2098.567429] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2098.568585] Call Trace:
[ 2098.568958]  dump_stack+0x107/0x167
[ 2098.569488]  should_fail.cold+0x5/0xa
[ 2098.570027]  should_failslab+0x5/0x20
[ 2098.570560]  __kmalloc_track_caller+0x79/0x370
[ 2098.571190]  ? match_number+0xaf/0x1d0
[ 2098.571374] FAULT_INJECTION: forcing a failure.
[ 2098.571374] name failslab, interval 1, probability 0, space 0, times 0
[ 2098.571727]  ? kfree+0xd7/0x340
[ 2098.571748]  kmemdup_nul+0x2d/0xa0
[ 2098.575347]  match_number+0xaf/0x1d0
[ 2098.575871]  ? match_u64+0x190/0x190
[ 2098.576409]  ? __kmalloc_track_caller+0x2c6/0x370
[ 2098.577085]  ? memcpy+0x39/0x60
[ 2098.577559]  parse_opts.part.0+0x1f3/0x340
[ 2098.578143]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2098.578769]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2098.579509]  ? trace_hardirqs_on+0x5b/0x180
[ 2098.580099]  ? kfree+0xd7/0x340
[ 2098.580559]  p9_fd_create+0x98/0x4a0
[ 2098.581081]  ? p9_conn_create+0x510/0x510
[ 2098.581679]  ? p9_client_create+0x798/0x1230
[ 2098.582288]  ? kfree+0xd7/0x340
[ 2098.582739]  ? do_raw_spin_unlock+0x4f/0x220
[ 2098.583372]  p9_client_create+0x7ff/0x1230
[ 2098.583968]  ? p9_client_flush+0x430/0x430
[ 2098.584558]  ? trace_hardirqs_on+0x5b/0x180
[ 2098.585173]  ? lockdep_init_map_type+0x2c7/0x780
[ 2098.585827]  ? __raw_spin_lock_init+0x36/0x110
[ 2098.586490]  v9fs_session_init+0x1dd/0x1680
[ 2098.587098]  ? lock_release+0x680/0x680
[ 2098.587658]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2098.588331]  ? v9fs_show_options+0x690/0x690
[ 2098.588959]  ? trace_hardirqs_on+0x5b/0x180
[ 2098.589542]  ? kasan_unpoison_shadow+0x33/0x50
[ 2098.590167]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2098.590860]  v9fs_mount+0x79/0x8f0
[ 2098.591346]  ? v9fs_write_inode+0x60/0x60
[ 2098.591909]  legacy_get_tree+0x105/0x220
[ 2098.592473]  vfs_get_tree+0x8e/0x300
[ 2098.592983]  path_mount+0x1490/0x21e0
[ 2098.593528]  ? strncpy_from_user+0x9e/0x470
[ 2098.594131]  ? finish_automount+0xa90/0xa90
[ 2098.594732]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2098.595370]  ? _copy_from_user+0xfb/0x1b0
[ 2098.595950]  __x64_sys_mount+0x282/0x300
[ 2098.596520]  ? copy_mnt_ns+0xa00/0xa00
[ 2098.597057]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2098.597792]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2098.598527]  do_syscall_64+0x33/0x40
[ 2098.599050]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2098.599767] RIP: 0033:0x7f32cefd1b19
[ 2098.600279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2098.602827] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2098.603885] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2098.604866] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2098.605865] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2098.606848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2098.607825] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
[ 2098.608834] CPU: 1 PID: 9845 Comm: syz-executor.1 Not tainted 5.10.245 #1
[ 2098.608879] 9pnet: Insufficient options for proto=fd
[ 2098.610496] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2098.610504] Call Trace:
[ 2098.610528]  dump_stack+0x107/0x167
[ 2098.614692]  should_fail.cold+0x5/0xa
[ 2098.615608]  ? create_object.isra.0+0x3a/0xa30
[ 2098.616705]  should_failslab+0x5/0x20
[ 2098.617636]  kmem_cache_alloc+0x5b/0x310
[ 2098.618628]  create_object.isra.0+0x3a/0xa30
[ 2098.619686]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2098.620912]  __kmalloc_track_caller+0x177/0x370
[ 2098.622048]  ? p9_client_create+0x51e/0x1230
[ 2098.623108]  kmemdup_nul+0x2d/0xa0
[ 2098.623965]  p9_client_create+0x51e/0x1230
[ 2098.624984]  ? p9_client_flush+0x430/0x430
[ 2098.626036]  ? trace_hardirqs_on+0x5b/0x180
[ 2098.627071]  ? lockdep_init_map_type+0x2c7/0x780
[ 2098.628200]  ? __raw_spin_lock_init+0x36/0x110
[ 2098.629313]  v9fs_session_init+0x1dd/0x1680
[ 2098.630350]  ? lock_release+0x680/0x680
[ 2098.631307]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 2098.632599]  ? trace_hardirqs_on+0x5b/0x180
[ 2098.633647]  ? v9fs_show_options+0x690/0x690
[ 2098.634726]  ? _raw_spin_unlock_irqrestore+0x25/0x40
[ 2098.635945]  ? kasan_unpoison_shadow+0x33/0x50
[ 2098.637054]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2098.638297]  v9fs_mount+0x79/0x8f0
[ 2098.639154]  ? v9fs_write_inode+0x60/0x60
[ 2098.640127]  legacy_get_tree+0x105/0x220
[ 2098.641098]  vfs_get_tree+0x8e/0x300
[ 2098.642008]  path_mount+0x1490/0x21e0
[ 2098.642920]  ? strncpy_from_user+0x9e/0x470
[ 2098.643947]  ? finish_automount+0xa90/0xa90
[ 2098.644982]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2098.646104]  ? _copy_from_user+0xfb/0x1b0
[ 2098.647110]  __x64_sys_mount+0x282/0x300
[ 2098.648077]  ? copy_mnt_ns+0xa00/0xa00
[ 2098.649016]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2098.650286]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2098.651509]  do_syscall_64+0x33/0x40
[ 2098.652404]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2098.653656] RIP: 0033:0x7f70af30cb19
[ 2098.654551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2098.658947] RSP: 002b:00007f70ac882188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2098.660774] RAX: ffffffffffffffda RBX: 00007f70af41ff60 RCX: 00007f70af30cb19
[ 2098.662497] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2098.664199] RBP: 00007f70ac8821d0 R08: 0000000020000280 R09: 0000000000000000
[ 2098.665937] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2098.667634] R13: 00007ffc0122b36f R14: 00007f70ac882300 R15: 0000000000022000
13:55:51 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x0, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:55:51 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 31)

13:55:51 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x0, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:55:51 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 28)

13:55:51 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 31)

[ 2098.794718] FAULT_INJECTION: forcing a failure.
[ 2098.794718] name failslab, interval 1, probability 0, space 0, times 0
[ 2098.797395] CPU: 1 PID: 9859 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2098.798940] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2098.800823] Call Trace:
[ 2098.801442]  dump_stack+0x107/0x167
[ 2098.802284]  should_fail.cold+0x5/0xa
[ 2098.803150]  ? create_object.isra.0+0x3a/0xa30
[ 2098.804184]  should_failslab+0x5/0x20
[ 2098.805058]  kmem_cache_alloc+0x5b/0x310
[ 2098.806001]  create_object.isra.0+0x3a/0xa30
[ 2098.806997]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2098.808209]  __kmalloc_track_caller+0x177/0x370
[ 2098.809364]  ? match_number+0xaf/0x1d0
[ 2098.810255]  kmemdup_nul+0x2d/0xa0
[ 2098.811066]  match_number+0xaf/0x1d0
[ 2098.811917]  ? match_u64+0x190/0x190
[ 2098.812763]  ? __kmalloc_track_caller+0x2c6/0x370
[ 2098.813871]  ? memcpy+0x39/0x60
[ 2098.814625]  parse_opts.part.0+0x1f3/0x340
[ 2098.815362] FAULT_INJECTION: forcing a failure.
[ 2098.815362] name failslab, interval 1, probability 0, space 0, times 0
[ 2098.815585]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2098.818019]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2098.819193]  ? trace_hardirqs_on+0x5b/0x180
[ 2098.820363]  ? kfree+0xd7/0x340
[ 2098.821104]  p9_fd_create+0x98/0x4a0
[ 2098.822133]  ? p9_conn_create+0x510/0x510
[ 2098.823251]  ? p9_client_create+0x798/0x1230
[ 2098.824291]  ? kfree+0xd7/0x340
[ 2098.825190]  ? do_raw_spin_unlock+0x4f/0x220
[ 2098.826189]  p9_client_create+0x7ff/0x1230
[ 2098.827134]  ? p9_client_flush+0x430/0x430
[ 2098.828066]  ? trace_hardirqs_on+0x5b/0x180
[ 2098.829042]  ? lockdep_init_map_type+0x2c7/0x780
[ 2098.830118]  ? __raw_spin_lock_init+0x36/0x110
[ 2098.831195]  v9fs_session_init+0x1dd/0x1680
[ 2098.832176]  ? lock_release+0x680/0x680
[ 2098.833087]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2098.834398]  ? v9fs_show_options+0x690/0x690
[ 2098.835391]  ? trace_hardirqs_on+0x5b/0x180
[ 2098.836359]  ? kasan_unpoison_shadow+0x33/0x50
[ 2098.837415]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2098.838787]  v9fs_mount+0x79/0x8f0
[ 2098.839586]  ? v9fs_write_inode+0x60/0x60
[ 2098.840560]  legacy_get_tree+0x105/0x220
[ 2098.841509]  vfs_get_tree+0x8e/0x300
[ 2098.842370]  path_mount+0x1490/0x21e0
[ 2098.843266]  ? strncpy_from_user+0x9e/0x470
[ 2098.844265]  ? finish_automount+0xa90/0xa90
[ 2098.845430]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2098.846465]  ? _copy_from_user+0xfb/0x1b0
[ 2098.847587]  __x64_sys_mount+0x282/0x300
[ 2098.848517]  ? copy_mnt_ns+0xa00/0xa00
[ 2098.849561]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2098.850705]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2098.852087]  do_syscall_64+0x33/0x40
[ 2098.852971]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2098.854351] RIP: 0033:0x7f32cefd1b19
[ 2098.855160] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2098.860099] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2098.861767] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2098.863333] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2098.864921] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2098.866525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2098.868154] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
[ 2098.869777] CPU: 0 PID: 9864 Comm: syz-executor.5 Not tainted 5.10.245 #1
[ 2098.870597] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2098.871580] Call Trace:
[ 2098.871895]  dump_stack+0x107/0x167
[ 2098.872327]  should_fail.cold+0x5/0xa
[ 2098.872780]  should_failslab+0x5/0x20
[ 2098.873259]  __kmalloc_track_caller+0x79/0x370
[ 2098.873799]  ? match_number+0xaf/0x1d0
[ 2098.874262]  kmemdup_nul+0x2d/0xa0
[ 2098.874685]  match_number+0xaf/0x1d0
[ 2098.875127]  ? match_u64+0x190/0x190
[ 2098.875569]  ? __kmalloc_track_caller+0x2c6/0x370
[ 2098.876140]  ? memcpy+0x39/0x60
[ 2098.876534]  parse_opts.part.0+0x1f3/0x340
[ 2098.877036]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2098.877579]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2098.878199]  ? trace_hardirqs_on+0x5b/0x180
[ 2098.878711]  ? kfree+0xd7/0x340
[ 2098.879112]  p9_fd_create+0x98/0x4a0
[ 2098.879553]  ? p9_conn_create+0x510/0x510
[ 2098.880045]  ? p9_client_create+0x798/0x1230
[ 2098.880565]  ? kfree+0xd7/0x340
[ 2098.880956]  ? do_raw_spin_unlock+0x4f/0x220
[ 2098.881490]  p9_client_create+0x7ff/0x1230
[ 2098.881997]  ? p9_client_flush+0x430/0x430
[ 2098.882501]  ? trace_hardirqs_on+0x5b/0x180
[ 2098.883014]  ? lockdep_init_map_type+0x2c7/0x780
[ 2098.883578]  ? __raw_spin_lock_init+0x36/0x110
[ 2098.884125]  v9fs_session_init+0x1dd/0x1680
[ 2098.884639]  ? lock_release+0x680/0x680
[ 2098.885113]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2098.885688]  ? v9fs_show_options+0x690/0x690
[ 2098.886211]  ? trace_hardirqs_on+0x5b/0x180
[ 2098.886730]  ? kasan_unpoison_shadow+0x33/0x50
[ 2098.887274]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2098.887871]  v9fs_mount+0x79/0x8f0
[ 2098.888289]  ? v9fs_write_inode+0x60/0x60
[ 2098.888776]  legacy_get_tree+0x105/0x220
[ 2098.889262]  vfs_get_tree+0x8e/0x300
[ 2098.889700]  path_mount+0x1490/0x21e0
[ 2098.890151]  ? strncpy_from_user+0x9e/0x470
[ 2098.890672]  ? finish_automount+0xa90/0xa90
[ 2098.891180]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2098.891726]  ? _copy_from_user+0xfb/0x1b0
[ 2098.892217]  __x64_sys_mount+0x282/0x300
[ 2098.892694]  ? copy_mnt_ns+0xa00/0xa00
[ 2098.893165]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2098.893787]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2098.894397]  do_syscall_64+0x33/0x40
[ 2098.894836]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2098.895438] RIP: 0033:0x7f414f134b19
[ 2098.895877] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2098.898176] RSP: 002b:00007f414c6aa188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2098.899071] RAX: ffffffffffffffda RBX: 00007f414f247f60 RCX: 00007f414f134b19
[ 2098.899912] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2098.900749] RBP: 00007f414c6aa1d0 R08: 0000000020000280 R09: 0000000000000000
[ 2098.901601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2098.902437] R13: 00007ffd33b81f5f R14: 00007f414c6aa300 R15: 0000000000022000
13:55:51 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x0, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:55:51 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x0, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:55:51 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x0, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:55:51 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x0, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2098.998543] 9pnet: Insufficient options for proto=fd
[ 2099.014927] FAULT_INJECTION: forcing a failure.
[ 2099.014927] name failslab, interval 1, probability 0, space 0, times 0
[ 2099.017590] CPU: 1 PID: 9872 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2099.019236] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2099.021231] Call Trace:
[ 2099.021867]  dump_stack+0x107/0x167
[ 2099.022743]  should_fail.cold+0x5/0xa
[ 2099.023650]  ? create_object.isra.0+0x3a/0xa30
[ 2099.024742]  should_failslab+0x5/0x20
[ 2099.025662]  kmem_cache_alloc+0x5b/0x310
[ 2099.026632]  create_object.isra.0+0x3a/0xa30
[ 2099.027659]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2099.028857]  __kmalloc_track_caller+0x177/0x370
[ 2099.029966]  ? match_number+0xaf/0x1d0
[ 2099.030893]  kmemdup_nul+0x2d/0xa0
[ 2099.031732]  match_number+0xaf/0x1d0
[ 2099.032760]  ? match_u64+0x190/0x190
[ 2099.033710]  ? __kmalloc_track_caller+0x2c6/0x370
[ 2099.034838]  ? memcpy+0x39/0x60
[ 2099.035892]  parse_opts.part.0+0x1f3/0x340
[ 2099.036943]  ? p9_fd_show_options+0x1c0/0x1c0
13:55:51 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x0, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2099.038202]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2099.039528]  ? trace_hardirqs_on+0x5b/0x180
[ 2099.040534]  ? kfree+0xd7/0x340
[ 2099.041334]  p9_fd_create+0x98/0x4a0
[ 2099.042228]  ? p9_conn_create+0x510/0x510
[ 2099.043197]  ? p9_client_create+0x798/0x1230
[ 2099.044237]  ? kfree+0xd7/0x340
[ 2099.045027]  ? do_raw_spin_unlock+0x4f/0x220
[ 2099.046064]  p9_client_create+0x7ff/0x1230
[ 2099.047063]  ? p9_client_flush+0x430/0x430
[ 2099.048063]  ? trace_hardirqs_on+0x5b/0x180
[ 2099.049086]  ? lockdep_init_map_type+0x2c7/0x780
[ 2099.050176]  ? __raw_spin_lock_init+0x36/0x110
[ 2099.051246]  v9fs_session_init+0x1dd/0x1680
[ 2099.052254]  ? lock_release+0x680/0x680
[ 2099.053196]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2099.054316]  ? v9fs_show_options+0x690/0x690
[ 2099.055355]  ? trace_hardirqs_on+0x5b/0x180
[ 2099.056369]  ? kasan_unpoison_shadow+0x33/0x50
[ 2099.057451]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2099.058648]  v9fs_mount+0x79/0x8f0
[ 2099.059483]  ? v9fs_write_inode+0x60/0x60
[ 2099.060449]  legacy_get_tree+0x105/0x220
[ 2099.061407]  vfs_get_tree+0x8e/0x300
[ 2099.062276]  path_mount+0x1490/0x21e0
[ 2099.063170]  ? strncpy_from_user+0x9e/0x470
[ 2099.064177]  ? finish_automount+0xa90/0xa90
[ 2099.065192]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2099.066278]  ? _copy_from_user+0xfb/0x1b0
[ 2099.067257]  __x64_sys_mount+0x282/0x300
[ 2099.068202]  ? copy_mnt_ns+0xa00/0xa00
[ 2099.069114]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2099.070352]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2099.071558]  do_syscall_64+0x33/0x40
[ 2099.072426]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2099.073628] RIP: 0033:0x7f3f98f8db19
[ 2099.074496] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2099.078780] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2099.080544] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2099.082221] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2099.083875] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2099.085536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2099.087191] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
[ 2112.346875] FAULT_INJECTION: forcing a failure.
[ 2112.346875] name failslab, interval 1, probability 0, space 0, times 0
[ 2112.348751] CPU: 1 PID: 9888 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2112.349834] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2112.351145] Call Trace:
[ 2112.351566]  dump_stack+0x107/0x167
[ 2112.352125]  should_fail.cold+0x5/0xa
[ 2112.352739]  ? p9_fd_create+0x161/0x4a0
[ 2112.353368]  should_failslab+0x5/0x20
[ 2112.353947]  kmem_cache_alloc_trace+0x55/0x320
[ 2112.354646]  p9_fd_create+0x161/0x4a0
[ 2112.355240]  ? p9_conn_create+0x510/0x510
[ 2112.355887]  ? p9_client_create+0x798/0x1230
[ 2112.356590]  ? kfree+0xd7/0x340
[ 2112.357122]  ? do_raw_spin_unlock+0x4f/0x220
[ 2112.357784]  p9_client_create+0x7ff/0x1230
[ 2112.358428]  ? p9_client_flush+0x430/0x430
[ 2112.359067]  ? trace_hardirqs_on+0x5b/0x180
[ 2112.359739]  ? lockdep_init_map_type+0x2c7/0x780
[ 2112.360461]  ? __raw_spin_lock_init+0x36/0x110
[ 2112.361151]  v9fs_session_init+0x1dd/0x1680
[ 2112.361848]  ? lock_release+0x680/0x680
[ 2112.362462]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2112.363171]  ? v9fs_show_options+0x690/0x690
[ 2112.363858]  ? trace_hardirqs_on+0x5b/0x180
[ 2112.364495]  ? kasan_unpoison_shadow+0x33/0x50
[ 2112.365183]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2112.365953]  v9fs_mount+0x79/0x8f0
[ 2112.366492]  ? v9fs_write_inode+0x60/0x60
[ 2112.367142]  legacy_get_tree+0x105/0x220
[ 2112.367793]  vfs_get_tree+0x8e/0x300
[ 2112.368364]  path_mount+0x1490/0x21e0
[ 2112.368952]  ? strncpy_from_user+0x9e/0x470
[ 2112.369618]  ? finish_automount+0xa90/0xa90
[ 2112.370302]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2112.371039]  ? _copy_from_user+0xfb/0x1b0
[ 2112.371708]  __x64_sys_mount+0x282/0x300
[ 2112.372307]  ? copy_mnt_ns+0xa00/0xa00
[ 2112.372923]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2112.373725]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2112.374515]  do_syscall_64+0x33/0x40
[ 2112.375094]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2112.375900] RIP: 0033:0x7f3f98f8db19
[ 2112.376492] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2112.377801] FAULT_INJECTION: forcing a failure.
[ 2112.377801] name failslab, interval 1, probability 0, space 0, times 0
[ 2112.379311] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2112.379327] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2112.379334] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2112.379341] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2112.379348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2112.379365] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
[ 2112.388619] CPU: 0 PID: 9890 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2112.390160] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2112.391990] Call Trace:
[ 2112.392577]  dump_stack+0x107/0x167
[ 2112.393401]  should_fail.cold+0x5/0xa
[ 2112.394245]  ? create_object.isra.0+0x3a/0xa30
[ 2112.395271]  should_failslab+0x5/0x20
[ 2112.396147]  kmem_cache_alloc+0x5b/0x310
[ 2112.397380]  create_object.isra.0+0x3a/0xa30
[ 2112.398354]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2112.399501]  __kmalloc_track_caller+0x177/0x370
[ 2112.400560]  ? match_number+0xaf/0x1d0
[ 2112.401457]  kmemdup_nul+0x2d/0xa0
[ 2112.402264]  match_number+0xaf/0x1d0
[ 2112.403108]  ? match_u64+0x190/0x190
[ 2112.403951]  ? __kmalloc_track_caller+0x2c6/0x370
[ 2112.405003]  ? memcpy+0x39/0x60
[ 2112.405754]  parse_opts.part.0+0x1f3/0x340
[ 2112.406666]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2112.407663]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2112.408858]  ? trace_hardirqs_on+0x5b/0x180
[ 2112.409859]  ? kfree+0xd7/0x340
[ 2112.410594]  p9_fd_create+0x98/0x4a0
[ 2112.411402]  ? p9_conn_create+0x510/0x510
[ 2112.412310]  ? p9_client_create+0x798/0x1230
[ 2112.413280]  ? kfree+0xd7/0x340
[ 2112.414013]  ? do_raw_spin_unlock+0x4f/0x220
[ 2112.414979]  p9_client_create+0x7ff/0x1230
[ 2112.415939]  ? p9_client_flush+0x430/0x430
[ 2112.416871]  ? trace_hardirqs_on+0x5b/0x180
[ 2112.417849]  ? lockdep_init_map_type+0x2c7/0x780
[ 2112.418888]  ? __raw_spin_lock_init+0x36/0x110
[ 2112.419903]  v9fs_session_init+0x1dd/0x1680
[ 2112.420835]  ? lock_release+0x680/0x680
[ 2112.421718]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2112.422773]  ? v9fs_show_options+0x690/0x690
[ 2112.423742]  ? trace_hardirqs_on+0x5b/0x180
[ 2112.424692]  ? kasan_unpoison_shadow+0x33/0x50
[ 2112.425693]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2112.426834]  v9fs_mount+0x79/0x8f0
[ 2112.427605]  ? v9fs_write_inode+0x60/0x60
[ 2112.428493]  legacy_get_tree+0x105/0x220
[ 2112.429389]  vfs_get_tree+0x8e/0x300
[ 2112.430195]  path_mount+0x1490/0x21e0
[ 2112.431038]  ? strncpy_from_user+0x9e/0x470
[ 2112.431969]  ? finish_automount+0xa90/0xa90
[ 2112.432909]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2112.433939]  ? _copy_from_user+0xfb/0x1b0
[ 2112.434877]  __x64_sys_mount+0x282/0x300
[ 2112.435769]  ? copy_mnt_ns+0xa00/0xa00
[ 2112.436632]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2112.437799]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2112.438920]  do_syscall_64+0x33/0x40
[ 2112.439742]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2112.440847] RIP: 0033:0x7f32cefd1b19
[ 2112.441667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2112.445695] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2112.447338] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2112.448893] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2112.450471] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2112.452062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2112.453667] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
13:56:05 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 29)

13:56:05 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 32)

13:56:05 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 32)

13:56:05 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 26)

13:56:05 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x0, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:56:05 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x0, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:56:05 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x0, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:56:05 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x0, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2112.466232] FAULT_INJECTION: forcing a failure.
[ 2112.466232] name failslab, interval 1, probability 0, space 0, times 0
[ 2112.467935] CPU: 1 PID: 9889 Comm: syz-executor.1 Not tainted 5.10.245 #1
[ 2112.468923] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2112.470158] Call Trace:
[ 2112.470556]  dump_stack+0x107/0x167
[ 2112.471100]  should_fail.cold+0x5/0xa
[ 2112.471247] FAULT_INJECTION: forcing a failure.
[ 2112.471247] name failslab, interval 1, probability 0, space 0, times 0
[ 2112.471665]  ? create_object.isra.0+0x3a/0xa30
[ 2112.471678]  should_failslab+0x5/0x20
[ 2112.471701]  kmem_cache_alloc+0x5b/0x310
[ 2112.475716]  create_object.isra.0+0x3a/0xa30
[ 2112.476342]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2112.477073]  __kmalloc_track_caller+0x177/0x370
[ 2112.477751]  ? p9_client_create+0x51e/0x1230
[ 2112.478386]  kmemdup_nul+0x2d/0xa0
[ 2112.478897]  p9_client_create+0x51e/0x1230
[ 2112.479506]  ? p9_client_flush+0x430/0x430
[ 2112.480111]  ? trace_hardirqs_on+0x5b/0x180
[ 2112.480734]  ? lockdep_init_map_type+0x2c7/0x780
[ 2112.481440]  ? __raw_spin_lock_init+0x36/0x110
[ 2112.482100]  v9fs_session_init+0x1dd/0x1680
[ 2112.482723]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2112.483410]  ? v9fs_show_options+0x690/0x690
[ 2112.484041]  ? trace_hardirqs_on+0x5b/0x180
[ 2112.484656]  ? kasan_unpoison_shadow+0x33/0x50
[ 2112.485316]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2112.486036]  v9fs_mount+0x79/0x8f0
[ 2112.486552]  ? v9fs_write_inode+0x60/0x60
[ 2112.487141]  legacy_get_tree+0x105/0x220
[ 2112.487720]  vfs_get_tree+0x8e/0x300
[ 2112.488251]  path_mount+0x1490/0x21e0
[ 2112.488796]  ? strncpy_from_user+0x9e/0x470
[ 2112.489420]  ? finish_automount+0xa90/0xa90
[ 2112.490038]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2112.490703]  ? _copy_from_user+0xfb/0x1b0
[ 2112.491296]  __x64_sys_mount+0x282/0x300
[ 2112.491868]  ? copy_mnt_ns+0xa00/0xa00
[ 2112.492423]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2112.493165]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2112.493915]  do_syscall_64+0x33/0x40
[ 2112.494448]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2112.495173] RIP: 0033:0x7f70af30cb19
[ 2112.495705] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2112.498312] RSP: 002b:00007f70ac882188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2112.499386] RAX: ffffffffffffffda RBX: 00007f70af41ff60 RCX: 00007f70af30cb19
[ 2112.500395] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2112.501409] RBP: 00007f70ac8821d0 R08: 0000000020000280 R09: 0000000000000000
[ 2112.502416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2112.503421] R13: 00007ffc0122b36f R14: 00007f70ac882300 R15: 0000000000022000
[ 2112.504465] CPU: 0 PID: 9899 Comm: syz-executor.5 Not tainted 5.10.245 #1
[ 2112.505899] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2112.507608] Call Trace:
[ 2112.508159]  dump_stack+0x107/0x167
[ 2112.508923]  should_fail.cold+0x5/0xa
[ 2112.509728]  ? create_object.isra.0+0x3a/0xa30
[ 2112.510667]  should_failslab+0x5/0x20
[ 2112.511455]  kmem_cache_alloc+0x5b/0x310
[ 2112.512310]  create_object.isra.0+0x3a/0xa30
[ 2112.513215]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2112.514273]  __kmalloc_track_caller+0x177/0x370
[ 2112.515229]  ? match_number+0xaf/0x1d0
[ 2112.516037]  kmemdup_nul+0x2d/0xa0
[ 2112.516771]  match_number+0xaf/0x1d0
[ 2112.517557]  ? match_u64+0x190/0x190
[ 2112.518330]  ? __kmalloc_track_caller+0x2c6/0x370
[ 2112.519325]  ? memcpy+0x39/0x60
[ 2112.520008]  parse_opts.part.0+0x1f3/0x340
[ 2112.520879]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2112.521821]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2112.522904]  ? trace_hardirqs_on+0x5b/0x180
[ 2112.523798]  ? kfree+0xd7/0x340
[ 2112.524495]  p9_fd_create+0x98/0x4a0
[ 2112.525279]  ? p9_conn_create+0x510/0x510
[ 2112.526139]  ? p9_client_create+0x798/0x1230
[ 2112.527035]  ? kfree+0xd7/0x340
[ 2112.527717]  ? do_raw_spin_unlock+0x4f/0x220
[ 2112.528629]  p9_client_create+0x7ff/0x1230
[ 2112.529535]  ? p9_client_flush+0x430/0x430
[ 2112.530409]  ? trace_hardirqs_on+0x5b/0x180
[ 2112.531297]  ? lockdep_init_map_type+0x2c7/0x780
[ 2112.532270]  ? __raw_spin_lock_init+0x36/0x110
[ 2112.533211]  v9fs_session_init+0x1dd/0x1680
[ 2112.534113]  ? lock_release+0x680/0x680
[ 2112.534945]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2112.535954]  ? v9fs_show_options+0x690/0x690
[ 2112.536875]  ? trace_hardirqs_on+0x5b/0x180
[ 2112.537771]  ? kasan_unpoison_shadow+0x33/0x50
[ 2112.538705]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2112.539762]  v9fs_mount+0x79/0x8f0
[ 2112.540499]  ? v9fs_write_inode+0x60/0x60
[ 2112.541360]  legacy_get_tree+0x105/0x220
[ 2112.542203]  vfs_get_tree+0x8e/0x300
[ 2112.542964]  path_mount+0x1490/0x21e0
[ 2112.543754]  ? strncpy_from_user+0x9e/0x470
[ 2112.544641]  ? finish_automount+0xa90/0xa90
[ 2112.545532]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2112.546490]  ? _copy_from_user+0xfb/0x1b0
[ 2112.547346]  __x64_sys_mount+0x282/0x300
[ 2112.548178]  ? copy_mnt_ns+0xa00/0xa00
[ 2112.548985]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2112.550070]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2112.551126]  do_syscall_64+0x33/0x40
[ 2112.551895]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2112.552942] RIP: 0033:0x7f414f134b19
[ 2112.553886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2112.557772] RSP: 002b:00007f414c6aa188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2112.559328] RAX: ffffffffffffffda RBX: 00007f414f247f60 RCX: 00007f414f134b19
[ 2112.560789] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2112.562264] RBP: 00007f414c6aa1d0 R08: 0000000020000280 R09: 0000000000000000
[ 2112.563732] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2112.565203] R13: 00007ffd33b81f5f R14: 00007f414c6aa300 R15: 0000000000022000
13:56:05 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 33)

[ 2112.597355] FAULT_INJECTION: forcing a failure.
[ 2112.597355] name failslab, interval 1, probability 0, space 0, times 0
[ 2112.599787] CPU: 0 PID: 9903 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2112.601210] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2112.602932] Call Trace:
[ 2112.603504]  dump_stack+0x107/0x167
[ 2112.604273]  should_fail.cold+0x5/0xa
[ 2112.605063]  ? create_object.isra.0+0x3a/0xa30
[ 2112.606026]  should_failslab+0x5/0x20
[ 2112.606815]  kmem_cache_alloc+0x5b/0x310
[ 2112.607661]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2112.608592]  create_object.isra.0+0x3a/0xa30
[ 2112.609518]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2112.610586]  kmem_cache_alloc_trace+0x151/0x320
[ 2112.611555]  p9_fd_create+0x161/0x4a0
[ 2112.612340]  ? p9_conn_create+0x510/0x510
[ 2112.613199]  ? p9_client_create+0x798/0x1230
[ 2112.614110]  ? kfree+0xd7/0x340
[ 2112.614793]  ? do_raw_spin_unlock+0x4f/0x220
[ 2112.615704]  p9_client_create+0x7ff/0x1230
[ 2112.616586]  ? p9_client_flush+0x430/0x430
[ 2112.617465]  ? trace_hardirqs_on+0x5b/0x180
[ 2112.618361]  ? lockdep_init_map_type+0x2c7/0x780
[ 2112.619335]  ? __raw_spin_lock_init+0x36/0x110
[ 2112.620286]  v9fs_session_init+0x1dd/0x1680
[ 2112.621373]  ? lock_release+0x680/0x680
[ 2112.622205]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2112.623200]  ? v9fs_show_options+0x690/0x690
[ 2112.624122]  ? trace_hardirqs_on+0x5b/0x180
[ 2112.625029]  ? kasan_unpoison_shadow+0x33/0x50
[ 2112.625996]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2112.627041]  v9fs_mount+0x79/0x8f0
[ 2112.627778]  ? v9fs_write_inode+0x60/0x60
[ 2112.628629]  legacy_get_tree+0x105/0x220
[ 2112.629477]  vfs_get_tree+0x8e/0x300
[ 2112.630245]  path_mount+0x1490/0x21e0
[ 2112.631043]  ? strncpy_from_user+0x9e/0x470
[ 2112.631943]  ? finish_automount+0xa90/0xa90
[ 2112.632837]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2112.633807]  ? _copy_from_user+0xfb/0x1b0
[ 2112.634670]  __x64_sys_mount+0x282/0x300
[ 2112.635511]  ? copy_mnt_ns+0xa00/0xa00
[ 2112.636332]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2112.637434]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2112.638504]  do_syscall_64+0x33/0x40
[ 2112.639288]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2112.640347] RIP: 0033:0x7f3f98f8db19
[ 2112.641119] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2112.644900] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2112.646497] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2112.647975] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2112.649474] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2112.650948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2112.652430] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
13:56:05 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x0, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:56:05 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 33)

13:56:05 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x0, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2112.683224] FAULT_INJECTION: forcing a failure.
[ 2112.683224] name failslab, interval 1, probability 0, space 0, times 0
[ 2112.684755] CPU: 1 PID: 9907 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2112.685661] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2112.686729] Call Trace:
[ 2112.687074]  dump_stack+0x107/0x167
[ 2112.687559]  should_fail.cold+0x5/0xa
[ 2112.688055]  ? create_object.isra.0+0x3a/0xa30
[ 2112.688660]  should_failslab+0x5/0x20
[ 2112.689150]  kmem_cache_alloc+0x5b/0x310
[ 2112.689699]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2112.690283]  create_object.isra.0+0x3a/0xa30
[ 2112.690861]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2112.691534]  kmem_cache_alloc_trace+0x151/0x320
[ 2112.692147]  p9_fd_create+0x161/0x4a0
[ 2112.692642]  ? p9_conn_create+0x510/0x510
[ 2112.693184]  ? p9_client_create+0x798/0x1230
[ 2112.693763]  ? kfree+0xd7/0x340
[ 2112.694189]  ? do_raw_spin_unlock+0x4f/0x220
[ 2112.694770]  p9_client_create+0x7ff/0x1230
[ 2112.695341]  ? p9_client_flush+0x430/0x430
[ 2112.695898]  ? trace_hardirqs_on+0x5b/0x180
[ 2112.696467]  ? lockdep_init_map_type+0x2c7/0x780
[ 2112.697088]  ? __raw_spin_lock_init+0x36/0x110
[ 2112.697710]  v9fs_session_init+0x1dd/0x1680
[ 2112.698277]  ? lock_release+0x680/0x680
[ 2112.698805]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2112.699428]  ? v9fs_show_options+0x690/0x690
[ 2112.699994]  ? trace_hardirqs_on+0x5b/0x180
[ 2112.700566]  ? kasan_unpoison_shadow+0x33/0x50
[ 2112.701159]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2112.701822]  v9fs_mount+0x79/0x8f0
[ 2112.702277]  ? v9fs_write_inode+0x60/0x60
[ 2112.702821]  legacy_get_tree+0x105/0x220
[ 2112.703343]  vfs_get_tree+0x8e/0x300
[ 2112.703826]  path_mount+0x1490/0x21e0
[ 2112.704323]  ? strncpy_from_user+0x9e/0x470
[ 2112.704882]  ? finish_automount+0xa90/0xa90
[ 2112.705442]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2112.706059]  ? _copy_from_user+0xfb/0x1b0
[ 2112.706596]  __x64_sys_mount+0x282/0x300
[ 2112.707121]  ? copy_mnt_ns+0xa00/0xa00
[ 2112.707645]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2112.708334]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2112.709015]  do_syscall_64+0x33/0x40
[ 2112.709504]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2112.710179] RIP: 0033:0x7f32cefd1b19
[ 2112.710660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2112.713075] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2112.714074] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2112.715003] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2112.715928] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2112.716856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2112.717801] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
13:56:05 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 30)

