c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1576.962255] RSP: 002b:00007fd132214188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1576.963928] RAX: ffffffffffffffda RBX: 00007fd134db1f60 RCX: 00007fd134c9eb19 [ 1576.965511] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1576.967080] RBP: 00007fd1322141d0 R08: 0000000020000280 R09: 0000000000000000 [ 1576.968655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1576.970226] R13: 00007ffe03f9a7cf R14: 00007fd132214300 R15: 0000000000022000 12:39:45 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:39:45 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1545], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:39:45 executing program 5: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 29) 12:39:45 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp6\x00') read(0xffffffffffffffff, &(0x7f00000002c0)=""/225, 0xe1) read(r1, &(0x7f00000003c0)=""/225, 0xe1) 12:39:45 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 24) 12:39:45 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1030], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1576.978904] FAULT_INJECTION: forcing a failure. [ 1576.978904] name failslab, interval 1, probability 0, space 0, times 0 [ 1576.981355] CPU: 0 PID: 8395 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 1576.982956] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1576.984779] Call Trace: [ 1576.985356] dump_stack+0x107/0x167 [ 1576.986158] should_fail.cold+0x5/0xa [ 1576.986991] should_failslab+0x5/0x20 [ 1576.987824] __kmalloc_track_caller+0x79/0x370 [ 1576.988827] ? p9_client_create+0x51e/0x1230 [ 1576.989799] kmemdup_nul+0x2d/0xa0 [ 1576.990571] p9_client_create+0x51e/0x1230 [ 1576.991499] ? p9_client_flush+0x430/0x430 [ 1576.992429] ? trace_hardirqs_on+0x5b/0x180 [ 1576.993374] ? lockdep_init_map_type+0x2c7/0x780 [ 1576.994408] ? __raw_spin_lock_init+0x36/0x110 [ 1576.995410] v9fs_session_init+0x1dd/0x1680 [ 1576.996360] ? lock_release+0x680/0x680 [ 1576.997235] ? kmem_cache_alloc_trace+0x151/0x320 [ 1576.998284] ? v9fs_show_options+0x690/0x690 [ 1576.999251] ? trace_hardirqs_on+0x5b/0x180 [ 1577.000208] ? kasan_unpoison_shadow+0x33/0x50 [ 1577.001195] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1577.002294] v9fs_mount+0x79/0x8f0 [ 1577.003063] ? v9fs_write_inode+0x60/0x60 [ 1577.003960] legacy_get_tree+0x105/0x220 [ 1577.004840] vfs_get_tree+0x8e/0x300 [ 1577.005642] path_mount+0x1490/0x21e0 [ 1577.006470] ? strncpy_from_user+0x9e/0x470 [ 1577.007401] ? finish_automount+0xa90/0xa90 [ 1577.008342] ? getname_flags.part.0+0x1dd/0x4f0 [ 1577.009344] ? _copy_from_user+0xfb/0x1b0 [ 1577.010245] __x64_sys_mount+0x282/0x300 [ 1577.011128] ? copy_mnt_ns+0xa00/0xa00 [ 1577.011980] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1577.013108] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1577.014208] do_syscall_64+0x33/0x40 [ 1577.015007] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1577.016122] RIP: 0033:0x7fe30c5b6b19 [ 1577.016923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1577.020879] RSP: 002b:00007fe309b2c188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1577.022505] RAX: ffffffffffffffda RBX: 00007fe30c6c9f60 RCX: 00007fe30c5b6b19 [ 1577.024042] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1577.025565] RBP: 00007fe309b2c1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1577.027089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1577.028620] R13: 00007ffddf17178f R14: 00007fe309b2c300 R15: 0000000000022000 [ 1577.030702] FAULT_INJECTION: forcing a failure. [ 1577.030702] name failslab, interval 1, probability 0, space 0, times 0 [ 1577.033097] CPU: 0 PID: 8397 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 1577.034554] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1577.036340] Call Trace: [ 1577.036904] dump_stack+0x107/0x167 [ 1577.037686] should_fail.cold+0x5/0xa [ 1577.038501] ? create_object.isra.0+0x3a/0xa30 [ 1577.039466] should_failslab+0x5/0x20 [ 1577.040286] kmem_cache_alloc+0x5b/0x310 [ 1577.041154] create_object.isra.0+0x3a/0xa30 [ 1577.042084] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1577.043176] __kmalloc_track_caller+0x177/0x370 [ 1577.044175] ? match_number+0xaf/0x1d0 [ 1577.044995] kmemdup_nul+0x2d/0xa0 [ 1577.045757] match_number+0xaf/0x1d0 [ 1577.046548] ? match_u64+0x190/0x190 [ 1577.047336] ? __kmalloc_track_caller+0x2c6/0x370 [ 1577.048362] ? memcpy+0x39/0x60 [ 1577.049063] parse_opts.part.0+0x1f3/0x340 [ 1577.049958] ? p9_fd_show_options+0x1c0/0x1c0 [ 1577.050906] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1577.052020] ? trace_hardirqs_on+0x5b/0x180 [ 1577.052937] ? kfree+0xd7/0x340 [ 1577.053642] p9_fd_create+0x98/0x4a0 [ 1577.054428] ? p9_conn_create+0x510/0x510 [ 1577.055300] ? p9_client_create+0x798/0x1230 [ 1577.056238] ? kfree+0xd7/0x340 [ 1577.056935] ? do_raw_spin_unlock+0x4f/0x220 12:39:46 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 29) 12:39:46 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1030], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1577.057859] p9_client_create+0x7ff/0x1230 [ 1577.058942] ? p9_client_flush+0x430/0x430 [ 1577.059837] ? trace_hardirqs_on+0x5b/0x180 [ 1577.060766] ? lockdep_init_map_type+0x2c7/0x780 [ 1577.061765] ? __raw_spin_lock_init+0x36/0x110 [ 1577.062734] v9fs_session_init+0x1dd/0x1680 [ 1577.063650] ? lock_release+0x680/0x680 [ 1577.064505] ? kmem_cache_alloc_trace+0x151/0x320 [ 1577.065518] ? v9fs_show_options+0x690/0x690 [ 1577.066447] ? trace_hardirqs_on+0x5b/0x180 [ 1577.067347] ? kasan_unpoison_shadow+0x33/0x50 [ 1577.068309] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1577.069382] v9fs_mount+0x79/0x8f0 [ 1577.070125] ? v9fs_write_inode+0x60/0x60 [ 1577.070996] legacy_get_tree+0x105/0x220 [ 1577.071850] vfs_get_tree+0x8e/0x300 [ 1577.072708] path_mount+0x1490/0x21e0 [ 1577.073620] ? strncpy_from_user+0x9e/0x470 [ 1577.074645] ? finish_automount+0xa90/0xa90 [ 1577.075672] ? getname_flags.part.0+0x1dd/0x4f0 [ 1577.076784] ? _copy_from_user+0xfb/0x1b0 [ 1577.077776] __x64_sys_mount+0x282/0x300 [ 1577.078735] ? copy_mnt_ns+0xa00/0xa00 [ 1577.079645] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1577.080892] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1577.082117] do_syscall_64+0x33/0x40 [ 1577.082997] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1577.084222] RIP: 0033:0x7ff7dde24b19 [ 1577.085106] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1577.089473] RSP: 002b:00007ff7db39a188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1577.091277] RAX: ffffffffffffffda RBX: 00007ff7ddf37f60 RCX: 00007ff7dde24b19 [ 1577.092963] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1577.094640] RBP: 00007ff7db39a1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1577.096329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1577.098006] R13: 00007ffcd7e7b57f R14: 00007ff7db39a300 R15: 0000000000022000 12:39:46 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1577.114448] FAULT_INJECTION: forcing a failure. [ 1577.114448] name failslab, interval 1, probability 0, space 0, times 0 [ 1577.115817] CPU: 1 PID: 8415 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1577.116630] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1577.117604] Call Trace: [ 1577.117915] dump_stack+0x107/0x167 [ 1577.118342] should_fail.cold+0x5/0xa [ 1577.118790] ? create_object.isra.0+0x3a/0xa30 [ 1577.119323] should_failslab+0x5/0x20 [ 1577.119772] kmem_cache_alloc+0x5b/0x310 [ 1577.120267] create_object.isra.0+0x3a/0xa30 [ 1577.120783] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1577.121385] __kmalloc_track_caller+0x177/0x370 [ 1577.121933] ? match_number+0xaf/0x1d0 [ 1577.122393] kmemdup_nul+0x2d/0xa0 [ 1577.122808] match_number+0xaf/0x1d0 [ 1577.123245] ? match_u64+0x190/0x190 [ 1577.123679] ? __kmalloc_track_caller+0x2c6/0x370 [ 1577.124249] ? memcpy+0x39/0x60 [ 1577.124635] parse_opts.part.0+0x1f3/0x340 [ 1577.125127] ? p9_fd_show_options+0x1c0/0x1c0 [ 1577.125649] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1577.126258] ? trace_hardirqs_on+0x5b/0x180 [ 1577.126760] ? kfree+0xd7/0x340 [ 1577.127146] p9_fd_create+0x98/0x4a0 [ 1577.127580] ? p9_conn_create+0x510/0x510 [ 1577.128068] ? p9_client_create+0x798/0x1230 [ 1577.128577] ? kfree+0xd7/0x340 [ 1577.128964] ? do_raw_spin_unlock+0x4f/0x220 [ 1577.129477] p9_client_create+0x7ff/0x1230 [ 1577.129970] ? p9_client_flush+0x430/0x430 [ 1577.130461] ? trace_hardirqs_on+0x5b/0x180 [ 1577.130963] ? lockdep_init_map_type+0x2c7/0x780 [ 1577.131517] ? __raw_spin_lock_init+0x36/0x110 [ 1577.132057] v9fs_session_init+0x1dd/0x1680 [ 1577.132560] ? lock_release+0x680/0x680 [ 1577.133026] ? kmem_cache_alloc_trace+0x151/0x320 [ 1577.133586] ? v9fs_show_options+0x690/0x690 [ 1577.134101] ? trace_hardirqs_on+0x5b/0x180 [ 1577.134607] ? kasan_unpoison_shadow+0x33/0x50 [ 1577.135134] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1577.135733] v9fs_mount+0x79/0x8f0 [ 1577.136151] ? v9fs_write_inode+0x60/0x60 [ 1577.136629] legacy_get_tree+0x105/0x220 [ 1577.137099] vfs_get_tree+0x8e/0x300 [ 1577.137526] path_mount+0x1490/0x21e0 [ 1577.137965] ? strncpy_from_user+0x9e/0x470 [ 1577.138466] ? finish_automount+0xa90/0xa90 [ 1577.138962] ? getname_flags.part.0+0x1dd/0x4f0 [ 1577.139497] ? _copy_from_user+0xfb/0x1b0 [ 1577.139986] __x64_sys_mount+0x282/0x300 [ 1577.140456] ? copy_mnt_ns+0xa00/0xa00 [ 1577.140908] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1577.141512] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1577.142111] do_syscall_64+0x33/0x40 [ 1577.142542] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1577.143133] RIP: 0033:0x7f850d5eab19 [ 1577.143564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1577.145704] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1577.146585] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1577.147408] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1577.148248] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1577.149069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1577.149895] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 12:39:46 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp6\x00') read(0xffffffffffffffff, &(0x7f00000002c0)=""/225, 0xe1) read(r1, &(0x7f00000003c0)=""/225, 0xe1) 12:39:46 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1545], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:39:46 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1030], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:39:46 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp6\x00') read(0xffffffffffffffff, &(0x7f00000002c0)=""/225, 0xe1) read(r1, &(0x7f00000003c0)=""/225, 0xe1) 12:39:57 executing program 6: socket$inet6_udplite(0xa, 0x2, 0x88) mq_open(0x0, 0x2, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 27) 12:39:57 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1545], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:39:57 executing program 5: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 30) 12:39:57 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 25) 12:39:57 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:39:57 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 30) 12:39:57 