[ 2112.819571] FAULT_INJECTION: forcing a failure.
[ 2112.819571] name failslab, interval 1, probability 0, space 0, times 0
[ 2112.821057] CPU: 1 PID: 9911 Comm: syz-executor.5 Not tainted 5.10.245 #1
[ 2112.821905] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2112.822905] Call Trace:
[ 2112.823229]  dump_stack+0x107/0x167
[ 2112.823672]  should_fail.cold+0x5/0xa
[ 2112.824142]  should_failslab+0x5/0x20
[ 2112.824602]  __kmalloc_track_caller+0x79/0x370
[ 2112.825156]  ? match_number+0xaf/0x1d0
[ 2112.825631]  ? kfree+0xd7/0x340
[ 2112.826030]  kmemdup_nul+0x2d/0xa0
[ 2112.826453]  match_number+0xaf/0x1d0
[ 2112.826901]  ? match_u64+0x190/0x190
[ 2112.827348]  ? __kmalloc_track_caller+0x2c6/0x370
[ 2112.827925]  ? memcpy+0x39/0x60
[ 2112.828321]  parse_opts.part.0+0x1f3/0x340
[ 2112.828825]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2112.829372]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2112.829998]  ? trace_hardirqs_on+0x5b/0x180
[ 2112.830513]  ? kfree+0xd7/0x340
[ 2112.830908]  p9_fd_create+0x98/0x4a0
[ 2112.831353]  ? p9_conn_create+0x510/0x510
[ 2112.831852]  ? p9_client_create+0x798/0x1230
[ 2112.832381]  ? kfree+0xd7/0x340
[ 2112.832772]  ? do_raw_spin_unlock+0x4f/0x220
[ 2112.833324]  p9_client_create+0x7ff/0x1230
[ 2112.833837]  ? p9_client_flush+0x430/0x430
[ 2112.834342]  ? trace_hardirqs_on+0x5b/0x180
[ 2112.834856]  ? lockdep_init_map_type+0x2c7/0x780
[ 2112.835425]  ? __raw_spin_lock_init+0x36/0x110
[ 2112.835977]  v9fs_session_init+0x1dd/0x1680
[ 2112.836500]  ? lock_release+0x680/0x680
[ 2112.836984]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2112.837574]  ? v9fs_show_options+0x690/0x690
[ 2112.838105]  ? trace_hardirqs_on+0x5b/0x180
[ 2112.838625]  ? kasan_unpoison_shadow+0x33/0x50
[ 2112.839171]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2112.839786]  v9fs_mount+0x79/0x8f0
[ 2112.840213]  ? v9fs_write_inode+0x60/0x60
[ 2112.840710]  legacy_get_tree+0x105/0x220
[ 2112.841195]  vfs_get_tree+0x8e/0x300
[ 2112.841654]  path_mount+0x1490/0x21e0
[ 2112.842115]  ? strncpy_from_user+0x9e/0x470
[ 2112.842632]  ? finish_automount+0xa90/0xa90
[ 2112.843144]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2112.843701]  ? _copy_from_user+0xfb/0x1b0
[ 2112.844196]  __x64_sys_mount+0x282/0x300
[ 2112.844683]  ? copy_mnt_ns+0xa00/0xa00
[ 2112.845158]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2112.845803]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2112.846416]  do_syscall_64+0x33/0x40
[ 2112.846863]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2112.847475] RIP: 0033:0x7f414f134b19
[ 2112.847920] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2112.850105] RSP: 002b:00007f414c6aa188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2112.851006] RAX: ffffffffffffffda RBX: 00007f414f247f60 RCX: 00007f414f134b19
[ 2112.851851] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2112.852691] RBP: 00007f414c6aa1d0 R08: 0000000020000280 R09: 0000000000000000
[ 2112.853538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2112.854376] R13: 00007ffd33b81f5f R14: 00007f414c6aa300 R15: 0000000000022000
[ 2112.855291] 9pnet: Insufficient options for proto=fd
13:56:20 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 34)

13:56:20 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 34)

13:56:20 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x0, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:56:20 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x0, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:56:20 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 27)

13:56:20 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x0, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:56:20 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 31)

13:56:20 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x0, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2127.759310] FAULT_INJECTION: forcing a failure.
[ 2127.759310] name failslab, interval 1, probability 0, space 0, times 0
[ 2127.762225] CPU: 1 PID: 9920 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2127.763951] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2127.766058] Call Trace:
[ 2127.766723]  dump_stack+0x107/0x167
[ 2127.767642]  should_fail.cold+0x5/0xa
[ 2127.768606]  ? p9_client_prepare_req.part.0+0x3a/0xac0
[ 2127.769935]  should_failslab+0x5/0x20
[ 2127.770891]  kmem_cache_alloc+0x5b/0x310
[ 2127.771917]  p9_client_prepare_req.part.0+0x3a/0xac0
[ 2127.773195]  p9_client_rpc+0x220/0x1370
[ 2127.773258] FAULT_INJECTION: forcing a failure.
[ 2127.773258] name failslab, interval 1, probability 0, space 0, times 0
[ 2127.774183]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2127.774217]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2127.774246]  ? pipe_poll+0x21b/0x800
[ 2127.780106]  ? p9_fd_close+0x4a0/0x4a0
[ 2127.781082]  ? wait_for_partner+0x3c0/0x3c0
[ 2127.782182]  ? p9_fd_poll+0x1e0/0x2c0
[ 2127.783146]  ? p9_fd_create+0x357/0x4a0
[ 2127.784145]  ? p9_conn_create+0x510/0x510
[ 2127.785179]  ? p9_client_create+0x798/0x1230
[ 2127.786226]  ? kfree+0xd7/0x340
[ 2127.786892]  ? do_raw_spin_unlock+0x4f/0x220
[ 2127.787806]  p9_client_create+0xa76/0x1230
[ 2127.788677]  ? p9_client_flush+0x430/0x430
[ 2127.789558]  ? trace_hardirqs_on+0x5b/0x180
[ 2127.790433]  ? lockdep_init_map_type+0x2c7/0x780
[ 2127.791411]  ? __raw_spin_lock_init+0x36/0x110
[ 2127.792358]  v9fs_session_init+0x1dd/0x1680
[ 2127.793251]  ? lock_release+0x680/0x680
[ 2127.794074]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2127.795084]  ? v9fs_show_options+0x690/0x690
[ 2127.795986]  ? trace_hardirqs_on+0x5b/0x180
[ 2127.796878]  ? kasan_unpoison_shadow+0x33/0x50
[ 2127.797811]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2127.798877]  v9fs_mount+0x79/0x8f0
[ 2127.799607]  ? v9fs_write_inode+0x60/0x60
[ 2127.800460]  legacy_get_tree+0x105/0x220
[ 2127.801288]  vfs_get_tree+0x8e/0x300
[ 2127.802066]  path_mount+0x1490/0x21e0
[ 2127.802842]  ? strncpy_from_user+0x9e/0x470
[ 2127.803729]  ? finish_automount+0xa90/0xa90
[ 2127.804615]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2127.805583]  ? _copy_from_user+0xfb/0x1b0
[ 2127.806435]  __x64_sys_mount+0x282/0x300
[ 2127.807270]  ? copy_mnt_ns+0xa00/0xa00
[ 2127.808073]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2127.809152]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2127.810209]  do_syscall_64+0x33/0x40
[ 2127.810977]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2127.812017] RIP: 0033:0x7f32cefd1b19
[ 2127.812781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2127.816576] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2127.818280] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2127.819778] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2127.821280] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2127.822784] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2127.824281] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
[ 2127.825825] CPU: 0 PID: 9931 Comm: syz-executor.1 Not tainted 5.10.245 #1
[ 2127.827416] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2127.829315] Call Trace:
[ 2127.829943]  dump_stack+0x107/0x167
[ 2127.830773]  should_fail.cold+0x5/0xa
[ 2127.831647]  ? create_object.isra.0+0x3a/0xa30
[ 2127.832697]  should_failslab+0x5/0x20
[ 2127.833585]  kmem_cache_alloc+0x5b/0x310
[ 2127.834508]  ? legacy_get_tree+0x105/0x220
[ 2127.835480]  ? vfs_get_tree+0x8e/0x300
[ 2127.836383]  create_object.isra.0+0x3a/0xa30
[ 2127.837405]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2127.838702]  __kmalloc_track_caller+0x177/0x370
[ 2127.839790]  ? parse_opts.part.0+0x8e/0x340
[ 2127.840766]  kstrdup+0x36/0x70
[ 2127.841516]  parse_opts.part.0+0x8e/0x340
[ 2127.842495]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2127.843539]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2127.844449] FAULT_INJECTION: forcing a failure.
[ 2127.844449] name failslab, interval 1, probability 0, space 0, times 0
[ 2127.844738]  ? quarantine_put+0x8b/0x1a0
[ 2127.847945]  ? trace_hardirqs_on+0x5b/0x180
[ 2127.848961]  ? kfree+0xd7/0x340
[ 2127.849729]  p9_fd_create+0x98/0x4a0
[ 2127.850587]  ? p9_conn_create+0x510/0x510
[ 2127.851533]  ? p9_client_create+0x798/0x1230
[ 2127.852503]  ? kfree+0xd7/0x340
[ 2127.853199]  ? do_raw_spin_unlock+0x4f/0x220
[ 2127.854218]  p9_client_create+0x7ff/0x1230
[ 2127.855227]  ? p9_client_flush+0x430/0x430
[ 2127.856199]  ? trace_hardirqs_on+0x5b/0x180
[ 2127.857202]  ? lockdep_init_map_type+0x2c7/0x780
[ 2127.858325]  ? __raw_spin_lock_init+0x36/0x110
[ 2127.859400]  v9fs_session_init+0x1dd/0x1680
[ 2127.860393]  ? lock_release+0x680/0x680
[ 2127.861307]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2127.862337]  ? v9fs_show_options+0x690/0x690
[ 2127.863379]  ? trace_hardirqs_on+0x5b/0x180
[ 2127.864353]  ? kasan_unpoison_shadow+0x33/0x50
[ 2127.865331]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2127.866520]  v9fs_mount+0x79/0x8f0
[ 2127.867332]  ? v9fs_write_inode+0x60/0x60
[ 2127.868191]  legacy_get_tree+0x105/0x220
[ 2127.869157]  vfs_get_tree+0x8e/0x300
[ 2127.870056]  path_mount+0x1490/0x21e0
[ 2127.870966]  ? strncpy_from_user+0x9e/0x470
[ 2127.871968]  ? finish_automount+0xa90/0xa90
[ 2127.872952]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2127.874070]  ? _copy_from_user+0xfb/0x1b0
[ 2127.875041]  __x64_sys_mount+0x282/0x300
[ 2127.875966]  ? copy_mnt_ns+0xa00/0xa00
[ 2127.876830]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2127.878003]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2127.879185]  do_syscall_64+0x33/0x40
[ 2127.880018]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2127.881072] RIP: 0033:0x7f70af30cb19
[ 2127.881843] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2127.885577] RSP: 002b:00007f70ac882188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2127.887121] RAX: ffffffffffffffda RBX: 00007f70af41ff60 RCX: 00007f70af30cb19
[ 2127.888581] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2127.890045] RBP: 00007f70ac8821d0 R08: 0000000020000280 R09: 0000000000000000
[ 2127.891494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2127.892940] R13: 00007ffc0122b36f R14: 00007f70ac882300 R15: 0000000000022000
[ 2127.894447] CPU: 1 PID: 9933 Comm: syz-executor.5 Not tainted 5.10.245 #1
[ 2127.896074] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2127.897959] Call Trace:
[ 2127.898557]  dump_stack+0x107/0x167
[ 2127.899462]  should_fail.cold+0x5/0xa
[ 2127.900330]  ? create_object.isra.0+0x3a/0xa30
[ 2127.901352]  should_failslab+0x5/0x20
[ 2127.902151]  kmem_cache_alloc+0x5b/0x310
[ 2127.903056]  create_object.isra.0+0x3a/0xa30
[ 2127.904054]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2127.905096]  __kmalloc_track_caller+0x177/0x370
[ 2127.906168]  ? match_number+0xaf/0x1d0
[ 2127.907007]  kmemdup_nul+0x2d/0xa0
[ 2127.907890]  match_number+0xaf/0x1d0
[ 2127.908788]  ? match_u64+0x190/0x190
[ 2127.909742]  ? __kmalloc_track_caller+0x2c6/0x370
[ 2127.910776]  ? memcpy+0x39/0x60
[ 2127.911519]  parse_opts.part.0+0x1f3/0x340
[ 2127.912528]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2127.913691]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2127.914847]  ? trace_hardirqs_on+0x5b/0x180
[ 2127.915778]  ? kfree+0xd7/0x340
[ 2127.916573]  p9_fd_create+0x98/0x4a0
[ 2127.917378]  ? p9_conn_create+0x510/0x510
[ 2127.918470]  ? p9_client_create+0x798/0x1230
[ 2127.919607]  ? kfree+0xd7/0x340
[ 2127.920441]  ? do_raw_spin_unlock+0x4f/0x220
[ 2127.921615]  p9_client_create+0x7ff/0x1230
[ 2127.922736]  ? p9_client_flush+0x430/0x430
[ 2127.923835]  ? trace_hardirqs_on+0x5b/0x180
[ 2127.924965]  ? lockdep_init_map_type+0x2c7/0x780
[ 2127.926208]  ? __raw_spin_lock_init+0x36/0x110
[ 2127.927379]  v9fs_session_init+0x1dd/0x1680
[ 2127.928497]  ? lock_release+0x680/0x680
[ 2127.929591]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2127.930797]  ? v9fs_show_options+0x690/0x690
[ 2127.931954]  ? trace_hardirqs_on+0x5b/0x180
[ 2127.933040]  ? kasan_unpoison_shadow+0x33/0x50
[ 2127.934230]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2127.935551]  v9fs_mount+0x79/0x8f0
[ 2127.936475]  ? v9fs_write_inode+0x60/0x60
[ 2127.937553]  legacy_get_tree+0x105/0x220
[ 2127.938548]  vfs_get_tree+0x8e/0x300
[ 2127.939549]  path_mount+0x1490/0x21e0
[ 2127.940495]  ? strncpy_from_user+0x9e/0x470
[ 2127.941464]  ? finish_automount+0xa90/0xa90
[ 2127.942381]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2127.943515]  ? _copy_from_user+0xfb/0x1b0
[ 2127.944540]  __x64_sys_mount+0x282/0x300
[ 2127.945467]  ? copy_mnt_ns+0xa00/0xa00
[ 2127.946372]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2127.947544]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2127.948626]  do_syscall_64+0x33/0x40
[ 2127.949407]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2127.950615] RIP: 0033:0x7f414f134b19
[ 2127.951455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2127.955373] RSP: 002b:00007f414c6aa188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2127.957207] RAX: ffffffffffffffda RBX: 00007f414f247f60 RCX: 00007f414f134b19
[ 2127.958922] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2127.960542] RBP: 00007f414c6aa1d0 R08: 0000000020000280 R09: 0000000000000000
[ 2127.962228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2127.963995] R13: 00007ffd33b81f5f R14: 00007f414c6aa300 R15: 0000000000022000
[ 2127.972105] FAULT_INJECTION: forcing a failure.
[ 2127.972105] name failslab, interval 1, probability 0, space 0, times 0
[ 2127.974565] CPU: 0 PID: 9934 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2127.976030] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2127.977792] Call Trace:
[ 2127.978370]  dump_stack+0x107/0x167
[ 2127.979158]  should_fail.cold+0x5/0xa
[ 2127.979962]  ? create_object.isra.0+0x3a/0xa30
[ 2127.980917]  should_failslab+0x5/0x20
[ 2127.981717]  kmem_cache_alloc+0x5b/0x310
[ 2127.982571]  create_object.isra.0+0x3a/0xa30
[ 2127.983495]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2127.984555]  __kmalloc_track_caller+0x177/0x370
[ 2127.985527]  ? match_number+0xaf/0x1d0
[ 2127.986344]  kmemdup_nul+0x2d/0xa0
[ 2127.987081]  match_number+0xaf/0x1d0
[ 2127.987849]  ? match_u64+0x190/0x190
[ 2127.988625]  ? __kmalloc_track_caller+0x2c6/0x370
[ 2127.989636]  ? memcpy+0x39/0x60
[ 2127.990330]  parse_opts.part.0+0x1f3/0x340
[ 2127.991217]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2127.992169]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2127.993265]  ? trace_hardirqs_on+0x5b/0x180
[ 2127.994183]  ? kfree+0xd7/0x340
[ 2127.994878]  p9_fd_create+0x98/0x4a0
[ 2127.995648]  ? p9_conn_create+0x510/0x510
[ 2127.996517]  ? p9_client_create+0x798/0x1230
[ 2127.997441]  ? kfree+0xd7/0x340
[ 2127.998134]  ? do_raw_spin_unlock+0x4f/0x220
[ 2127.999061]  p9_client_create+0x7ff/0x1230
[ 2127.999955]  ? p9_client_flush+0x430/0x430
[ 2128.000840]  ? trace_hardirqs_on+0x5b/0x180
[ 2128.001758]  ? lockdep_init_map_type+0x2c7/0x780
[ 2128.002750]  ? __raw_spin_lock_init+0x36/0x110
[ 2128.003720]  v9fs_session_init+0x1dd/0x1680
[ 2128.004622]  ? lock_release+0x680/0x680
[ 2128.005476]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2128.006495]  ? v9fs_show_options+0x690/0x690
[ 2128.007424]  ? trace_hardirqs_on+0x5b/0x180
[ 2128.008339]  ? kasan_unpoison_shadow+0x33/0x50
[ 2128.009289]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2128.010369]  v9fs_mount+0x79/0x8f0
[ 2128.011113]  ? v9fs_write_inode+0x60/0x60
[ 2128.011980]  legacy_get_tree+0x105/0x220
[ 2128.012830]  vfs_get_tree+0x8e/0x300
[ 2128.013624]  path_mount+0x1490/0x21e0
[ 2128.014427]  ? strncpy_from_user+0x9e/0x470
[ 2128.015324]  ? finish_automount+0xa90/0xa90
[ 2128.016238]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2128.017206]  ? _copy_from_user+0xfb/0x1b0
[ 2128.018099]  __x64_sys_mount+0x282/0x300
[ 2128.018949]  ? copy_mnt_ns+0xa00/0xa00
[ 2128.019774]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2128.020883]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2128.021980]  do_syscall_64+0x33/0x40
[ 2128.022761]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2128.023830] RIP: 0033:0x7f3f98f8db19
[ 2128.024610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2128.028490] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2128.030129] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2128.031621] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2128.033112] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2128.034639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2128.036156] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
13:56:20 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x0, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:56:20 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 35)

[ 2128.085759] FAULT_INJECTION: forcing a failure.
[ 2128.085759] name failslab, interval 1, probability 0, space 0, times 0
[ 2128.088340] CPU: 0 PID: 9941 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2128.089796] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2128.091545] Call Trace:
[ 2128.092102]  dump_stack+0x107/0x167
[ 2128.092874]  should_fail.cold+0x5/0xa
[ 2128.093684]  ? create_object.isra.0+0x3a/0xa30
[ 2128.094627]  should_failslab+0x5/0x20
[ 2128.095455]  kmem_cache_alloc+0x5b/0x310
[ 2128.096312]  create_object.isra.0+0x3a/0xa30
[ 2128.097226]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2128.098308]  kmem_cache_alloc+0x159/0x310
[ 2128.099200]  p9_client_prepare_req.part.0+0x3a/0xac0
[ 2128.100272]  p9_client_rpc+0x220/0x1370
[ 2128.101116]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2128.102241]  ? p9_client_prepare_req.part.0+0xac0/0xac0
13:56:20 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x0, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2128.103364]  ? pipe_poll+0x21b/0x800
[ 2128.104192]  ? p9_fd_close+0x4a0/0x4a0
[ 2128.105013]  ? wait_for_partner+0x3c0/0x3c0
[ 2128.105921]  ? p9_fd_poll+0x1e0/0x2c0
[ 2128.106735]  ? p9_fd_create+0x357/0x4a0
[ 2128.107575]  ? p9_conn_create+0x510/0x510
[ 2128.108472]  ? p9_client_create+0x798/0x1230
[ 2128.109416]  ? kfree+0xd7/0x340
[ 2128.110099]  ? do_raw_spin_unlock+0x4f/0x220
[ 2128.111033]  p9_client_create+0xa76/0x1230
[ 2128.111946]  ? p9_client_flush+0x430/0x430
[ 2128.112837]  ? trace_hardirqs_on+0x5b/0x180
[ 2128.113764]  ? lockdep_init_map_type+0x2c7/0x780
[ 2128.114776]  ? __raw_spin_lock_init+0x36/0x110
[ 2128.115742]  v9fs_session_init+0x1dd/0x1680
[ 2128.116658]  ? lock_release+0x680/0x680
[ 2128.117521]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2128.118544]  ? v9fs_show_options+0x690/0x690
[ 2128.119488]  ? trace_hardirqs_on+0x5b/0x180
[ 2128.120399]  ? kasan_unpoison_shadow+0x33/0x50
[ 2128.121365]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2128.122452]  v9fs_mount+0x79/0x8f0
[ 2128.123211]  ? v9fs_write_inode+0x60/0x60
[ 2128.124073]  legacy_get_tree+0x105/0x220
[ 2128.124936]  vfs_get_tree+0x8e/0x300
[ 2128.125721]  path_mount+0x1490/0x21e0
[ 2128.126544]  ? strncpy_from_user+0x9e/0x470
[ 2128.127462]  ? finish_automount+0xa90/0xa90
[ 2128.128359]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2128.129327]  ? _copy_from_user+0xfb/0x1b0
[ 2128.130209]  __x64_sys_mount+0x282/0x300
[ 2128.131059]  ? copy_mnt_ns+0xa00/0xa00
[ 2128.131893]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2128.133011]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2128.134105]  do_syscall_64+0x33/0x40
[ 2128.134888]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2128.135986] RIP: 0033:0x7f32cefd1b19
[ 2128.136784] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2128.140675] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2128.142264] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2128.143782] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2128.145270] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2128.146808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2128.148296] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
13:56:20 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x0, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:56:20 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 28)

13:56:20 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x0, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2128.201423] FAULT_INJECTION: forcing a failure.
[ 2128.201423] name failslab, interval 1, probability 0, space 0, times 0
[ 2128.202967] CPU: 1 PID: 9951 Comm: syz-executor.1 Not tainted 5.10.245 #1
[ 2128.203892] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2128.204995] Call Trace:
[ 2128.205358]  dump_stack+0x107/0x167
[ 2128.205858]  should_fail.cold+0x5/0xa
[ 2128.206375]  should_failslab+0x5/0x20
[ 2128.206879]  __kmalloc_track_caller+0x79/0x370
[ 2128.207485]  ? match_number+0xaf/0x1d0
[ 2128.208021]  kmemdup_nul+0x2d/0xa0
[ 2128.208487]  match_number+0xaf/0x1d0
[ 2128.208977]  ? match_u64+0x190/0x190
[ 2128.209473]  ? __kmalloc_track_caller+0x2c6/0x370
[ 2128.210114]  ? memcpy+0x39/0x60
[ 2128.210556]  parse_opts.part.0+0x1f3/0x340
[ 2128.211123]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2128.211736]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2128.212436]  ? trace_hardirqs_on+0x5b/0x180
[ 2128.212998]  ? kfree+0xd7/0x340
[ 2128.213457]  p9_fd_create+0x98/0x4a0
[ 2128.213945]  ? p9_conn_create+0x510/0x510
[ 2128.214519]  ? p9_client_create+0x798/0x1230
[ 2128.215114]  ? kfree+0xd7/0x340
[ 2128.215545]  ? do_raw_spin_unlock+0x4f/0x220
[ 2128.216137]  p9_client_create+0x7ff/0x1230
[ 2128.216698]  ? p9_client_flush+0x430/0x430
[ 2128.217252]  ? trace_hardirqs_on+0x5b/0x180
[ 2128.217824]  ? lockdep_init_map_type+0x2c7/0x780
[ 2128.218457]  ? __raw_spin_lock_init+0x36/0x110
[ 2128.219064]  v9fs_session_init+0x1dd/0x1680
[ 2128.219627]  ? lock_release+0x680/0x680
[ 2128.220179]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2128.220833]  ? v9fs_show_options+0x690/0x690
[ 2128.221420]  ? trace_hardirqs_on+0x5b/0x180
[ 2128.222001]  ? kasan_unpoison_shadow+0x33/0x50
[ 2128.222599]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2128.223275]  v9fs_mount+0x79/0x8f0
[ 2128.223740]  ? v9fs_write_inode+0x60/0x60
[ 2128.224296]  legacy_get_tree+0x105/0x220
[ 2128.224829]  vfs_get_tree+0x8e/0x300
[ 2128.225324]  path_mount+0x1490/0x21e0
[ 2128.225837]  ? strncpy_from_user+0x9e/0x470
[ 2128.226416]  ? finish_automount+0xa90/0xa90
[ 2128.226988]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2128.227609]  ? _copy_from_user+0xfb/0x1b0
[ 2128.228169]  __x64_sys_mount+0x282/0x300
[ 2128.228722]  ? copy_mnt_ns+0xa00/0xa00
[ 2128.229241]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2128.229954]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2128.230643]  do_syscall_64+0x33/0x40
[ 2128.231132]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2128.231803] RIP: 0033:0x7f70af30cb19
[ 2128.232298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2128.234718] RSP: 002b:00007f70ac882188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2128.235709] RAX: ffffffffffffffda RBX: 00007f70af41ff60 RCX: 00007f70af30cb19
[ 2128.236668] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2128.237620] RBP: 00007f70ac8821d0 R08: 0000000020000280 R09: 0000000000000000
[ 2128.238571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2128.239534] R13: 00007ffc0122b36f R14: 00007f70ac882300 R15: 0000000000022000
[ 2128.278111] 9pnet: Insufficient options for proto=fd
13:56:21 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x0, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:56:21 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x0, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:56:35 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 29)

13:56:35 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 32)

[ 2143.016019] FAULT_INJECTION: forcing a failure.
[ 2143.016019] name failslab, interval 1, probability 0, space 0, times 0
[ 2143.017459] CPU: 0 PID: 9966 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2143.018341] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2143.019377] Call Trace:
[ 2143.019713]  dump_stack+0x107/0x167
[ 2143.020158]  should_fail.cold+0x5/0xa
[ 2143.020664]  ? create_object.isra.0+0x3a/0xa30
[ 2143.021250]  should_failslab+0x5/0x20
[ 2143.021743]  kmem_cache_alloc+0x5b/0x310
[ 2143.022271]  create_object.isra.0+0x3a/0xa30
[ 2143.022810]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2143.023471]  kmem_cache_alloc+0x159/0x310
[ 2143.024246]  p9_client_prepare_req.part.0+0x3a/0xac0
[ 2143.024998]  p9_client_rpc+0x220/0x1370
[ 2143.025518]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2143.026211]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2143.026901]  ? pipe_poll+0x21b/0x800
[ 2143.027381]  ? p9_fd_close+0x4a0/0x4a0
[ 2143.027887]  ? wait_for_partner+0x3c0/0x3c0
[ 2143.028464]  ? p9_fd_poll+0x1e0/0x2c0
[ 2143.028949]  ? p9_fd_create+0x357/0x4a0
[ 2143.029466]  ? p9_conn_create+0x510/0x510
[ 2143.030015]  ? p9_client_create+0x798/0x1230
[ 2143.030556]  ? kfree+0xd7/0x340
[ 2143.030970]  ? do_raw_spin_unlock+0x4f/0x220
[ 2143.031543]  p9_client_create+0xa76/0x1230
[ 2143.032091]  ? p9_client_flush+0x430/0x430
[ 2143.032614]  ? trace_hardirqs_on+0x5b/0x180
[ 2143.033155]  ? lockdep_init_map_type+0x2c7/0x780
[ 2143.033770]  ? __raw_spin_lock_init+0x36/0x110
[ 2143.034343]  v9fs_session_init+0x1dd/0x1680
[ 2143.034899]  ? lock_release+0x680/0x680
[ 2143.035425]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2143.036058]  ? v9fs_show_options+0x690/0x690
[ 2143.036642]  ? trace_hardirqs_on+0x5b/0x180
[ 2143.037204]  ? kasan_unpoison_shadow+0x33/0x50
[ 2143.037806]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2143.038469]  v9fs_mount+0x79/0x8f0
[ 2143.038942]  ? v9fs_write_inode+0x60/0x60
[ 2143.039482]  legacy_get_tree+0x105/0x220
[ 2143.040011]  vfs_get_tree+0x8e/0x300
[ 2143.040500]  path_mount+0x1490/0x21e0
[ 2143.040995]  ? strncpy_from_user+0x9e/0x470
[ 2143.041575]  ? finish_automount+0xa90/0xa90
[ 2143.042139]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2143.042727]  ? _copy_from_user+0xfb/0x1b0
[ 2143.043267]  __x64_sys_mount+0x282/0x300
[ 2143.043774]  ? copy_mnt_ns+0xa00/0xa00
[ 2143.044277]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2143.044935]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2143.045628]  do_syscall_64+0x33/0x40
[ 2143.046104]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2143.046739] RIP: 0033:0x7f3f98f8db19
[ 2143.047223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2143.049579] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2143.050559] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2143.051469] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2143.052378] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2143.053267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2143.054159] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
13:56:35 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x0, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:56:35 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x0, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:56:35 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 35)

[ 2143.059827] FAULT_INJECTION: forcing a failure.
[ 2143.059827] name failslab, interval 1, probability 0, space 0, times 0
[ 2143.062830] CPU: 1 PID: 9963 Comm: syz-executor.5 Not tainted 5.10.245 #1
[ 2143.064600] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2143.066760] Call Trace:
[ 2143.067450]  dump_stack+0x107/0x167
[ 2143.068395]  should_fail.cold+0x5/0xa
[ 2143.069379]  ? p9_fd_create+0x161/0x4a0
[ 2143.070329]  should_failslab+0x5/0x20
[ 2143.071193]  kmem_cache_alloc_trace+0x55/0x320
[ 2143.072222]  p9_fd_create+0x161/0x4a0
[ 2143.073077]  ? p9_conn_create+0x510/0x510
[ 2143.074022]  ? p9_client_create+0x798/0x1230
[ 2143.075007]  ? kfree+0xd7/0x340
[ 2143.075756]  ? do_raw_spin_unlock+0x4f/0x220
[ 2143.076759]  p9_client_create+0x7ff/0x1230
[ 2143.077738]  ? p9_client_flush+0x430/0x430
[ 2143.078689]  ? trace_hardirqs_on+0x5b/0x180
[ 2143.079662]  ? lockdep_init_map_type+0x2c7/0x780
[ 2143.080737]  ? __raw_spin_lock_init+0x36/0x110
[ 2143.081791]  v9fs_session_init+0x1dd/0x1680
[ 2143.082803]  ? lock_release+0x680/0x680
[ 2143.083720]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2143.084808]  ? v9fs_show_options+0x690/0x690
[ 2143.085825]  ? trace_hardirqs_on+0x5b/0x180
[ 2143.086800]  ? kasan_unpoison_shadow+0x33/0x50
[ 2143.087869]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2143.089021]  v9fs_mount+0x79/0x8f0
[ 2143.089851]  ? v9fs_write_inode+0x60/0x60
[ 2143.090791]  legacy_get_tree+0x105/0x220
[ 2143.091713]  vfs_get_tree+0x8e/0x300
[ 2143.092580]  path_mount+0x1490/0x21e0
[ 2143.093449]  ? strncpy_from_user+0x9e/0x470
[ 2143.094469]  ? finish_automount+0xa90/0xa90
13:56:35 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 36)

13:56:35 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x0, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:56:35 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2143.095795]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2143.096963]  ? _copy_from_user+0xfb/0x1b0
[ 2143.097044] FAULT_INJECTION: forcing a failure.
[ 2143.097044] name failslab, interval 1, probability 0, space 0, times 0
[ 2143.097926]  __x64_sys_mount+0x282/0x300
[ 2143.097945]  ? copy_mnt_ns+0xa00/0xa00
[ 2143.097970]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2143.097991]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2143.098016]  do_syscall_64+0x33/0x40
[ 2143.104291]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2143.105444] RIP: 0033:0x7f414f134b19
[ 2143.106299] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2143.110450] RSP: 002b:00007f414c6aa188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2143.112164] RAX: ffffffffffffffda RBX: 00007f414f247f60 RCX: 00007f414f134b19
[ 2143.113786] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2143.115389] RBP: 00007f414c6aa1d0 R08: 0000000020000280 R09: 0000000000000000
[ 2143.116994] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2143.118597] R13: 00007ffd33b81f5f R14: 00007f414c6aa300 R15: 0000000000022000
[ 2143.120257] CPU: 0 PID: 9971 Comm: syz-executor.1 Not tainted 5.10.245 #1
[ 2143.121101] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2143.122151] Call Trace:
[ 2143.122490]  dump_stack+0x107/0x167
[ 2143.122941]  should_fail.cold+0x5/0xa
[ 2143.123418]  ? create_object.isra.0+0x3a/0xa30
[ 2143.123988]  should_failslab+0x5/0x20
[ 2143.124458]  kmem_cache_alloc+0x5b/0x310
[ 2143.124966]  create_object.isra.0+0x3a/0xa30
[ 2143.125506]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2143.126150]  __kmalloc_track_caller+0x177/0x370
[ 2143.126701]  ? match_number+0xaf/0x1d0
[ 2143.127196]  kmemdup_nul+0x2d/0xa0
[ 2143.127617]  match_number+0xaf/0x1d0
[ 2143.128082]  ? match_u64+0x190/0x190
[ 2143.128549]  ? __kmalloc_track_caller+0x2c6/0x370
[ 2143.129125]  ? memcpy+0x39/0x60
[ 2143.129516]  parse_opts.part.0+0x1f3/0x340
[ 2143.130039]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2143.130582]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2143.131197]  ? trace_hardirqs_on+0x5b/0x180
[ 2143.131734]  ? kfree+0xd7/0x340
[ 2143.132126]  p9_fd_create+0x98/0x4a0
[ 2143.132581]  ? p9_conn_create+0x510/0x510
[ 2143.133094]  ? p9_client_create+0x798/0x1230
[ 2143.133627]  ? kfree+0xd7/0x340
[ 2143.134014]  ? do_raw_spin_unlock+0x4f/0x220
[ 2143.134560]  p9_client_create+0x7ff/0x1230
[ 2143.135089]  ? p9_client_flush+0x430/0x430
[ 2143.135590]  ? trace_hardirqs_on+0x5b/0x180
[ 2143.136131]  ? lockdep_init_map_type+0x2c7/0x780
[ 2143.136712]  ? __raw_spin_lock_init+0x36/0x110
[ 2143.137289]  v9fs_session_init+0x1dd/0x1680
[ 2143.137832]  ? lock_release+0x680/0x680
[ 2143.138324]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2143.138919]  ? v9fs_show_options+0x690/0x690
[ 2143.139474]  ? trace_hardirqs_on+0x5b/0x180
[ 2143.140004]  ? kasan_unpoison_shadow+0x33/0x50
[ 2143.140564]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2143.141196]  v9fs_mount+0x79/0x8f0
[ 2143.141643]  ? v9fs_write_inode+0x60/0x60
[ 2143.142130]  legacy_get_tree+0x105/0x220
[ 2143.142618]  vfs_get_tree+0x8e/0x300
[ 2143.143085]  path_mount+0x1490/0x21e0
[ 2143.143545]  ? strncpy_from_user+0x9e/0x470
[ 2143.144071]  ? finish_automount+0xa90/0xa90
[ 2143.144582]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2143.145162]  ? _copy_from_user+0xfb/0x1b0
[ 2143.145663]  __x64_sys_mount+0x282/0x300
[ 2143.146169]  ? copy_mnt_ns+0xa00/0xa00
[ 2143.146651]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2143.147295]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2143.147942]  do_syscall_64+0x33/0x40
[ 2143.148399]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2143.149024] RIP: 0033:0x7f70af30cb19
[ 2143.149483] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2143.151639] RSP: 002b:00007f70ac882188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2143.152576] RAX: ffffffffffffffda RBX: 00007f70af41ff60 RCX: 00007f70af30cb19
[ 2143.153454] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2143.154347] RBP: 00007f70ac8821d0 R08: 0000000020000280 R09: 0000000000000000
[ 2143.155212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2143.156096] R13: 00007ffc0122b36f R14: 00007f70ac882300 R15: 0000000000022000
[ 2143.167352] FAULT_INJECTION: forcing a failure.
[ 2143.167352] name failslab, interval 1, probability 0, space 0, times 0
[ 2143.169774] CPU: 1 PID: 9973 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2143.171239] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2143.173004] Call Trace:
[ 2143.173579]  dump_stack+0x107/0x167
[ 2143.174373]  should_fail.cold+0x5/0xa
[ 2143.175195]  ? p9_fcall_init+0x97/0x290
[ 2143.176066]  should_failslab+0x5/0x20
[ 2143.176881]  __kmalloc+0x72/0x390
[ 2143.177650]  p9_fcall_init+0x97/0x290
[ 2143.178472]  p9_client_prepare_req.part.0+0x8c/0xac0
[ 2143.179569]  p9_client_rpc+0x220/0x1370
[ 2143.180411]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2143.181554]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2143.182699]  ? pipe_poll+0x21b/0x800
[ 2143.183485]  ? p9_fd_close+0x4a0/0x4a0
[ 2143.184304]  ? wait_for_partner+0x3c0/0x3c0
[ 2143.185210]  ? p9_fd_poll+0x1e0/0x2c0
[ 2143.186026]  ? p9_fd_create+0x357/0x4a0
[ 2143.186864]  ? p9_conn_create+0x510/0x510
[ 2143.187736]  ? p9_client_create+0x798/0x1230
[ 2143.188669]  ? kfree+0xd7/0x340
[ 2143.189360]  ? do_raw_spin_unlock+0x4f/0x220
[ 2143.190304]  p9_client_create+0xa76/0x1230
[ 2143.191211]  ? p9_client_flush+0x430/0x430
[ 2143.192090]  ? trace_hardirqs_on+0x5b/0x180
[ 2143.193014]  ? lockdep_init_map_type+0x2c7/0x780
[ 2143.194035]  ? __raw_spin_lock_init+0x36/0x110
[ 2143.194995]  v9fs_session_init+0x1dd/0x1680
[ 2143.195910]  ? lock_release+0x680/0x680
[ 2143.196756]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2143.197783]  ? v9fs_show_options+0x690/0x690
[ 2143.198720]  ? trace_hardirqs_on+0x5b/0x180
[ 2143.199621]  ? kasan_unpoison_shadow+0x33/0x50
[ 2143.200586]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2143.201662]  v9fs_mount+0x79/0x8f0
[ 2143.202411]  ? v9fs_write_inode+0x60/0x60
[ 2143.203292]  legacy_get_tree+0x105/0x220
[ 2143.204148]  vfs_get_tree+0x8e/0x300
[ 2143.204913]  path_mount+0x1490/0x21e0
[ 2143.205719]  ? strncpy_from_user+0x9e/0x470
[ 2143.206634]  ? finish_automount+0xa90/0xa90
[ 2143.207551]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2143.208525]  ? _copy_from_user+0xfb/0x1b0
[ 2143.209404]  __x64_sys_mount+0x282/0x300
[ 2143.210259]  ? copy_mnt_ns+0xa00/0xa00
[ 2143.211093]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2143.212170]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2143.213245]  do_syscall_64+0x33/0x40
[ 2143.214039]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2143.215126] RIP: 0033:0x7f32cefd1b19
[ 2143.215910] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2143.219851] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2143.221743] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2143.223396] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2143.225115] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2143.226806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2143.228497] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
13:56:36 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 36)