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1545], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:39:57 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1588.131907] FAULT_INJECTION: forcing a failure. [ 1588.131907] name failslab, interval 1, probability 0, space 0, times 0 [ 1588.132743] FAULT_INJECTION: forcing a failure. [ 1588.132743] name failslab, interval 1, probability 0, space 0, times 0 [ 1588.134330] CPU: 0 PID: 8443 Comm: syz-executor.3 Not tainted 5.10.246 #1 [ 1588.134349] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1588.140074] Call Trace: [ 1588.140638] dump_stack+0x107/0x167 [ 1588.141407] should_fail.cold+0x5/0xa [ 1588.142213] ? create_object.isra.0+0x3a/0xa30 [ 1588.143175] should_failslab+0x5/0x20 [ 1588.143976] kmem_cache_alloc+0x5b/0x310 [ 1588.144847] create_object.isra.0+0x3a/0xa30 [ 1588.145774] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1588.146853] __kmalloc_track_caller+0x177/0x370 [ 1588.147834] ? p9_client_create+0x51e/0x1230 [ 1588.148778] kmemdup_nul+0x2d/0xa0 [ 1588.149526] p9_client_create+0x51e/0x1230 [ 1588.150421] ? p9_client_flush+0x430/0x430 [ 1588.151317] ? trace_hardirqs_on+0x5b/0x180 [ 1588.152241] ? lockdep_init_map_type+0x2c7/0x780 [ 1588.153247] ? __raw_spin_lock_init+0x36/0x110 [ 1588.154221] v9fs_session_init+0x1dd/0x1680 [ 1588.155130] ? lock_release+0x680/0x680 [ 1588.155989] ? kmem_cache_alloc_trace+0x151/0x320 [ 1588.157030] ? v9fs_show_options+0x690/0x690 [ 1588.157978] ? trace_hardirqs_on+0x5b/0x180 [ 1588.158886] ? kasan_unpoison_shadow+0x33/0x50 [ 1588.159853] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1588.160936] v9fs_mount+0x79/0x8f0 [ 1588.161695] ? v9fs_write_inode+0x60/0x60 [ 1588.162568] legacy_get_tree+0x105/0x220 [ 1588.163432] vfs_get_tree+0x8e/0x300 [ 1588.164229] path_mount+0x1490/0x21e0 [ 1588.165053] ? strncpy_from_user+0x9e/0x470 [ 1588.165977] ? finish_automount+0xa90/0xa90 [ 1588.166904] ? getname_flags.part.0+0x1dd/0x4f0 [ 1588.167897] ? _copy_from_user+0xfb/0x1b0 [ 1588.168793] __x64_sys_mount+0x282/0x300 [ 1588.169662] ? copy_mnt_ns+0xa00/0xa00 [ 1588.170508] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1588.171624] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1588.172736] do_syscall_64+0x33/0x40 [ 1588.173533] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1588.174617] RIP: 0033:0x7fd134c9eb19 [ 1588.175408] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1588.179348] RSP: 002b:00007fd132214188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1588.180976] RAX: ffffffffffffffda RBX: 00007fd134db1f60 RCX: 00007fd134c9eb19 [ 1588.182492] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1588.183993] RBP: 00007fd1322141d0 R08: 0000000020000280 R09: 0000000000000000 [ 1588.185499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1588.187013] R13: 00007ffe03f9a7cf R14: 00007fd132214300 R15: 0000000000022000 [ 1588.188563] CPU: 1 PID: 8437 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 1588.190167] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1588.192091] Call Trace: [ 1588.192720] dump_stack+0x107/0x167 [ 1588.193564] should_fail.cold+0x5/0xa [ 1588.194438] should_failslab+0x5/0x20 [ 1588.194829] FAULT_INJECTION: forcing a failure. [ 1588.194829] name failslab, interval 1, probability 0, space 0, times 0 [ 1588.195325] __kmalloc_track_caller+0x79/0x370 [ 1588.195357] ? match_number+0xaf/0x1d0 [ 1588.199569] ? kfree+0xd7/0x340 [ 1588.200328] kmemdup_nul+0x2d/0xa0 [ 1588.201148] match_number+0xaf/0x1d0 [ 1588.201988] ? match_u64+0x190/0x190 [ 1588.202837] ? __kmalloc_track_caller+0x2c6/0x370 [ 1588.203937] ? memcpy+0x39/0x60 [ 1588.204700] parse_opts.part.0+0x1f3/0x340 [ 1588.205671] ? p9_fd_show_options+0x1c0/0x1c0 [ 1588.206694] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1588.207885] ? trace_hardirqs_on+0x5b/0x180 [ 1588.208881] ? kfree+0xd7/0x340 [ 1588.209640] p9_fd_create+0x98/0x4a0 [ 1588.210481] ? p9_conn_create+0x510/0x510 [ 1588.211413] ? p9_client_create+0x798/0x1230 [ 1588.212410] ? kfree+0xd7/0x340 [ 1588.213148] ? do_raw_spin_unlock+0x4f/0x220 [ 1588.214145] p9_client_create+0x7ff/0x1230 [ 1588.215119] ? p9_client_flush+0x430/0x430 [ 1588.216092] ? trace_hardirqs_on+0x5b/0x180 [ 1588.217077] ? lockdep_init_map_type+0x2c7/0x780 [ 1588.218178] ? __raw_spin_lock_init+0x36/0x110 [ 1588.219227] v9fs_session_init+0x1dd/0x1680 [ 1588.220229] ? lock_release+0x680/0x680 [ 1588.221143] ? kmem_cache_alloc_trace+0x151/0x320 [ 1588.222233] ? v9fs_show_options+0x690/0x690 [ 1588.223239] ? trace_hardirqs_on+0x5b/0x180 [ 1588.224211] ? kasan_unpoison_shadow+0x33/0x50 [ 1588.225231] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1588.226366] v9fs_mount+0x79/0x8f0 [ 1588.227165] ? v9fs_write_inode+0x60/0x60 [ 1588.228099] legacy_get_tree+0x105/0x220 [ 1588.229018] vfs_get_tree+0x8e/0x300 [ 1588.229853] path_mount+0x1490/0x21e0 [ 1588.230717] ? strncpy_from_user+0x9e/0x470 [ 1588.231703] ? finish_automount+0xa90/0xa90 [ 1588.232684] ? getname_flags.part.0+0x1dd/0x4f0 [ 1588.233724] ? _copy_from_user+0xfb/0x1b0 [ 1588.234665] __x64_sys_mount+0x282/0x300 [ 1588.235600] ? copy_mnt_ns+0xa00/0xa00 [ 1588.236483] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1588.237683] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1588.238847] do_syscall_64+0x33/0x40 [ 1588.239690] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1588.240853] RIP: 0033:0x7ff7dde24b19 [ 1588.241713] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1588.245866] RSP: 002b:00007ff7db39a188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1588.247614] RAX: ffffffffffffffda RBX: 00007ff7ddf37f60 RCX: 00007ff7dde24b19 [ 1588.249232] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1588.250876] RBP: 00007ff7db39a1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1588.252540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1588.254148] R13: 00007ffcd7e7b57f R14: 00007ff7db39a300 R15: 0000000000022000 [ 1588.255772] CPU: 0 PID: 8444 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 1588.255881] 9pnet: Insufficient options for proto=fd [ 1588.257231] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1588.257237] Call Trace: [ 1588.257268] dump_stack+0x107/0x167 [ 1588.261381] should_fail.cold+0x5/0xa [ 1588.262153] ? create_object.isra.0+0x3a/0xa30 [ 1588.263077] should_failslab+0x5/0x20 [ 1588.263875] kmem_cache_alloc+0x5b/0x310 [ 1588.264736] ? legacy_get_tree+0x105/0x220 [ 1588.265618] ? vfs_get_tree+0x8e/0x300 [ 1588.266420] create_object.isra.0+0x3a/0xa30 [ 1588.266684] FAULT_INJECTION: forcing a failure. [ 1588.266684] name failslab, interval 1, probability 0, space 0, times 0 [ 1588.267345] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1588.267378] __kmalloc_track_caller+0x177/0x370 [ 1588.271870] ? parse_opts.part.0+0x8e/0x340 [ 1588.272780] kstrdup+0x36/0x70 [ 1588.273457] parse_opts.part.0+0x8e/0x340 [ 1588.274321] ? p9_fd_show_options+0x1c0/0x1c0 [ 1588.275263] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1588.276366] ? quarantine_put+0x8b/0x1a0 [ 1588.277211] ? trace_hardirqs_on+0x5b/0x180 [ 1588.278116] ? kfree+0xd7/0x340 [ 1588.278814] p9_fd_create+0x98/0x4a0 [ 1588.279591] ? p9_conn_create+0x510/0x510 [ 1588.280462] ? p9_client_create+0x798/0x1230 [ 1588.281380] ? kfree+0xd7/0x340 [ 1588.282053] ? do_raw_spin_unlock+0x4f/0x220 [ 1588.282975] p9_client_create+0x7ff/0x1230 [ 1588.283864] ? p9_client_flush+0x430/0x430 [ 1588.284752] ? trace_hardirqs_on+0x5b/0x180 [ 1588.285657] ? lockdep_init_map_type+0x2c7/0x780 [ 1588.286647] ? __raw_spin_lock_init+0x36/0x110 [ 1588.287602] v9fs_session_init+0x1dd/0x1680 [ 1588.288517] ? lock_release+0x680/0x680 [ 1588.289357] ? kmem_cache_alloc_trace+0x151/0x320 [ 1588.290357] ? v9fs_show_options+0x690/0x690 [ 1588.291288] ? trace_hardirqs_on+0x5b/0x180 [ 1588.292197] ? kasan_unpoison_shadow+0x33/0x50 [ 1588.293155] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1588.294219] v9fs_mount+0x79/0x8f0 [ 1588.294965] ? v9fs_write_inode+0x60/0x60 [ 1588.295824] legacy_get_tree+0x105/0x220 [ 1588.296680] vfs_get_tree+0x8e/0x300 [ 1588.297463] path_mount+0x1490/0x21e0 [ 1588.298263] ? strncpy_from_user+0x9e/0x470 [ 1588.299168] ? finish_automount+0xa90/0xa90 [ 1588.300077] ? getname_flags.part.0+0x1dd/0x4f0 [ 1588.301053] ? _copy_from_user+0xfb/0x1b0 [ 1588.301929] __x64_sys_mount+0x282/0x300 [ 1588.302776] ? copy_mnt_ns+0xa00/0xa00 [ 1588.303600] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1588.304702] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1588.305778] do_syscall_64+0x33/0x40 [ 1588.306556] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1588.307629] RIP: 0033:0x7fe30c5b6b19 [ 1588.308413] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1588.312288] RSP: 002b:00007fe309b2c188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1588.313903] RAX: ffffffffffffffda RBX: 00007fe30c6c9f60 RCX: 00007fe30c5b6b19 [ 1588.315399] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1588.316903] RBP: 00007fe309b2c1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1588.318408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1588.319898] R13: 00007ffddf17178f R14: 00007fe309b2c300 R15: 0000000000022000 [ 1588.321452] CPU: 1 PID: 8448 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1588.323025] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1588.324951] Call Trace: [ 1588.325565] dump_stack+0x107/0x167 [ 1588.326394] should_fail.cold+0x5/0xa [ 1588.327265] ? create_object.isra.0+0x3a/0xa30 [ 1588.328318] should_failslab+0x5/0x20 [ 1588.329183] kmem_cache_alloc+0x5b/0x310 [ 1588.330122] create_object.isra.0+0x3a/0xa30 [ 1588.331139] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1588.332317] __kmalloc_track_caller+0x177/0x370 [ 1588.333384] ? match_number+0xaf/0x1d0 [ 1588.334272] kmemdup_nul+0x2d/0xa0 [ 1588.335095] match_number+0xaf/0x1d0 [ 1588.335917] ? match_u64+0x190/0x190 [ 1588.336750] ? __kmalloc_track_caller+0x2c6/0x370 [ 1588.337821] ? memcpy+0x39/0x60 [ 1588.338555] parse_opts.part.0+0x1f3/0x340 [ 1588.339488] ? p9_fd_show_options+0x1c0/0x1c0 [ 1588.340496] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1588.341650] ? trace_hardirqs_on+0x5b/0x180 [ 1588.342602] ? kfree+0xd7/0x340 [ 1588.343335] p9_fd_create+0x98/0x4a0 [ 1588.344156] ? p9_conn_create+0x510/0x510 [ 1588.345058] ? p9_client_create+0x798/0x1230 [ 1588.346033] ? kfree+0xd7/0x340 [ 1588.346757] ? do_raw_spin_unlock+0x4f/0x220 [ 1588.347725] p9_client_create+0x7ff/0x1230 [ 1588.348668] ? p9_client_flush+0x430/0x430 [ 1588.349599] ? trace_hardirqs_on+0x5b/0x180 [ 1588.350548] ? lockdep_init_map_type+0x2c7/0x780 [ 1588.351598] ? __raw_spin_lock_init+0x36/0x110 [ 1588.352620] v9fs_session_init+0x1dd/0x1680 [ 1588.353569] ? lock_release+0x680/0x680 [ 1588.354459] ? kmem_cache_alloc_trace+0x151/0x320 [ 1588.355514] ? v9fs_show_options+0x690/0x690 [ 1588.356504] ? trace_hardirqs_on+0x5b/0x180 [ 1588.357451] ? kasan_unpoison_shadow+0x33/0x50 [ 1588.358451] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1588.359562] v9fs_mount+0x79/0x8f0 [ 1588.360354] ? v9fs_write_inode+0x60/0x60 [ 1588.361264] legacy_get_tree+0x105/0x220 [ 1588.362169] vfs_get_tree+0x8e/0x300 [ 1588.362990] path_mount+0x1490/0x21e0 [ 1588.363835] ? strncpy_from_user+0x9e/0x470 [ 1588.364794] ? finish_automount+0xa90/0xa90 [ 1588.365742] ? getname_flags.part.0+0x1dd/0x4f0 [ 