13:56:36 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 30)

13:56:36 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x0, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2143.362000] FAULT_INJECTION: forcing a failure.
[ 2143.362000] name failslab, interval 1, probability 0, space 0, times 0
[ 2143.363277] CPU: 0 PID: 9982 Comm: syz-executor.1 Not tainted 5.10.245 #1
[ 2143.364049] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2143.364986] Call Trace:
[ 2143.365289]  dump_stack+0x107/0x167
[ 2143.365713]  should_fail.cold+0x5/0xa
[ 2143.366151]  should_failslab+0x5/0x20
[ 2143.366596]  __kmalloc_track_caller+0x79/0x370
[ 2143.367117]  ? match_number+0xaf/0x1d0
[ 2143.367539]  ? kfree+0xd7/0x340
[ 2143.367920]  kmemdup_nul+0x2d/0xa0
[ 2143.368324]  match_number+0xaf/0x1d0
[ 2143.368755]  ? match_u64+0x190/0x190
[ 2143.369179]  ? __kmalloc_track_caller+0x2c6/0x370
[ 2143.369743]  ? memcpy+0x39/0x60
[ 2143.370126]  parse_opts.part.0+0x1f3/0x340
[ 2143.370613]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2143.371128]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2143.371735]  ? trace_hardirqs_on+0x5b/0x180
[ 2143.372224]  ? kfree+0xd7/0x340
[ 2143.372610]  p9_fd_create+0x98/0x4a0
[ 2143.373034]  ? p9_conn_create+0x510/0x510
[ 2143.373485]  ? p9_client_create+0x798/0x1230
[ 2143.373969]  ? kfree+0xd7/0x340
[ 2143.374347]  ? do_raw_spin_unlock+0x4f/0x220
[ 2143.374858]  p9_client_create+0x7ff/0x1230
[ 2143.375344]  ? p9_client_flush+0x430/0x430
[ 2143.375828]  ? trace_hardirqs_on+0x5b/0x180
[ 2143.376295]  ? lockdep_init_map_type+0x2c7/0x780
[ 2143.376820]  ? __raw_spin_lock_init+0x36/0x110
[ 2143.377350]  v9fs_session_init+0x1dd/0x1680
[ 2143.377823]  ? lock_release+0x680/0x680
[ 2143.378283]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2143.378835]  ? v9fs_show_options+0x690/0x690
[ 2143.379333]  ? trace_hardirqs_on+0x5b/0x180
[ 2143.379824]  ? kasan_unpoison_shadow+0x33/0x50
[ 2143.380355]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2143.380934]  v9fs_mount+0x79/0x8f0
[ 2143.381348]  ? v9fs_write_inode+0x60/0x60
[ 2143.381822]  legacy_get_tree+0x105/0x220
[ 2143.382292]  vfs_get_tree+0x8e/0x300
[ 2143.382715]  path_mount+0x1490/0x21e0
[ 2143.383152]  ? strncpy_from_user+0x9e/0x470
[ 2143.383651]  ? finish_automount+0xa90/0xa90
[ 2143.384144]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2143.384677]  ? _copy_from_user+0xfb/0x1b0
[ 2143.385158]  __x64_sys_mount+0x282/0x300
[ 2143.385624]  ? copy_mnt_ns+0xa00/0xa00
[ 2143.386072]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2143.386646]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2143.387210]  do_syscall_64+0x33/0x40
[ 2143.387640]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2143.388229] RIP: 0033:0x7f70af30cb19
[ 2143.388631] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2143.390763] RSP: 002b:00007f70ac882188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2143.391598] RAX: ffffffffffffffda RBX: 00007f70af41ff60 RCX: 00007f70af30cb19
[ 2143.392365] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2143.393172] RBP: 00007f70ac8821d0 R08: 0000000020000280 R09: 0000000000000000
[ 2143.393997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2143.394796] R13: 00007ffc0122b36f R14: 00007f70ac882300 R15: 0000000000022000
[ 2143.396271] 9pnet: Insufficient options for proto=fd
13:56:36 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x0, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:56:36 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x0, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:56:36 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:56:36 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 37)

[ 2143.441516] FAULT_INJECTION: forcing a failure.
[ 2143.441516] name failslab, interval 1, probability 0, space 0, times 0
13:56:36 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 31)

[ 2143.444191] CPU: 1 PID: 9989 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2143.445845] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2143.447660] Call Trace:
[ 2143.448302]  dump_stack+0x107/0x167
[ 2143.449121]  should_fail.cold+0x5/0xa
[ 2143.450192]  ? p9_fcall_init+0x97/0x290
[ 2143.451188]  should_failslab+0x5/0x20
[ 2143.452149]  __kmalloc+0x72/0x390
[ 2143.453027]  p9_fcall_init+0x97/0x290
[ 2143.454027]  p9_client_prepare_req.part.0+0x8c/0xac0
13:56:36 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 33)

[ 2143.455191]  p9_client_rpc+0x220/0x1370
[ 2143.456140]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2143.457239]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2143.458364]  ? pipe_poll+0x21b/0x800
[ 2143.459139]  ? p9_fd_close+0x4a0/0x4a0
[ 2143.459964]  ? wait_for_partner+0x3c0/0x3c0
[ 2143.460858]  ? p9_fd_poll+0x1e0/0x2c0
[ 2143.461669]  ? p9_fd_create+0x357/0x4a0
[ 2143.462494]  ? p9_conn_create+0x510/0x510
[ 2143.463357]  ? p9_client_create+0x798/0x1230
[ 2143.464288]  ? kfree+0xd7/0x340
[ 2143.464977]  ? do_raw_spin_unlock+0x4f/0x220
[ 2143.465925]  p9_client_create+0xa76/0x1230
[ 2143.466816]  ? p9_client_flush+0x430/0x430
[ 2143.467552] FAULT_INJECTION: forcing a failure.
[ 2143.467552] name failslab, interval 1, probability 0, space 0, times 0
[ 2143.467702]  ? trace_hardirqs_on+0x5b/0x180
[ 2143.469789]  ? lockdep_init_map_type+0x2c7/0x780
[ 2143.470799]  ? __raw_spin_lock_init+0x36/0x110
[ 2143.471763]  v9fs_session_init+0x1dd/0x1680
[ 2143.472663]  ? lock_release+0x680/0x680
[ 2143.473515]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2143.474529]  ? v9fs_show_options+0x690/0x690
[ 2143.475463]  ? trace_hardirqs_on+0x5b/0x180
[ 2143.476372]  ? kasan_unpoison_shadow+0x33/0x50
[ 2143.477346]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2143.478406]  v9fs_mount+0x79/0x8f0
[ 2143.479157]  ? v9fs_write_inode+0x60/0x60
[ 2143.480043]  legacy_get_tree+0x105/0x220
[ 2143.480906]  vfs_get_tree+0x8e/0x300
[ 2143.481700]  path_mount+0x1490/0x21e0
[ 2143.482502]  ? strncpy_from_user+0x9e/0x470
[ 2143.483423]  ? finish_automount+0xa90/0xa90
[ 2143.484332]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2143.485298]  ? _copy_from_user+0xfb/0x1b0
[ 2143.486176]  __x64_sys_mount+0x282/0x300
[ 2143.487029]  ? copy_mnt_ns+0xa00/0xa00
[ 2143.487858]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2143.488954]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2143.490058]  do_syscall_64+0x33/0x40
[ 2143.490834]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2143.491908] RIP: 0033:0x7f3f98f8db19
[ 2143.492689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2143.496563] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2143.498159] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2143.499657] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2143.501149] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2143.502656] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2143.504147] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
[ 2143.505658] CPU: 0 PID: 9993 Comm: syz-executor.1 Not tainted 5.10.245 #1
[ 2143.506454] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2143.507408] Call Trace:
[ 2143.507700]  dump_stack+0x107/0x167
[ 2143.508119]  should_fail.cold+0x5/0xa
[ 2143.508536]  ? create_object.isra.0+0x3a/0xa30
[ 2143.509063]  should_failslab+0x5/0x20
[ 2143.509481]  kmem_cache_alloc+0x5b/0x310
[ 2143.509943]  create_object.isra.0+0x3a/0xa30
[ 2143.510443]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2143.511000]  __kmalloc_track_caller+0x177/0x370
[ 2143.511498]  ? match_number+0xaf/0x1d0
[ 2143.511935]  kmemdup_nul+0x2d/0xa0
[ 2143.512319]  match_number+0xaf/0x1d0
[ 2143.512748]  ? match_u64+0x190/0x190
[ 2143.513154]  ? __kmalloc_track_caller+0x2c6/0x370
[ 2143.513675]  ? memcpy+0x39/0x60
[ 2143.514047]  parse_opts.part.0+0x1f3/0x340
[ 2143.514501]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2143.515019]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2143.515585]  ? trace_hardirqs_on+0x5b/0x180
[ 2143.516062]  ? kfree+0xd7/0x340
[ 2143.516443]  p9_fd_create+0x98/0x4a0
[ 2143.516857]  ? p9_conn_create+0x510/0x510
[ 2143.517309]  ? p9_client_create+0x798/0x1230
[ 2143.517805]  ? kfree+0xd7/0x340
[ 2143.518179]  ? do_raw_spin_unlock+0x4f/0x220
[ 2143.518664]  p9_client_create+0x7ff/0x1230
[ 2143.519147]  ? p9_client_flush+0x430/0x430
[ 2143.519604]  ? trace_hardirqs_on+0x5b/0x180
[ 2143.520095]  ? lockdep_init_map_type+0x2c7/0x780
[ 2143.520620]  ? __raw_spin_lock_init+0x36/0x110
[ 2143.521129]  v9fs_session_init+0x1dd/0x1680
[ 2143.521607]  ? lock_release+0x680/0x680
[ 2143.522064]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2143.522593]  ? v9fs_show_options+0x690/0x690
[ 2143.523069]  ? trace_hardirqs_on+0x5b/0x180
[ 2143.523560]  ? kasan_unpoison_shadow+0x33/0x50
[ 2143.524079]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2143.524630]  v9fs_mount+0x79/0x8f0
[ 2143.525010]  ? v9fs_write_inode+0x60/0x60
[ 2143.525455]  legacy_get_tree+0x105/0x220
[ 2143.525904]  vfs_get_tree+0x8e/0x300
[ 2143.526302]  path_mount+0x1490/0x21e0
[ 2143.526711]  ? strncpy_from_user+0x9e/0x470
[ 2143.527174]  ? finish_automount+0xa90/0xa90
[ 2143.527646]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2143.528145]  ? _copy_from_user+0xfb/0x1b0
[ 2143.528631]  __x64_sys_mount+0x282/0x300
[ 2143.529070]  ? copy_mnt_ns+0xa00/0xa00
[ 2143.529516]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2143.530093]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2143.530644]  do_syscall_64+0x33/0x40
[ 2143.531046]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2143.531593] RIP: 0033:0x7f70af30cb19
[ 2143.531995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2143.533967] RSP: 002b:00007f70ac882188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2143.534804] RAX: ffffffffffffffda RBX: 00007f70af41ff60 RCX: 00007f70af30cb19
[ 2143.535568] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2143.536335] RBP: 00007f70ac8821d0 R08: 0000000020000280 R09: 0000000000000000
[ 2143.537094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2143.537863] R13: 00007ffc0122b36f R14: 00007f70ac882300 R15: 0000000000022000
[ 2143.542488] FAULT_INJECTION: forcing a failure.
[ 2143.542488] name failslab, interval 1, probability 0, space 0, times 0
[ 2143.545006] CPU: 1 PID: 9999 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2143.546460] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2143.548214] Call Trace:
[ 2143.548778]  dump_stack+0x107/0x167
[ 2143.549548]  should_fail.cold+0x5/0xa
[ 2143.550353]  ? create_object.isra.0+0x3a/0xa30
[ 2143.551321]  should_failslab+0x5/0x20
[ 2143.552127]  kmem_cache_alloc+0x5b/0x310
[ 2143.552972]  create_object.isra.0+0x3a/0xa30
[ 2143.553891]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2143.554958]  __kmalloc+0x16e/0x390
[ 2143.555711]  p9_fcall_init+0x97/0x290
[ 2143.556523]  p9_client_prepare_req.part.0+0x8c/0xac0
[ 2143.557596]  p9_client_rpc+0x220/0x1370
[ 2143.558422]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2143.559535]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2143.560658]  ? pipe_poll+0x21b/0x800
[ 2143.561434]  ? p9_fd_close+0x4a0/0x4a0
[ 2143.562252]  ? wait_for_partner+0x3c0/0x3c0
[ 2143.563163]  ? p9_fd_poll+0x1e0/0x2c0
[ 2143.563956]  ? p9_fd_create+0x357/0x4a0
[ 2143.564792]  ? p9_conn_create+0x510/0x510
[ 2143.565670]  ? p9_client_create+0x798/0x1230
[ 2143.566602]  ? kfree+0xd7/0x340
[ 2143.567303]  ? do_raw_spin_unlock+0x4f/0x220
[ 2143.568226]  p9_client_create+0xa76/0x1230
[ 2143.569133]  ? p9_client_flush+0x430/0x430
[ 2143.570036]  ? trace_hardirqs_on+0x5b/0x180
[ 2143.570947]  ? lockdep_init_map_type+0x2c7/0x780
[ 2143.571945]  ? __raw_spin_lock_init+0x36/0x110
[ 2143.572909]  v9fs_session_init+0x1dd/0x1680
[ 2143.573820]  ? lock_release+0x680/0x680
[ 2143.574652]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2143.575673]  ? v9fs_show_options+0x690/0x690
[ 2143.576602]  ? trace_hardirqs_on+0x5b/0x180
[ 2143.577496]  ? kasan_unpoison_shadow+0x33/0x50
[ 2143.578461]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2143.579521]  v9fs_mount+0x79/0x8f0
[ 2143.580263]  ? v9fs_write_inode+0x60/0x60
[ 2143.581138]  legacy_get_tree+0x105/0x220
[ 2143.581993]  vfs_get_tree+0x8e/0x300
[ 2143.582761]  path_mount+0x1490/0x21e0
[ 2143.583564]  ? strncpy_from_user+0x9e/0x470
[ 2143.584461]  ? finish_automount+0xa90/0xa90
[ 2143.585365]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2143.586344]  ? _copy_from_user+0xfb/0x1b0
[ 2143.587218]  __x64_sys_mount+0x282/0x300
[ 2143.588067]  ? copy_mnt_ns+0xa00/0xa00
[ 2143.588881]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2143.589981]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2143.591064]  do_syscall_64+0x33/0x40
[ 2143.591848]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2143.592913] RIP: 0033:0x7f32cefd1b19
[ 2143.593693] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2143.597564] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2143.599173] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2143.600680] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2143.602192] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2143.603695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2143.605197] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
[ 2143.624147] FAULT_INJECTION: forcing a failure.
[ 2143.624147] name failslab, interval 1, probability 0, space 0, times 0
[ 2143.626580] CPU: 1 PID: 10000 Comm: syz-executor.5 Not tainted 5.10.245 #1
[ 2143.628058] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2143.629818] Call Trace:
[ 2143.630390]  dump_stack+0x107/0x167
[ 2143.631173]  should_fail.cold+0x5/0xa
[ 2143.631985]  ? create_object.isra.0+0x3a/0xa30
[ 2143.632944]  should_failslab+0x5/0x20
[ 2143.633751]  kmem_cache_alloc+0x5b/0x310
[ 2143.634602]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2143.635538]  create_object.isra.0+0x3a/0xa30
[ 2143.636462]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2143.637543]  kmem_cache_alloc_trace+0x151/0x320
[ 2143.638530]  p9_fd_create+0x161/0x4a0
[ 2143.639328]  ? p9_conn_create+0x510/0x510
[ 2143.640204]  ? p9_client_create+0x798/0x1230
[ 2143.641121]  ? kfree+0xd7/0x340
[ 2143.641817]  ? do_raw_spin_unlock+0x4f/0x220
[ 2143.642746]  p9_client_create+0x7ff/0x1230
[ 2143.643658]  ? p9_client_flush+0x430/0x430
[ 2143.644555]  ? trace_hardirqs_on+0x5b/0x180
[ 2143.645450]  ? lockdep_init_map_type+0x2c7/0x780
[ 2143.646455]  ? __raw_spin_lock_init+0x36/0x110
[ 2143.647429]  v9fs_session_init+0x1dd/0x1680
[ 2143.648339]  ? lock_release+0x680/0x680
[ 2143.649186]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2143.650198]  ? v9fs_show_options+0x690/0x690
[ 2143.651128]  ? trace_hardirqs_on+0x5b/0x180
[ 2143.652036]  ? kasan_unpoison_shadow+0x33/0x50
[ 2143.652993]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2143.654068]  v9fs_mount+0x79/0x8f0
[ 2143.654815]  ? v9fs_write_inode+0x60/0x60
[ 2143.655684]  legacy_get_tree+0x105/0x220
[ 2143.656541]  vfs_get_tree+0x8e/0x300
[ 2143.657335]  path_mount+0x1490/0x21e0
[ 2143.658135]  ? strncpy_from_user+0x9e/0x470
[ 2143.659038]  ? finish_automount+0xa90/0xa90
[ 2143.659958]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2143.660942]  ? _copy_from_user+0xfb/0x1b0
[ 2143.661815]  __x64_sys_mount+0x282/0x300
[ 2143.662660]  ? copy_mnt_ns+0xa00/0xa00
[ 2143.663484]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2143.664597]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2143.665682]  do_syscall_64+0x33/0x40
[ 2143.666467]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2143.667549] RIP: 0033:0x7f414f134b19
[ 2143.668328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2143.672227] RSP: 002b:00007f414c6aa188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2143.673824] RAX: ffffffffffffffda RBX: 00007f414f247f60 RCX: 00007f414f134b19
[ 2143.675313] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2143.676818] RBP: 00007f414c6aa1d0 R08: 0000000020000280 R09: 0000000000000000
[ 2143.678327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2143.679836] R13: 00007ffd33b81f5f R14: 00007f414c6aa300 R15: 0000000000022000
13:56:49 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 34)

13:56:49 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x0, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:56:49 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:56:49 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 37)

13:56:49 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x0, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2157.181441] FAULT_INJECTION: forcing a failure.
[ 2157.181441] name failslab, interval 1, probability 0, space 0, times 0
[ 2157.183902] CPU: 1 PID: 10013 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2157.185373] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2157.187142] Call Trace:
[ 2157.187704]  dump_stack+0x107/0x167
[ 2157.188476]  should_fail.cold+0x5/0xa
[ 2157.189285]  ? p9_fcall_init+0x97/0x290
[ 2157.190143]  should_failslab+0x5/0x20
[ 2157.190947]  __kmalloc+0x72/0x390
[ 2157.191678]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2157.192755]  p9_fcall_init+0x97/0x290
[ 2157.193568]  p9_client_prepare_req.part.0+0xf4/0xac0
[ 2157.194656]  p9_client_rpc+0x220/0x1370
[ 2157.195511]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2157.196639]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2157.197483] FAULT_INJECTION: forcing a failure.
[ 2157.197483] name failslab, interval 1, probability 0, space 0, times 0
[ 2157.197776]  ? pipe_poll+0x21b/0x800
[ 2157.197799]  ? p9_fd_close+0x4a0/0x4a0
[ 2157.201727]  ? wait_for_partner+0x3c0/0x3c0
[ 2157.202633]  ? p9_fd_poll+0x1e0/0x2c0
[ 2157.203442]  ? p9_fd_create+0x357/0x4a0
[ 2157.204275]  ? p9_conn_create+0x510/0x510
[ 2157.205145]  ? p9_client_create+0x798/0x1230
[ 2157.206078]  ? kfree+0xd7/0x340
[ 2157.206776]  ? do_raw_spin_unlock+0x4f/0x220
[ 2157.207709]  p9_client_create+0xa76/0x1230
[ 2157.208607]  ? p9_client_flush+0x430/0x430
[ 2157.209501]  ? trace_hardirqs_on+0x5b/0x180
[ 2157.210417]  ? lockdep_init_map_type+0x2c7/0x780
[ 2157.211419]  ? __raw_spin_lock_init+0x36/0x110
[ 2157.212387]  v9fs_session_init+0x1dd/0x1680
[ 2157.213297]  ? lock_release+0x680/0x680
[ 2157.214152]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2157.215168]  ? v9fs_show_options+0x690/0x690
[ 2157.216101]  ? trace_hardirqs_on+0x5b/0x180
[ 2157.217010]  ? kasan_unpoison_shadow+0x33/0x50
[ 2157.217979]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2157.219048]  v9fs_mount+0x79/0x8f0
[ 2157.219796]  ? v9fs_write_inode+0x60/0x60
[ 2157.220667]  legacy_get_tree+0x105/0x220
[ 2157.221525]  vfs_get_tree+0x8e/0x300
[ 2157.222317]  path_mount+0x1490/0x21e0
[ 2157.223127]  ? strncpy_from_user+0x9e/0x470
[ 2157.224035]  ? finish_automount+0xa90/0xa90
[ 2157.224950]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2157.225939]  ? _copy_from_user+0xfb/0x1b0
[ 2157.226818]  __x64_sys_mount+0x282/0x300
[ 2157.227672]  ? copy_mnt_ns+0xa00/0xa00
[ 2157.228500]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2157.229609]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2157.230708]  do_syscall_64+0x33/0x40
[ 2157.231493]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2157.232573] RIP: 0033:0x7f32cefd1b19
[ 2157.233357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2157.237247] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2157.238858] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2157.240369] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2157.241894] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2157.243403] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2157.244908] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
[ 2157.246456] CPU: 0 PID: 10016 Comm: syz-executor.1 Not tainted 5.10.245 #1
[ 2157.247932] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2157.249687] Call Trace:
[ 2157.250248]  dump_stack+0x107/0x167
[ 2157.251017]  should_fail.cold+0x5/0xa
[ 2157.251821]  ? p9_fd_create+0x161/0x4a0
[ 2157.252656]  should_failslab+0x5/0x20
[ 2157.253458]  kmem_cache_alloc_trace+0x55/0x320
[ 2157.254440]  p9_fd_create+0x161/0x4a0
[ 2157.255233]  ? p9_conn_create+0x510/0x510
[ 2157.256077]  ? p9_client_create+0x798/0x1230
[ 2157.257002]  ? kfree+0xd7/0x340
[ 2157.257306] FAULT_INJECTION: forcing a failure.
[ 2157.257306] name failslab, interval 1, probability 0, space 0, times 0
[ 2157.257697]  ? do_raw_spin_unlock+0x4f/0x220
[ 2157.257724]  p9_client_create+0x7ff/0x1230
[ 2157.261826]  ? p9_client_flush+0x430/0x430
[ 2157.262720]  ? trace_hardirqs_on+0x5b/0x180
[ 2157.263629]  ? lockdep_init_map_type+0x2c7/0x780
[ 2157.264625]  ? __raw_spin_lock_init+0x36/0x110
[ 2157.265591]  v9fs_session_init+0x1dd/0x1680
[ 2157.266502]  ? lock_release+0x680/0x680
[ 2157.267342]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2157.268348]  ? v9fs_show_options+0x690/0x690
[ 2157.269279]  ? trace_hardirqs_on+0x5b/0x180
[ 2157.270192]  ? kasan_unpoison_shadow+0x33/0x50
[ 2157.271115]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2157.272180]  v9fs_mount+0x79/0x8f0
[ 2157.272924]  ? v9fs_write_inode+0x60/0x60
[ 2157.273799]  legacy_get_tree+0x105/0x220
[ 2157.274652]  vfs_get_tree+0x8e/0x300
[ 2157.275429]  path_mount+0x1490/0x21e0
[ 2157.276232]  ? strncpy_from_user+0x9e/0x470
[ 2157.277133]  ? finish_automount+0xa90/0xa90
[ 2157.278052]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2157.279025]  ? _copy_from_user+0xfb/0x1b0
[ 2157.279900]  __x64_sys_mount+0x282/0x300
[ 2157.280749]  ? copy_mnt_ns+0xa00/0xa00
[ 2157.281570]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2157.282653]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2157.283734]  do_syscall_64+0x33/0x40
[ 2157.284514]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2157.285584] RIP: 0033:0x7f70af30cb19
[ 2157.286375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2157.290230] RSP: 002b:00007f70ac882188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2157.291829] RAX: ffffffffffffffda RBX: 00007f70af41ff60 RCX: 00007f70af30cb19
[ 2157.293318] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2157.294828] RBP: 00007f70ac8821d0 R08: 0000000020000280 R09: 0000000000000000
[ 2157.296319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2157.297825] R13: 00007ffc0122b36f R14: 00007f70ac882300 R15: 0000000000022000
[ 2157.299343] CPU: 1 PID: 10010 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2157.300823] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2157.302602] Call Trace:
[ 2157.303167]  dump_stack+0x107/0x167
[ 2157.303945]  should_fail.cold+0x5/0xa
[ 2157.304097] 9pnet: Insufficient options for proto=fd
[ 2157.304754]  ? create_object.isra.0+0x3a/0xa30
[ 2157.304771]  should_failslab+0x5/0x20
[ 2157.304788]  kmem_cache_alloc+0x5b/0x310
[ 2157.304812]  create_object.isra.0+0x3a/0xa30
[ 2157.309398]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2157.310495]  __kmalloc+0x16e/0x390
[ 2157.311259]  p9_fcall_init+0x97/0x290
[ 2157.312073]  p9_client_prepare_req.part.0+0x8c/0xac0
[ 2157.313161]  p9_client_rpc+0x220/0x1370
[ 2157.314015]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2157.315137]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2157.316281]  ? pipe_poll+0x21b/0x800
[ 2157.317074]  ? p9_fd_close+0x4a0/0x4a0
[ 2157.317913]  ? wait_for_partner+0x3c0/0x3c0
[ 2157.318829]  ? p9_fd_poll+0x1e0/0x2c0
[ 2157.319642]  ? p9_fd_create+0x357/0x4a0
[ 2157.320483]  ? p9_conn_create+0x510/0x510
[ 2157.321362]  ? p9_client_create+0x798/0x1230
[ 2157.322308]  ? kfree+0xd7/0x340
[ 2157.323005]  ? do_raw_spin_unlock+0x4f/0x220
[ 2157.323939]  p9_client_create+0xa76/0x1230
[ 2157.324847]  ? p9_client_flush+0x430/0x430
[ 2157.325747]  ? trace_hardirqs_on+0x5b/0x180
[ 2157.326663]  ? lockdep_init_map_type+0x2c7/0x780
[ 2157.327663]  ? __raw_spin_lock_init+0x36/0x110
[ 2157.328642]  v9fs_session_init+0x1dd/0x1680
[ 2157.329551]  ? lock_release+0x680/0x680
[ 2157.330413]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2157.331433]  ? v9fs_show_options+0x690/0x690
[ 2157.332379]  ? trace_hardirqs_on+0x5b/0x180
[ 2157.333288]  ? kasan_unpoison_shadow+0x33/0x50
[ 2157.334268]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2157.335337]  v9fs_mount+0x79/0x8f0
[ 2157.336091]  ? v9fs_write_inode+0x60/0x60
[ 2157.336961]  legacy_get_tree+0x105/0x220
[ 2157.337840]  vfs_get_tree+0x8e/0x300
[ 2157.338624]  path_mount+0x1490/0x21e0
[ 2157.339435]  ? strncpy_from_user+0x9e/0x470
[ 2157.340348]  ? finish_automount+0xa90/0xa90
[ 2157.341268]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2157.342261]  ? _copy_from_user+0xfb/0x1b0
[ 2157.343150]  __x64_sys_mount+0x282/0x300
[ 2157.344014]  ? copy_mnt_ns+0xa00/0xa00
[ 2157.344843]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2157.345963]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2157.347061]  do_syscall_64+0x33/0x40
[ 2157.347846]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2157.348935] RIP: 0033:0x7f3f98f8db19
[ 2157.349724] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2157.353644] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2157.355265] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2157.356788] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2157.358308] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2157.359823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2157.361331] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
13:56:49 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x0, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:56:49 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 32)

13:56:49 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 38)

13:56:50 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:56:50 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:56:50 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x0, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:56:50 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x0, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:56:50 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 33)

13:56:50 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 39)

13:56:50 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x2, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:56:50 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0)
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2157.552716] FAULT_INJECTION: forcing a failure.
[ 2157.552716] name failslab, interval 1, probability 0, space 0, times 0
[ 2157.555135] CPU: 1 PID: 10033 Comm: syz-executor.1 Not tainted 5.10.245 #1
[ 2157.556600] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2157.558358] Call Trace:
[ 2157.558922]  dump_stack+0x107/0x167
[ 2157.559680]  should_fail.cold+0x5/0xa
[ 2157.560494]  ? create_object.isra.0+0x3a/0xa30
[ 2157.561464]  should_failslab+0x5/0x20
[ 2157.562281]  kmem_cache_alloc+0x5b/0x310
[ 2157.563144]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2157.564090]  create_object.isra.0+0x3a/0xa30
[ 2157.565022]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2157.566096]  kmem_cache_alloc_trace+0x151/0x320
[ 2157.567084]  p9_fd_create+0x161/0x4a0
[ 2157.567875]  ? p9_conn_create+0x510/0x510
[ 2157.568752]  ? p9_client_create+0x798/0x1230
[ 2157.569683]  ? kfree+0xd7/0x340
[ 2157.570383]  ? do_raw_spin_unlock+0x4f/0x220
[ 2157.571311]  p9_client_create+0x7ff/0x1230
[ 2157.572215]  ? p9_client_flush+0x430/0x430
[ 2157.573098]  ? trace_hardirqs_on+0x5b/0x180
[ 2157.574019]  ? lockdep_init_map_type+0x2c7/0x780
[ 2157.575007]  ? __raw_spin_lock_init+0x36/0x110
[ 2157.575978]  v9fs_session_init+0x1dd/0x1680
[ 2157.576874]  ? lock_release+0x680/0x680
[ 2157.577729]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2157.578729]  ? v9fs_show_options+0x690/0x690
[ 2157.579664]  ? trace_hardirqs_on+0x5b/0x180
[ 2157.580559]  ? kasan_unpoison_shadow+0x33/0x50
[ 2157.581520]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2157.582583]  v9fs_mount+0x79/0x8f0
[ 2157.583335]  ? v9fs_write_inode+0x60/0x60
[ 2157.584192]  legacy_get_tree+0x105/0x220
[ 2157.585052]  vfs_get_tree+0x8e/0x300
[ 2157.585836]  path_mount+0x1490/0x21e0
[ 2157.586647]  ? strncpy_from_user+0x9e/0x470
[ 2157.587553]  ? finish_automount+0xa90/0xa90
[ 2157.588468]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2157.589433]  ? _copy_from_user+0xfb/0x1b0
[ 2157.590331]  __x64_sys_mount+0x282/0x300
[ 2157.591174]  ? copy_mnt_ns+0xa00/0xa00
[ 2157.592002]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2157.593090]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2157.594201]  do_syscall_64+0x33/0x40
[ 2157.594975]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2157.596068] RIP: 0033:0x7f70af30cb19
[ 2157.596841] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2157.600771] RSP: 002b:00007f70ac882188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2157.602363] RAX: ffffffffffffffda RBX: 00007f70af41ff60 RCX: 00007f70af30cb19
[ 2157.603882] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2157.605395] RBP: 00007f70ac8821d0 R08: 0000000020000280 R09: 0000000000000000
[ 2157.606917] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2157.608427] R13: 00007ffc0122b36f R14: 00007f70ac882300 R15: 0000000000022000
13:56:50 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2157.632921] FAULT_INJECTION: forcing a failure.
[ 2157.632921] name failslab, interval 1, probability 0, space 0, times 0
[ 2157.635299] CPU: 0 PID: 10041 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2157.636769] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2157.638518] Call Trace:
[ 2157.639087]  dump_stack+0x107/0x167
[ 2157.639869]  should_fail.cold+0x5/0xa
[ 2157.640664]  ? create_object.isra.0+0x3a/0xa30
[ 2157.641617]  should_failslab+0x5/0x20
[ 2157.642415]  kmem_cache_alloc+0x5b/0x310
[ 2157.643260]  create_object.isra.0+0x3a/0xa30
[ 2157.644171]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2157.645229]  __kmalloc+0x16e/0x390
[ 2157.645989]  p9_fcall_init+0x97/0x290
[ 2157.646781]  p9_client_prepare_req.part.0+0xf4/0xac0
[ 2157.647835]  p9_client_rpc+0x220/0x1370
[ 2157.648662]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2157.649763]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2157.650885]  ? pipe_poll+0x21b/0x800
[ 2157.651650]  ? p9_fd_close+0x4a0/0x4a0
[ 2157.652461]  ? wait_for_partner+0x3c0/0x3c0
[ 2157.653353]  ? p9_fd_poll+0x1e0/0x2c0
[ 2157.654155]  ? p9_fd_create+0x357/0x4a0
[ 2157.654978]  ? p9_conn_create+0x510/0x510
[ 2157.655834]  ? p9_client_create+0x798/0x1230
[ 2157.656745]  ? kfree+0xd7/0x340
[ 2157.657425]  ? do_raw_spin_unlock+0x4f/0x220
[ 2157.658357]  p9_client_create+0xa76/0x1230
[ 2157.659243]  ? p9_client_flush+0x430/0x430
[ 2157.660124]  ? trace_hardirqs_on+0x5b/0x180
[ 2157.661030]  ? lockdep_init_map_type+0x2c7/0x780
[ 2157.662036]  ? __raw_spin_lock_init+0x36/0x110
[ 2157.662991]  v9fs_session_init+0x1dd/0x1680
[ 2157.663894]  ? lock_release+0x680/0x680
[ 2157.664725]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2157.665731]  ? v9fs_show_options+0x690/0x690
[ 2157.666642]  ? trace_hardirqs_on+0x5b/0x180
[ 2157.667525]  ? kasan_unpoison_shadow+0x33/0x50
[ 2157.668459]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2157.669500]  v9fs_mount+0x79/0x8f0
[ 2157.670240]  ? v9fs_write_inode+0x60/0x60
[ 2157.671092]  legacy_get_tree+0x105/0x220
[ 2157.671926]  vfs_get_tree+0x8e/0x300
[ 2157.672690]  path_mount+0x1490/0x21e0
[ 2157.673483]  ? strncpy_from_user+0x9e/0x470
[ 2157.674369]  ? finish_automount+0xa90/0xa90
[ 2157.675257]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2157.676210]  ? _copy_from_user+0xfb/0x1b0
[ 2157.677078]  __x64_sys_mount+0x282/0x300
[ 2157.677919]  ? copy_mnt_ns+0xa00/0xa00
[ 2157.678725]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2157.679804]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2157.680865]  do_syscall_64+0x33/0x40
[ 2157.681630]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2157.682696] RIP: 0033:0x7f32cefd1b19
[ 2157.683460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2157.687261] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2157.688836] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2157.690310] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2157.691790] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2157.693252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2157.694729] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
13:57:05 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 34)

13:57:05 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x0, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:57:05 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:57:05 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 38)

13:57:05 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x3, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:57:05 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0)
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:57:05 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x0, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:57:05 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 40)

[ 2172.361053] FAULT_INJECTION: forcing a failure.
[ 2172.361053] name failslab, interval 1, probability 0, space 0, times 0
[ 2172.365431] CPU: 0 PID: 10056 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2172.367199] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2172.369306] Call Trace:
[ 2172.369987]  dump_stack+0x107/0x167
[ 2172.370912]  should_fail.cold+0x5/0xa
[ 2172.371879]  ? p9_fcall_init+0x97/0x290
[ 2172.372888]  should_failslab+0x5/0x20
[ 2172.373856]  __kmalloc+0x72/0x390
[ 2172.374736]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2172.376032]  p9_fcall_init+0x97/0x290
[ 2172.377001]  p9_client_prepare_req.part.0+0xf4/0xac0
[ 2172.378256]  p9_client_rpc+0x220/0x1370
[ 2172.379087]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2172.380163]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2172.381301]  ? pipe_poll+0x21b/0x800
[ 2172.382091]  ? p9_fd_close+0x4a0/0x4a0
[ 2172.382914]  ? wait_for_partner+0x3c0/0x3c0
[ 2172.383833]  ? p9_fd_poll+0x1e0/0x2c0
[ 2172.384641]  ? p9_fd_create+0x357/0x4a0
[ 2172.385478]  ? p9_conn_create+0x510/0x510
[ 2172.386354]  ? p9_client_create+0x798/0x1230
[ 2172.387288]  ? kfree+0xd7/0x340
[ 2172.387976]  ? do_raw_spin_unlock+0x4f/0x220
[ 2172.388877]  p9_client_create+0xa76/0x1230
[ 2172.389776]  ? p9_client_flush+0x430/0x430
[ 2172.390671]  ? trace_hardirqs_on+0x5b/0x180
[ 2172.391571]  ? lockdep_init_map_type+0x2c7/0x780
[ 2172.392563]  ? __raw_spin_lock_init+0x36/0x110
[ 2172.392638] FAULT_INJECTION: forcing a failure.
[ 2172.392638] name failslab, interval 1, probability 0, space 0, times 0
[ 2172.393534]  v9fs_session_init+0x1dd/0x1680
[ 2172.393554]  ? lock_release+0x680/0x680
[ 2172.393581]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2172.397662]  ? v9fs_show_options+0x690/0x690
[ 2172.398590]  ? trace_hardirqs_on+0x5b/0x180
[ 2172.399485]  ? kasan_unpoison_shadow+0x33/0x50
[ 2172.400438]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2172.401503]  v9fs_mount+0x79/0x8f0
[ 2172.402265]  ? v9fs_write_inode+0x60/0x60
[ 2172.403108]  legacy_get_tree+0x105/0x220
[ 2172.403959]  vfs_get_tree+0x8e/0x300
[ 2172.404746]  path_mount+0x1490/0x21e0
[ 2172.405543]  ? strncpy_from_user+0x9e/0x470
[ 2172.406452]  ? finish_automount+0xa90/0xa90
[ 2172.407355]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2172.408329]  ? _copy_from_user+0xfb/0x1b0
[ 2172.409201]  __x64_sys_mount+0x282/0x300
[ 2172.410066]  ? copy_mnt_ns+0xa00/0xa00
[ 2172.410862]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2172.411966]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2172.413053]  do_syscall_64+0x33/0x40
[ 2172.413842]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2172.414917] RIP: 0033:0x7f3f98f8db19
[ 2172.415704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2172.419618] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2172.421232] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2172.422752] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2172.424274] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2172.425782] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2172.427305] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
[ 2172.428848] CPU: 1 PID: 10069 Comm: syz-executor.1 Not tainted 5.10.245 #1
[ 2172.429688] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2172.430690] Call Trace:
[ 2172.431011]  dump_stack+0x107/0x167
[ 2172.431464]  should_fail.cold+0x5/0xa
[ 2172.431936]  ? p9_client_prepare_req.part.0+0x3a/0xac0
[ 2172.432560]  should_failslab+0x5/0x20
[ 2172.433018]  kmem_cache_alloc+0x5b/0x310
[ 2172.433513]  p9_client_prepare_req.part.0+0x3a/0xac0
[ 2172.434131]  p9_client_rpc+0x220/0x1370
[ 2172.434610]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2172.435252]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2172.435892]  ? pipe_poll+0x21b/0x800
[ 2172.436335]  ? p9_fd_close+0x4a0/0x4a0
[ 2172.436801]  ? wait_for_partner+0x3c0/0x3c0
[ 2172.437314]  ? p9_fd_poll+0x1e0/0x2c0
[ 2172.437777]  ? p9_fd_create+0x357/0x4a0
[ 2172.438261]  ? p9_conn_create+0x510/0x510
[ 2172.438758]  ? p9_client_create+0x798/0x1230
[ 2172.439282]  ? kfree+0xd7/0x340
[ 2172.439677]  ? do_raw_spin_unlock+0x4f/0x220
[ 2172.440208]  p9_client_create+0xa76/0x1230
[ 2172.440718]  ? p9_client_flush+0x430/0x430
[ 2172.441224]  ? trace_hardirqs_on+0x5b/0x180
[ 2172.441739]  ? lockdep_init_map_type+0x2c7/0x780
[ 2172.442311]  ? __raw_spin_lock_init+0x36/0x110
[ 2172.442863]  v9fs_session_init+0x1dd/0x1680
[ 2172.443374]  ? lock_release+0x680/0x680
[ 2172.443853]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2172.444432]  ? v9fs_show_options+0x690/0x690
[ 2172.444962]  ? trace_hardirqs_on+0x5b/0x180
[ 2172.445474]  ? kasan_unpoison_shadow+0x33/0x50
[ 2172.446026]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2172.446631]  v9fs_mount+0x79/0x8f0
[ 2172.447056]  ? v9fs_write_inode+0x60/0x60
[ 2172.447550]  legacy_get_tree+0x105/0x220
[ 2172.448035]  vfs_get_tree+0x8e/0x300
[ 2172.448478]  path_mount+0x1490/0x21e0
[ 2172.448935]  ? strncpy_from_user+0x9e/0x470
[ 2172.449449]  ? finish_automount+0xa90/0xa90
[ 2172.449968]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2172.450520]  ? _copy_from_user+0xfb/0x1b0
[ 2172.451017]  __x64_sys_mount+0x282/0x300
[ 2172.451495]  ? copy_mnt_ns+0xa00/0xa00
[ 2172.451959]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2172.452581]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2172.453198]  do_syscall_64+0x33/0x40
[ 2172.453639]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2172.454254] RIP: 0033:0x7f70af30cb19
[ 2172.454697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2172.456884] RSP: 002b:00007f70ac882188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2172.457803] RAX: ffffffffffffffda RBX: 00007f70af41ff60 RCX: 00007f70af30cb19
[ 2172.458657] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2172.459503] RBP: 00007f70ac8821d0 R08: 0000000020000280 R09: 0000000000000000
[ 2172.460345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2172.461193] R13: 00007ffc0122b36f R14: 00007f70ac882300 R15: 0000000000022000
[ 2172.474606] FAULT_INJECTION: forcing a failure.
[ 2172.474606] name failslab, interval 1, probability 0, space 0, times 0
[ 2172.476072] CPU: 1 PID: 10065 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2172.476918] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2172.477935] Call Trace:
[ 2172.478266]  dump_stack+0x107/0x167
[ 2172.478720]  should_fail.cold+0x5/0xa
[ 2172.479180]  ? create_object.isra.0+0x3a/0xa30
[ 2172.479827]  should_failslab+0x5/0x20
[ 2172.480443]  kmem_cache_alloc+0x5b/0x310
[ 2172.481027]  create_object.isra.0+0x3a/0xa30
[ 2172.481664]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2172.482403]  __kmalloc+0x16e/0x390
[ 2172.482902]  p9_fcall_init+0x97/0x290
[ 2172.483363]  p9_client_prepare_req.part.0+0xf4/0xac0
[ 2172.484001]  p9_client_rpc+0x220/0x1370
[ 2172.484481]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2172.485119]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2172.485762]  ? pipe_poll+0x21b/0x800
[ 2172.486202]  ? p9_fd_close+0x4a0/0x4a0
[ 2172.486673]  ? wait_for_partner+0x3c0/0x3c0
[ 2172.487185]  ? p9_fd_poll+0x1e0/0x2c0
[ 2172.487639]  ? p9_fd_create+0x357/0x4a0
[ 2172.488111]  ? p9_conn_create+0x510/0x510
[ 2172.488621]  ? p9_client_create+0x798/0x1230
[ 2172.489281]  ? kfree+0xd7/0x340
[ 2172.489810]  ? do_raw_spin_unlock+0x4f/0x220
[ 2172.490477]  p9_client_create+0xa76/0x1230
[ 2172.491020]  ? p9_client_flush+0x430/0x430
[ 2172.491526]  ? trace_hardirqs_on+0x5b/0x180
[ 2172.492038]  ? lockdep_init_map_type+0x2c7/0x780
[ 2172.492604]  ? __raw_spin_lock_init+0x36/0x110
[ 2172.493155]  v9fs_session_init+0x1dd/0x1680
[ 2172.493672]  ? lock_release+0x680/0x680
[ 2172.494155]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2172.494733]  ? v9fs_show_options+0x690/0x690
[ 2172.495256]  ? trace_hardirqs_on+0x5b/0x180
[ 2172.495764]  ? kasan_unpoison_shadow+0x33/0x50
[ 2172.496298]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2172.496908]  v9fs_mount+0x79/0x8f0
[ 2172.497328]  ? v9fs_write_inode+0x60/0x60
[ 2172.497835]  legacy_get_tree+0x105/0x220
[ 2172.498319]  vfs_get_tree+0x8e/0x300
[ 2172.498773]  path_mount+0x1490/0x21e0
[ 2172.499232]  ? strncpy_from_user+0x9e/0x470
[ 2172.499746]  ? finish_automount+0xa90/0xa90
[ 2172.500241]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2172.500795]  ? _copy_from_user+0xfb/0x1b0
[ 2172.501291]  __x64_sys_mount+0x282/0x300
[ 2172.501777]  ? copy_mnt_ns+0xa00/0xa00
[ 2172.502247]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2172.502882]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2172.503492]  do_syscall_64+0x33/0x40
[ 2172.503927]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2172.504533] RIP: 0033:0x7f32cefd1b19
[ 2172.504967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2172.507166] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2172.508085] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2172.508966] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2172.509830] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
13:57:05 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x4, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

[ 2172.510677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2172.511766] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
13:57:05 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 35)

[ 2172.623945] FAULT_INJECTION: forcing a failure.
[ 2172.623945] name failslab, interval 1, probability 0, space 0, times 0
[ 2172.625271] CPU: 1 PID: 10074 Comm: syz-executor.1 Not tainted 5.10.245 #1
[ 2172.626058] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2172.626984] Call Trace:
[ 2172.627281]  dump_stack+0x107/0x167
[ 2172.627692]  should_fail.cold+0x5/0xa
[ 2172.628116]  ? create_object.isra.0+0x3a/0xa30
[ 2172.628634]  should_failslab+0x5/0x20
[ 2172.629056]  kmem_cache_alloc+0x5b/0x310
[ 2172.629512]  create_object.isra.0+0x3a/0xa30
[ 2172.630020]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2172.630587]  kmem_cache_alloc+0x159/0x310
[ 2172.631057]  p9_client_prepare_req.part.0+0x3a/0xac0
[ 2172.631628]  p9_client_rpc+0x220/0x1370
[ 2172.632072]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2172.632662]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2172.633255]  ? pipe_poll+0x21b/0x800
[ 2172.633673]  ? p9_fd_close+0x4a0/0x4a0
[ 2172.634111]  ? wait_for_partner+0x3c0/0x3c0
[ 2172.634587]  ? p9_fd_poll+0x1e0/0x2c0
[ 2172.635026]  ? p9_fd_create+0x357/0x4a0
[ 2172.635455]  ? p9_conn_create+0x510/0x510
[ 2172.635911]  ? p9_client_create+0x798/0x1230
[ 2172.636395]  ? kfree+0xd7/0x340
[ 2172.636756]  ? do_raw_spin_unlock+0x4f/0x220
[ 2172.637246]  p9_client_create+0xa76/0x1230
[ 2172.637719]  ? p9_client_flush+0x430/0x430
[ 2172.638193]  ? trace_hardirqs_on+0x5b/0x180
[ 2172.638671]  ? lockdep_init_map_type+0x2c7/0x780
[ 2172.639194]  ? __raw_spin_lock_init+0x36/0x110
[ 2172.639704]  v9fs_session_init+0x1dd/0x1680
[ 2172.640177]  ? lock_release+0x680/0x680
[ 2172.640625]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2172.641154]  ? v9fs_show_options+0x690/0x690
[ 2172.641635]  ? trace_hardirqs_on+0x5b/0x180
[ 2172.642118]  ? kasan_unpoison_shadow+0x33/0x50
[ 2172.642619]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2172.643179]  v9fs_mount+0x79/0x8f0
[ 2172.643576]  ? v9fs_write_inode+0x60/0x60
[ 2172.644030]  legacy_get_tree+0x105/0x220
[ 2172.644476]  vfs_get_tree+0x8e/0x300
13:57:05 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0)
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2172.645105]  path_mount+0x1490/0x21e0
[ 2172.645614]  ? strncpy_from_user+0x9e/0x470
[ 2172.646097]  ? finish_automount+0xa90/0xa90
[ 2172.646584]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2172.647100]  ? _copy_from_user+0xfb/0x1b0
[ 2172.647720]  __x64_sys_mount+0x282/0x300
[ 2172.648169]  ? copy_mnt_ns+0xa00/0xa00
[ 2172.648601]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2172.649180]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2172.649761]  do_syscall_64+0x33/0x40
[ 2172.650180]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2172.650750] RIP: 0033:0x7f70af30cb19
[ 2172.651165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2172.653188] RSP: 002b:00007f70ac882188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2172.654032] RAX: ffffffffffffffda RBX: 00007f70af41ff60 RCX: 00007f70af30cb19
[ 2172.654821] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2172.655607] RBP: 00007f70ac8821d0 R08: 0000000020000280 R09: 0000000000000000
[ 2172.656392] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2172.657182] R13: 00007ffc0122b36f R14: 00007f70ac882300 R15: 0000000000022000
13:57:05 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x0, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:57:05 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x5, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:57:05 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 41)

13:57:05 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 39)

13:57:05 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0)
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2172.702668] FAULT_INJECTION: forcing a failure.
[ 2172.702668] name failslab, interval 1, probability 0, space 0, times 0
[ 2172.703949] CPU: 1 PID: 10083 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2172.704712] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2172.705623] Call Trace:
[ 2172.705923]  dump_stack+0x107/0x167
[ 2172.706328]  should_fail.cold+0x5/0xa
[ 2172.706750]  ? create_object.isra.0+0x3a/0xa30
[ 2172.707252]  should_failslab+0x5/0x20
[ 2172.707672]  kmem_cache_alloc+0x5b/0x310
[ 2172.708126]  create_object.isra.0+0x3a/0xa30
[ 2172.708618]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2172.709185]  __kmalloc+0x16e/0x390
[ 2172.709584]  p9_fcall_init+0x97/0x290
[ 2172.710021]  p9_client_prepare_req.part.0+0xf4/0xac0
[ 2172.710590]  p9_client_rpc+0x220/0x1370
[ 2172.711171]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2172.711781]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2172.712393]  ? pipe_poll+0x21b/0x800
[ 2172.712817]  ? p9_fd_close+0x4a0/0x4a0
[ 2172.713262]  ? wait_for_partner+0x3c0/0x3c0
[ 2172.713754]  ? p9_fd_poll+0x1e0/0x2c0
[ 2172.714196]  ? p9_fd_create+0x357/0x4a0
[ 2172.714664]  ? p9_conn_create+0x510/0x510
[ 2172.715255]  ? p9_client_create+0x798/0x1230
[ 2172.715897]  ? kfree+0xd7/0x340
[ 2172.716377]  ? do_raw_spin_unlock+0x4f/0x220
[ 2172.717057]  p9_client_create+0xa76/0x1230
[ 2172.717717]  ? p9_client_flush+0x430/0x430
[ 2172.718390]  ? trace_hardirqs_on+0x5b/0x180
[ 2172.719009]  ? lockdep_init_map_type+0x2c7/0x780
[ 2172.719723]  ? __raw_spin_lock_init+0x36/0x110
[ 2172.720444]  v9fs_session_init+0x1dd/0x1680
[ 2172.721131]  ? lock_release+0x680/0x680
[ 2172.721712]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2172.722410]  ? v9fs_show_options+0x690/0x690
[ 2172.723062]  ? trace_hardirqs_on+0x5b/0x180
[ 2172.723707]  ? kasan_unpoison_shadow+0x33/0x50
[ 2172.724395]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2172.725123]  v9fs_mount+0x79/0x8f0
[ 2172.725646]  ? v9fs_write_inode+0x60/0x60
[ 2172.726257]  legacy_get_tree+0x105/0x220
[ 2172.726848]  vfs_get_tree+0x8e/0x300
[ 2172.727426]  path_mount+0x1490/0x21e0
[ 2172.728018]  ? strncpy_from_user+0x9e/0x470
[ 2172.728680]  ? finish_automount+0xa90/0xa90
[ 2172.729299]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2172.729984]  ? _copy_from_user+0xfb/0x1b0
[ 2172.730596]  __x64_sys_mount+0x282/0x300
[ 2172.731235]  ? copy_mnt_ns+0xa00/0xa00
[ 2172.731794]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2172.732572]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2172.733352]  do_syscall_64+0x33/0x40
[ 2172.733923]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2172.734662] RIP: 0033:0x7f3f98f8db19
[ 2172.735191] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2172.737881] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2172.738988] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2172.740034] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2172.741082] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2172.742146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2172.743177] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
[ 2172.752773] FAULT_INJECTION: forcing a failure.
[ 2172.752773] name failslab, interval 1, probability 0, space 0, times 0
[ 2172.754220] CPU: 1 PID: 10087 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2172.755049] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2172.756042] Call Trace:
[ 2172.756352]  dump_stack+0x107/0x167
[ 2172.756782]  should_fail.cold+0x5/0xa
[ 2172.757226]  ? radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 2172.757900]  should_failslab+0x5/0x20
[ 2172.758337]  kmem_cache_alloc+0x5b/0x310
[ 2172.758814]  radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 2172.759466]  idr_get_free+0x4b5/0x8f0
[ 2172.759923]  idr_alloc_u32+0x170/0x2d0
[ 2172.760378]  ? __fprop_inc_percpu_max+0x130/0x130
[ 2172.760936]  ? p9_client_prepare_req.part.0+0x20a/0xac0
[ 2172.761556]  ? lock_release+0x680/0x680
[ 2172.762022]  idr_alloc+0xc2/0x130
[ 2172.762420]  ? idr_alloc_u32+0x2d0/0x2d0
[ 2172.762882]  ? rwlock_bug.part.0+0x90/0x90
[ 2172.763380]  p9_client_prepare_req.part.0+0x612/0xac0
[ 2172.763987]  p9_client_rpc+0x220/0x1370
[ 2172.764447]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2172.765075]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2172.765706]  ? pipe_poll+0x21b/0x800
[ 2172.766141]  ? p9_fd_close+0x4a0/0x4a0
[ 2172.766590]  ? wait_for_partner+0x3c0/0x3c0
[ 2172.767089]  ? p9_fd_poll+0x1e0/0x2c0
[ 2172.767538]  ? p9_fd_create+0x357/0x4a0
[ 2172.767996]  ? p9_conn_create+0x510/0x510
[ 2172.768473]  ? p9_client_create+0x798/0x1230
[ 2172.768979]  ? kfree+0xd7/0x340
[ 2172.769356]  ? do_raw_spin_unlock+0x4f/0x220
[ 2172.769881]  p9_client_create+0xa76/0x1230
[ 2172.770376]  ? p9_client_flush+0x430/0x430
[ 2172.770861]  ? trace_hardirqs_on+0x5b/0x180
[ 2172.771357]  ? lockdep_init_map_type+0x2c7/0x780
[ 2172.771904]  ? __raw_spin_lock_init+0x36/0x110
[ 2172.772438]  v9fs_session_init+0x1dd/0x1680
[ 2172.772938]  ? lock_release+0x680/0x680
[ 2172.773409]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2172.773983]  ? v9fs_show_options+0x690/0x690
[ 2172.774497]  ? trace_hardirqs_on+0x5b/0x180
[ 2172.774995]  ? kasan_unpoison_shadow+0x33/0x50
[ 2172.775518]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2172.776106]  v9fs_mount+0x79/0x8f0
[ 2172.776516]  ? v9fs_write_inode+0x60/0x60
[ 2172.776994]  legacy_get_tree+0x105/0x220
[ 2172.777465]  vfs_get_tree+0x8e/0x300
[ 2172.777903]  path_mount+0x1490/0x21e0
[ 2172.778346]  ? strncpy_from_user+0x9e/0x470
[ 2172.778844]  ? finish_automount+0xa90/0xa90
[ 2172.779339]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2172.779878]  ? _copy_from_user+0xfb/0x1b0
[ 2172.780361]  __x64_sys_mount+0x282/0x300
[ 2172.780828]  ? copy_mnt_ns+0xa00/0xa00
[ 2172.781284]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2172.781902]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2172.782510]  do_syscall_64+0x33/0x40
[ 2172.782943]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2172.783536] RIP: 0033:0x7f32cefd1b19
[ 2172.783965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2172.786101] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2172.786979] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2172.787807] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2172.788627] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2172.789449] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2172.790276] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
13:57:05 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 36)

13:57:05 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x6, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:57:05 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x0, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2172.828627] FAULT_INJECTION: forcing a failure.
[ 2172.828627] name failslab, interval 1, probability 0, space 0, times 0
[ 2172.829982] CPU: 1 PID: 10089 Comm: syz-executor.1 Not tainted 5.10.245 #1
[ 2172.830774] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2172.831726] Call Trace:
[ 2172.832040]  dump_stack+0x107/0x167
[ 2172.832457]  should_fail.cold+0x5/0xa
[ 2172.832918]  ? create_object.isra.0+0x3a/0xa30
[ 2172.833448]  should_failslab+0x5/0x20
[ 2172.833904]  kmem_cache_alloc+0x5b/0x310
[ 2172.834378]  create_object.isra.0+0x3a/0xa30
[ 2172.834878]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2172.835464]  kmem_cache_alloc+0x159/0x310
[ 2172.835949]  p9_client_prepare_req.part.0+0x3a/0xac0
[ 2172.836549]  p9_client_rpc+0x220/0x1370
[ 2172.837018]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2172.837625]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2172.838275]  ? pipe_poll+0x21b/0x800
[ 2172.838728]  ? p9_fd_close+0x4a0/0x4a0
[ 2172.839172]  ? wait_for_partner+0x3c0/0x3c0
[ 2172.839668]  ? p9_fd_poll+0x1e0/0x2c0
[ 2172.840112]  ? p9_fd_create+0x357/0x4a0
[ 2172.840568]  ? p9_conn_create+0x510/0x510
[ 2172.841048]  ? p9_client_create+0x798/0x1230
[ 2172.841558]  ? kfree+0xd7/0x340
[ 2172.841942]  ? do_raw_spin_unlock+0x4f/0x220
[ 2172.842462]  p9_client_create+0xa76/0x1230
[ 2172.842957]  ? p9_client_flush+0x430/0x430
[ 2172.843457]  ? trace_hardirqs_on+0x5b/0x180
[ 2172.843965]  ? lockdep_init_map_type+0x2c7/0x780
[ 2172.844516]  ? __raw_spin_lock_init+0x36/0x110
[ 2172.845057]  v9fs_session_init+0x1dd/0x1680
[ 2172.845559]  ? lock_release+0x680/0x680
[ 2172.846034]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2172.846589]  ? v9fs_show_options+0x690/0x690
[ 2172.847107]  ? trace_hardirqs_on+0x5b/0x180
[ 2172.847611]  ? kasan_unpoison_shadow+0x33/0x50
[ 2172.848136]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2172.848732]  v9fs_mount+0x79/0x8f0
[ 2172.849159]  ? v9fs_write_inode+0x60/0x60
[ 2172.849643]  legacy_get_tree+0x105/0x220
[ 2172.850127]  vfs_get_tree+0x8e/0x300
[ 2172.850561]  path_mount+0x1490/0x21e0
[ 2172.851001]  ? strncpy_from_user+0x9e/0x470
[ 2172.851501]  ? finish_automount+0xa90/0xa90
[ 2172.852003]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2172.852543]  ? _copy_from_user+0xfb/0x1b0
[ 2172.853028]  __x64_sys_mount+0x282/0x300
[ 2172.853499]  ? copy_mnt_ns+0xa00/0xa00
[ 2172.853975]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2172.854587]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2172.855189]  do_syscall_64+0x33/0x40
[ 2172.855624]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2172.856215] RIP: 0033:0x7f70af30cb19
[ 2172.856651] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2172.858797] RSP: 002b:00007f70ac882188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2172.859681] RAX: ffffffffffffffda RBX: 00007f70af41ff60 RCX: 00007f70af30cb19
[ 2172.860518] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2172.861353] RBP: 00007f70ac8821d0 R08: 0000000020000280 R09: 0000000000000000
[ 2172.862187] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2172.863010] R13: 00007ffc0122b36f R14: 00007f70ac882300 R15: 0000000000022000
13:57:05 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x7, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:57:05 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x0, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:57:05 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 42)

13:57:05 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 40)

13:57:05 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 37)

13:57:05 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x8, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

[ 2173.101419] FAULT_INJECTION: forcing a failure.
[ 2173.101419] name failslab, interval 1, probability 0, space 0, times 0
[ 2173.103867] CPU: 0 PID: 10102 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2173.105067] FAULT_INJECTION: forcing a failure.
[ 2173.105067] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[ 2173.105303] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2173.105313] Call Trace:
[ 2173.105346]  dump_stack+0x107/0x167
[ 2173.105380]  should_fail.cold+0x5/0xa
[ 2173.110570]  ? create_object.isra.0+0x3a/0xa30
[ 2173.111513]  should_failslab+0x5/0x20
[ 2173.112291]  kmem_cache_alloc+0x5b/0x310
[ 2173.113132]  create_object.isra.0+0x3a/0xa30
[ 2173.114036]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2173.115087]  __kmalloc+0x16e/0x390
[ 2173.115836]  p9_fcall_init+0x97/0x290
[ 2173.116629]  p9_client_prepare_req.part.0+0xf4/0xac0
[ 2173.117726]  p9_client_rpc+0x220/0x1370
[ 2173.118543]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2173.119677]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2173.120775]  ? pipe_poll+0x21b/0x800
[ 2173.121559]  ? p9_fd_close+0x4a0/0x4a0
[ 2173.122379]  ? wait_for_partner+0x3c0/0x3c0
[ 2173.123269]  ? p9_fd_poll+0x1e0/0x2c0
[ 2173.124072]  ? p9_fd_create+0x357/0x4a0
[ 2173.124910]  ? p9_conn_create+0x510/0x510
[ 2173.125750]  ? p9_client_create+0x798/0x1230
[ 2173.126659]  ? kfree+0xd7/0x340
[ 2173.127338]  ? do_raw_spin_unlock+0x4f/0x220
[ 2173.128242]  p9_client_create+0xa76/0x1230
[ 2173.129118]  ? p9_client_flush+0x430/0x430
[ 2173.129997]  ? trace_hardirqs_on+0x5b/0x180
[ 2173.130877]  ? lockdep_init_map_type+0x2c7/0x780
[ 2173.131854]  ? __raw_spin_lock_init+0x36/0x110
[ 2173.132795]  v9fs_session_init+0x1dd/0x1680
[ 2173.133711]  ? lock_release+0x680/0x680
[ 2173.134563]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2173.135584]  ? v9fs_show_options+0x690/0x690
[ 2173.136492]  ? trace_hardirqs_on+0x5b/0x180
[ 2173.137375]  ? kasan_unpoison_shadow+0x33/0x50
[ 2173.138330]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2173.139364]  v9fs_mount+0x79/0x8f0
[ 2173.140082]  ? v9fs_write_inode+0x60/0x60
[ 2173.140927]  legacy_get_tree+0x105/0x220
[ 2173.141804]  vfs_get_tree+0x8e/0x300
[ 2173.142571]  path_mount+0x1490/0x21e0
[ 2173.143385]  ? strncpy_from_user+0x9e/0x470
[ 2173.144261]  ? finish_automount+0xa90/0xa90
[ 2173.145142]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2173.146145]  ? _copy_from_user+0xfb/0x1b0
[ 2173.147004]  __x64_sys_mount+0x282/0x300
[ 2173.147873]  ? copy_mnt_ns+0xa00/0xa00
[ 2173.148670]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2173.149810]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2173.150862]  do_syscall_64+0x33/0x40
[ 2173.151658]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2173.152715] RIP: 0033:0x7f3f98f8db19
[ 2173.153521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2173.157301] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2173.158942] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2173.160459] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2173.161979] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2173.163491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2173.165008] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
[ 2173.166575] CPU: 1 PID: 10103 Comm: syz-executor.1 Not tainted 5.10.245 #1
[ 2173.167483] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2173.168436] Call Trace:
[ 2173.168761]  dump_stack+0x107/0x167
[ 2173.169180]  should_fail.cold+0x5/0xa
[ 2173.169627]  __alloc_pages_nodemask+0x182/0x600
[ 2173.170173]  ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310
[ 2173.170870]  ? __kmalloc+0x379/0x390
[ 2173.171302]  alloc_pages_current+0x187/0x280
[ 2173.171809]  allocate_slab+0x26f/0x380
[ 2173.172258]  ___slab_alloc+0x470/0x700
[ 2173.172718]  ? p9_fcall_init+0x97/0x290
[ 2173.173186]  ? kmem_cache_alloc+0x159/0x310
[ 2173.173694]  ? lock_downgrade+0x6d0/0x6d0
[ 2173.174178]  ? p9_fcall_init+0x97/0x290
[ 2173.174644]  ? __kmalloc+0x379/0x390
[ 2173.175067]  ? p9_fcall_init+0x97/0x290
[ 2173.175519]  __kmalloc+0x379/0x390
[ 2173.175936]  p9_fcall_init+0x97/0x290
[ 2173.176373]  p9_client_prepare_req.part.0+0x8c/0xac0
[ 2173.176965]  p9_client_rpc+0x220/0x1370
[ 2173.177419]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2173.178062]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2173.178685]  ? pipe_poll+0x21b/0x800
[ 2173.179111]  ? p9_fd_close+0x4a0/0x4a0
[ 2173.179558]  ? wait_for_partner+0x3c0/0x3c0
[ 2173.180057]  ? p9_fd_poll+0x1e0/0x2c0
[ 2173.180490]  ? p9_fd_create+0x357/0x4a0
[ 2173.180952]  ? p9_conn_create+0x510/0x510
[ 2173.181425]  ? p9_client_create+0x798/0x1230
[ 2173.181940]  ? kfree+0xd7/0x340
[ 2173.182315]  ? do_raw_spin_unlock+0x4f/0x220
[ 2173.182828]  p9_client_create+0xa76/0x1230
[ 2173.183315]  ? p9_client_flush+0x430/0x430
[ 2173.183806]  ? trace_hardirqs_on+0x5b/0x180
[ 2173.184298]  ? lockdep_init_map_type+0x2c7/0x780
[ 2173.184851]  ? __raw_spin_lock_init+0x36/0x110
[ 2173.185383]  v9fs_session_init+0x1dd/0x1680
[ 2173.185892]  ? lock_release+0x680/0x680
[ 2173.186349]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2173.186908]  ? v9fs_show_options+0x690/0x690
[ 2173.187414]  ? trace_hardirqs_on+0x5b/0x180
[ 2173.187911]  ? kasan_unpoison_shadow+0x33/0x50
[ 2173.188431]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2173.189015]  v9fs_mount+0x79/0x8f0
[ 2173.189420]  ? v9fs_write_inode+0x60/0x60
[ 2173.189914]  legacy_get_tree+0x105/0x220
[ 2173.190380]  vfs_get_tree+0x8e/0x300
[ 2173.190813]  path_mount+0x1490/0x21e0
[ 2173.191252]  ? strncpy_from_user+0x9e/0x470
[ 2173.191755]  ? finish_automount+0xa90/0xa90
[ 2173.192251]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2173.192360] FAULT_INJECTION: forcing a failure.
[ 2173.192360] name failslab, interval 1, probability 0, space 0, times 0
[ 2173.192792]  ? _copy_from_user+0xfb/0x1b0
[ 2173.192810]  __x64_sys_mount+0x282/0x300
[ 2173.195991]  ? copy_mnt_ns+0xa00/0xa00
[ 2173.196435]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2173.197048]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2173.197647]  do_syscall_64+0x33/0x40
[ 2173.198082]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2173.198676] RIP: 0033:0x7f70af30cb19
[ 2173.199100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2173.201199] RSP: 002b:00007f70ac882188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2173.202085] RAX: ffffffffffffffda RBX: 00007f70af41ff60 RCX: 00007f70af30cb19
[ 2173.202904] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2173.203716] RBP: 00007f70ac8821d0 R08: 0000000020000280 R09: 0000000000000000
[ 2173.204524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2173.205365] R13: 00007ffc0122b36f R14: 00007f70ac882300 R15: 0000000000022000
[ 2173.206408] CPU: 0 PID: 10106 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2173.207864] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2173.209582] Call Trace:
[ 2173.210146]  dump_stack+0x107/0x167
[ 2173.211106]  should_fail.cold+0x5/0xa
[ 2173.211904]  ? radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 2173.213129]  should_failslab+0x5/0x20
[ 2173.213943]  kmem_cache_alloc+0x5b/0x310
[ 2173.214816]  radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 2173.215983]  idr_get_free+0x4b5/0x8f0
[ 2173.216811]  idr_alloc_u32+0x170/0x2d0
[ 2173.217628]  ? __fprop_inc_percpu_max+0x130/0x130
[ 2173.218663]  ? p9_client_prepare_req.part.0+0x20a/0xac0
[ 2173.219774]  ? lock_release+0x680/0x680
[ 2173.220615]  idr_alloc+0xc2/0x130
[ 2173.221328]  ? idr_alloc_u32+0x2d0/0x2d0
[ 2173.222200]  ? rwlock_bug.part.0+0x90/0x90
[ 2173.223081]  p9_client_prepare_req.part.0+0x612/0xac0
[ 2173.224153]  p9_client_rpc+0x220/0x1370
[ 2173.224965]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2173.226060]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2173.227159]  ? pipe_poll+0x21b/0x800
[ 2173.227913]  ? p9_fd_close+0x4a0/0x4a0
[ 2173.228712]  ? wait_for_partner+0x3c0/0x3c0
[ 2173.229601]  ? p9_fd_poll+0x1e0/0x2c0
[ 2173.230425]  ? p9_fd_create+0x357/0x4a0
[ 2173.231240]  ? p9_conn_create+0x510/0x510
[ 2173.232128]  ? p9_client_create+0x798/0x1230
[ 2173.233043]  ? kfree+0xd7/0x340
[ 2173.233716]  ? do_raw_spin_unlock+0x4f/0x220
[ 2173.234634]  p9_client_create+0xa76/0x1230
[ 2173.235525]  ? p9_client_flush+0x430/0x430
[ 2173.236395]  ? trace_hardirqs_on+0x5b/0x180
[ 2173.237289]  ? lockdep_init_map_type+0x2c7/0x780
[ 2173.238269]  ? __raw_spin_lock_init+0x36/0x110
[ 2173.239219]  v9fs_session_init+0x1dd/0x1680
[ 2173.240149]  ? lock_release+0x680/0x680
[ 2173.240975]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2173.241988]  ? v9fs_show_options+0x690/0x690
[ 2173.242895]  ? trace_hardirqs_on+0x5b/0x180
[ 2173.243778]  ? kasan_unpoison_shadow+0x33/0x50
[ 2173.244746]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2173.245811]  v9fs_mount+0x79/0x8f0
[ 2173.246570]  ? v9fs_write_inode+0x60/0x60
[ 2173.247411]  legacy_get_tree+0x105/0x220
[ 2173.248285]  vfs_get_tree+0x8e/0x300
[ 2173.249049]  path_mount+0x1490/0x21e0
[ 2173.249871]  ? strncpy_from_user+0x9e/0x470
[ 2173.250768]  ? finish_automount+0xa90/0xa90
[ 2173.251683]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2173.252644]  ? _copy_from_user+0xfb/0x1b0
[ 2173.253536]  __x64_sys_mount+0x282/0x300
[ 2173.254389]  ? copy_mnt_ns+0xa00/0xa00
[ 2173.255193]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2173.256272]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2173.257336]  do_syscall_64+0x33/0x40
[ 2173.258106]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2173.259162] RIP: 0033:0x7f32cefd1b19
[ 2173.259921] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2173.263681] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2173.265239] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2173.266716] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2173.268179] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2173.269635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2173.271121] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
[ 2186.979159] FAULT_INJECTION: forcing a failure.
[ 2186.979159] name failslab, interval 1, probability 0, space 0, times 0
[ 2186.980717] CPU: 1 PID: 10127 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2186.981668] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2186.982781] Call Trace:
[ 2186.983148]  dump_stack+0x107/0x167
[ 2186.983647]  should_fail.cold+0x5/0xa
[ 2186.984174]  ? ___slab_alloc+0x360/0x700
[ 2186.984731]  ? create_object.isra.0+0x3a/0xa30
[ 2186.985341]  should_failslab+0x5/0x20
[ 2186.985865]  kmem_cache_alloc+0x5b/0x310
[ 2186.986420]  create_object.isra.0+0x3a/0xa30
[ 2186.987021]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2186.987703]  kmem_cache_alloc+0x159/0x310
[ 2186.988277]  radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 2186.989022]  idr_get_free+0x4b5/0x8f0
[ 2186.989551]  idr_alloc_u32+0x170/0x2d0
[ 2186.990089]  ? __fprop_inc_percpu_max+0x130/0x130
[ 2186.990752]  ? p9_client_prepare_req.part.0+0x20a/0xac0
[ 2186.991480]  ? lock_release+0x680/0x680
[ 2186.992021]  idr_alloc+0xc2/0x130
[ 2186.992494]  ? idr_alloc_u32+0x2d0/0x2d0
[ 2186.993046]  ? rwlock_bug.part.0+0x90/0x90
[ 2186.993623]  p9_client_prepare_req.part.0+0x612/0xac0
[ 2186.994336]  p9_client_rpc+0x220/0x1370
[ 2186.994877]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2186.995595]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2186.996307]  ? pipe_poll+0x21b/0x800
[ 2186.996810]  ? p9_fd_close+0x4a0/0x4a0
[ 2186.997327]  ? wait_for_partner+0x3c0/0x3c0
[ 2186.997926]  ? p9_fd_poll+0x1e0/0x2c0
[ 2186.998450]  ? p9_fd_create+0x357/0x4a0
[ 2186.998988]  ? p9_conn_create+0x510/0x510
[ 2186.999537]  ? p9_client_create+0x798/0x1230
[ 2187.000139]  ? kfree+0xd7/0x340
[ 2187.000577]  ? do_raw_spin_unlock+0x4f/0x220
[ 2187.001179]  p9_client_create+0xa76/0x1230
[ 2187.001762]  ? p9_client_flush+0x430/0x430
[ 2187.002345]  ? trace_hardirqs_on+0x5b/0x180
[ 2187.002520] FAULT_INJECTION: forcing a failure.
[ 2187.002520] name failslab, interval 1, probability 0, space 0, times 0
[ 2187.002941]  ? lockdep_init_map_type+0x2c7/0x780
[ 2187.006164]  ? __raw_spin_lock_init+0x36/0x110
[ 2187.006793]  v9fs_session_init+0x1dd/0x1680
[ 2187.007380]  ? lock_release+0x680/0x680
[ 2187.007929]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2187.008584]  ? v9fs_show_options+0x690/0x690
[ 2187.009190]  ? trace_hardirqs_on+0x5b/0x180
[ 2187.009777]  ? kasan_unpoison_shadow+0x33/0x50
[ 2187.010406]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2187.011082]  v9fs_mount+0x79/0x8f0
[ 2187.011564]  ? v9fs_write_inode+0x60/0x60
[ 2187.012124]  legacy_get_tree+0x105/0x220
[ 2187.012677]  vfs_get_tree+0x8e/0x300
[ 2187.013177]  path_mount+0x1490/0x21e0
[ 2187.013697]  ? strncpy_from_user+0x9e/0x470
[ 2187.014284]  ? finish_automount+0xa90/0xa90
[ 2187.014866]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2187.015492]  ? _copy_from_user+0xfb/0x1b0
[ 2187.016057]  __x64_sys_mount+0x282/0x300
[ 2187.016603]  ? copy_mnt_ns+0xa00/0xa00
[ 2187.017131]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2187.017840]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2187.018574]  do_syscall_64+0x33/0x40
[ 2187.019099]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2187.019827] RIP: 0033:0x7f3f98f8db19
[ 2187.020356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2187.022977] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2187.024050] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2187.025057] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2187.026066] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2187.027068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2187.028078] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
[ 2187.029041] CPU: 0 PID: 10131 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2187.030923] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2187.032991] Call Trace:
[ 2187.033591]  dump_stack+0x107/0x167
[ 2187.034440]  should_fail.cold+0x5/0xa
[ 2187.035316]  ? create_object.isra.0+0x3a/0xa30
[ 2187.035362] 9pnet: Insufficient options for proto=fd
[ 2187.036359]  should_failslab+0x5/0x20
[ 2187.036380]  kmem_cache_alloc+0x5b/0x310
[ 2187.036408]  create_object.isra.0+0x3a/0xa30
[ 2187.039833]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2187.041004]  kmem_cache_alloc+0x159/0x310
[ 2187.041974]  radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 2187.043264]  idr_get_free+0x4b5/0x8f0
[ 2187.044154]  idr_alloc_u32+0x170/0x2d0
[ 2187.045054]  ? __fprop_inc_percpu_max+0x130/0x130
[ 2187.046174]  ? p9_client_prepare_req.part.0+0x20a/0xac0
[ 2187.047401]  ? lock_release+0x680/0x680
[ 2187.048313]  idr_alloc+0xc2/0x130
[ 2187.049110]  ? idr_alloc_u32+0x2d0/0x2d0
[ 2187.050044]  ? rwlock_bug.part.0+0x90/0x90
[ 2187.051031]  p9_client_prepare_req.part.0+0x612/0xac0
[ 2187.052225]  p9_client_rpc+0x220/0x1370
[ 2187.053135]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2187.054357]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2187.055586]  ? pipe_poll+0x21b/0x800
[ 2187.056432]  ? p9_fd_close+0x4a0/0x4a0
[ 2187.057320]  ? wait_for_partner+0x3c0/0x3c0
[ 2187.058308]  ? p9_fd_poll+0x1e0/0x2c0
[ 2187.059182]  ? p9_fd_create+0x357/0x4a0
[ 2187.060088]  ? p9_conn_create+0x510/0x510
[ 2187.061032]  ? p9_client_create+0x798/0x1230
[ 2187.062047]  ? kfree+0xd7/0x340
[ 2187.062799]  ? do_raw_spin_unlock+0x4f/0x220
[ 2187.063811]  p9_client_create+0xa76/0x1230
[ 2187.064791]  ? p9_client_flush+0x430/0x430
[ 2187.065756]  ? trace_hardirqs_on+0x5b/0x180
[ 2187.066751]  ? lockdep_init_map_type+0x2c7/0x780
[ 2187.067832]  ? __raw_spin_lock_init+0x36/0x110
[ 2187.068879]  v9fs_session_init+0x1dd/0x1680
[ 2187.069862]  ? lock_release+0x680/0x680
[ 2187.070785]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2187.071884]  ? v9fs_show_options+0x690/0x690
[ 2187.072896]  ? trace_hardirqs_on+0x5b/0x180
[ 2187.073880]  ? kasan_unpoison_shadow+0x33/0x50
[ 2187.074924]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2187.076087]  v9fs_mount+0x79/0x8f0
[ 2187.076898]  ? v9fs_write_inode+0x60/0x60
[ 2187.077832]  legacy_get_tree+0x105/0x220
[ 2187.078757]  vfs_get_tree+0x8e/0x300
[ 2187.079597]  path_mount+0x1490/0x21e0
[ 2187.080461]  ? strncpy_from_user+0x9e/0x470
[ 2187.081433]  ? finish_automount+0xa90/0xa90
[ 2187.082412]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2187.083460]  ? _copy_from_user+0xfb/0x1b0
[ 2187.084412]  __x64_sys_mount+0x282/0x300
[ 2187.085327]  ? copy_mnt_ns+0xa00/0xa00
[ 2187.086217]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2187.087402]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2187.088568]  do_syscall_64+0x33/0x40
[ 2187.089409]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2187.090571] RIP: 0033:0x7f32cefd1b19
[ 2187.091411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2187.095569] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2187.097284] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2187.098888] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2187.100484] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2187.102087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2187.103681] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
13:57:19 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 38)