1588.366767] ? _copy_from_user+0xfb/0x1b0 [ 1588.367686] __x64_sys_mount+0x282/0x300 [ 1588.368580] ? copy_mnt_ns+0xa00/0xa00 [ 1588.369447] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1588.370601] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1588.371768] do_syscall_64+0x33/0x40 [ 1588.372630] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1588.373791] RIP: 0033:0x7f850d5eab19 [ 1588.374633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1588.378817] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1588.380546] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1588.382165] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1588.383768] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1588.385393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1588.387009] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 12:39:57 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1802], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:39:57 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:39:57 executing program 5: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 31) 12:39:57 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 26) [ 1588.583855] FAULT_INJECTION: forcing a failure. [ 1588.583855] name failslab, interval 1, probability 0, space 0, times 0 [ 1588.586351] CPU: 0 PID: 8459 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 1588.587794] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1588.589569] Call Trace: [ 1588.590134] dump_stack+0x107/0x167 [ 1588.590911] should_fail.cold+0x5/0xa [ 1588.591726] ? create_object.isra.0+0x3a/0xa30 [ 1588.592717] should_failslab+0x5/0x20 [ 1588.593538] kmem_cache_alloc+0x5b/0x310 [ 1588.594412] create_object.isra.0+0x3a/0xa30 [ 1588.595339] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1588.596442] __kmalloc_track_caller+0x177/0x370 [ 1588.597430] ? match_number+0xaf/0x1d0 [ 1588.598263] kmemdup_nul+0x2d/0xa0 [ 1588.599018] match_number+0xaf/0x1d0 [ 1588.599807] ? match_u64+0x190/0x190 [ 1588.600605] ? __kmalloc_track_caller+0x2c6/0x370 [ 1588.601629] ? memcpy+0x39/0x60 [ 1588.602331] parse_opts.part.0+0x1f3/0x340 [ 1588.603232] ? p9_fd_show_options+0x1c0/0x1c0 [ 1588.604199] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1588.605307] ? trace_hardirqs_on+0x5b/0x180 [ 1588.606221] ? kfree+0xd7/0x340 [ 1588.606933] p9_fd_create+0x98/0x4a0 [ 1588.607724] ? p9_conn_create+0x510/0x510 [ 1588.608604] ? p9_client_create+0x798/0x1230 [ 1588.609539] ? kfree+0xd7/0x340 [ 1588.610242] ? do_raw_spin_unlock+0x4f/0x220 [ 1588.611178] p9_client_create+0x7ff/0x1230 [ 1588.612095] ? p9_client_flush+0x430/0x430 [ 1588.613001] ? trace_hardirqs_on+0x5b/0x180 [ 1588.613921] ? lockdep_init_map_type+0x2c7/0x780 [ 1588.614926] ? __raw_spin_lock_init+0x36/0x110 [ 1588.615895] v9fs_session_init+0x1dd/0x1680 [ 1588.616825] ? lock_release+0x680/0x680 [ 1588.617676] ? kmem_cache_alloc_trace+0x151/0x320 [ 1588.618695] ? v9fs_show_options+0x690/0x690 [ 1588.619637] ? trace_hardirqs_on+0x5b/0x180 [ 1588.620567] ? kasan_unpoison_shadow+0x33/0x50 [ 1588.621536] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1588.622609] v9fs_mount+0x79/0x8f0 [ 1588.623360] ? v9fs_write_inode+0x60/0x60 [ 1588.624242] legacy_get_tree+0x105/0x220 [ 1588.625101] vfs_get_tree+0x8e/0x300 [ 1588.625888] path_mount+0x1490/0x21e0 [ 1588.626697] ? strncpy_from_user+0x9e/0x470 [ 1588.627613] ? finish_automount+0xa90/0xa90 [ 1588.628535] ? getname_flags.part.0+0x1dd/0x4f0 [ 1588.629527] ? _copy_from_user+0xfb/0x1b0 [ 1588.630418] __x64_sys_mount+0x282/0x300 [ 1588.631272] ? copy_mnt_ns+0xa00/0xa00 [ 1588.632115] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1588.633223] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1588.634319] do_syscall_64+0x33/0x40 [ 1588.635105] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1588.636198] RIP: 0033:0x7ff7dde24b19 [ 1588.636982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1588.640869] RSP: 002b:00007ff7db39a188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1588.642490] RAX: ffffffffffffffda RBX: 00007ff7ddf37f60 RCX: 00007ff7dde24b19 [ 1588.643999] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1588.645526] RBP: 00007ff7db39a1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1588.647032] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1588.648543] R13: 00007ffcd7e7b57f R14: 00007ff7db39a300 R15: 0000000000022000 12:39:57 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 31) 12:39:57 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1545], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1588.704054] FAULT_INJECTION: forcing a failure. [ 1588.704054] name failslab, interval 1, probability 0, space 0, times 0 [ 1588.706719] CPU: 1 PID: 8462 Comm: syz-executor.3 Not tainted 5.10.246 #1 [ 1588.708289] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1588.710174] Call Trace: [ 1588.710776] dump_stack+0x107/0x167 [ 1588.711610] should_fail.cold+0x5/0xa [ 1588.712491] should_failslab+0x5/0x20 [ 1588.713367] __kmalloc_track_caller+0x79/0x370 [ 1588.714407] ? parse_opts.part.0+0x8e/0x340 [ 1588.715396] kstrdup+0x36/0x70 [ 1588.716131] parse_opts.part.0+0x8e/0x340 [ 1588.717072] ? p9_fd_show_options+0x1c0/0x1c0 [ 1588.717421] FAULT_INJECTION: forcing a failure. [ 1588.717421] name failslab, interval 1, probability 0, space 0, times 0 [ 1588.718103] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1588.718132] ? quarantine_put+0x8b/0x1a0 [ 1588.722530] ? trace_hardirqs_on+0x5b/0x180 [ 1588.723506] ? kfree+0xd7/0x340 [ 1588.724265] p9_fd_create+0x98/0x4a0 [ 1588.725106] ? p9_conn_create+0x510/0x510 [ 1588.726052] ? p9_client_create+0x798/0x1230 [ 1588.727051] ? kfree+0xd7/0x340 [ 1588.727793] ? do_raw_spin_unlock+0x4f/0x220 [ 1588.728805] p9_client_create+0x7ff/0x1230 [ 1588.729779] ? p9_client_flush+0x430/0x430 [ 1588.730733] ? asm_sysvec_call_function_single+0x12/0x20 [ 1588.731958] ? lockdep_init_map_type+0x2c7/0x780 [ 1588.733026] ? __raw_spin_lock_init+0x36/0x110 [ 1588.734061] v9fs_session_init+0x1dd/0x1680 [ 1588.735038] ? lock_release+0x680/0x680 [ 1588.735947] ? kmem_cache_alloc_trace+0x151/0x320 [ 1588.737044] ? v9fs_show_options+0x690/0x690 [ 1588.738041] ? trace_hardirqs_on+0x5b/0x180 [ 1588.739017] ? kasan_unpoison_shadow+0x33/0x50 [ 1588.740058] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1588.741226] v9fs_mount+0x79/0x8f0 [ 1588.742029] ? v9fs_write_inode+0x60/0x60 [ 1588.742966] legacy_get_tree+0x105/0x220 [ 1588.743888] vfs_get_tree+0x8e/0x300 [ 1588.744735] path_mount+0x1490/0x21e0 [ 1588.745602] ? strncpy_from_user+0x9e/0x470 [ 1588.746575] ? finish_automount+0xa90/0xa90 [ 1588.747546] ? getname_flags.part.0+0x1dd/0x4f0 [ 1588.748607] ? _copy_from_user+0xfb/0x1b0 [ 1588.749565] __x64_sys_mount+0x282/0x300 [ 1588.750477] ? copy_mnt_ns+0xa00/0xa00 [ 1588.751376] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1588.752597] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1588.753791] do_syscall_64+0x33/0x40 [ 1588.754651] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1588.755840] RIP: 0033:0x7fd134c9eb19 [ 1588.756715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1588.761005] RSP: 002b:00007fd132214188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1588.762787] RAX: ffffffffffffffda RBX: 00007fd134db1f60 RCX: 00007fd134c9eb19 [ 1588.764465] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1588.766120] RBP: 00007fd1322141d0 R08: 0000000020000280 R09: 0000000000000000 [ 1588.767815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1588.769494] R13: 00007ffe03f9a7cf R14: 00007fd132214300 R15: 0000000000022000 [ 1588.771224] CPU: 0 PID: 8466 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1588.771269] 9pnet: Insufficient options for proto=fd [ 1588.772645] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1588.772651] Call Trace: [ 1588.772678] dump_stack+0x107/0x167 [ 1588.772699] should_fail.cold+0x5/0xa [ 1588.772719] ? create_object.isra.0+0x3a/0xa30 [ 1588.772737] should_failslab+0x5/0x20 [ 1588.772755] kmem_cache_alloc+0x5b/0x310 [ 1588.772778] create_object.isra.0+0x3a/0xa30 [ 1588.772794] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1588.772819] __kmalloc_track_caller+0x177/0x370 [ 1588.772837] ? match_number+0xaf/0x1d0 [ 1588.772859] kmemdup_nul+0x2d/0xa0 [ 1588.772878] match_number+0xaf/0x1d0 [ 1588.772898] ? match_u64+0x190/0x190 [ 1588.772916] ? __kmalloc_track_caller+0x2c6/0x370 [ 1588.772934] ? memcpy+0x39/0x60 [ 1588.772955] parse_opts.part.0+0x1f3/0x340 [ 1588.772974] ? p9_fd_show_options+0x1c0/0x1c0 [ 1588.773007] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1588.790830] ? trace_hardirqs_on+0x5b/0x180 [ 1588.791725] ? kfree+0xd7/0x340 [ 1588.792435] p9_fd_create+0x98/0x4a0 [ 1588.793200] ? p9_conn_create+0x510/0x510 [ 1588.794071] ? p9_client_create+0x798/0x1230 [ 1588.794987] ? kfree+0xd7/0x340 [ 1588.795669] ? do_raw_spin_unlock+0x4f/0x220 [ 1588.796590] p9_client_create+0x7ff/0x1230 [ 1588.797480] ? p9_client_flush+0x430/0x430 [ 1588.798353] ? trace_hardirqs_on+0x5b/0x180 [ 1588.799244] ? lockdep_init_map_type+0x2c7/0x780 [ 1588.800250] ? __raw_spin_lock_init+0x36/0x110 [ 1588.801198] v9fs_session_init+0x1dd/0x1680 [ 1588.802101] ? lock_release+0x680/0x680 [ 1588.802938] ? kmem_cache_alloc_trace+0x151/0x320 [ 1588.803937] ? v9fs_show_options+0x690/0x690 [ 1588.804863] ? trace_hardirqs_on+0x5b/0x180 [ 1588.805756] ? kasan_unpoison_shadow+0x33/0x50 [ 1588.806715] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1588.807756] v9fs_mount+0x79/0x8f0 [ 1588.808538] ? v9fs_write_inode+0x60/0x60 [ 1588.809391] legacy_get_tree+0x105/0x220 [ 1588.810246] vfs_get_tree+0x8e/0x300 [ 1588.811022] path_mount+0x1490/0x21e0 [ 1588.811831] ? strncpy_from_user+0x9e/0x470 [ 1588.812736] ? finish_automount+0xa90/0xa90 [ 1588.813651] ? getname_flags.part.0+0x1dd/0x4f0 [ 1588.814599] ? _copy_from_user+0xfb/0x1b0 [ 1588.815482] __x64_sys_mount+0x282/0x300 [ 1588.816329] ? copy_mnt_ns+0xa00/0xa00 [ 1588.817151] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1588.818242] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1588.819331] do_syscall_64+0x33/0x40 [ 1588.820120] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1588.821177] RIP: 0033:0x7f850d5eab19 [ 1588.821952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1588.825806] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1588.827369] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1588.828854] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1588.830327] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1588.831812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1588.833293] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 12:40:11 executing program 6: socket$inet6_udplite(0xa, 0x2, 0x88) mq_open(0x0, 0x2, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 28) 12:40:11 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1802], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:40:11 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 32) 12:40:11 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1802], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:40:11 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1030], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:40:11 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1545], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:40:11 