13:57:19 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:57:19 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 41)

13:57:19 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x0, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:57:19 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0)
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:57:19 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x0, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:57:19 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:57:19 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 43)

13:57:19 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:57:19 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0xa, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:57:36 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x0, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:57:36 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:57:36 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 44)

13:57:36 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0)
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:57:36 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 42)

13:57:36 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x0, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:57:36 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0xb, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:57:36 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x2, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

[ 2203.664615] FAULT_INJECTION: forcing a failure.
[ 2203.664615] name failslab, interval 1, probability 0, space 0, times 0
[ 2203.666959] CPU: 0 PID: 10149 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2203.668417] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2203.670173] Call Trace:
[ 2203.670742]  dump_stack+0x107/0x167
[ 2203.671510]  should_fail.cold+0x5/0xa
[ 2203.672310]  ? radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 2203.673526]  should_failslab+0x5/0x20
[ 2203.674335]  kmem_cache_alloc+0x5b/0x310
[ 2203.675190]  radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 2203.676373]  idr_get_free+0x4b5/0x8f0
[ 2203.677189]  idr_alloc_u32+0x170/0x2d0
[ 2203.678013]  ? __fprop_inc_percpu_max+0x130/0x130
[ 2203.679045]  ? p9_client_prepare_req.part.0+0x20a/0xac0
[ 2203.680168]  ? lock_release+0x680/0x680
[ 2203.681010]  idr_alloc+0xc2/0x130
[ 2203.681733]  ? idr_alloc_u32+0x2d0/0x2d0
[ 2203.682598]  ? rwlock_bug.part.0+0x90/0x90
[ 2203.683500]  p9_client_prepare_req.part.0+0x612/0xac0
[ 2203.684600]  p9_client_rpc+0x220/0x1370
[ 2203.685441]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2203.686575]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2203.687706]  ? pipe_poll+0x21b/0x800
[ 2203.688373] FAULT_INJECTION: forcing a failure.
[ 2203.688373] name failslab, interval 1, probability 0, space 0, times 0
[ 2203.688484]  ? p9_fd_close+0x4a0/0x4a0
[ 2203.688513]  ? wait_for_partner+0x3c0/0x3c0
[ 2203.692957]  ? p9_fd_poll+0x1e0/0x2c0
[ 2203.693758]  ? p9_fd_create+0x357/0x4a0
[ 2203.694605]  ? p9_conn_create+0x510/0x510
[ 2203.695473]  ? p9_client_create+0x798/0x1230
[ 2203.696396]  ? kfree+0xd7/0x340
[ 2203.697100]  p9_client_create+0xa76/0x1230
[ 2203.698011]  ? p9_client_flush+0x430/0x430
[ 2203.698919]  ? trace_hardirqs_on+0x5b/0x180
[ 2203.699824]  ? lockdep_init_map_type+0x2c7/0x780
[ 2203.700821]  ? __raw_spin_lock_init+0x36/0x110
[ 2203.701794]  v9fs_session_init+0x1dd/0x1680
[ 2203.702710]  ? lock_release+0x680/0x680
[ 2203.703558]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2203.704564]  ? v9fs_show_options+0x690/0x690
[ 2203.705493]  ? trace_hardirqs_on+0x5b/0x180
[ 2203.706412]  ? kasan_unpoison_shadow+0x33/0x50
[ 2203.707367]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2203.708435]  v9fs_mount+0x79/0x8f0
[ 2203.709180]  ? v9fs_write_inode+0x60/0x60
[ 2203.710044]  legacy_get_tree+0x105/0x220
[ 2203.710910]  vfs_get_tree+0x8e/0x300
[ 2203.711687]  path_mount+0x1490/0x21e0
[ 2203.712490]  ? strncpy_from_user+0x9e/0x470
[ 2203.713388]  ? finish_automount+0xa90/0xa90
[ 2203.714303]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2203.715281]  ? _copy_from_user+0xfb/0x1b0
[ 2203.716156]  __x64_sys_mount+0x282/0x300
[ 2203.717002]  ? copy_mnt_ns+0xa00/0xa00
[ 2203.717826]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2203.718938]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2203.720019]  do_syscall_64+0x33/0x40
[ 2203.720801]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2203.721872] RIP: 0033:0x7f32cefd1b19
[ 2203.722662] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2203.726510] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2203.728104] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2203.729594] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2203.731104] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2203.732599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2203.734098] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
[ 2203.735623] CPU: 1 PID: 10160 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2203.737072] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2203.738813] Call Trace:
[ 2203.739378]  dump_stack+0x107/0x167
[ 2203.740144]  should_fail.cold+0x5/0xa
[ 2203.740953]  ? radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 2203.742179]  should_failslab+0x5/0x20
[ 2203.742974]  kmem_cache_alloc+0x5b/0x310
[ 2203.743838]  radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 2203.745009]  idr_get_free+0x4b5/0x8f0
[ 2203.745806]  idr_alloc_u32+0x170/0x2d0
[ 2203.746642]  ? __fprop_inc_percpu_max+0x130/0x130
[ 2203.747656]  ? p9_client_prepare_req.part.0+0x20a/0xac0
[ 2203.748774]  ? lock_release+0x680/0x680
[ 2203.749614]  idr_alloc+0xc2/0x130
[ 2203.750346]  ? idr_alloc_u32+0x2d0/0x2d0
[ 2203.751189]  ? rwlock_bug.part.0+0x90/0x90
[ 2203.752083]  p9_client_prepare_req.part.0+0x612/0xac0
[ 2203.753173]  p9_client_rpc+0x220/0x1370
[ 2203.754002]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2203.755121]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2203.756240]  ? pipe_poll+0x21b/0x800
[ 2203.757013]  ? p9_fd_close+0x4a0/0x4a0
[ 2203.757824]  ? wait_for_partner+0x3c0/0x3c0
[ 2203.758737]  ? p9_fd_poll+0x1e0/0x2c0
[ 2203.759545]  ? p9_fd_create+0x357/0x4a0
[ 2203.760379]  ? p9_conn_create+0x510/0x510
[ 2203.761252]  ? p9_client_create+0x798/0x1230
[ 2203.762193]  ? kfree+0xd7/0x340
[ 2203.762882]  ? do_raw_spin_unlock+0x4f/0x220
[ 2203.763810]  p9_client_create+0xa76/0x1230
[ 2203.764704]  ? p9_client_flush+0x430/0x430
[ 2203.765598]  ? trace_hardirqs_on+0x5b/0x180
[ 2203.766490]  ? lockdep_init_map_type+0x2c7/0x780
[ 2203.767486]  ? __raw_spin_lock_init+0x36/0x110
[ 2203.768449]  v9fs_session_init+0x1dd/0x1680
[ 2203.769354]  ? lock_release+0x680/0x680
[ 2203.770210]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2203.771218]  ? v9fs_show_options+0x690/0x690
[ 2203.772143]  ? trace_hardirqs_on+0x5b/0x180
[ 2203.773042]  ? kasan_unpoison_shadow+0x33/0x50
[ 2203.773997]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2203.775070]  v9fs_mount+0x79/0x8f0
[ 2203.775813]  ? v9fs_write_inode+0x60/0x60
[ 2203.776676]  legacy_get_tree+0x105/0x220
[ 2203.777528]  vfs_get_tree+0x8e/0x300
[ 2203.778314]  path_mount+0x1490/0x21e0
[ 2203.779115]  ? strncpy_from_user+0x9e/0x470
[ 2203.780014]  ? finish_automount+0xa90/0xa90
[ 2203.780919]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2203.781891]  ? _copy_from_user+0xfb/0x1b0
[ 2203.782773]  __x64_sys_mount+0x282/0x300
[ 2203.783619]  ? copy_mnt_ns+0xa00/0xa00
[ 2203.784442]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2203.785506]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2203.786602]  do_syscall_64+0x33/0x40
[ 2203.787365]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2203.788437] RIP: 0033:0x7f3f98f8db19
[ 2203.789192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2203.793056] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2203.794609] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2203.796108] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2203.797604] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2203.799123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2203.800567] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
13:57:36 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x10, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:57:51 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x3, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:57:51 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x0, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:57:51 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 43)

13:57:51 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:57:51 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:57:51 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x2e, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

[ 2218.311047] FAULT_INJECTION: forcing a failure.
[ 2218.311047] name failslab, interval 1, probability 0, space 0, times 0
[ 2218.313432] CPU: 0 PID: 10174 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2218.314916] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2218.316819] Call Trace:
[ 2218.317391]  dump_stack+0x107/0x167
[ 2218.318187]  should_fail.cold+0x5/0xa
[ 2218.319008]  ? create_object.isra.0+0x3a/0xa30
[ 2218.319974]  should_failslab+0x5/0x20
[ 2218.320779]  kmem_cache_alloc+0x5b/0x310
[ 2218.321638]  create_object.isra.0+0x3a/0xa30
[ 2218.322582]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2218.323656]  kmem_cache_alloc+0x159/0x310
[ 2218.324538]  radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 2218.325734]  idr_get_free+0x4b5/0x8f0
[ 2218.326567]  idr_alloc_u32+0x170/0x2d0
[ 2218.327397]  ? __fprop_inc_percpu_max+0x130/0x130
[ 2218.328422]  ? p9_client_prepare_req.part.0+0x20a/0xac0
[ 2218.329556]  ? lock_release+0x680/0x680
[ 2218.330423]  idr_alloc+0xc2/0x130
[ 2218.331156]  ? idr_alloc_u32+0x2d0/0x2d0
[ 2218.332012]  ? rwlock_bug.part.0+0x90/0x90
[ 2218.332926]  p9_client_prepare_req.part.0+0x612/0xac0
[ 2218.334027]  p9_client_rpc+0x220/0x1370
[ 2218.334877]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2218.336008]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2218.337154]  ? pipe_poll+0x21b/0x800
[ 2218.337936]  ? p9_fd_close+0x4a0/0x4a0
[ 2218.338769]  ? wait_for_partner+0x3c0/0x3c0
[ 2218.339689]  ? p9_fd_poll+0x1e0/0x2c0
[ 2218.340510]  ? p9_fd_create+0x357/0x4a0
[ 2218.341358]  ? p9_conn_create+0x510/0x510
[ 2218.342244]  ? p9_client_create+0x798/0x1230
[ 2218.343176]  ? kfree+0xd7/0x340
[ 2218.343865]  ? do_raw_spin_unlock+0x4f/0x220
[ 2218.344807]  p9_client_create+0xa76/0x1230
[ 2218.345716]  ? p9_client_flush+0x430/0x430
[ 2218.346625]  ? trace_hardirqs_on+0x5b/0x180
[ 2218.347539]  ? lockdep_init_map_type+0x2c7/0x780
[ 2218.348539]  ? __raw_spin_lock_init+0x36/0x110
[ 2218.349505]  v9fs_session_init+0x1dd/0x1680
[ 2218.350422]  ? lock_release+0x680/0x680
[ 2218.351281]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2218.352310]  ? v9fs_show_options+0x690/0x690
[ 2218.353251]  ? trace_hardirqs_on+0x5b/0x180
[ 2218.354165]  ? kasan_unpoison_shadow+0x33/0x50
[ 2218.355134]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2218.356211]  v9fs_mount+0x79/0x8f0
[ 2218.356970]  ? v9fs_write_inode+0x60/0x60
[ 2218.357843]  legacy_get_tree+0x105/0x220
[ 2218.358716]  vfs_get_tree+0x8e/0x300
[ 2218.359513]  path_mount+0x1490/0x21e0
[ 2218.360333]  ? strncpy_from_user+0x9e/0x470
[ 2218.361260]  ? finish_automount+0xa90/0xa90
[ 2218.362187]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2218.363197]  ? _copy_from_user+0xfb/0x1b0
[ 2218.364094]  __x64_sys_mount+0x282/0x300
[ 2218.364954]  ? copy_mnt_ns+0xa00/0xa00
[ 2218.365790]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2218.366921]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2218.368023]  do_syscall_64+0x33/0x40
[ 2218.368822]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2218.369910] RIP: 0033:0x7f3f98f8db19
[ 2218.370708] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2218.374617] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2218.376225] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2218.377732] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2218.379248] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2218.380776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2218.382307] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
13:57:51 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:57:51 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 45)

13:57:51 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x4, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:57:51 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x48, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

[ 2218.440641] FAULT_INJECTION: forcing a failure.
[ 2218.440641] name failslab, interval 1, probability 0, space 0, times 0
[ 2218.442016] CPU: 1 PID: 10196 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2218.442873] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2218.443881] Call Trace:
[ 2218.444214]  dump_stack+0x107/0x167
[ 2218.444672]  should_fail.cold+0x5/0xa
[ 2218.445118]  ? create_object.isra.0+0x3a/0xa30
[ 2218.445652]  should_failslab+0x5/0x20
[ 2218.446101]  kmem_cache_alloc+0x5b/0x310
[ 2218.446589]  create_object.isra.0+0x3a/0xa30
[ 2218.447098]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2218.447694]  kmem_cache_alloc+0x159/0x310
[ 2218.448188]  radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 2218.448847]  idr_get_free+0x4b5/0x8f0
[ 2218.449306]  idr_alloc_u32+0x170/0x2d0
[ 2218.449763]  ? __fprop_inc_percpu_max+0x130/0x130
[ 2218.450342]  ? p9_client_prepare_req.part.0+0x20a/0xac0
[ 2218.450970]  ? lock_release+0x680/0x680
[ 2218.451437]  idr_alloc+0xc2/0x130
[ 2218.451847]  ? idr_alloc_u32+0x2d0/0x2d0
[ 2218.452319]  ? rwlock_bug.part.0+0x90/0x90
[ 2218.452823]  p9_client_prepare_req.part.0+0x612/0xac0
[ 2218.453430]  p9_client_rpc+0x220/0x1370
[ 2218.453890]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2218.454511]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2218.455134]  ? pipe_poll+0x21b/0x800
[ 2218.455562]  ? p9_fd_close+0x4a0/0x4a0
[ 2218.456012]  ? wait_for_partner+0x3c0/0x3c0
[ 2218.456515]  ? p9_fd_poll+0x1e0/0x2c0
[ 2218.456964]  ? p9_fd_create+0x357/0x4a0
[ 2218.457439]  ? p9_conn_create+0x510/0x510
[ 2218.457921]  ? p9_client_create+0x798/0x1230
[ 2218.458437]  ? kfree+0xd7/0x340
[ 2218.458819]  ? do_raw_spin_unlock+0x4f/0x220
[ 2218.459336]  p9_client_create+0xa76/0x1230
[ 2218.459835]  ? p9_client_flush+0x430/0x430
[ 2218.460331]  ? trace_hardirqs_on+0x5b/0x180
[ 2218.460833]  ? lockdep_init_map_type+0x2c7/0x780
[ 2218.461385]  ? __raw_spin_lock_init+0x36/0x110
[ 2218.461918]  v9fs_session_init+0x1dd/0x1680
[ 2218.462429]  ? lock_release+0x680/0x680
[ 2218.462895]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2218.463454]  ? v9fs_show_options+0x690/0x690
[ 2218.463972]  ? trace_hardirqs_on+0x5b/0x180
[ 2218.464472]  ? kasan_unpoison_shadow+0x33/0x50
[ 2218.465001]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2218.465596]  v9fs_mount+0x79/0x8f0
[ 2218.466008]  ? v9fs_write_inode+0x60/0x60
[ 2218.466496]  legacy_get_tree+0x105/0x220
[ 2218.466970]  vfs_get_tree+0x8e/0x300
[ 2218.467404]  path_mount+0x1490/0x21e0
[ 2218.467852]  ? strncpy_from_user+0x9e/0x470
[ 2218.468351]  ? finish_automount+0xa90/0xa90
[ 2218.468855]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2218.469394]  ? _copy_from_user+0xfb/0x1b0
[ 2218.469877]  __x64_sys_mount+0x282/0x300
[ 2218.470355]  ? copy_mnt_ns+0xa00/0xa00
[ 2218.470808]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2218.471430]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2218.472030]  do_syscall_64+0x33/0x40
[ 2218.472460]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2218.473052] RIP: 0033:0x7f32cefd1b19
[ 2218.473484] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2218.475620] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2218.476504] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2218.477329] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2218.478149] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2218.478982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2218.479809] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
13:57:51 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x4c, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:57:51 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x5, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:57:51 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:57:51 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x0, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:57:51 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 44)

13:57:51 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x68, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:57:51 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2218.617840] FAULT_INJECTION: forcing a failure.
[ 2218.617840] name failslab, interval 1, probability 0, space 0, times 0
[ 2218.620712] CPU: 0 PID: 10209 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2218.622454] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2218.624530] Call Trace:
[ 2218.625194]  dump_stack+0x107/0x167
[ 2218.626108]  should_fail.cold+0x5/0xa
[ 2218.627084]  ? radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 2218.628533]  should_failslab+0x5/0x20
[ 2218.629494]  kmem_cache_alloc+0x5b/0x310
[ 2218.630534]  radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 2218.631937]  idr_get_free+0x4b5/0x8f0
[ 2218.632912]  idr_alloc_u32+0x170/0x2d0
[ 2218.633899]  ? __fprop_inc_percpu_max+0x130/0x130
[ 2218.635121]  ? p9_client_prepare_req.part.0+0x20a/0xac0
[ 2218.636466]  ? lock_release+0x680/0x680
[ 2218.637470]  idr_alloc+0xc2/0x130
[ 2218.638349]  ? idr_alloc_u32+0x2d0/0x2d0
[ 2218.639370]  ? rwlock_bug.part.0+0x90/0x90
[ 2218.640438]  p9_client_prepare_req.part.0+0x612/0xac0
[ 2218.641745]  p9_client_rpc+0x220/0x1370
[ 2218.642753]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2218.644079]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2218.645423]  ? pipe_poll+0x21b/0x800
[ 2218.646366]  ? p9_fd_close+0x4a0/0x4a0
[ 2218.647342]  ? wait_for_partner+0x3c0/0x3c0
[ 2218.648425]  ? p9_fd_poll+0x1e0/0x2c0
[ 2218.649394]  ? p9_fd_create+0x357/0x4a0
[ 2218.650393]  ? p9_conn_create+0x510/0x510
[ 2218.651437]  ? p9_client_create+0x798/0x1230
[ 2218.652540]  ? kfree+0xd7/0x340
[ 2218.653364]  ? do_raw_spin_unlock+0x4f/0x220
[ 2218.654494]  p9_client_create+0xa76/0x1230
[ 2218.655570]  ? p9_client_flush+0x430/0x430
[ 2218.656630]  ? trace_hardirqs_on+0x5b/0x180
[ 2218.657702]  ? lockdep_init_map_type+0x2c7/0x780
[ 2218.658891]  ? __raw_spin_lock_init+0x36/0x110
[ 2218.660035]  v9fs_session_init+0x1dd/0x1680
[ 2218.661103]  ? lock_release+0x680/0x680
[ 2218.662104]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2218.663305]  ? v9fs_show_options+0x690/0x690
[ 2218.664414]  ? trace_hardirqs_on+0x5b/0x180
[ 2218.665478]  ? kasan_unpoison_shadow+0x33/0x50
[ 2218.666619]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2218.667882]  v9fs_mount+0x79/0x8f0
[ 2218.668764]  ? v9fs_write_inode+0x60/0x60
[ 2218.669783]  legacy_get_tree+0x105/0x220
[ 2218.670805]  vfs_get_tree+0x8e/0x300
[ 2218.671735]  path_mount+0x1490/0x21e0
[ 2218.672689]  ? strncpy_from_user+0x9e/0x470
[ 2218.673761]  ? finish_automount+0xa90/0xa90
[ 2218.674844]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2218.676001]  ? _copy_from_user+0xfb/0x1b0
[ 2218.677042]  __x64_sys_mount+0x282/0x300
[ 2218.678049]  ? copy_mnt_ns+0xa00/0xa00
[ 2218.679034]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2218.680337]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2218.681627]  do_syscall_64+0x33/0x40
[ 2218.682566]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2218.683835] RIP: 0033:0x7f3f98f8db19
[ 2218.684758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2218.689311] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2218.691194] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2218.692946] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2218.694708] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2218.696460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2218.698220] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
13:57:51 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x6c, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:57:51 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:57:51 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x6, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:57:51 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x74, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:57:51 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x7a, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:57:51 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:58:05 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 45)

13:58:05 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:58:05 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0xae, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:58:05 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x7, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:58:05 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x0, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:58:05 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:58:05 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 46)

13:58:05 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2232.855821] FAULT_INJECTION: forcing a failure.
[ 2232.855821] name failslab, interval 1, probability 0, space 0, times 0
[ 2232.858417] CPU: 1 PID: 10243 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2232.859963] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2232.861835] Call Trace:
[ 2232.862443]  dump_stack+0x107/0x167
[ 2232.863267]  should_fail.cold+0x5/0xa
[ 2232.864136]  ? radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 2232.865448]  should_failslab+0x5/0x20
[ 2232.866306]  kmem_cache_alloc+0x5b/0x310
[ 2232.867247]  radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 2232.868522]  idr_get_free+0x4b5/0x8f0
[ 2232.869403]  idr_alloc_u32+0x170/0x2d0
[ 2232.870286]  ? __fprop_inc_percpu_max+0x130/0x130
[ 2232.871389]  ? p9_client_prepare_req.part.0+0x20a/0xac0
[ 2232.872599]  ? lock_release+0x680/0x680
[ 2232.873500]  idr_alloc+0xc2/0x130
[ 2232.874284]  ? idr_alloc_u32+0x2d0/0x2d0
[ 2232.875206]  ? rwlock_bug.part.0+0x90/0x90
[ 2232.876171]  p9_client_prepare_req.part.0+0x612/0xac0
[ 2232.877337]  p9_client_rpc+0x220/0x1370
[ 2232.878238]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2232.879422]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2232.880628]  ? pipe_poll+0x21b/0x800
[ 2232.881463]  ? p9_fd_close+0x4a0/0x4a0
[ 2232.882358]  ? wait_for_partner+0x3c0/0x3c0
[ 2232.883346]  ? p9_fd_poll+0x1e0/0x2c0
[ 2232.884210]  ? p9_fd_create+0x357/0x4a0
[ 2232.885105]  ? p9_conn_create+0x510/0x510
[ 2232.886048]  ? p9_client_create+0x798/0x1230
[ 2232.887058]  ? kfree+0xd7/0x340
[ 2232.887801]  ? do_raw_spin_unlock+0x4f/0x220
[ 2232.888786]  p9_client_create+0xa76/0x1230
[ 2232.889757]  ? p9_client_flush+0x430/0x430
[ 2232.890731]  ? trace_hardirqs_on+0x5b/0x180
[ 2232.891705]  ? lockdep_init_map_type+0x2c7/0x780
[ 2232.892782]  ? __raw_spin_lock_init+0x36/0x110
[ 2232.893826]  v9fs_session_init+0x1dd/0x1680
[ 2232.894813]  ? lock_release+0x680/0x680
[ 2232.895724]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2232.896809]  ? v9fs_show_options+0x690/0x690
[ 2232.897815]  ? trace_hardirqs_on+0x5b/0x180
[ 2232.898802]  ? kasan_unpoison_shadow+0x33/0x50
[ 2232.899823]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2232.900975]  v9fs_mount+0x79/0x8f0
[ 2232.901782]  ? v9fs_write_inode+0x60/0x60
[ 2232.902725]  legacy_get_tree+0x105/0x220
[ 2232.903646]  vfs_get_tree+0x8e/0x300
[ 2232.904488]  path_mount+0x1490/0x21e0
[ 2232.905339]  ? strncpy_from_user+0x9e/0x470
[ 2232.906313]  ? finish_automount+0xa90/0xa90
[ 2232.907293]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2232.908346]  ? _copy_from_user+0xfb/0x1b0
[ 2232.909296]  __x64_sys_mount+0x282/0x300
[ 2232.910210]  ? copy_mnt_ns+0xa00/0xa00
[ 2232.911104]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2232.912291]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2232.913463]  do_syscall_64+0x33/0x40
[ 2232.914303]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2232.915472] RIP: 0033:0x7f32cefd1b19
[ 2232.916314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2232.920494] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2232.922233] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2232.923866] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2232.925489] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2232.927119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2232.928742] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
[ 2232.934612] FAULT_INJECTION: forcing a failure.
[ 2232.934612] name failslab, interval 1, probability 0, space 0, times 0
[ 2232.937404] CPU: 1 PID: 10245 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2232.939088] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2232.941201] Call Trace:
[ 2232.941797]  dump_stack+0x107/0x167
[ 2232.942633]  should_fail.cold+0x5/0xa
[ 2232.943500]  ? radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 2232.944793]  should_failslab+0x5/0x20
[ 2232.945655]  kmem_cache_alloc+0x5b/0x310
[ 2232.946600]  radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 2232.947868]  idr_get_free+0x4b5/0x8f0
[ 2232.948745]  idr_alloc_u32+0x170/0x2d0
[ 2232.949630]  ? __fprop_inc_percpu_max+0x130/0x130
[ 2232.950735]  ? p9_client_prepare_req.part.0+0x20a/0xac0
[ 2232.951943]  ? lock_release+0x680/0x680
[ 2232.952840]  idr_alloc+0xc2/0x130
[ 2232.953618]  ? idr_alloc_u32+0x2d0/0x2d0
[ 2232.954541]  ? rwlock_bug.part.0+0x90/0x90
[ 2232.955510]  p9_client_prepare_req.part.0+0x612/0xac0
[ 2232.956678]  p9_client_rpc+0x220/0x1370
[ 2232.957561]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2232.958753]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2232.959952]  ? pipe_poll+0x21b/0x800
[ 2232.960793]  ? p9_fd_close+0x4a0/0x4a0
[ 2232.961682]  ? wait_for_partner+0x3c0/0x3c0
[ 2232.962665]  ? p9_fd_poll+0x1e0/0x2c0
[ 2232.963530]  ? p9_fd_create+0x357/0x4a0
[ 2232.964425]  ? p9_conn_create+0x510/0x510
[ 2232.965359]  ? p9_client_create+0x798/0x1230
[ 2232.966360]  ? kfree+0xd7/0x340
[ 2232.967104]  ? do_raw_spin_unlock+0x4f/0x220
[ 2232.968108]  p9_client_create+0xa76/0x1230
[ 2232.969078]  ? p9_client_flush+0x430/0x430
[ 2232.970032]  ? trace_hardirqs_on+0x5b/0x180
[ 2232.971023]  ? lockdep_init_map_type+0x2c7/0x780
[ 2232.972090]  ? __raw_spin_lock_init+0x36/0x110
[ 2232.973128]  v9fs_session_init+0x1dd/0x1680
[ 2232.974101]  ? lock_release+0x680/0x680
[ 2232.975016]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2232.976101]  ? v9fs_show_options+0x690/0x690
[ 2232.977105]  ? trace_hardirqs_on+0x5b/0x180
[ 2232.978079]  ? kasan_unpoison_shadow+0x33/0x50
[ 2232.979122]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2232.980258]  v9fs_mount+0x79/0x8f0
[ 2232.981064]  ? v9fs_write_inode+0x60/0x60
[ 2232.981999]  legacy_get_tree+0x105/0x220
[ 2232.982927]  vfs_get_tree+0x8e/0x300
[ 2232.983765]  path_mount+0x1490/0x21e0
[ 2232.984619]  ? strncpy_from_user+0x9e/0x470
[ 2232.985599]  ? finish_automount+0xa90/0xa90
[ 2232.986586]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2232.987743]  ? _copy_from_user+0xfb/0x1b0
[ 2232.988670]  __x64_sys_mount+0x282/0x300
[ 2232.989570]  ? copy_mnt_ns+0xa00/0xa00
[ 2232.990448]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2232.991612]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2232.992754]  do_syscall_64+0x33/0x40
[ 2232.993572]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2232.994711] RIP: 0033:0x7f3f98f8db19
[ 2232.995547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2232.999624] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2233.001304] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2233.002898] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2233.004512] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2233.006105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2233.007717] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
13:58:05 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x2dc, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:58:05 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x8, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:58:05 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:58:05 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:58:05 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x300, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:58:05 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:58:05 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x0, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:58:20 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:58:20 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:58:20 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x0, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:58:20 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:58:20 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x3ca, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:58:20 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 47)

13:58:20 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 46)

13:58:20 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0xa, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

[ 2247.572963] FAULT_INJECTION: forcing a failure.
[ 2247.572963] name failslab, interval 1, probability 0, space 0, times 0
[ 2247.575428] CPU: 0 PID: 10295 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2247.576888] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2247.578651] Call Trace:
[ 2247.579209]  dump_stack+0x107/0x167
[ 2247.579977]  should_fail.cold+0x5/0xa
[ 2247.580795]  ? p9pdu_readf+0xadb/0x1d40
[ 2247.581636]  should_failslab+0x5/0x20
[ 2247.582436]  __kmalloc+0x72/0x390
[ 2247.583190]  p9pdu_readf+0xadb/0x1d40
[ 2247.584001]  ? pipe_poll+0x21b/0x800
[ 2247.584793]  ? p9pdu_writef+0x100/0x100
[ 2247.585648]  ? p9_fd_poll+0x1e0/0x2c0
[ 2247.586456]  ? p9_fd_create+0x357/0x4a0
[ 2247.587299]  ? p9_conn_create+0x510/0x510
[ 2247.588164]  ? p9_client_create+0x798/0x1230
[ 2247.589094]  ? kfree+0xd7/0x340
[ 2247.589786]  ? do_raw_spin_unlock+0x4f/0x220
[ 2247.590724]  p9_client_create+0xaee/0x1230
[ 2247.591642]  ? p9_client_flush+0x430/0x430
[ 2247.592562]  ? trace_hardirqs_on+0x5b/0x180
[ 2247.593471]  ? lockdep_init_map_type+0x2c7/0x780
[ 2247.594483]  ? __raw_spin_lock_init+0x36/0x110
[ 2247.595458]  v9fs_session_init+0x1dd/0x1680
[ 2247.596376]  ? lock_release+0x680/0x680
[ 2247.597229]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2247.598236]  ? v9fs_show_options+0x690/0x690
[ 2247.599174]  ? trace_hardirqs_on+0x5b/0x180
[ 2247.600095]  ? kasan_unpoison_shadow+0x33/0x50
[ 2247.601063]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2247.602140]  v9fs_mount+0x79/0x8f0
[ 2247.602918]  ? v9fs_write_inode+0x60/0x60
[ 2247.603789]  legacy_get_tree+0x105/0x220
[ 2247.604653]  vfs_get_tree+0x8e/0x300
[ 2247.605451]  path_mount+0x1490/0x21e0
[ 2247.606269]  ? strncpy_from_user+0x9e/0x470
[ 2247.607198]  ? finish_automount+0xa90/0xa90
[ 2247.608114]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2247.609094]  ? _copy_from_user+0xfb/0x1b0
[ 2247.609988]  __x64_sys_mount+0x282/0x300
[ 2247.610858]  ? copy_mnt_ns+0xa00/0xa00
[ 2247.611687]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2247.612789]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2247.613874]  do_syscall_64+0x33/0x40
[ 2247.614686]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2247.615774] RIP: 0033:0x7f3f98f8db19
13:58:20 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0xb, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