executing program 5: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 32) 12:40:11 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 27) [ 1602.520817] FAULT_INJECTION: forcing a failure. [ 1602.520817] name failslab, interval 1, probability 0, space 0, times 0 [ 1602.523735] CPU: 1 PID: 8481 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1602.525477] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1602.527579] Call Trace: [ 1602.528272] dump_stack+0x107/0x167 [ 1602.529380] should_fail.cold+0x5/0xa [ 1602.530354] ? p9_fd_create+0x161/0x4a0 [ 1602.531376] should_failslab+0x5/0x20 [ 1602.532356] kmem_cache_alloc_trace+0x55/0x320 [ 1602.533518] p9_fd_create+0x161/0x4a0 [ 1602.534487] ? p9_conn_create+0x510/0x510 [ 1602.535536] ? p9_client_create+0x798/0x1230 [ 1602.536672] ? kfree+0xd7/0x340 [ 1602.537519] ? do_raw_spin_unlock+0x4f/0x220 [ 1602.538630] p9_client_create+0x7ff/0x1230 [ 1602.539704] ? p9_client_flush+0x430/0x430 [ 1602.540797] ? trace_hardirqs_on+0x5b/0x180 [ 1602.541885] ? lockdep_init_map_type+0x2c7/0x780 [ 1602.543083] ? __raw_spin_lock_init+0x36/0x110 [ 1602.544269] v9fs_session_init+0x1dd/0x1680 [ 1602.545377] ? lock_release+0x680/0x680 [ 1602.546389] ? kmem_cache_alloc_trace+0x151/0x320 [ 1602.547609] ? v9fs_show_options+0x690/0x690 [ 1602.548749] ? trace_hardirqs_on+0x5b/0x180 [ 1602.549849] ? kasan_unpoison_shadow+0x33/0x50 [ 1602.551235] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1602.552540] v9fs_mount+0x79/0x8f0 [ 1602.553449] ? v9fs_write_inode+0x60/0x60 [ 1602.554500] legacy_get_tree+0x105/0x220 [ 1602.555530] vfs_get_tree+0x8e/0x300 [ 1602.556499] path_mount+0x1490/0x21e0 [ 1602.557410] ? strncpy_from_user+0x9e/0x470 [ 1602.558294] ? finish_automount+0xa90/0xa90 [ 1602.559192] ? getname_flags.part.0+0x1dd/0x4f0 [ 1602.560405] ? _copy_from_user+0xfb/0x1b0 [ 1602.561271] __x64_sys_mount+0x282/0x300 [ 1602.562109] ? copy_mnt_ns+0xa00/0xa00 [ 1602.562916] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1602.563995] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1602.565315] do_syscall_64+0x33/0x40 [ 1602.566093] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1602.567421] RIP: 0033:0x7f850d5eab19 [ 1602.568211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1602.572969] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1602.574933] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1602.576772] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1602.578614] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1602.580472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1602.582308] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 [ 1602.589410] FAULT_INJECTION: forcing a failure. [ 1602.589410] name failslab, interval 1, probability 0, space 0, times 0 [ 1602.591948] CPU: 0 PID: 8485 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 1602.593400] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1602.595136] Call Trace: [ 1602.595698] dump_stack+0x107/0x167 [ 1602.596112] FAULT_INJECTION: forcing a failure. [ 1602.596112] name failslab, interval 1, probability 0, space 0, times 0 [ 1602.596472] should_fail.cold+0x5/0xa [ 1602.596504] ? p9_fd_create+0x161/0x4a0 [ 1602.600712] should_failslab+0x5/0x20 [ 1602.601516] kmem_cache_alloc_trace+0x55/0x320 [ 1602.602478] p9_fd_create+0x161/0x4a0 [ 1602.603274] ? p9_conn_create+0x510/0x510 [ 1602.604140] ? p9_client_create+0x798/0x1230 [ 1602.605069] ? kfree+0xd7/0x340 [ 1602.605763] ? do_raw_spin_unlock+0x4f/0x220 [ 1602.606692] p9_client_create+0x7ff/0x1230 [ 1602.607585] ? p9_client_flush+0x430/0x430 [ 1602.608487] ? trace_hardirqs_on+0x5b/0x180 [ 1602.609401] ? lockdep_init_map_type+0x2c7/0x780 [ 1602.610397] ? __raw_spin_lock_init+0x36/0x110 [ 1602.611361] v9fs_session_init+0x1dd/0x1680 [ 1602.612287] ? kmem_cache_alloc_trace+0x151/0x320 [ 1602.613305] ? v9fs_show_options+0x690/0x690 [ 1602.614238] ? trace_hardirqs_on+0x5b/0x180 [ 1602.615149] ? kasan_unpoison_shadow+0x33/0x50 [ 1602.616108] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1602.617185] v9fs_mount+0x79/0x8f0 [ 1602.617931] ? v9fs_write_inode+0x60/0x60 [ 1602.618796] legacy_get_tree+0x105/0x220 [ 1602.619649] vfs_get_tree+0x8e/0x300 [ 1602.620437] path_mount+0x1490/0x21e0 [ 1602.621242] ? strncpy_from_user+0x9e/0x470 [ 1602.622147] ? finish_automount+0xa90/0xa90 [ 1602.623048] ? getname_flags.part.0+0x1dd/0x4f0 [ 1602.624028] ? _copy_from_user+0xfb/0x1b0 [ 1602.624909] __x64_sys_mount+0x282/0x300 [ 1602.625761] ? copy_mnt_ns+0xa00/0xa00 [ 1602.626579] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1602.627682] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1602.628782] do_syscall_64+0x33/0x40 [ 1602.629561] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1602.630642] RIP: 0033:0x7ff7dde24b19 [ 1602.631434] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1602.635310] RSP: 002b:00007ff7db39a188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1602.636919] RAX: ffffffffffffffda RBX: 00007ff7ddf37f60 RCX: 00007ff7dde24b19 [ 1602.638428] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1602.639926] RBP: 00007ff7db39a1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1602.641441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1602.642943] R13: 00007ffcd7e7b57f R14: 00007ff7db39a300 R15: 0000000000022000 [ 1602.644494] CPU: 1 PID: 8480 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 1602.646269] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1602.648424] Call Trace: [ 1602.649105] dump_stack+0x107/0x167 [ 1602.650048] should_fail.cold+0x5/0xa [ 1602.651023] should_failslab+0x5/0x20 [ 