[ 2247.616562] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2247.620677] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2247.622274] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2247.623808] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2247.625308] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2247.626820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2247.628334] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
[ 2247.650101] FAULT_INJECTION: forcing a failure.
[ 2247.650101] name failslab, interval 1, probability 0, space 0, times 0
[ 2247.652543] CPU: 0 PID: 10302 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2247.653995] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2247.655771] Call Trace:
[ 2247.656511]  dump_stack+0x107/0x167
[ 2247.657296]  should_fail.cold+0x5/0xa
[ 2247.658098]  ? p9pdu_readf+0xadb/0x1d40
[ 2247.658957]  should_failslab+0x5/0x20
[ 2247.659755]  __kmalloc+0x72/0x390
[ 2247.660496]  p9pdu_readf+0xadb/0x1d40
[ 2247.661320]  ? pipe_poll+0x21b/0x800
[ 2247.662097]  ? p9pdu_writef+0x100/0x100
[ 2247.662949]  ? p9_fd_poll+0x1e0/0x2c0
[ 2247.663738]  ? p9_fd_create+0x357/0x4a0
[ 2247.664560]  ? p9_conn_create+0x510/0x510
[ 2247.665450]  ? p9_client_create+0x798/0x1230
[ 2247.666382]  ? kfree+0xd7/0x340
[ 2247.667073]  ? do_raw_spin_unlock+0x4f/0x220
[ 2247.668016]  p9_client_create+0xaee/0x1230
[ 2247.668921]  ? p9_client_flush+0x430/0x430
[ 2247.669802]  ? trace_hardirqs_on+0x5b/0x180
[ 2247.670734]  ? lockdep_init_map_type+0x2c7/0x780
[ 2247.671719]  ? __raw_spin_lock_init+0x36/0x110
[ 2247.672710]  v9fs_session_init+0x1dd/0x1680
[ 2247.673625]  ? lock_release+0x680/0x680
[ 2247.674496]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2247.675500]  ? v9fs_show_options+0x690/0x690
[ 2247.676443]  ? trace_hardirqs_on+0x5b/0x180
[ 2247.677354]  ? kasan_unpoison_shadow+0x33/0x50
[ 2247.678308]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2247.679387]  v9fs_mount+0x79/0x8f0
[ 2247.680141]  ? v9fs_write_inode+0x60/0x60
[ 2247.680997]  legacy_get_tree+0x105/0x220
[ 2247.681861]  vfs_get_tree+0x8e/0x300
[ 2247.682664]  path_mount+0x1490/0x21e0
[ 2247.683480]  ? strncpy_from_user+0x9e/0x470
[ 2247.684404]  ? finish_automount+0xa90/0xa90
[ 2247.685331]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2247.686310]  ? _copy_from_user+0xfb/0x1b0
[ 2247.687201]  __x64_sys_mount+0x282/0x300
[ 2247.688063]  ? copy_mnt_ns+0xa00/0xa00
[ 2247.688903]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2247.689997]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2247.691068]  do_syscall_64+0x33/0x40
[ 2247.691842]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2247.692887] RIP: 0033:0x7f32cefd1b19
[ 2247.693674] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2247.697552] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2247.699145] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2247.700635] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2247.702135] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2247.703643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2247.705140] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
13:58:20 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:58:20 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x3fd, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:58:20 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:58:20 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 47)

13:58:20 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 48)

[ 2247.872828] FAULT_INJECTION: forcing a failure.
[ 2247.872828] name failslab, interval 1, probability 0, space 0, times 0
[ 2247.875397] CPU: 1 PID: 10317 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2247.876866] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2247.878630] Call Trace:
[ 2247.879191]  dump_stack+0x107/0x167
[ 2247.879965]  should_fail.cold+0x5/0xa
[ 2247.880778]  should_failslab+0x5/0x20
[ 2247.881585]  __kmalloc_track_caller+0x79/0x370
[ 2247.882547]  ? kasprintf+0xbb/0xf0
[ 2247.883300]  ? __delete_object+0xb3/0x100
[ 2247.884172]  kvasprintf+0xb5/0x150
[ 2247.884931]  ? bust_spinlocks+0xe0/0xe0
[ 2247.885771]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2247.886883]  kasprintf+0xbb/0xf0
[ 2247.887606]  ? kvasprintf_const+0x1a0/0x1a0
[ 2247.888515]  ? kmem_cache_free+0x249/0x2d0
[ 2247.889437]  ? p9_client_create+0xbfa/0x1230
[ 2247.890359]  p9_client_create+0xc1b/0x1230
[ 2247.891267]  ? p9_client_flush+0x430/0x430
[ 2247.892165]  ? trace_hardirqs_on+0x5b/0x180
[ 2247.893075]  ? lockdep_init_map_type+0x2c7/0x780
[ 2247.894077]  ? __raw_spin_lock_init+0x36/0x110
[ 2247.895068]  v9fs_session_init+0x1dd/0x1680
[ 2247.895971]  ? lock_release+0x680/0x680
[ 2247.896828]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2247.897865]  ? v9fs_show_options+0x690/0x690
[ 2247.898811]  ? trace_hardirqs_on+0x5b/0x180
[ 2247.899712]  ? kasan_unpoison_shadow+0x33/0x50
[ 2247.900671]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2247.901749]  v9fs_mount+0x79/0x8f0
[ 2247.902510]  ? v9fs_write_inode+0x60/0x60
[ 2247.903385]  legacy_get_tree+0x105/0x220
[ 2247.904247]  vfs_get_tree+0x8e/0x300
[ 2247.905040]  path_mount+0x1490/0x21e0
[ 2247.905849]  ? strncpy_from_user+0x9e/0x470
[ 2247.906780]  ? finish_automount+0xa90/0xa90
[ 2247.907690]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2247.908675]  ? _copy_from_user+0xfb/0x1b0
[ 2247.909562]  __x64_sys_mount+0x282/0x300
[ 2247.910415]  ? copy_mnt_ns+0xa00/0xa00
[ 2247.911248]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2247.912361]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2247.913449]  do_syscall_64+0x33/0x40
[ 2247.914234]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2247.915331] RIP: 0033:0x7f32cefd1b19
[ 2247.916123] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2247.920048] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2247.921660] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2247.923171] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2247.924663] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2247.926182] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2247.927688] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
[ 2247.939092] FAULT_INJECTION: forcing a failure.
[ 2247.939092] name failslab, interval 1, probability 0, space 0, times 0
[ 2247.941545] CPU: 1 PID: 10318 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2247.943008] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2247.944745] Call Trace:
[ 2247.945305]  dump_stack+0x107/0x167
[ 2247.946075]  should_fail.cold+0x5/0xa
[ 2247.946877]  ? p9pdu_readf+0xadb/0x1d40
[ 2247.947711]  should_failslab+0x5/0x20
[ 2247.948499]  __kmalloc+0x72/0x390
[ 2247.949228]  p9pdu_readf+0xadb/0x1d40
[ 2247.950033]  ? pipe_poll+0x21b/0x800
[ 2247.950833]  ? p9pdu_writef+0x100/0x100
[ 2247.951667]  ? p9_fd_poll+0x1e0/0x2c0
[ 2247.952467]  ? p9_fd_create+0x357/0x4a0
[ 2247.953292]  ? p9_conn_create+0x510/0x510
[ 2247.954168]  ? p9_client_create+0x798/0x1230
[ 2247.955100]  ? kfree+0xd7/0x340
[ 2247.955792]  ? do_raw_spin_unlock+0x4f/0x220
[ 2247.956722]  p9_client_create+0xaee/0x1230
[ 2247.957615]  ? p9_client_flush+0x430/0x430
[ 2247.958518]  ? trace_hardirqs_on+0x5b/0x180
[ 2247.959424]  ? lockdep_init_map_type+0x2c7/0x780
[ 2247.960411]  ? __raw_spin_lock_init+0x36/0x110
[ 2247.961377]  v9fs_session_init+0x1dd/0x1680
[ 2247.962273]  ? lock_release+0x680/0x680
[ 2247.963122]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2247.964126]  ? v9fs_show_options+0x690/0x690
[ 2247.965058]  ? trace_hardirqs_on+0x5b/0x180
[ 2247.965967]  ? kasan_unpoison_shadow+0x33/0x50
[ 2247.966928]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2247.967978]  v9fs_mount+0x79/0x8f0
[ 2247.968723]  ? v9fs_write_inode+0x60/0x60
[ 2247.969594]  legacy_get_tree+0x105/0x220
[ 2247.970442]  vfs_get_tree+0x8e/0x300
[ 2247.971227]  path_mount+0x1490/0x21e0
[ 2247.972034]  ? strncpy_from_user+0x9e/0x470
[ 2247.972946]  ? finish_automount+0xa90/0xa90
[ 2247.973849]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2247.974828]  ? _copy_from_user+0xfb/0x1b0
[ 2247.975701]  __x64_sys_mount+0x282/0x300
[ 2247.976549]  ? copy_mnt_ns+0xa00/0xa00
[ 2247.977367]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2247.978453]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2247.979555]  do_syscall_64+0x33/0x40
[ 2247.980340]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2247.981406] RIP: 0033:0x7f3f98f8db19
[ 2247.982179] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2247.986007] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2247.987604] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2247.989106] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2247.990602] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2247.992101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2247.993582] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
13:58:35 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x10, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:58:35 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 49)

13:58:35 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 48)

13:58:35 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:58:35 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:58:35 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:58:35 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:58:35 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x500, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

[ 2263.141810] FAULT_INJECTION: forcing a failure.
[ 2263.141810] name failslab, interval 1, probability 0, space 0, times 0
[ 2263.144474] CPU: 0 PID: 10335 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2263.146096] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2263.147583] FAULT_INJECTION: forcing a failure.
[ 2263.147583] name failslab, interval 1, probability 0, space 0, times 0
[ 2263.148076] Call Trace:
[ 2263.151288]  dump_stack+0x107/0x167
[ 2263.152145]  should_fail.cold+0x5/0xa
[ 2263.153033]  ? create_object.isra.0+0x3a/0xa30
[ 2263.154082]  should_failslab+0x5/0x20
[ 2263.154973]  kmem_cache_alloc+0x5b/0x310
[ 2263.155919]  create_object.isra.0+0x3a/0xa30
[ 2263.156933]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2263.158111]  kmem_cache_alloc+0x159/0x310
[ 2263.159090]  radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 2263.160386]  idr_get_free+0x4b5/0x8f0
[ 2263.161282]  idr_alloc_u32+0x170/0x2d0
[ 2263.162186]  ? __fprop_inc_percpu_max+0x130/0x130
[ 2263.163312]  ? p9_client_prepare_req.part.0+0x20a/0xac0
[ 2263.164544]  ? lock_release+0x680/0x680
[ 2263.165467]  idr_alloc+0xc2/0x130
[ 2263.166265]  ? idr_alloc_u32+0x2d0/0x2d0
[ 2263.167202]  ? rwlock_bug.part.0+0x90/0x90
[ 2263.168196]  p9_client_prepare_req.part.0+0x612/0xac0
[ 2263.169395]  p9_client_rpc+0x220/0x1370
[ 2263.170307]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2263.171534]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2263.172769]  ? pipe_poll+0x21b/0x800
[ 2263.173625]  ? p9_fd_close+0x4a0/0x4a0
[ 2263.174522]  ? wait_for_partner+0x3c0/0x3c0
[ 2263.175539]  ? p9_fd_poll+0x1e0/0x2c0
[ 2263.176426]  ? p9_fd_create+0x357/0x4a0
[ 2263.177343]  ? p9_conn_create+0x510/0x510
[ 2263.178297]  ? p9_client_create+0x798/0x1230
[ 2263.179317]  ? kfree+0xd7/0x340
[ 2263.180075]  ? do_raw_spin_unlock+0x4f/0x220
[ 2263.181098]  p9_client_create+0xa76/0x1230
[ 2263.182087]  ? p9_client_flush+0x430/0x430
[ 2263.183072]  ? trace_hardirqs_on+0x5b/0x180
[ 2263.184158]  ? lockdep_init_map_type+0x2c7/0x780
[ 2263.185518]  ? __raw_spin_lock_init+0x36/0x110
[ 2263.186802]  v9fs_session_init+0x1dd/0x1680
[ 2263.187820]  ? lock_release+0x680/0x680
[ 2263.188759]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2263.189883]  ? v9fs_show_options+0x690/0x690
[ 2263.190972]  ? trace_hardirqs_on+0x5b/0x180
[ 2263.192055]  ? kasan_unpoison_shadow+0x33/0x50
[ 2263.193140]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2263.194312]  v9fs_mount+0x79/0x8f0
[ 2263.195140]  ? v9fs_write_inode+0x60/0x60
[ 2263.196087]  legacy_get_tree+0x105/0x220
[ 2263.197023]  vfs_get_tree+0x8e/0x300
[ 2263.197882]  path_mount+0x1490/0x21e0
[ 2263.198774]  ? strncpy_from_user+0x9e/0x470
[ 2263.199768]  ? finish_automount+0xa90/0xa90
[ 2263.200759]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2263.201939]  ? _copy_from_user+0xfb/0x1b0
[ 2263.203141]  __x64_sys_mount+0x282/0x300
[ 2263.204291]  ? copy_mnt_ns+0xa00/0xa00
[ 2263.205363]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2263.206858]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2263.208095]  do_syscall_64+0x33/0x40
[ 2263.208975]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2263.210181] RIP: 0033:0x7f3f98f8db19
[ 2263.211070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2263.215418] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2263.217210] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2263.218884] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2263.220551] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2263.222232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2263.223906] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
[ 2263.225625] CPU: 1 PID: 10329 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2263.227245] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2263.229142] Call Trace:
[ 2263.229754]  dump_stack+0x107/0x167
[ 2263.230593]  should_fail.cold+0x5/0xa
[ 2263.231481]  ? create_object.isra.0+0x3a/0xa30
[ 2263.232527]  should_failslab+0x5/0x20
[ 2263.233399]  kmem_cache_alloc+0x5b/0x310
[ 2263.234333]  ? vsnprintf+0x4ba/0x1600
[ 2263.235224]  create_object.isra.0+0x3a/0xa30
[ 2263.236236]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2263.237407]  __kmalloc_track_caller+0x177/0x370
[ 2263.238469]  ? kasprintf+0xbb/0xf0
[ 2263.239297]  kvasprintf+0xb5/0x150
[ 2263.240110]  ? bust_spinlocks+0xe0/0xe0
[ 2263.241024]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2263.242238]  kasprintf+0xbb/0xf0
[ 2263.243018]  ? kvasprintf_const+0x1a0/0x1a0
[ 2263.244014]  ? kmem_cache_free+0x249/0x2d0
[ 2263.244993]  ? p9_client_create+0xbfa/0x1230
[ 2263.246008]  p9_client_create+0xc1b/0x1230
[ 2263.246993]  ? p9_client_flush+0x430/0x430
[ 2263.247964]  ? trace_hardirqs_on+0x5b/0x180
[ 2263.248956]  ? lockdep_init_map_type+0x2c7/0x780
[ 2263.250042]  ? __raw_spin_lock_init+0x36/0x110
[ 2263.251103]  v9fs_session_init+0x1dd/0x1680
[ 2263.252100]  ? lock_release+0x680/0x680
[ 2263.253017]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2263.254121]  ? v9fs_show_options+0x690/0x690
[ 2263.255150]  ? trace_hardirqs_on+0x5b/0x180
[ 2263.256141]  ? kasan_unpoison_shadow+0x33/0x50
[ 2263.257194]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2263.258355]  v9fs_mount+0x79/0x8f0
[ 2263.259181]  ? v9fs_write_inode+0x60/0x60
[ 2263.260136]  legacy_get_tree+0x105/0x220
[ 2263.261068]  vfs_get_tree+0x8e/0x300
[ 2263.261920]  path_mount+0x1490/0x21e0
[ 2263.262814]  ? strncpy_from_user+0x9e/0x470
[ 2263.263808]  ? finish_automount+0xa90/0xa90
[ 2263.264798]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2263.265860]  ? _copy_from_user+0xfb/0x1b0
[ 2263.266825]  __x64_sys_mount+0x282/0x300
[ 2263.267755]  ? copy_mnt_ns+0xa00/0xa00
[ 2263.268649]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2263.269864]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2263.271055]  do_syscall_64+0x33/0x40
[ 2263.271909]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2263.273087] RIP: 0033:0x7f32cefd1b19
[ 2263.273944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2263.278174] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2263.279918] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2263.281548] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2263.283191] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2263.284820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2263.286446] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
13:58:36 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:58:36 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:58:36 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x600, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:58:36 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:58:36 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x2e, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:58:36 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 50)

13:58:36 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 49)

[ 2263.519311] FAULT_INJECTION: forcing a failure.
[ 2263.519311] name failslab, interval 1, probability 0, space 0, times 0
[ 2263.522415] CPU: 1 PID: 10358 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2263.524024] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2263.525938] Call Trace:
[ 2263.526547]  dump_stack+0x107/0x167
[ 2263.527395]  should_fail.cold+0x5/0xa
[ 2263.528273]  should_failslab+0x5/0x20
[ 2263.529148]  __kmalloc_track_caller+0x79/0x370
[ 2263.530192]  ? kstrdup_const+0x53/0x80
[ 2263.531090]  ? kasprintf+0xbb/0xf0
[ 2263.531910]  kstrdup+0x36/0x70
[ 2263.532647]  kstrdup_const+0x53/0x80
[ 2263.533506]  kmem_cache_create_usercopy+0x12f/0x2f0
[ 2263.534671]  p9_client_create+0xc6a/0x1230
[ 2263.535657]  ? p9_client_flush+0x430/0x430
[ 2263.536630]  ? trace_hardirqs_on+0x5b/0x180
[ 2263.537626]  ? lockdep_init_map_type+0x2c7/0x780
[ 2263.538726]  ? __raw_spin_lock_init+0x36/0x110
[ 2263.539783]  v9fs_session_init+0x1dd/0x1680
[ 2263.540774]  ? lock_release+0x680/0x680
[ 2263.541697]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2263.542812]  ? v9fs_show_options+0x690/0x690
[ 2263.543824]  ? trace_hardirqs_on+0x5b/0x180
[ 2263.544808]  ? kasan_unpoison_shadow+0x33/0x50
[ 2263.545852]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2263.547033]  v9fs_mount+0x79/0x8f0
[ 2263.547849]  ? v9fs_write_inode+0x60/0x60
[ 2263.548795]  legacy_get_tree+0x105/0x220
[ 2263.549725]  vfs_get_tree+0x8e/0x300
[ 2263.550578]  path_mount+0x1490/0x21e0
[ 2263.551466]  ? strncpy_from_user+0x9e/0x470
[ 2263.552438]  ? finish_automount+0xa90/0xa90
[ 2263.553424]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2263.554493]  ? _copy_from_user+0xfb/0x1b0
[ 2263.555457]  __x64_sys_mount+0x282/0x300
[ 2263.556391]  ? copy_mnt_ns+0xa00/0xa00
[ 2263.557289]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2263.558488]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2263.559678]  do_syscall_64+0x33/0x40
[ 2263.560527]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2263.561698] RIP: 0033:0x7f32cefd1b19
[ 2263.562547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2263.566774] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2263.568513] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2263.570145] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2263.571783] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2263.573414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2263.575057] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
[ 2263.576777] kmem_cache_create(9p-fcall-cache-1157) failed with error -12
[ 2263.578424] CPU: 1 PID: 10358 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2263.580011] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2263.581907] Call Trace:
[ 2263.582510]  dump_stack+0x107/0x167
[ 2263.583358]  kmem_cache_create_usercopy.cold+0x17/0x65
[ 2263.584564]  p9_client_create+0xc6a/0x1230
[ 2263.585541]  ? p9_client_flush+0x430/0x430
[ 2263.586507]  ? trace_hardirqs_on+0x5b/0x180
[ 2263.587500]  ? lockdep_init_map_type+0x2c7/0x780
[ 2263.588584]  ? __raw_spin_lock_init+0x36/0x110
[ 2263.589633]  v9fs_session_init+0x1dd/0x1680
[ 2263.590628]  ? lock_release+0x680/0x680
[ 2263.591554]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2263.592664]  ? v9fs_show_options+0x690/0x690
[ 2263.593685]  ? trace_hardirqs_on+0x5b/0x180
[ 2263.594698]  ? kasan_unpoison_shadow+0x33/0x50
[ 2263.595749]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2263.596918]  v9fs_mount+0x79/0x8f0
[ 2263.597731]  ? v9fs_write_inode+0x60/0x60
[ 2263.598681]  legacy_get_tree+0x105/0x220
[ 2263.599609]  vfs_get_tree+0x8e/0x300
[ 2263.600457]  path_mount+0x1490/0x21e0
[ 2263.601328]  ? strncpy_from_user+0x9e/0x470
[ 2263.602318]  ? finish_automount+0xa90/0xa90
[ 2263.603314]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2263.604375]  ? _copy_from_user+0xfb/0x1b0
[ 2263.605334]  __x64_sys_mount+0x282/0x300
[ 2263.606274]  ? copy_mnt_ns+0xa00/0xa00
[ 2263.607191]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2263.608395]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2263.609581]  do_syscall_64+0x33/0x40
[ 2263.610440]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2263.611635] RIP: 0033:0x7f32cefd1b19
[ 2263.612488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2263.616728] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2263.618463] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2263.620098] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2263.621720] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2263.623363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2263.625001] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
[ 2263.646149] FAULT_INJECTION: forcing a failure.
[ 2263.646149] name failslab, interval 1, probability 0, space 0, times 0
[ 2263.648287] CPU: 0 PID: 10362 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2263.649541] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2263.651041] Call Trace:
[ 2263.651521]  dump_stack+0x107/0x167
[ 2263.652184]  should_fail.cold+0x5/0xa
[ 2263.652867]  ? create_object.isra.0+0x3a/0xa30
[ 2263.653706]  should_failslab+0x5/0x20
[ 2263.654401]  kmem_cache_alloc+0x5b/0x310
[ 2263.655146]  create_object.isra.0+0x3a/0xa30
[ 2263.655929]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2263.656842]  __kmalloc_track_caller+0x177/0x370
[ 2263.657681]  ? kasprintf+0xbb/0xf0
[ 2263.658322]  kvasprintf+0xb5/0x150
[ 2263.658973]  ? bust_spinlocks+0xe0/0xe0
[ 2263.659686]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2263.660633]  kasprintf+0xbb/0xf0
[ 2263.661243]  ? kvasprintf_const+0x1a0/0x1a0
[ 2263.662022]  ? kmem_cache_free+0x249/0x2d0
[ 2263.662806]  ? p9_client_create+0xbfa/0x1230
[ 2263.663599]  p9_client_create+0xc1b/0x1230
[ 2263.664363]  ? p9_client_flush+0x430/0x430
[ 2263.665122]  ? trace_hardirqs_on+0x5b/0x180
[ 2263.665883]  ? lockdep_init_map_type+0x2c7/0x780
[ 2263.666743]  ? __raw_spin_lock_init+0x36/0x110
[ 2263.667579]  v9fs_session_init+0x1dd/0x1680
[ 2263.668353]  ? lock_release+0x680/0x680
[ 2263.669073]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2263.669935]  ? v9fs_show_options+0x690/0x690
[ 2263.670743]  ? trace_hardirqs_on+0x5b/0x180
[ 2263.671513]  ? kasan_unpoison_shadow+0x33/0x50
[ 2263.672337]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2263.673243]  v9fs_mount+0x79/0x8f0
[ 2263.673873]  ? v9fs_write_inode+0x60/0x60
[ 2263.674627]  legacy_get_tree+0x105/0x220
[ 2263.675364]  vfs_get_tree+0x8e/0x300
[ 2263.676032]  path_mount+0x1490/0x21e0
[ 2263.676719]  ? strncpy_from_user+0x9e/0x470
[ 2263.677502]  ? finish_automount+0xa90/0xa90
[ 2263.678272]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2263.679106]  ? _copy_from_user+0xfb/0x1b0
[ 2263.679840]  __x64_sys_mount+0x282/0x300
[ 2263.680557]  ? copy_mnt_ns+0xa00/0xa00
[ 2263.681259]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2263.682194]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2263.683117]  do_syscall_64+0x33/0x40
[ 2263.683769]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2263.684673] RIP: 0033:0x7f3f98f8db19
[ 2263.685343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2263.688581] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2263.689928] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2263.691211] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2263.692464] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2263.693723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2263.695011] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
13:58:49 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 50)

13:58:49 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:58:49 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x700, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:58:49 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x48, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:58:49 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev}, 0x7})
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:58:49 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:58:49 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:58:49 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 51)

[ 2277.077200] FAULT_INJECTION: forcing a failure.
[ 2277.077200] name failslab, interval 1, probability 0, space 0, times 0
[ 2277.078658] CPU: 0 PID: 10371 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2277.079540] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2277.080570] Call Trace:
[ 2277.080903]  dump_stack+0x107/0x167
[ 2277.081361]  should_fail.cold+0x5/0xa
[ 2277.081840]  should_failslab+0x5/0x20
[ 2277.082317]  __kmalloc_track_caller+0x79/0x370
[ 2277.082901]  ? kstrdup_const+0x53/0x80
[ 2277.083385]  ? kasprintf+0xbb/0xf0
[ 2277.083830]  kstrdup+0x36/0x70
[ 2277.084228]  kstrdup_const+0x53/0x80
[ 2277.084691]  kmem_cache_create_usercopy+0x12f/0x2f0
[ 2277.085319]  p9_client_create+0xc6a/0x1230
[ 2277.085866]  ? p9_client_flush+0x430/0x430
[ 2277.086396]  ? trace_hardirqs_on+0x5b/0x180
[ 2277.086944]  ? lockdep_init_map_type+0x2c7/0x780
[ 2277.087534]  ? __raw_spin_lock_init+0x36/0x110
[ 2277.088109]  v9fs_session_init+0x1dd/0x1680
[ 2277.088648]  ? lock_release+0x680/0x680
[ 2277.089149]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2277.089758]  ? v9fs_show_options+0x690/0x690
[ 2277.090316]  ? trace_hardirqs_on+0x5b/0x180
[ 2277.090863]  ? kasan_unpoison_shadow+0x33/0x50
[ 2277.091431]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2277.092065]  v9fs_mount+0x79/0x8f0
[ 2277.092510]  ? v9fs_write_inode+0x60/0x60
[ 2277.093028]  legacy_get_tree+0x105/0x220
[ 2277.093544]  vfs_get_tree+0x8e/0x300
[ 2277.094013]  path_mount+0x1490/0x21e0
[ 2277.094499]  ? strncpy_from_user+0x9e/0x470
[ 2277.095040]  ? finish_automount+0xa90/0xa90
[ 2277.095579]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2277.096166]  ? _copy_from_user+0xfb/0x1b0
[ 2277.096684]  __x64_sys_mount+0x282/0x300
[ 2277.097189]  ? copy_mnt_ns+0xa00/0xa00
[ 2277.097677]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2277.098328]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2277.098986]  do_syscall_64+0x33/0x40
[ 2277.099458]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2277.100094] RIP: 0033:0x7f3f98f8db19
[ 2277.100563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2277.102846] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2277.103801] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2277.104686] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2277.105564] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2277.106442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2277.107328] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
[ 2277.108293] kmem_cache_create(9p-fcall-cache-1159) failed with error -12
[ 2277.109143] CPU: 0 PID: 10371 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2277.110005] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2277.111043] Call Trace:
[ 2277.111368]  dump_stack+0x107/0x167
[ 2277.111833]  kmem_cache_create_usercopy.cold+0x17/0x65
[ 2277.112491]  p9_client_create+0xc6a/0x1230
[ 2277.113025]  ? p9_client_flush+0x430/0x430
[ 2277.113545]  ? trace_hardirqs_on+0x5b/0x180
[ 2277.114077]  ? lockdep_init_map_type+0x2c7/0x780
[ 2277.114669]  ? __raw_spin_lock_init+0x36/0x110
[ 2277.115341]  v9fs_session_init+0x1dd/0x1680
[ 2277.115984]  ? lock_release+0x680/0x680
[ 2277.116556]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2277.117151]  ? v9fs_show_options+0x690/0x690
[ 2277.117700]  ? trace_hardirqs_on+0x5b/0x180
[ 2277.118232]  ? kasan_unpoison_shadow+0x33/0x50
[ 2277.118840]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2277.119463]  v9fs_mount+0x79/0x8f0
[ 2277.119903]  ? v9fs_write_inode+0x60/0x60
[ 2277.120411]  legacy_get_tree+0x105/0x220
[ 2277.120918]  vfs_get_tree+0x8e/0x300
[ 2277.121376]  path_mount+0x1490/0x21e0
[ 2277.121847]  ? strncpy_from_user+0x9e/0x470
[ 2277.122377]  ? finish_automount+0xa90/0xa90
[ 2277.122910]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2277.123478]  ? _copy_from_user+0xfb/0x1b0
[ 2277.123989]  __x64_sys_mount+0x282/0x300
[ 2277.124492]  ? copy_mnt_ns+0xa00/0xa00
[ 2277.124972]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2277.125613]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2277.126244]  do_syscall_64+0x33/0x40
[ 2277.126699]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2277.127358] RIP: 0033:0x7f3f98f8db19
[ 2277.127819] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2277.130079] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2277.131022] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2277.131892] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2277.132767] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2277.133644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2277.134519] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
[ 2277.152195] FAULT_INJECTION: forcing a failure.
[ 2277.152195] name failslab, interval 1, probability 0, space 0, times 0
[ 2277.154643] CPU: 1 PID: 10385 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2277.156133] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2277.157908] Call Trace:
[ 2277.158471]  dump_stack+0x107/0x167
[ 2277.159261]  should_fail.cold+0x5/0xa
[ 2277.160081]  should_failslab+0x5/0x20
[ 2277.160899]  __kmalloc_track_caller+0x79/0x370
[ 2277.161876]  ? kasprintf+0xbb/0xf0
[ 2277.162638]  kvasprintf+0xb5/0x150
[ 2277.163396]  ? bust_spinlocks+0xe0/0xe0
[ 2277.164254]  kasprintf+0xbb/0xf0
[ 2277.164971]  ? kvasprintf_const+0x1a0/0x1a0
[ 2277.165879]  ? kmem_cache_free+0x249/0x2d0
[ 2277.166795]  ? p9_client_create+0xbfa/0x1230
[ 2277.167739]  p9_client_create+0xc1b/0x1230
[ 2277.168645]  ? p9_client_flush+0x430/0x430
[ 2277.169546]  ? trace_hardirqs_on+0x5b/0x180
[ 2277.170481]  ? lockdep_init_map_type+0x2c7/0x780
[ 2277.171497]  ? __raw_spin_lock_init+0x36/0x110
[ 2277.172475]  v9fs_session_init+0x1dd/0x1680
[ 2277.173391]  ? lock_release+0x680/0x680
[ 2277.174247]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2277.175281]  ? v9fs_show_options+0x690/0x690
[ 2277.176217]  ? trace_hardirqs_on+0x5b/0x180
[ 2277.177138]  ? kasan_unpoison_shadow+0x33/0x50
[ 2277.178110]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2277.179197]  v9fs_mount+0x79/0x8f0
[ 2277.179952]  ? v9fs_write_inode+0x60/0x60
[ 2277.180818]  legacy_get_tree+0x105/0x220
[ 2277.181675]  vfs_get_tree+0x8e/0x300
[ 2277.182455]  path_mount+0x1490/0x21e0
[ 2277.183266]  ? strncpy_from_user+0x9e/0x470
[ 2277.184173]  ? finish_automount+0xa90/0xa90
[ 2277.185082]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2277.186053]  ? _copy_from_user+0xfb/0x1b0
[ 2277.186943]  __x64_sys_mount+0x282/0x300
[ 2277.187809]  ? copy_mnt_ns+0xa00/0xa00
[ 2277.188644]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2277.189752]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2277.190840]  do_syscall_64+0x33/0x40
[ 2277.191629]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2277.192707] RIP: 0033:0x7f32cefd1b19
[ 2277.193488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2277.197372] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2277.199170] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2277.200883] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
13:58:49 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x4c, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

[ 2277.202600] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2277.204711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2277.206212] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
13:58:50 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x900, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:58:50 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:58:50 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:58:50 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 51)

13:58:50 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x68, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:58:50 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0)
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:58:50 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev}, 0x7})
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:58:50 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 52)

[ 2277.516049] FAULT_INJECTION: forcing a failure.
[ 2277.516049] name failslab, interval 1, probability 0, space 0, times 0
[ 2277.517422] CPU: 0 PID: 10400 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2277.518209] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2277.519169] Call Trace:
[ 2277.519483]  dump_stack+0x107/0x167
[ 2277.519901]  should_fail.cold+0x5/0xa
[ 2277.520340]  ? create_object.isra.0+0x3a/0xa30
[ 2277.520858]  should_failslab+0x5/0x20
[ 2277.521298]  kmem_cache_alloc+0x5b/0x310
[ 2277.521771]  ? lock_acquire+0x197/0x470
[ 2277.522237]  create_object.isra.0+0x3a/0xa30
[ 2277.522751]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2277.523454]  __kmalloc_track_caller+0x177/0x370
[ 2277.524093]  ? kstrdup_const+0x53/0x80
[ 2277.524570]  ? kasprintf+0xbb/0xf0
[ 2277.524978]  kstrdup+0x36/0x70
[ 2277.525344]  kstrdup_const+0x53/0x80
[ 2277.525775]  kmem_cache_create_usercopy+0x12f/0x2f0
[ 2277.526349]  p9_client_create+0xc6a/0x1230
[ 2277.526850]  ? p9_client_flush+0x430/0x430
[ 2277.527335]  ? trace_hardirqs_on+0x5b/0x180
[ 2277.527826]  ? lockdep_init_map_type+0x2c7/0x780
[ 2277.528373]  ? __raw_spin_lock_init+0x36/0x110
[ 2277.528894]  v9fs_session_init+0x1dd/0x1680
[ 2277.529389]  ? lock_release+0x680/0x680
[ 2277.529848]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2277.530397]  ? v9fs_show_options+0x690/0x690
[ 2277.530909]  ? trace_hardirqs_on+0x5b/0x180
[ 2277.531406]  ? kasan_unpoison_shadow+0x33/0x50
[ 2277.531927]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2277.532508]  v9fs_mount+0x79/0x8f0
[ 2277.532917]  ? v9fs_write_inode+0x60/0x60
[ 2277.533398]  legacy_get_tree+0x105/0x220
[ 2277.533865]  vfs_get_tree+0x8e/0x300
[ 2277.534296]  path_mount+0x1490/0x21e0
[ 2277.534753]  ? strncpy_from_user+0x9e/0x470
[ 2277.535256]  ? finish_automount+0xa90/0xa90
[ 2277.535751]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2277.536283]  ? _copy_from_user+0xfb/0x1b0
[ 2277.536761]  __x64_sys_mount+0x282/0x300
[ 2277.537223]  ? copy_mnt_ns+0xa00/0xa00
[ 2277.537676]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2277.538281]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2277.538881]  do_syscall_64+0x33/0x40
[ 2277.539306]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2277.539899] RIP: 0033:0x7f3f98f8db19
[ 2277.540336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2277.542429] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2277.543306] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2277.544118] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2277.544928] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2277.545745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2277.546561] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
13:58:50 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x6c, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

[ 2277.586157] FAULT_INJECTION: forcing a failure.
[ 2277.586157] name failslab, interval 1, probability 0, space 0, times 0
[ 2277.588699] CPU: 1 PID: 10408 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2277.590221] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2277.592006] Call Trace:
[ 2277.592609]  dump_stack+0x107/0x167
[ 2277.593380]  should_fail.cold+0x5/0xa
[ 2277.594212]  ? create_object.isra.0+0x3a/0xa30
[ 2277.595211]  should_failslab+0x5/0x20
[ 2277.596046]  kmem_cache_alloc+0x5b/0x310
[ 2277.596935]  create_object.isra.0+0x3a/0xa30
[ 2277.597854]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2277.598962]  kmem_cache_alloc+0x159/0x310
[ 2277.599870]  kmem_cache_create_usercopy+0x190/0x2f0
[ 2277.600955]  p9_client_create+0xc6a/0x1230
[ 2277.601901]  ? p9_client_flush+0x430/0x430
[ 2277.602832]  ? trace_hardirqs_on+0x5b/0x180
[ 2277.603771]  ? lockdep_init_map_type+0x2c7/0x780
[ 2277.604801]  ? __raw_spin_lock_init+0x36/0x110
[ 2277.605780]  v9fs_session_init+0x1dd/0x1680
[ 2277.606714]  ? lock_release+0x680/0x680
[ 2277.607610]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2277.608655]  ? v9fs_show_options+0x690/0x690
[ 2277.609621]  ? trace_hardirqs_on+0x5b/0x180
[ 2277.610564]  ? kasan_unpoison_shadow+0x33/0x50
[ 2277.611563]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2277.612655]  v9fs_mount+0x79/0x8f0
[ 2277.613405]  ? v9fs_write_inode+0x60/0x60
[ 2277.614301]  legacy_get_tree+0x105/0x220
[ 2277.615204]  vfs_get_tree+0x8e/0x300
[ 2277.616025]  path_mount+0x1490/0x21e0
[ 2277.616839]  ? strncpy_from_user+0x9e/0x470
[ 2277.617770]  ? finish_automount+0xa90/0xa90
[ 2277.618704]  ? getname_flags.part.0+0x1dd/0x4f0
13:58:50 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0xa00, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

[ 2277.619728]  ? _copy_from_user+0xfb/0x1b0
[ 2277.620798]  __x64_sys_mount+0x282/0x300
[ 2277.621676]  ? copy_mnt_ns+0xa00/0xa00
[ 2277.622497]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2277.623648]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2277.624761]  do_syscall_64+0x33/0x40
[ 2277.625570]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2277.626672] RIP: 0033:0x7f32cefd1b19
[ 2277.627498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2277.631419] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2277.633059] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
13:58:50 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x74, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

[ 2277.634615] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2277.636644] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2277.638561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2277.640505] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
13:58:50 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0xb00, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:58:50 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev}, 0x7})
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:58:50 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x1020, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:58:50 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 53)

[ 2277.837400] FAULT_INJECTION: forcing a failure.
[ 2277.837400] name failslab, interval 1, probability 0, space 0, times 0
[ 2277.839027] CPU: 0 PID: 10432 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2277.839808] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2277.840744] Call Trace:
[ 2277.841050]  dump_stack+0x107/0x167
[ 2277.841472]  should_fail.cold+0x5/0xa
[ 2277.841918]  ? __kmem_cache_create+0x10e/0x520
[ 2277.842438]  should_failslab+0x5/0x20
[ 2277.842878]  kmem_cache_alloc_node+0x55/0x330
[ 2277.843396]  __kmem_cache_create+0x10e/0x520
[ 2277.843905]  kmem_cache_create_usercopy+0x1db/0x2f0
[ 2277.844489]  p9_client_create+0xc6a/0x1230
[ 2277.844981]  ? p9_client_flush+0x430/0x430
[ 2277.845472]  ? trace_hardirqs_on+0x5b/0x180
[ 2277.845976]  ? lockdep_init_map_type+0x2c7/0x780
[ 2277.846518]  ? __raw_spin_lock_init+0x36/0x110
[ 2277.847058]  v9fs_session_init+0x1dd/0x1680
[ 2277.847557]  ? lock_release+0x680/0x680
[ 2277.848014]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2277.848568]  ? v9fs_show_options+0x690/0x690
[ 2277.849089]  ? trace_hardirqs_on+0x5b/0x180
[ 2277.849590]  ? kasan_unpoison_shadow+0x33/0x50
[ 2277.850118]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2277.850707]  v9fs_mount+0x79/0x8f0
[ 2277.851124]  ? v9fs_write_inode+0x60/0x60
[ 2277.851598]  legacy_get_tree+0x105/0x220
[ 2277.852064]  vfs_get_tree+0x8e/0x300
[ 2277.852489]  path_mount+0x1490/0x21e0
[ 2277.852931]  ? strncpy_from_user+0x9e/0x470
[ 2277.853423]  ? finish_automount+0xa90/0xa90
[ 2277.853915]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2277.854446]  ? _copy_from_user+0xfb/0x1b0
[ 2277.854938]  __x64_sys_mount+0x282/0x300
[ 2277.855397]  ? copy_mnt_ns+0xa00/0xa00
[ 2277.855847]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2277.856449]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2277.857040]  do_syscall_64+0x33/0x40
[ 2277.857469]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2277.858062] RIP: 0033:0x7f32cefd1b19
[ 2277.858489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2277.860601] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2277.861477] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2277.862292] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2277.863108] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2277.863918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2277.864731] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
[ 2277.865643] kmem_cache_create(9p-fcall-cache-1170) failed with error -22
[ 2277.866441] CPU: 0 PID: 10432 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2277.867234] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2277.868174] Call Trace:
[ 2277.868484]  dump_stack+0x107/0x167
[ 2277.868913]  kmem_cache_create_usercopy.cold+0x17/0x65
[ 2277.869520]  p9_client_create+0xc6a/0x1230
[ 2277.870013]  ? p9_client_flush+0x430/0x430
[ 2277.870502]  ? trace_hardirqs_on+0x5b/0x180
[ 2277.871013]  ? lockdep_init_map_type+0x2c7/0x780
[ 2277.871554]  ? __raw_spin_lock_init+0x36/0x110
[ 2277.872086]  v9fs_session_init+0x1dd/0x1680
[ 2277.872575]  ? lock_release+0x680/0x680
[ 2277.873034]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2277.873585]  ? v9fs_show_options+0x690/0x690
[ 2277.874093]  ? trace_hardirqs_on+0x5b/0x180
[ 2277.874586]  ? kasan_unpoison_shadow+0x33/0x50
[ 2277.875112]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2277.875695]  v9fs_mount+0x79/0x8f0
[ 2277.876099]  ? v9fs_write_inode+0x60/0x60
[ 2277.876574]  legacy_get_tree+0x105/0x220
[ 2277.877037]  vfs_get_tree+0x8e/0x300
[ 2277.877462]  path_mount+0x1490/0x21e0
[ 2277.877898]  ? strncpy_from_user+0x9e/0x470
[ 2277.878397]  ? finish_automount+0xa90/0xa90
[ 2277.878902]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2277.879433]  ? _copy_from_user+0xfb/0x1b0
[ 2277.879917]  __x64_sys_mount+0x282/0x300
[ 2277.880381]  ? copy_mnt_ns+0xa00/0xa00
[ 2277.880835]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2277.881443]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2277.882038]  do_syscall_64+0x33/0x40
[ 2277.882479]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2277.883075] RIP: 0033:0x7f32cefd1b19
[ 2277.883513] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2277.885608] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2277.886480] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2277.887302] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2277.888105] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2277.888906] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2277.889712] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
[ 2293.744477] FAULT_INJECTION: forcing a failure.
[ 2293.744477] name failslab, interval 1, probability 0, space 0, times 0
[ 2293.746954] CPU: 0 PID: 10441 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2293.748423] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2293.750377] Call Trace:
[ 2293.750951]  dump_stack+0x107/0x167
[ 2293.751719]  should_fail.cold+0x5/0xa
[ 2293.752512]  ? create_object.isra.0+0x3a/0xa30
[ 2293.753454]  should_failslab+0x5/0x20
[ 2293.754244]  kmem_cache_alloc+0x5b/0x310
[ 2293.755099]  create_object.isra.0+0x3a/0xa30
[ 2293.756009]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2293.757070]  __kmalloc_track_caller+0x177/0x370
[ 2293.758046]  ? kstrdup_const+0x53/0x80
[ 2293.758863]  kstrdup+0x36/0x70
[ 2293.759545]  kstrdup_const+0x53/0x80
[ 2293.760326]  kmem_cache_create_usercopy+0x12f/0x2f0
[ 2293.761382]  p9_client_create+0xc6a/0x1230
[ 2293.762279]  ? p9_client_flush+0x430/0x430
[ 2293.763174]  ? trace_hardirqs_on+0x5b/0x180
[ 2293.764076]  ? lockdep_init_map_type+0x2c7/0x780
[ 2293.765063]  ? __raw_spin_lock_init+0x36/0x110
[ 2293.766023]  v9fs_session_init+0x1dd/0x1680
[ 2293.766937]  ? lock_release+0x680/0x680
[ 2293.767771]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2293.768778]  ? v9fs_show_options+0x690/0x690
[ 2293.769699]  ? trace_hardirqs_on+0x5b/0x180
[ 2293.770598]  ? kasan_unpoison_shadow+0x33/0x50
[ 2293.771558]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2293.772614]  v9fs_mount+0x79/0x8f0
[ 2293.773349]  ? v9fs_write_inode+0x60/0x60
[ 2293.774217]  legacy_get_tree+0x105/0x220
[ 2293.775066]  vfs_get_tree+0x8e/0x300
[ 2293.775854]  path_mount+0x1490/0x21e0
[ 2293.776650]  ? strncpy_from_user+0x9e/0x470
[ 2293.777548]  ? finish_automount+0xa90/0xa90
[ 2293.778441]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2293.779424]  ? _copy_from_user+0xfb/0x1b0
[ 2293.780288]  __x64_sys_mount+0x282/0x300
[ 2293.781128]  ? copy_mnt_ns+0xa00/0xa00
[ 2293.781948]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2293.783042]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2293.784115]  do_syscall_64+0x33/0x40
[ 2293.784889]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2293.785954] RIP: 0033:0x7f3f98f8db19
[ 2293.786732] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2293.790662] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2293.792260] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2293.793757] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2293.795346] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2293.796574] 9pnet: Insufficient options for proto=fd
[ 2293.796837] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2293.799038] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
13:59:06 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 54)

13:59:06 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}})
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:59:06 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280))

13:59:06 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:59:06 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x7a, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:59:06 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 52)

13:59:06 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0)
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:59:06 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x2000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

[ 2293.815296] FAULT_INJECTION: forcing a failure.
[ 2293.815296] name failslab, interval 1, probability 0, space 0, times 0
[ 2293.816717] CPU: 1 PID: 10437 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2293.817576] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2293.818580] Call Trace:
[ 2293.818930]  dump_stack+0x107/0x167
[ 2293.819368]  should_fail.cold+0x5/0xa
[ 2293.819833]  ? create_object.isra.0+0x3a/0xa30
[ 2293.820391]  should_failslab+0x5/0x20
[ 2293.820849]  kmem_cache_alloc+0x5b/0x310
[ 2293.821337]  create_object.isra.0+0x3a/0xa30
[ 2293.821859]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2293.822466]  kmem_cache_alloc_node+0x169/0x330
[ 2293.823067]  __kmem_cache_create+0x10e/0x520
[ 2293.823601]  kmem_cache_create_usercopy+0x1db/0x2f0
[ 2293.824246]  p9_client_create+0xc6a/0x1230
[ 2293.824756]  ? p9_client_flush+0x430/0x430
[ 2293.825259]  ? trace_hardirqs_on+0x5b/0x180
[ 2293.825775]  ? lockdep_init_map_type+0x2c7/0x780
[ 2293.826337]  ? __raw_spin_lock_init+0x36/0x110
[ 2293.826893]  v9fs_session_init+0x1dd/0x1680
[ 2293.827407]  ? lock_release+0x680/0x680
[ 2293.827883]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2293.828453]  ? v9fs_show_options+0x690/0x690
[ 2293.829011]  ? trace_hardirqs_on+0x5b/0x180
[ 2293.829541]  ? kasan_unpoison_shadow+0x33/0x50
[ 2293.830129]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2293.830737]  v9fs_mount+0x79/0x8f0
[ 2293.831174]  ? v9fs_write_inode+0x60/0x60
[ 2293.831665]  legacy_get_tree+0x105/0x220
[ 2293.832155]  vfs_get_tree+0x8e/0x300
[ 2293.832598]  path_mount+0x1490/0x21e0
[ 2293.833057]  ? strncpy_from_user+0x9e/0x470
[ 2293.833568]  ? finish_automount+0xa90/0xa90
[ 2293.834082]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2293.834638]  ? _copy_from_user+0xfb/0x1b0
[ 2293.835144]  __x64_sys_mount+0x282/0x300
[ 2293.835635]  ? copy_mnt_ns+0xa00/0xa00
[ 2293.836107]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2293.836731]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2293.837345]  do_syscall_64+0x33/0x40
[ 2293.837795]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2293.838406] RIP: 0033:0x7f32cefd1b19
[ 2293.838852] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2293.841033] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2293.841935] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2293.842780] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2293.843645] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2293.844503] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2293.845349] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
13:59:06 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0xae, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:59:06 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x2010, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:59:22 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}})
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:59:22 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:59:22 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0)
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:59:22 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 55)

13:59:22 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 53)

13:59:22 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x2e00, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:59:22 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x300, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:59:22 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280))

[ 2309.312161] FAULT_INJECTION: forcing a failure.
[ 2309.312161] name failslab, interval 1, probability 0, space 0, times 0
[ 2309.314600] CPU: 0 PID: 10477 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2309.316107] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2309.317861] Call Trace:
[ 2309.318424]  dump_stack+0x107/0x167
[ 2309.319211]  should_fail.cold+0x5/0xa
[ 2309.320019]  ? create_object.isra.0+0x3a/0xa30
[ 2309.320985]  should_failslab+0x5/0x20
[ 2309.321794]  kmem_cache_alloc+0x5b/0x310
[ 2309.322658]  create_object.isra.0+0x3a/0xa30
[ 2309.323595]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2309.324671]  kmem_cache_alloc+0x159/0x310
[ 2309.325560]  kmem_cache_create_usercopy+0x190/0x2f0
[ 2309.326624]  p9_client_create+0xc6a/0x1230
[ 2309.327544]  ? p9_client_flush+0x430/0x430
[ 2309.328444]  ? trace_hardirqs_on+0x5b/0x180
[ 2309.329376]  ? lockdep_init_map_type+0x2c7/0x780
[ 2309.330383]  ? __raw_spin_lock_init+0x36/0x110
[ 2309.331377]  v9fs_session_init+0x1dd/0x1680
[ 2309.332288]  ? lock_release+0x680/0x680
[ 2309.333137]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2309.334154]  ? v9fs_show_options+0x690/0x690
[ 2309.335098]  ? trace_hardirqs_on+0x5b/0x180
[ 2309.336008]  ? kasan_unpoison_shadow+0x33/0x50
[ 2309.336977]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2309.338040]  v9fs_mount+0x79/0x8f0
[ 2309.338791]  ? v9fs_write_inode+0x60/0x60
[ 2309.339681]  legacy_get_tree+0x105/0x220
[ 2309.340540]  vfs_get_tree+0x8e/0x300
[ 2309.341330]  path_mount+0x1490/0x21e0
[ 2309.342145]  ? strncpy_from_user+0x9e/0x470
[ 2309.343067]  ? finish_automount+0xa90/0xa90
[ 2309.343977]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2309.344966]  ? _copy_from_user+0xfb/0x1b0
[ 2309.345859]  __x64_sys_mount+0x282/0x300
[ 2309.346715]  ? copy_mnt_ns+0xa00/0xa00
[ 2309.347545]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2309.348655]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2309.349744]  do_syscall_64+0x33/0x40
[ 2309.350537]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2309.351626] RIP: 0033:0x7f3f98f8db19
[ 2309.352409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2309.356307] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2309.357921] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2309.359454] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2309.360964] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2309.362487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2309.364002] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
13:59:22 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x3f00, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:59:22 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x4000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

[ 2309.383649] 9pnet: Insufficient options for proto=fd
[ 2309.418844] FAULT_INJECTION: forcing a failure.
[ 2309.418844] name failslab, interval 1, probability 0, space 0, times 0
[ 2309.420214] CPU: 1 PID: 10479 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2309.420996] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2309.421932] Call Trace:
[ 2309.422239]  dump_stack+0x107/0x167
[ 2309.422663]  should_fail.cold+0x5/0xa
[ 2309.423109]  ? create_object.isra.0+0x3a/0xa30
[ 2309.423631]  should_failslab+0x5/0x20
[ 2309.424072]  kmem_cache_alloc+0x5b/0x310
[ 2309.424533]  create_object.isra.0+0x3a/0xa30
[ 2309.425041]  kmemleak_alloc_percpu+0xa0/0x100
[ 2309.425550]  pcpu_alloc+0x4e2/0x1240
[ 2309.425982]  __kmem_cache_create+0x35a/0x520
[ 2309.426487]  kmem_cache_create_usercopy+0x1db/0x2f0
[ 2309.427060]  p9_client_create+0xc6a/0x1230
[ 2309.427551]  ? p9_client_flush+0x430/0x430
[ 2309.428030]  ? trace_hardirqs_on+0x5b/0x180
[ 2309.428526]  ? lockdep_init_map_type+0x2c7/0x780
[ 2309.429064]  ? __raw_spin_lock_init+0x36/0x110
[ 2309.429586]  v9fs_session_init+0x1dd/0x1680
[ 2309.430070]  ? lock_release+0x680/0x680
[ 2309.430527]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2309.431074]  ? v9fs_show_options+0x690/0x690
[ 2309.431576]  ? trace_hardirqs_on+0x5b/0x180
[ 2309.432062]  ? kasan_unpoison_shadow+0x33/0x50
[ 2309.432575]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2309.433149]  v9fs_mount+0x79/0x8f0
[ 2309.433558]  ? v9fs_write_inode+0x60/0x60
[ 2309.434026]  legacy_get_tree+0x105/0x220
[ 2309.434490]  vfs_get_tree+0x8e/0x300
[ 2309.434908]  path_mount+0x1490/0x21e0
[ 2309.435355]  ? strncpy_from_user+0x9e/0x470
[ 2309.435842]  ? finish_automount+0xa90/0xa90
[ 2309.436331]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2309.436855]  ? _copy_from_user+0xfb/0x1b0
[ 2309.437327]  __x64_sys_mount+0x282/0x300
[ 2309.437798]  ? copy_mnt_ns+0xa00/0xa00
[ 2309.438252]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2309.438847]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2309.439446]  do_syscall_64+0x33/0x40
[ 2309.439865]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2309.440441] RIP: 0033:0x7f32cefd1b19
[ 2309.440870] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2309.442947] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2309.443822] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2309.444635] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2309.445448] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2309.446259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2309.447066] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
[ 2322.218432] FAULT_INJECTION: forcing a failure.
[ 2322.218432] name failslab, interval 1, probability 0, space 0, times 0
[ 2322.219982] CPU: 1 PID: 10501 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2322.220805] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2322.221846] Call Trace:
[ 2322.222183]  dump_stack+0x107/0x167
[ 2322.222655]  should_fail.cold+0x5/0xa
[ 2322.223139]  ? create_object.isra.0+0x3a/0xa30
[ 2322.223725]  should_failslab+0x5/0x20
[ 2322.224223]  kmem_cache_alloc+0x5b/0x310
[ 2322.224752]  create_object.isra.0+0x3a/0xa30
[ 2322.225306]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2322.225955]  kmem_cache_alloc_node+0x169/0x330
[ 2322.226542]  __kmem_cache_create+0x10e/0x520
[ 2322.227107]  kmem_cache_create_usercopy+0x1db/0x2f0
[ 2322.227728]  p9_client_create+0xc6a/0x1230
[ 2322.228269]  ? p9_client_flush+0x430/0x430
[ 2322.228804]  ? trace_hardirqs_on+0x5b/0x180
[ 2322.229352]  ? lockdep_init_map_type+0x2c7/0x780
[ 2322.229967]  ? __raw_spin_lock_init+0x36/0x110
[ 2322.230553]  v9fs_session_init+0x1dd/0x1680
[ 2322.231100]  ? lock_release+0x680/0x680
[ 2322.231616]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2322.232231]  ? v9fs_show_options+0x690/0x690
[ 2322.232773]  ? trace_hardirqs_on+0x5b/0x180
[ 2322.233340]  ? kasan_unpoison_shadow+0x33/0x50
[ 2322.233926]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2322.234574]  v9fs_mount+0x79/0x8f0
[ 2322.235024]  ? v9fs_write_inode+0x60/0x60
[ 2322.235552]  legacy_get_tree+0x105/0x220
[ 2322.236067]  vfs_get_tree+0x8e/0x300
[ 2322.236539]  path_mount+0x1490/0x21e0
[ 2322.237024]  ? strncpy_from_user+0x9e/0x470
[ 2322.237565]  ? finish_automount+0xa90/0xa90
[ 2322.238089]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2322.238676]  ? _copy_from_user+0xfb/0x1b0
[ 2322.239231]  __x64_sys_mount+0x282/0x300
[ 2322.239744]  ? copy_mnt_ns+0xa00/0xa00
[ 2322.240222]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2322.240888]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2322.241778]  do_syscall_64+0x33/0x40
[ 2322.242412]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2322.243205] RIP: 0033:0x7f3f98f8db19
[ 2322.243682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2322.245994] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2322.246966] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2322.247826] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2322.248717] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2322.249613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2322.250515] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
13:59:34 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 56)

13:59:34 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x4084, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:59:34 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:59:34 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}})
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:59:34 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x3fd, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:59:35 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280))

13:59:35 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
[ 2322.270962] 9pnet: Insufficient options for proto=fd
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(0x0)
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r3, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280))

13:59:35 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 54)

[ 2322.295404] FAULT_INJECTION: forcing a failure.
[ 2322.295404] name failslab, interval 1, probability 0, space 0, times 0
[ 2322.296887] CPU: 1 PID: 10511 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2322.297759] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2322.298733] Call Trace:
[ 2322.299059]  dump_stack+0x107/0x167
[ 2322.299522]  should_fail.cold+0x5/0xa
[ 2322.299995]  ? create_object.isra.0+0x3a/0xa30
[ 2322.300560]  should_failslab+0x5/0x20
[ 2322.301045]  kmem_cache_alloc+0x5b/0x310
[ 2322.301529]  ? mark_held_locks+0x9e/0xe0
[ 2322.302040]  create_object.isra.0+0x3a/0xa30
[ 2322.302606]  kmemleak_alloc_percpu+0xa0/0x100
[ 2322.303187]  pcpu_alloc+0x4e2/0x1240
[ 2322.303670]  __kmem_cache_create+0x35a/0x520
[ 2322.304232]  kmem_cache_create_usercopy+0x1db/0x2f0
[ 2322.304854]  p9_client_create+0xc6a/0x1230
[ 2322.305389]  ? p9_client_flush+0x430/0x430
[ 2322.305916]  ? trace_hardirqs_on+0x5b/0x180
[ 2322.306454]  ? lockdep_init_map_type+0x2c7/0x780
[ 2322.307040]  ? __raw_spin_lock_init+0x36/0x110
[ 2322.307589]  v9fs_session_init+0x1dd/0x1680
[ 2322.308122]  ? lock_release+0x680/0x680
13:59:35 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2322.308825]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2322.309566]  ? v9fs_show_options+0x690/0x690
[ 2322.310138]  ? trace_hardirqs_on+0x5b/0x180
[ 2322.310473] 9pnet: Insufficient options for proto=fd
[ 2322.310672]  ? kasan_unpoison_shadow+0x33/0x50
[ 2322.310683]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2322.310697]  v9fs_mount+0x79/0x8f0
[ 2322.310715]  ? v9fs_write_inode+0x60/0x60
[ 2322.313959]  legacy_get_tree+0x105/0x220
[ 2322.314477]  vfs_get_tree+0x8e/0x300
[ 2322.314954]  path_mount+0x1490/0x21e0
[ 2322.315449]  ? strncpy_from_user+0x9e/0x470
[ 2322.315998]  ? finish_automount+0xa90/0xa90
[ 2322.316546]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2322.317142]  ? _copy_from_user+0xfb/0x1b0
[ 2322.317683]  __x64_sys_mount+0x282/0x300
[ 2322.318197]  ? copy_mnt_ns+0xa00/0xa00
[ 2322.318695]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2322.319370]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2322.320026]  do_syscall_64+0x33/0x40
[ 2322.320509]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2322.321164] RIP: 0033:0x7f32cefd1b19
[ 2322.321634] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2322.323973] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2322.324934] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2322.325839] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2322.326742] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2322.327642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2322.328539] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
13:59:35 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x4800, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:59:35 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x500, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:59:35 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(0x0)
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r3, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280))

13:59:35 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 55)

13:59:35 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 57)

13:59:35 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2322.461975] 9pnet: Insufficient options for proto=fd
13:59:35 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:59:35 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(0x0)
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r3, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280))

[ 2322.500609] FAULT_INJECTION: forcing a failure.
[ 2322.500609] name failslab, interval 1, probability 0, space 0, times 0
[ 2322.502004] CPU: 1 PID: 10527 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2322.502817] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2322.503773] Call Trace:
[ 2322.504091]  dump_stack+0x107/0x167
[ 2322.504525]  should_fail.cold+0x5/0xa
[ 2322.504977]  ? create_object.isra.0+0x3a/0xa30
[ 2322.505514]  should_failslab+0x5/0x20
[ 2322.505956]  kmem_cache_alloc+0x5b/0x310
[ 2322.506437]  create_object.isra.0+0x3a/0xa30
[ 2322.506964]  kmemleak_alloc_percpu+0xa0/0x100
[ 2322.507513]  pcpu_alloc+0x4e2/0x1240
[ 2322.507965]  __kmem_cache_create+0x35a/0x520
[ 2322.508485]  kmem_cache_create_usercopy+0x1db/0x2f0
[ 2322.509065]  p9_client_create+0xc6a/0x1230
[ 2322.509569]  ? p9_client_flush+0x430/0x430
[ 2322.510071]  ? trace_hardirqs_on+0x5b/0x180
[ 2322.510584]  ? lockdep_init_map_type+0x2c7/0x780
[ 2322.511158]  ? __raw_spin_lock_init+0x36/0x110
[ 2322.511704]  v9fs_session_init+0x1dd/0x1680
[ 2322.512216]  ? lock_release+0x680/0x680
[ 2322.512680]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2322.513257]  ? v9fs_show_options+0x690/0x690
[ 2322.513773]  ? trace_hardirqs_on+0x5b/0x180
[ 2322.514279]  ? kasan_unpoison_shadow+0x33/0x50
[ 2322.514817]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2322.515421]  v9fs_mount+0x79/0x8f0
[ 2322.515840]  ? v9fs_write_inode+0x60/0x60
[ 2322.516315]  legacy_get_tree+0x105/0x220
[ 2322.516795]  vfs_get_tree+0x8e/0x300
[ 2322.517234]  path_mount+0x1490/0x21e0
[ 2322.517685]  ? strncpy_from_user+0x9e/0x470
[ 2322.518195]  ? finish_automount+0xa90/0xa90
[ 2322.518700]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2322.519258]  ? _copy_from_user+0xfb/0x1b0
[ 2322.519741]  __x64_sys_mount+0x282/0x300
[ 2322.520218]  ? copy_mnt_ns+0xa00/0xa00
[ 2322.520676]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2322.521291]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2322.521894]  do_syscall_64+0x33/0x40
[ 2322.522331]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2322.522930] RIP: 0033:0x7f3f98f8db19
[ 2322.523371] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2322.525528] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2322.526419] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2322.527257] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2322.528092] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2322.528930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2322.529769] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
13:59:35 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x600, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:59:35 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x4c00, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:59:35 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2322.568010] 9pnet: Insufficient options for proto=fd
13:59:35 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x6800, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:59:35 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x700, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

[ 2322.609056] FAULT_INJECTION: forcing a failure.
[ 2322.609056] name failslab, interval 1, probability 0, space 0, times 0
[ 2322.611551] CPU: 0 PID: 10531 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2322.613048] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2322.614848] Call Trace:
[ 2322.615456]  dump_stack+0x107/0x167
[ 2322.616244]  should_fail.cold+0x5/0xa
[ 2322.617074]  should_failslab+0x5/0x20
[ 2322.617902]  __kmalloc_track_caller+0x79/0x370
[ 2322.618887]  ? kstrdup_const+0x53/0x80
[ 2322.619764]  kstrdup+0x36/0x70
[ 2322.620464]  kstrdup_const+0x53/0x80
[ 2322.621267]  kvasprintf_const+0x10c/0x1a0
[ 2322.622169]  kobject_set_name_vargs+0x56/0x150
[ 2322.623172]  kobject_init_and_add+0xc9/0x160
[ 2322.624124]  ? kobject_create_and_add+0xb0/0xb0
[ 2322.625135]  ? wait_for_completion_io+0x270/0x270
[ 2322.626172]  ? kernfs_name_hash+0xe7/0x110
[ 2322.627090]  ? kernfs_find_ns+0x256/0x380
[ 2322.628006]  sysfs_slab_add+0x172/0x200
[ 2322.628870]  __kmem_cache_create+0x3db/0x520
[ 2322.629829]  kmem_cache_create_usercopy+0x1db/0x2f0
[ 2322.630925]  p9_client_create+0xc6a/0x1230
[ 2322.631861]  ? p9_client_flush+0x430/0x430
[ 2322.632786]  ? trace_hardirqs_on+0x5b/0x180
[ 2322.633727]  ? lockdep_init_map_type+0x2c7/0x780
[ 2322.634755]  ? __raw_spin_lock_init+0x36/0x110
[ 2322.635763]  v9fs_session_init+0x1dd/0x1680
[ 2322.636698]  ? lock_release+0x680/0x680
[ 2322.637574]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2322.638625]  ? v9fs_show_options+0x690/0x690
[ 2322.639600]  ? trace_hardirqs_on+0x5b/0x180
[ 2322.640538]  ? kasan_unpoison_shadow+0x33/0x50
[ 2322.641525]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2322.642629]  v9fs_mount+0x79/0x8f0
[ 2322.643418]  ? v9fs_write_inode+0x60/0x60
[ 2322.644318]  legacy_get_tree+0x105/0x220
[ 2322.645201]  vfs_get_tree+0x8e/0x300
[ 2322.646008]  path_mount+0x1490/0x21e0
[ 2322.646839]  ? strncpy_from_user+0x9e/0x470
[ 2322.647789]  ? finish_automount+0xa90/0xa90
[ 2322.648726]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2322.649733]  ? _copy_from_user+0xfb/0x1b0
[ 2322.650641]  __x64_sys_mount+0x282/0x300
[ 2322.651531]  ? copy_mnt_ns+0xa00/0xa00
[ 2322.652384]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2322.653521]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2322.654643]  do_syscall_64+0x33/0x40
[ 2322.655461]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2322.656576] RIP: 0033:0x7f32cefd1b19
[ 2322.657384] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2322.661391] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2322.663038] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2322.664550] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2322.666046] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2322.667560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2322.669070] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
[ 2322.670936] kobject: can not set name properly!
[ 2322.672061] kmem_cache_create(9p-fcall-cache-1186) failed with error -12
[ 2322.673520] CPU: 0 PID: 10531 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2322.674987] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2322.676753] Call Trace:
[ 2322.677319]  dump_stack+0x107/0x167
[ 2322.678091]  kmem_cache_create_usercopy.cold+0x17/0x65
[ 2322.679217]  p9_client_create+0xc6a/0x1230
[ 2322.680127]  ? p9_client_flush+0x430/0x430
[ 2322.681018]  ? trace_hardirqs_on+0x5b/0x180
[ 2322.681924]  ? lockdep_init_map_type+0x2c7/0x780
[ 2322.682920]  ? __raw_spin_lock_init+0x36/0x110
[ 2322.683889]  v9fs_session_init+0x1dd/0x1680
[ 2322.684798]  ? lock_release+0x680/0x680
[ 2322.685649]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2322.686656]  ? v9fs_show_options+0x690/0x690
[ 2322.687611]  ? trace_hardirqs_on+0x5b/0x180
[ 2322.688524]  ? kasan_unpoison_shadow+0x33/0x50
[ 2322.689488]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2322.690564]  v9fs_mount+0x79/0x8f0
[ 2322.691329]  ? v9fs_write_inode+0x60/0x60
[ 2322.692203]  legacy_get_tree+0x105/0x220
[ 2322.693063]  vfs_get_tree+0x8e/0x300
[ 2322.693848]  path_mount+0x1490/0x21e0
[ 2322.694650]  ? strncpy_from_user+0x9e/0x470
[ 2322.695577]  ? finish_automount+0xa90/0xa90
[ 2322.696486]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2322.697468]  ? _copy_from_user+0xfb/0x1b0
[ 2322.698351]  __x64_sys_mount+0x282/0x300
[ 2322.699210]  ? copy_mnt_ns+0xa00/0xa00
[ 2322.700032]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2322.701131]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2322.702221]  do_syscall_64+0x33/0x40
[ 2322.703008]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2322.704095] RIP: 0033:0x7f32cefd1b19
[ 2322.704879] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2322.708758] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2322.710362] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2322.711878] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2322.713380] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2322.714886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2322.716413] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
13:59:35 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x900, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:59:35 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, 0x0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:59:35 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x6c00, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:59:35 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0xa00, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:59:35 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x7400, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:59:35 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 56)

13:59:35 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 58)

13:59:35 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2322.872350] FAULT_INJECTION: forcing a failure.
[ 2322.872350] name failslab, interval 1, probability 0, space 0, times 0
[ 2322.873721] CPU: 1 PID: 10560 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2322.874512] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2322.875470] Call Trace:
[ 2322.875791]  dump_stack+0x107/0x167
[ 2322.876218]  should_fail.cold+0x5/0xa
[ 2322.876662]  ? create_object.isra.0+0x3a/0xa30
[ 2322.877187]  should_failslab+0x5/0x20
[ 2322.877634]  kmem_cache_alloc+0x5b/0x310
[ 2322.878116]  create_object.isra.0+0x3a/0xa30
[ 2322.878633]  kmemleak_alloc_percpu+0xa0/0x100
[ 2322.879160]  pcpu_alloc+0x4e2/0x1240
[ 2322.879605]  __kmem_cache_create+0x35a/0x520
[ 2322.880119]  kmem_cache_create_usercopy+0x1db/0x2f0
[ 2322.880701]  p9_client_create+0xc6a/0x1230
[ 2322.881200]  ? p9_client_flush+0x430/0x430
[ 2322.881694]  ? trace_hardirqs_on+0x5b/0x180
[ 2322.882196]  ? lockdep_init_map_type+0x2c7/0x780
[ 2322.882751]  ? __raw_spin_lock_init+0x36/0x110
[ 2322.883293]  v9fs_session_init+0x1dd/0x1680
[ 2322.883792]  ? lock_release+0x680/0x680
[ 2322.884255]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2322.884809]  ? v9fs_show_options+0x690/0x690
[ 2322.885325]  ? trace_hardirqs_on+0x5b/0x180
[ 2322.885827]  ? kasan_unpoison_shadow+0x33/0x50
[ 2322.886355]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2322.886942]  v9fs_mount+0x79/0x8f0
[ 2322.887359]  ? v9fs_write_inode+0x60/0x60
[ 2322.887835]  legacy_get_tree+0x105/0x220
[ 2322.888308]  vfs_get_tree+0x8e/0x300
[ 2322.888742]  path_mount+0x1490/0x21e0
[ 2322.889190]  ? strncpy_from_user+0x9e/0x470
[ 2322.889692]  ? finish_automount+0xa90/0xa90
[ 2322.890190]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2322.890730]  ? _copy_from_user+0xfb/0x1b0
[ 2322.891223]  __x64_sys_mount+0x282/0x300
[ 2322.891693]  ? copy_mnt_ns+0xa00/0xa00
[ 2322.892144]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2322.892747]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2322.893351]  do_syscall_64+0x33/0x40
[ 2322.893784]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2322.894384] RIP: 0033:0x7f3f98f8db19
[ 2322.894818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2322.896955] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2322.897837] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2322.898667] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2322.899502] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2322.900321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2322.901146] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
[ 2322.911394] FAULT_INJECTION: forcing a failure.
[ 2322.911394] name failslab, interval 1, probability 0, space 0, times 0
[ 2322.912737] CPU: 1 PID: 10566 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2322.913539] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2322.914494] Call Trace:
[ 2322.914808]  dump_stack+0x107/0x167
[ 2322.915243]  should_fail.cold+0x5/0xa
[ 2322.915685]  ? create_object.isra.0+0x3a/0xa30
[ 2322.916215]  should_failslab+0x5/0x20
[ 2322.916657]  kmem_cache_alloc+0x5b/0x310
[ 2322.917130]  ? mark_held_locks+0x9e/0xe0
[ 2322.917700]  create_object.isra.0+0x3a/0xa30
[ 2322.918218]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2322.918925]  __kmalloc_track_caller+0x177/0x370
[ 2322.919566]  ? kstrdup_const+0x53/0x80
[ 2322.920113]  kstrdup+0x36/0x70
[ 2322.920560]  kstrdup_const+0x53/0x80
[ 2322.921087]  kvasprintf_const+0x10c/0x1a0
[ 2322.921663]  kobject_set_name_vargs+0x56/0x150
[ 2322.922296]  kobject_init_and_add+0xc9/0x160
[ 2322.922910]  ? kobject_create_and_add+0xb0/0xb0
[ 2322.923559]  ? wait_for_completion_io+0x270/0x270
[ 2322.924221]  ? kernfs_name_hash+0xe7/0x110
[ 2322.924819]  ? kernfs_find_ns+0x256/0x380
[ 2322.925401]  sysfs_slab_add+0x172/0x200
[ 2322.925952]  __kmem_cache_create+0x3db/0x520
[ 2322.926557]  kmem_cache_create_usercopy+0x1db/0x2f0
[ 2322.927242]  p9_client_create+0xc6a/0x1230
[ 2322.927835]  ? p9_client_flush+0x430/0x430
[ 2322.928426]  ? trace_hardirqs_on+0x5b/0x180
[ 2322.929023]  ? lockdep_init_map_type+0x2c7/0x780
[ 2322.929679]  ? __raw_spin_lock_init+0x36/0x110
[ 2322.930311]  v9fs_session_init+0x1dd/0x1680
[ 2322.930910]  ? lock_release+0x680/0x680
[ 2322.931475]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2322.932128]  ? v9fs_show_options+0x690/0x690
[ 2322.932742]  ? trace_hardirqs_on+0x5b/0x180
[ 2322.933334]  ? kasan_unpoison_shadow+0x33/0x50
[ 2322.933965]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2322.934665]  v9fs_mount+0x79/0x8f0
[ 2322.935163]  ? v9fs_write_inode+0x60/0x60
[ 2322.935733]  legacy_get_tree+0x105/0x220
[ 2322.936292]  vfs_get_tree+0x8e/0x300
[ 2322.936809]  path_mount+0x1490/0x21e0
[ 2322.937340]  ? strncpy_from_user+0x9e/0x470
[ 2322.937934]  ? finish_automount+0xa90/0xa90
[ 2322.938522]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2322.939164]  ? _copy_from_user+0xfb/0x1b0
[ 2322.939741]  __x64_sys_mount+0x282/0x300
[ 2322.940298]  ? copy_mnt_ns+0xa00/0xa00
[ 2322.940834]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2322.941551]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2322.942259]  do_syscall_64+0x33/0x40
[ 2322.942777]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2322.943495] RIP: 0033:0x7f32cefd1b19
[ 2322.944009] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2322.946518] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2322.947577] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2322.948563] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2322.949546] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2322.950530] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2322.951506] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
13:59:35 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:59:49 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, 0x0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:59:49 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:59:49 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0xb00, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:59:49 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x7a00, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:59:49 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 57)

13:59:49 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:59:49 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 59)

13:59:49 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2336.315957] FAULT_INJECTION: forcing a failure.
[ 2336.315957] name failslab, interval 1, probability 0, space 0, times 0
[ 2336.318900] CPU: 0 PID: 10585 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2336.320642] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2336.322708] Call Trace:
[ 2336.323376]  dump_stack+0x107/0x167
[ 2336.324284]  should_fail.cold+0x5/0xa
[ 2336.325230]  should_failslab+0x5/0x20
[ 2336.326181]  __kmalloc_track_caller+0x79/0x370
[ 2336.327317]  ? kstrdup_const+0x53/0x80
[ 2336.328291]  kstrdup+0x36/0x70
[ 2336.329090]  kstrdup_const+0x53/0x80
[ 2336.330009]  __kernfs_new_node+0x9d/0x860
[ 2336.331051]  ? kernfs_dop_revalidate+0x3a0/0x3a0
[ 2336.332231]  ? lock_acquire+0x197/0x470
[ 2336.333058]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2336.334152]  ? lock_release+0x680/0x680
[ 2336.334984]  ? find_held_lock+0x2c/0x110
[ 2336.335879]  kernfs_new_node+0x18d/0x250
[ 2336.336732]  kernfs_create_dir_ns+0x49/0x160
[ 2336.337644]  sysfs_create_dir_ns+0x127/0x290
[ 2336.338560]  ? sysfs_create_mount_point+0xb0/0xb0
[ 2336.339570]  ? rwlock_bug.part.0+0x90/0x90
[ 2336.340457]  ? do_raw_spin_unlock+0x4f/0x220
[ 2336.341374]  kobject_add_internal+0x25e/0xa30
[ 2336.342317]  kobject_init_and_add+0x101/0x160
[ 2336.343257]  ? kobject_create_and_add+0xb0/0xb0
[ 2336.344230]  ? wait_for_completion_io+0x270/0x270
[ 2336.345226]  ? kernfs_name_hash+0xe7/0x110
[ 2336.346107]  ? kernfs_find_ns+0x256/0x380
[ 2336.346981]  sysfs_slab_add+0x172/0x200
[ 2336.347825]  __kmem_cache_create+0x3db/0x520
[ 2336.348747]  kmem_cache_create_usercopy+0x1db/0x2f0
[ 2336.349793]  p9_client_create+0xc6a/0x1230
[ 2336.350680]  ? p9_client_flush+0x430/0x430
[ 2336.351572]  ? trace_hardirqs_on+0x5b/0x180
[ 2336.352466]  ? lockdep_init_map_type+0x2c7/0x780
[ 2336.353454]  ? __raw_spin_lock_init+0x36/0x110
[ 2336.354412]  v9fs_session_init+0x1dd/0x1680
[ 2336.355328]  ? lock_release+0x680/0x680
[ 2336.356166]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2336.357176]  ? v9fs_show_options+0x690/0x690
[ 2336.358108]  ? trace_hardirqs_on+0x5b/0x180
[ 2336.359006]  ? kasan_unpoison_shadow+0x33/0x50
[ 2336.359965]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2336.361026]  v9fs_mount+0x79/0x8f0
[ 2336.361765]  ? v9fs_write_inode+0x60/0x60
[ 2336.362634]  legacy_get_tree+0x105/0x220
[ 2336.363494]  vfs_get_tree+0x8e/0x300
[ 2336.364269]  path_mount+0x1490/0x21e0
[ 2336.365064]  ? strncpy_from_user+0x9e/0x470
[ 2336.365967]  ? finish_automount+0xa90/0xa90
[ 2336.366869]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2336.367852]  ? _copy_from_user+0xfb/0x1b0
[ 2336.368728]  __x64_sys_mount+0x282/0x300
[ 2336.369569]  ? copy_mnt_ns+0xa00/0xa00
[ 2336.370389]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2336.371497]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2336.372574]  do_syscall_64+0x33/0x40
[ 2336.373346]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2336.374410] RIP: 0033:0x7f32cefd1b19
[ 2336.375189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2336.379009] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2336.380604] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2336.382092] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2336.383594] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2336.385081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2336.386577] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
[ 2336.388334] kobject_add_internal failed for 9p-fcall-cache-1194 (error: -12 parent: slab)
[ 2336.390174] kmem_cache_create(9p-fcall-cache-1194) failed with error -12
[ 2336.390470] FAULT_INJECTION: forcing a failure.
[ 2336.390470] name failslab, interval 1, probability 0, space 0, times 0
[ 2336.391637] CPU: 0 PID: 10585 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2336.391648] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2336.391666] Call Trace:
[ 2336.398121]  dump_stack+0x107/0x167
[ 2336.398887]  kmem_cache_create_usercopy.cold+0x17/0x65
[ 2336.399996]  p9_client_create+0xc6a/0x1230
[ 2336.400892]  ? p9_client_flush+0x430/0x430
[ 2336.401773]  ? trace_hardirqs_on+0x5b/0x180
[ 2336.402679]  ? lockdep_init_map_type+0x2c7/0x780
[ 2336.403674]  ? __raw_spin_lock_init+0x36/0x110
[ 2336.404634]  v9fs_session_init+0x1dd/0x1680
[ 2336.405525]  ? lock_release+0x680/0x680
[ 2336.406357]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2336.407371]  ? v9fs_show_options+0x690/0x690
[ 2336.408303]  ? trace_hardirqs_on+0x5b/0x180
[ 2336.409205]  ? kasan_unpoison_shadow+0x33/0x50
[ 2336.410154]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2336.411205]  v9fs_mount+0x79/0x8f0
[ 2336.411955]  ? v9fs_write_inode+0x60/0x60
[ 2336.412816]  legacy_get_tree+0x105/0x220
[ 2336.413662]  vfs_get_tree+0x8e/0x300
[ 2336.414436]  path_mount+0x1490/0x21e0
[ 2336.415229]  ? strncpy_from_user+0x9e/0x470
[ 2336.416136]  ? finish_automount+0xa90/0xa90
[ 2336.417034]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2336.417995]  ? _copy_from_user+0xfb/0x1b0
[ 2336.418867]  __x64_sys_mount+0x282/0x300
[ 2336.419723]  ? copy_mnt_ns+0xa00/0xa00
[ 2336.420538]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2336.421632]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2336.422711]  do_syscall_64+0x33/0x40
[ 2336.423497]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2336.424560] RIP: 0033:0x7f32cefd1b19
[ 2336.425332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2336.429186] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2336.430783] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2336.432275] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2336.433771] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2336.435269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2336.436766] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
[ 2336.438291] CPU: 1 PID: 10591 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2336.440051] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2336.442092] Call Trace:
[ 2336.442765]  dump_stack+0x107/0x167
[ 2336.443681]  should_fail.cold+0x5/0xa
[ 2336.444620]  should_failslab+0x5/0x20
[ 2336.445553]  __kmalloc_track_caller+0x79/0x370
[ 2336.446675]  ? kstrdup_const+0x53/0x80
[ 2336.447641]  kstrdup+0x36/0x70
[ 2336.448428]  kstrdup_const+0x53/0x80
[ 2336.449344]  kvasprintf_const+0x10c/0x1a0
[ 2336.450365]  kobject_set_name_vargs+0x56/0x150
[ 2336.451496]  kobject_init_and_add+0xc9/0x160
[ 2336.452580]  ? kobject_create_and_add+0xb0/0xb0
[ 2336.453725]  ? wait_for_completion_io+0x270/0x270
[ 2336.454905]  ? kernfs_name_hash+0xe7/0x110
[ 2336.455969]  ? kernfs_find_ns+0x256/0x380
[ 2336.456996]  sysfs_slab_add+0x172/0x200
[ 2336.457971]  __kmem_cache_create+0x3db/0x520
[ 2336.459058]  kmem_cache_create_usercopy+0x1db/0x2f0
[ 2336.460298]  p9_client_create+0xc6a/0x1230
[ 2336.461349]  ? p9_client_flush+0x430/0x430
[ 2336.462385]  ? trace_hardirqs_on+0x5b/0x180
[ 2336.463453]  ? lockdep_init_map_type+0x2c7/0x780
[ 2336.464613]  ? __raw_spin_lock_init+0x36/0x110
[ 2336.465738]  v9fs_session_init+0x1dd/0x1680
[ 2336.466788]  ? lock_release+0x680/0x680
[ 2336.467781]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2336.468959]  ? v9fs_show_options+0x690/0x690
[ 2336.470041]  ? trace_hardirqs_on+0x5b/0x180
[ 2336.471088]  ? kasan_unpoison_shadow+0x33/0x50
[ 2336.472215]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2336.473445]  v9fs_mount+0x79/0x8f0
[ 2336.474312]  ? v9fs_write_inode+0x60/0x60
[ 2336.475344]  legacy_get_tree+0x105/0x220
[ 2336.476330]  vfs_get_tree+0x8e/0x300
[ 2336.477232]  path_mount+0x1490/0x21e0
[ 2336.478167]  ? strncpy_from_user+0x9e/0x470
[ 2336.479213]  ? finish_automount+0xa90/0xa90
[ 2336.480270]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2336.481400]  ? _copy_from_user+0xfb/0x1b0
[ 2336.482415]  __x64_sys_mount+0x282/0x300
[ 2336.483412]  ? copy_mnt_ns+0xa00/0xa00
[ 2336.484365]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2336.485637]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2336.486891]  do_syscall_64+0x33/0x40
[ 2336.487808]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2336.489056] RIP: 0033:0x7f3f98f8db19
[ 2336.489963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2336.494474] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2336.496342] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2336.498066] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2336.499815] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2336.501567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2336.503301] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
[ 2336.505187] kobject: can not set name properly!
[ 2336.506472] kmem_cache_create(9p-fcall-cache-1195) failed with error -12
[ 2336.508161] CPU: 1 PID: 10591 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2336.509855] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2336.511897] Call Trace:
[ 2336.512532]  dump_stack+0x107/0x167
[ 2336.513431]  kmem_cache_create_usercopy.cold+0x17/0x65
[ 2336.514716]  p9_client_create+0xc6a/0x1230
[ 2336.515772]  ? p9_client_flush+0x430/0x430
[ 2336.516796]  ? trace_hardirqs_on+0x5b/0x180
[ 2336.517838]  ? lockdep_init_map_type+0x2c7/0x780
[ 2336.518982]  ? __raw_spin_lock_init+0x36/0x110
[ 2336.520103]  v9fs_session_init+0x1dd/0x1680
[ 2336.521158]  ? lock_release+0x680/0x680
[ 2336.522145]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2336.523308]  ? v9fs_show_options+0x690/0x690
[ 2336.524377]  ? trace_hardirqs_on+0x5b/0x180
[ 2336.525405]  ? kasan_unpoison_shadow+0x33/0x50
[ 2336.526494]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2336.527724]  v9fs_mount+0x79/0x8f0
[ 2336.528580]  ? v9fs_write_inode+0x60/0x60
[ 2336.529579]  legacy_get_tree+0x105/0x220
[ 2336.530562]  vfs_get_tree+0x8e/0x300
[ 2336.531461]  path_mount+0x1490/0x21e0
[ 2336.532386]  ? strncpy_from_user+0x9e/0x470
[ 2336.533436]  ? finish_automount+0xa90/0xa90
[ 2336.534470]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2336.535626]  ? _copy_from_user+0xfb/0x1b0
[ 2336.536667]  __x64_sys_mount+0x282/0x300
[ 2336.537651]  ? copy_mnt_ns+0xa00/0xa00
[ 2336.538599]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2336.539878]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2336.541120]  do_syscall_64+0x33/0x40
[ 2336.542021]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2336.543224] RIP: 0033:0x7f3f98f8db19
[ 2336.544103] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2336.548420] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2336.550188] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2336.551891] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2336.553575] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2336.555253] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2336.556955] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
13:59:49 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:59:49 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x1020, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:59:49 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x2000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:59:49 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:59:49 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0xae00, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

13:59:49 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 58)

13:59:49 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

13:59:49 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x2010, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

[ 2336.802599] FAULT_INJECTION: forcing a failure.
[ 2336.802599] name failslab, interval 1, probability 0, space 0, times 0
[ 2336.805058] CPU: 1 PID: 10615 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2336.806500] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2336.808215] Call Trace:
[ 2336.808771]  dump_stack+0x107/0x167
[ 2336.809528]  should_fail.cold+0x5/0xa
[ 2336.810337]  should_failslab+0x5/0x20
[ 2336.811128]  __kmalloc_track_caller+0x79/0x370
[ 2336.812080]  ? kstrdup_const+0x53/0x80
[ 2336.812896]  kstrdup+0x36/0x70
[ 2336.813563]  kstrdup_const+0x53/0x80
[ 2336.814331]  kvasprintf_const+0x10c/0x1a0
[ 2336.815206]  kobject_set_name_vargs+0x56/0x150
[ 2336.816166]  kobject_init_and_add+0xc9/0x160
[ 2336.817057]  ? kobject_create_and_add+0xb0/0xb0
[ 2336.818028]  ? wait_for_completion_io+0x270/0x270
[ 2336.819013]  ? kernfs_name_hash+0xe7/0x110
[ 2336.819886]  ? kernfs_find_ns+0x256/0x380
[ 2336.820749]  sysfs_slab_add+0x172/0x200
[ 2336.821563]  __kmem_cache_create+0x3db/0x520
[ 2336.822466]  kmem_cache_create_usercopy+0x1db/0x2f0
[ 2336.823495]  p9_client_create+0xc6a/0x1230
[ 2336.824379]  ? p9_client_flush+0x430/0x430
[ 2336.825271]  ? trace_hardirqs_on+0x5b/0x180
[ 2336.826160]  ? lockdep_init_map_type+0x2c7/0x780
[ 2336.827154]  ? __raw_spin_lock_init+0x36/0x110
[ 2336.828103]  v9fs_session_init+0x1dd/0x1680
[ 2336.828975]  ? lock_release+0x680/0x680
[ 2336.829809]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2336.830980]  ? v9fs_show_options+0x690/0x690
[ 2336.832095]  ? trace_hardirqs_on+0x5b/0x180
[ 2336.833158]  ? kasan_unpoison_shadow+0x33/0x50
[ 2336.834288]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2336.835527]  v9fs_mount+0x79/0x8f0
[ 2336.836414]  ? v9fs_write_inode+0x60/0x60
[ 2336.837437]  legacy_get_tree+0x105/0x220
[ 2336.838447]  vfs_get_tree+0x8e/0x300
[ 2336.839395]  path_mount+0x1490/0x21e0
[ 2336.840353]  ? strncpy_from_user+0x9e/0x470
[ 2336.841419]  ? finish_automount+0xa90/0xa90
[ 2336.842495]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2336.843736]  ? _copy_from_user+0xfb/0x1b0
[ 2336.844792]  __x64_sys_mount+0x282/0x300
[ 2336.845803]  ? copy_mnt_ns+0xa00/0xa00
[ 2336.846766]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2336.848038]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2336.849310]  do_syscall_64+0x33/0x40
[ 2336.850223]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2336.851500] RIP: 0033:0x7f3f98f8db19
[ 2336.852417] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2336.856947] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2336.858814] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2336.860570] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2336.862305] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2336.864041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2336.865779] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
[ 2336.868808] kobject: can not set name properly!
[ 2336.870206] kmem_cache_create(9p-fcall-cache-1200) failed with error -12
[ 2336.871911] CPU: 1 PID: 10615 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2336.873593] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2336.875640] Call Trace:
[ 2336.876287]  dump_stack+0x107/0x167
[ 2336.877193]  kmem_cache_create_usercopy.cold+0x17/0x65
[ 2336.878457]  p9_client_create+0xc6a/0x1230
[ 2336.879503]  ? p9_client_flush+0x430/0x430
[ 2336.880527]  ? trace_hardirqs_on+0x5b/0x180
[ 2336.881569]  ? lockdep_init_map_type+0x2c7/0x780
[ 2336.882712]  ? __raw_spin_lock_init+0x36/0x110
[ 2336.883822]  v9fs_session_init+0x1dd/0x1680
[ 2336.884857]  ? lock_release+0x680/0x680
[ 2336.885820]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2336.886990]  ? v9fs_show_options+0x690/0x690
[ 2336.888075]  ? trace_hardirqs_on+0x5b/0x180
[ 2336.889108]  ? kasan_unpoison_shadow+0x33/0x50
[ 2336.890199]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2336.891427]  v9fs_mount+0x79/0x8f0
[ 2336.892287]  ? v9fs_write_inode+0x60/0x60
[ 2336.893291]  legacy_get_tree+0x105/0x220
[ 2336.894275]  vfs_get_tree+0x8e/0x300
[ 2336.895176]  path_mount+0x1490/0x21e0
[ 2336.896108]  ? strncpy_from_user+0x9e/0x470
[ 2336.897141]  ? finish_automount+0xa90/0xa90
[ 2336.898168]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2336.899289]  ? _copy_from_user+0xfb/0x1b0
[ 2336.900296]  __x64_sys_mount+0x282/0x300
[ 2336.901278]  ? copy_mnt_ns+0xa00/0xa00
[ 2336.902206]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2336.903469]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2336.904708]  do_syscall_64+0x33/0x40
[ 2336.905606]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2336.906840] RIP: 0033:0x7f3f98f8db19
[ 2336.907729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2336.912162] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2336.913960] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2336.915662] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2336.917407] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2336.919095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2336.920797] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
14:00:06 executing program 6:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 59)

14:00:06 executing program 3:
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 60)

14:00:06 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0xca03, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

14:00:06 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x0, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

14:00:06 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

14:00:06 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x2e00, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

14:00:06 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

14:00:06 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, 0x0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2353.381106] FAULT_INJECTION: forcing a failure.
[ 2353.381106] name failslab, interval 1, probability 0, space 0, times 0
[ 2353.383551] CPU: 0 PID: 10641 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2353.385017] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2353.386762] Call Trace:
[ 2353.387322]  dump_stack+0x107/0x167
[ 2353.388099]  should_fail.cold+0x5/0xa
[ 2353.388904]  should_failslab+0x5/0x20
[ 2353.389707]  __kmalloc_track_caller+0x79/0x370
[ 2353.390669]  ? kstrdup_const+0x53/0x80
[ 2353.391498]  kstrdup+0x36/0x70
[ 2353.392176]  kstrdup_const+0x53/0x80
[ 2353.392960]  __kernfs_new_node+0x9d/0x860
[ 2353.393839]  ? kernfs_dop_revalidate+0x3a0/0x3a0
[ 2353.394855]  ? lock_acquire+0x197/0x470
[ 2353.395706]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2353.396815]  ? lock_release+0x680/0x680
[ 2353.397651]  ? find_held_lock+0x2c/0x110
[ 2353.398510]  kernfs_new_node+0x18d/0x250
[ 2353.399369]  kernfs_create_dir_ns+0x49/0x160
[ 2353.400305]  sysfs_create_dir_ns+0x127/0x290
[ 2353.401231]  ? sysfs_create_mount_point+0xb0/0xb0
[ 2353.402240]  ? rwlock_bug.part.0+0x90/0x90
[ 2353.403125]  ? do_raw_spin_unlock+0x4f/0x220
[ 2353.404063]  kobject_add_internal+0x25e/0xa30
[ 2353.405016]  kobject_init_and_add+0x101/0x160
[ 2353.405959]  ? kobject_create_and_add+0xb0/0xb0
[ 2353.406938]  ? wait_for_completion_io+0x270/0x270
[ 2353.407953]  ? kernfs_name_hash+0xe7/0x110
[ 2353.408843]  ? kernfs_find_ns+0x256/0x380
[ 2353.409726]  sysfs_slab_add+0x172/0x200
[ 2353.410564]  __kmem_cache_create+0x3db/0x520
[ 2353.411502]  kmem_cache_create_usercopy+0x1db/0x2f0
[ 2353.412555]  p9_client_create+0xc6a/0x1230
[ 2353.413456]  ? p9_client_flush+0x430/0x430
[ 2353.414348]  ? trace_hardirqs_on+0x5b/0x180
[ 2353.415258]  ? lockdep_init_map_type+0x2c7/0x780
[ 2353.416261]  ? __raw_spin_lock_init+0x36/0x110
[ 2353.417224]  v9fs_session_init+0x1dd/0x1680
[ 2353.418144]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2353.419153]  ? v9fs_show_options+0x690/0x690
[ 2353.420101]  ? trace_hardirqs_on+0x5b/0x180
[ 2353.421006]  ? kasan_unpoison_shadow+0x33/0x50
[ 2353.421967]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2353.423034]  v9fs_mount+0x79/0x8f0
[ 2353.423789]  ? v9fs_write_inode+0x60/0x60
[ 2353.424656]  legacy_get_tree+0x105/0x220
[ 2353.425513]  vfs_get_tree+0x8e/0x300
[ 2353.426295]  path_mount+0x1490/0x21e0
[ 2353.427099]  ? strncpy_from_user+0x9e/0x470
[ 2353.428014]  ? finish_automount+0xa90/0xa90
[ 2353.428924]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2353.429906]  ? _copy_from_user+0xfb/0x1b0
[ 2353.430789]  __x64_sys_mount+0x282/0x300
[ 2353.431654]  ? copy_mnt_ns+0xa00/0xa00
[ 2353.432480]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2353.433584]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2353.434674]  do_syscall_64+0x33/0x40
[ 2353.435464]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2353.436542] RIP: 0033:0x7f32cefd1b19
[ 2353.437325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2353.441288] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2353.443120] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2353.444340] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2353.445548] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2353.446750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2353.447956] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
[ 2353.450723] kobject_add_internal failed for 9p-fcall-cache-1203 (error: -12 parent: slab)
[ 2353.452615] kmem_cache_create(9p-fcall-cache-1203) failed with error -12
[ 2353.453944] CPU: 0 PID: 10641 Comm: syz-executor.3 Not tainted 5.10.245 #1
[ 2353.455257] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2353.456683] Call Trace:
[ 2353.457139]  dump_stack+0x107/0x167
[ 2353.457774]  kmem_cache_create_usercopy.cold+0x17/0x65
[ 2353.458537] FAULT_INJECTION: forcing a failure.
[ 2353.458537] name failslab, interval 1, probability 0, space 0, times 0
[ 2353.458671]  p9_client_create+0xc6a/0x1230
[ 2353.461527]  ? p9_client_flush+0x430/0x430
[ 2353.462246]  ? trace_hardirqs_on+0x5b/0x180
[ 2353.462975]  ? lockdep_init_map_type+0x2c7/0x780
[ 2353.463787]  ? __raw_spin_lock_init+0x36/0x110
[ 2353.464566]  v9fs_session_init+0x1dd/0x1680
[ 2353.465312]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2353.466128]  ? v9fs_show_options+0x690/0x690
[ 2353.466877]  ? trace_hardirqs_on+0x5b/0x180
[ 2353.467619]  ? kasan_unpoison_shadow+0x33/0x50
[ 2353.468389]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2353.469249]  v9fs_mount+0x79/0x8f0
[ 2353.469849]  ? v9fs_write_inode+0x60/0x60
[ 2353.470547]  legacy_get_tree+0x105/0x220
[ 2353.471240]  vfs_get_tree+0x8e/0x300
[ 2353.471889]  path_mount+0x1490/0x21e0
[ 2353.472549]  ? strncpy_from_user+0x9e/0x470
[ 2353.473277]  ? finish_automount+0xa90/0xa90
[ 2353.474010]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2353.474802]  ? _copy_from_user+0xfb/0x1b0
[ 2353.475516]  __x64_sys_mount+0x282/0x300
[ 2353.476200]  ? copy_mnt_ns+0xa00/0xa00
[ 2353.476864]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2353.477754]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2353.478628]  do_syscall_64+0x33/0x40
[ 2353.479257]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2353.480134] RIP: 0033:0x7f32cefd1b19
[ 2353.480776] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2353.483905] RSP: 002b:00007f32cc547188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2353.485210] RAX: ffffffffffffffda RBX: 00007f32cf0e4f60 RCX: 00007f32cefd1b19
[ 2353.486413] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2353.487630] RBP: 00007f32cc5471d0 R08: 0000000020000280 R09: 0000000000000000
[ 2353.488854] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2353.490089] R13: 00007fffa432207f R14: 00007f32cc547300 R15: 0000000000022000
[ 2353.491361] CPU: 1 PID: 10642 Comm: syz-executor.6 Not tainted 5.10.245 #1
[ 2353.492721] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2353.494322] Call Trace:
[ 2353.494831]  dump_stack+0x107/0x167
[ 2353.495530]  should_fail.cold+0x5/0xa
[ 2353.496255]  ? create_object.isra.0+0x3a/0xa30
[ 2353.497101]  should_failslab+0x5/0x20
[ 2353.497810]  kmem_cache_alloc+0x5b/0x310
[ 2353.498584]  ? lock_release+0x680/0x680
[ 2353.499342]  create_object.isra.0+0x3a/0xa30
[ 2353.500167]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2353.501115]  __kmalloc_track_caller+0x177/0x370
[ 2353.501975]  ? kstrdup_const+0x53/0x80
[ 2353.502700]  kstrdup+0x36/0x70
[ 2353.503312]  kstrdup_const+0x53/0x80
[ 2353.504015]  kvasprintf_const+0x10c/0x1a0
[ 2353.504796]  kobject_set_name_vargs+0x56/0x150
[ 2353.505648]  kobject_init_and_add+0xc9/0x160
[ 2353.506474]  ? kobject_create_and_add+0xb0/0xb0
[ 2353.507338]  ? wait_for_completion_io+0x270/0x270
[ 2353.508238]  ? kernfs_name_hash+0xe7/0x110
[ 2353.509017]  ? kernfs_find_ns+0x256/0x380
[ 2353.509787]  sysfs_slab_add+0x172/0x200
[ 2353.510514]  __kmem_cache_create+0x3db/0x520
[ 2353.511323]  kmem_cache_create_usercopy+0x1db/0x2f0
[ 2353.512260]  p9_client_create+0xc6a/0x1230
[ 2353.513050]  ? p9_client_flush+0x430/0x430
[ 2353.513830]  ? trace_hardirqs_on+0x5b/0x180
[ 2353.514626]  ? lockdep_init_map_type+0x2c7/0x780
[ 2353.515509]  ? __raw_spin_lock_init+0x36/0x110
[ 2353.516363]  v9fs_session_init+0x1dd/0x1680
[ 2353.517158]  ? lock_release+0x680/0x680
[ 2353.517897]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2353.518898]  ? v9fs_show_options+0x690/0x690
[ 2353.519969]  ? trace_hardirqs_on+0x5b/0x180
[ 2353.520991]  ? kasan_unpoison_shadow+0x33/0x50
[ 2353.522074]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2353.523274]  v9fs_mount+0x79/0x8f0
[ 2353.524142]  ? v9fs_write_inode+0x60/0x60
[ 2353.525125]  legacy_get_tree+0x105/0x220
[ 2353.526096]  vfs_get_tree+0x8e/0x300
[ 2353.526981]  path_mount+0x1490/0x21e0
[ 2353.527903]  ? strncpy_from_user+0x9e/0x470
[ 2353.528901]  ? finish_automount+0xa90/0xa90
[ 2353.529714]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2353.530582]  ? _copy_from_user+0xfb/0x1b0
[ 2353.531507]  __x64_sys_mount+0x282/0x300
[ 2353.532457]  ? copy_mnt_ns+0xa00/0xa00
[ 2353.533192]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2353.534150]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2353.535091]  do_syscall_64+0x33/0x40
[ 2353.535777]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2353.536709] RIP: 0033:0x7f3f98f8db19
[ 2353.537388] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2353.540740] RSP: 002b:00007f3f96503188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2353.542127] RAX: ffffffffffffffda RBX: 00007f3f990a0f60 RCX: 00007f3f98f8db19
[ 2353.543426] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2353.544736] RBP: 00007f3f965031d0 R08: 0000000020000280 R09: 0000000000000000
[ 2353.546033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2353.547341] R13: 00007ffdfcab606f R14: 00007f3f96503300 R15: 0000000000022000
14:00:06 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0xdc02, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

14:00:06 executing program 1:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x3f00, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

14:00:06 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e21, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

14:00:06 executing program 5:
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0xedc0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

14:00:06 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = dup2(r0, r0)
ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x4805, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x5, 0x4004, @fd_index=0x9, 0x3, &(0x7f0000000680)="f7d263b7842483b71a8e64ca461975756805969e9da7f6e06dd806d81043473dc3c215127945e02add9165f3665f012a7716119782d49d68ab9bd32467c1e583d14f43e9cd18d2c293223c1a835e929e256cf9f2ead29fc91790fc8cbdc16bd4b90b21ee18156f2a6e1743b387673d027ff5630298090b4a943e8f9b68c666732aa49695d4942c739c6a95b8", 0x8c, 0xe}, 0x9)
r2 = mq_open(&(0x7f00000007c0)='\xc4fdn/\xda\x1ag\x92\x05\xdb\xe7\xf2\xaa5T\xb5\x0e@\xa5\x15M\x1b\xec\xbf\x97\x05\x00\x00\x00\x00\x00\xec\xa6t\xd7\x01\x81\xa7\x81\xc9\x8dNK\x02K\x89\xcc\xfd\xd4n\x06\x8e\xd3{\t\x1d\xf5f\x9e_\xb5sF\x90\xe0\xf4\xfc\xa7\x9a\x16{\x87K<\"\xb9\xea\xb3\xefh\xfd\v$\xda\xe8x\x1e\xe1\x97S)0q\xd3\xa0|\xe5\xd1\xd88\xfcZK.t\xe9\x831\xc9\xd9K\x9a\xfe\x14\x14yu\x86\xb2O\xffOO\xe4/\xb0\xc9\xbbB\x99\v\x19\x06\x95\xb5\xd3r\r\x91d0\x9b\xb8-\xbbx\xaf\x051*\x01\xa7\xfb\\\xc4\x1f\x1f\x81\x98\x9b\x1dz\xbc\xd2\xcdc\xa3\xda\xa0\x85\xccb\xe2\'\x04\xf3>\xc1f\xf0\xc5R\x04C\xbb\x9a\x94\xb6Si\x80\xf9\x02\xcans\xee(\x8f\xf8\xfb\xcf$YhQ\b\xa1:.\xc1O\xc8\x885\xf6V\xb8\xb3\x00}\xe4\x11`[\xda(\x94\xd7\r\x1eJ\xeb\x1f\xa4\xde\xd0\x9bo\x94y\x0e&\x01\x90#\xe2\xb3\b\xb0-\n\x90\xb8\x8a\xca\x95\xd2\xf7f\xbf\xdb\xcb~i\"\x98\xa24\xb4*;\xbb\x9f\xea\xf0}^\x16|5\x7fi\xc8\xb4t<s\xe3`\xb0q\xab\xe3[\xda\xc2@\xe0_H`o#\xbbe\xa8,U\xfaR-\xcb\xc4\v\x19vJ\xd8\xe1\xa0[\xd2\xc6\xe4\x84\x1f\xb1?\x01\x1b\xff\x11P\xc0I\x1b\x80\xfe(\x06\x82\xda\xd5SnH\xae\x94\xba%\x06\xbe\xc1\xe8\xb5\xb7-{\x89v\r$c\xc0l\xd2\x96q\xfa*?\x8c\xa7~[j3\x80e U/L_\x97\x0e\x80\x15R\xb5XM\x8b\xde\xcc\xcb\xfc&\x8e\xab\xa7\x14\xf3\xeb\x93\xcc\x0e\x8eo\xda\x99W\xa5\xb3JF\x98\xa7b\xc7\xbe\xb0\xea\xf4\xc0\x9c\x1d\x18\xc9whq\xf7S\f5\xc9/\xb8\x8ad\xbc\x8f]>\xfbv:R\xec\x8b\x8d\xa6\a\x8e,\x96\x8f|W@{\x99w\x1fD\x90\xc3k\x925\r\xa4T\x91\x1a}\x14\x87Q\xdd\xac@6XOC5\xa5\xdcj\xddG\x16w\xbc\xe1\xb7\x19\xd6n1\x84m\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x83, &(0x7f0000000200)={0x6, 0x4, 0x4, 0x1})
write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000000800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000000000000000000000300000000000000010000000000000006000000040000004f96338ba86e73dfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056006b104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405e66db71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/658], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6tnl0\x00', &(0x7f00000001c0)={'syztnl2\x00', 0x0, 0x2d, 0x4, 0x1, 0x7ff, 0x0, @local, @private1, 0x8000, 0x20, 0x1f}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x7})
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x0, 0x6, @local, 0x9}, 0x1c)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2366.860789] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
BUG: memory leak
unreferenced object 0xffff88801b7d20c0 (size 32):
  comm "syz-executor.3", pid 10641, jiffies 4297020360 (age 21.020s)
  hex dump (first 32 bytes):
    39 70 2d 66 63 61 6c 6c 2d 63 61 63 68 65 2d 31  9p-fcall-cache-1
    32 30 33 00 80 88 ff ff 00 00 00 00 00 00 00 00  203.............
  backtrace:
    [<00000000954eea1e>] kstrdup+0x36/0x70
    [<000000007e9695b0>] kstrdup_const+0x53/0x80
    [<00000000fdd9d3de>] kvasprintf_const+0x10c/0x1a0
    [<00000000cfb62c5c>] kobject_set_name_vargs+0x56/0x150
    [<000000002a65725a>] kobject_init_and_add+0xc9/0x160
    [<00000000a0c26e11>] sysfs_slab_add+0x172/0x200
    [<000000007d77167b>] __kmem_cache_create+0x3db/0x520
    [<0000000005e91a2a>] kmem_cache_create_usercopy+0x1db/0x2f0
    [<00000000d857839b>] p9_client_create+0xc6a/0x1230
    [<00000000c9b6a22d>] v9fs_session_init+0x1dd/0x1680
    [<0000000030ac3a82>] v9fs_mount+0x79/0x8f0
    [<000000009d2a0d2d>] legacy_get_tree+0x105/0x220
    [<000000004ebb67d9>] vfs_get_tree+0x8e/0x300
    [<000000004f160466>] path_mount+0x1490/0x21e0
    [<000000008544a0d6>] __x64_sys_mount+0x282/0x300
    [<0000000070e61b9c>] do_syscall_64+0x33/0x40

BUG: leak checking failed

VM DIAGNOSIS:
14:00:27  Registers:
info registers vcpu 0
RAX=ffffffff83e989f0 RBX=0000000000000000 RCX=ffffffff83e8065c RDX=0000000000000000
RSI=0000000000000000 RDI=ffffffff83e991b8 RBP=0000000000000000 RSP=ffffffff84e07e38
R8 =0000000000000001 R9 =ffff88806ce3c12b R10=ffffed100d9c7825 R11=0000000000000001
R12=0000000000000000 R13=ffffffff85679f88 R14=0000000000000000 R15=dffffc0000000000
RIP=ffffffff83e989fe RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fff7c0f0ae0 CR3=000000000e9d8000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=656a626f206465636e6572656665726e
XMM02=3a29323320657a697328203063303264 XMM03=303120646970202c22332e726f747563
XMM04=6c6c6163662d70392020313320643220 XMM05=32206336206336203136203336203636
XMM06=73657479622032332074737269662820 XMM07=2e313220656761282030363330323037
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000000000000 RBX=dffffc0000000000 RCX=ffffffff811adf96 RDX=0000000000000000
RSI=ffffffff811ade8a RDI=0000000000000005 RBP=ffff88801cfac028 RSP=ffff888045857e48
R8 =0000000000000000 R9 =ffff888008071bc3 R10=0000000000000001 R11=0000000000000001
R12=0000000000000000 R13=ffff8880471f9340 R14=ffff88801cfac000 R15=ffff888008071800
RIP=ffffffff8140d2b4 RFL=00000097 [--S-APC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f4caba21578 CR3=000000000e8f0000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00000000000000004145862400000000 XMM03=00000000000000000000000000000000
XMM04=c00000000000000001000401464c457f XMM05=00000000000000000000000000000000
XMM06=00000000000000000100000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=b343176e2a6f1518ee210bb9d46bc1bd
XMM14=9b8f3e944a0b09980263f57f023d6787 XMM15=b8956a9c732c94d49596a42a7366c668