1602.652010] __kmalloc_track_caller+0x79/0x370 [ 1602.653206] ? match_number+0xaf/0x1d0 [ 1602.654215] kmemdup_nul+0x2d/0xa0 [ 1602.654962] match_number+0xaf/0x1d0 [ 1602.655929] ? match_u64+0x190/0x190 [ 1602.656736] ? __kmalloc_track_caller+0x2c6/0x370 [ 1602.657738] ? memcpy+0x39/0x60 [ 1602.658431] parse_opts.part.0+0x1f3/0x340 [ 1602.659305] ? p9_fd_show_options+0x1c0/0x1c0 [ 1602.660488] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1602.661580] ? trace_hardirqs_on+0x5b/0x180 [ 1602.662693] ? kfree+0xd7/0x340 [ 1602.663395] p9_fd_create+0x98/0x4a0 [ 1602.664370] ? p9_conn_create+0x510/0x510 [ 1602.665306] ? p9_client_create+0x798/0x1230 [ 1602.666437] ? kfree+0xd7/0x340 [ 1602.667121] ? do_raw_spin_unlock+0x4f/0x220 [ 1602.668036] p9_client_create+0x7ff/0x1230 [ 1602.668950] ? p9_client_flush+0x430/0x430 [ 1602.669825] ? trace_hardirqs_on+0x5b/0x180 [ 1602.670719] ? lockdep_init_map_type+0x2c7/0x780 [ 1602.671699] ? __raw_spin_lock_init+0x36/0x110 [ 1602.672653] v9fs_session_init+0x1dd/0x1680 [ 1602.673550] ? lock_release+0x680/0x680 [ 1602.674393] ? kmem_cache_alloc_trace+0x151/0x320 [ 1602.675385] ? v9fs_show_options+0x690/0x690 [ 1602.676325] ? trace_hardirqs_on+0x5b/0x180 [ 1602.677419] ? kasan_unpoison_shadow+0x33/0x50 [ 1602.678442] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1602.679748] v9fs_mount+0x79/0x8f0 [ 1602.680509] ? v9fs_write_inode+0x60/0x60 [ 1602.681366] legacy_get_tree+0x105/0x220 [ 1602.682416] vfs_get_tree+0x8e/0x300 [ 1602.683187] path_mount+0x1490/0x21e0 [ 1602.684169] ? strncpy_from_user+0x9e/0x470 [ 1602.685082] ? finish_automount+0xa90/0xa90 [ 1602.686003] ? getname_flags.part.0+0x1dd/0x4f0 [ 1602.687242] ? _copy_from_user+0xfb/0x1b0 [ 1602.688339] __x64_sys_mount+0x282/0x300 [ 1602.689184] ? copy_mnt_ns+0xa00/0xa00 [ 1602.690199] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1602.691294] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1602.692641] do_syscall_64+0x33/0x40 [ 1602.693416] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1602.694737] RIP: 0033:0x7fe30c5b6b19 [ 1602.695552] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1602.700300] RSP: 002b:00007fe309b2c188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1602.701871] RAX: ffffffffffffffda RBX: 00007fe30c6c9f60 RCX: 00007fe30c5b6b19 [ 1602.703334] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1602.704829] RBP: 00007fe309b2c1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1602.706315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1602.707782] R13: 00007ffddf17178f R14: 00007fe309b2c300 R15: 0000000000022000 12:40:11 executing program 5: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 33) [ 1602.723693] FAULT_INJECTION: forcing a failure. [ 1602.723693] name failslab, interval 1, probability 0, space 0, times 0 [ 1602.726124] CPU: 0 PID: 8488 Comm: syz-executor.3 Not tainted 5.10.246 #1 [ 1602.727596] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1602.729377] Call Trace: [ 1602.729947] dump_stack+0x107/0x167 [ 1602.730734] should_fail.cold+0x5/0xa [ 1602.731562] ? create_object.isra.0+0x3a/0xa30 [ 1602.732539] should_failslab+0x5/0x20 [ 1602.733339] kmem_cache_alloc+0x5b/0x310 [ 1602.734194] ? legacy_get_tree+0x105/0x220 [ 1602.735084] ? vfs_get_tree+0x8e/0x300 [ 1602.735906] create_object.isra.0+0x3a/0xa30 [ 1602.736848] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1602.737924] __kmalloc_track_caller+0x177/0x370 [ 1602.738913] ? parse_opts.part.0+0x8e/0x340 [ 1602.739825] kstrdup+0x36/0x70 [ 1602.740508] parse_opts.part.0+0x8e/0x340 [ 1602.741388] ? p9_fd_show_options+0x1c0/0x1c0 [ 1602.742341] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1602.743433] ? quarantine_put+0x8b/0x1a0 [ 1602.744288] ? trace_hardirqs_on+0x5b/0x180 [ 1602.745187] ? kfree+0xd7/0x340 [ 1602.745882] p9_fd_create+0x98/0x4a0 [ 1602.746655] ? p9_conn_create+0x510/0x510 [ 1602.747522] ? p9_client_create+0x798/0x1230 [ 1602.748443] ? kfree+0xd7/0x340 [ 1602.749126] ? do_raw_spin_unlock+0x4f/0x220 [ 1602.750035] p9_client_create+0x7ff/0x1230 [ 1602.750917] ? p9_client_flush+0x430/0x430 [ 1602.751798] ? trace_hardirqs_on+0x5b/0x180 [ 1602.752704] ? lockdep_init_map_type+0x2c7/0x780 [ 1602.753691] ? __raw_spin_lock_init+0x36/0x110 [ 1602.754649] v9fs_session_init+0x1dd/0x1680 [ 1602.755554] ? lock_release+0x680/0x680 [ 1602.756404] ? kmem_cache_alloc_trace+0x151/0x320 [ 1602.757402] ? v9fs_show_options+0x690/0x690 [ 1602.758317] ? trace_hardirqs_on+0x5b/0x180 [ 1602.759212] ? kasan_unpoison_shadow+0x33/0x50 [ 1602.760162] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1602.761222] v9fs_mount+0x79/0x8f0 [ 1602.761968] ? v9fs_write_inode+0x60/0x60 [ 1602.762832] legacy_get_tree+0x105/0x220 [ 1602.763676] vfs_get_tree+0x8e/0x300 [ 1602.764455] path_mount+0x1490/0x21e0 [ 1602.765252] ? strncpy_from_user+0x9e/0x470 [ 1602.765837] FAULT_INJECTION: forcing a failure. [ 1602.765837] name failslab, interval 1, probability 0, space 0, times 0 [ 1602.766159] ? finish_automount+0xa90/0xa90 [ 1602.769338] ? getname_flags.part.0+0x1dd/0x4f0 [ 1602.770306] ? _copy_from_user+0xfb/0x1b0 [ 1602.771175] __x64_sys_mount+0x282/0x300 [ 1602.772019] ? copy_mnt_ns+0xa00/0xa00 [ 1602.772846] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1602.773937] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1602.775010] do_syscall_64+0x33/0x40 [ 1602.775785] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1602.776864] RIP: 0033:0x7fd134c9eb19 [ 1602.777658] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1602.781500] RSP: 002b:00007fd132214188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1602.783094] RAX: ffffffffffffffda RBX: 00007fd134db1f60 RCX: 00007fd134c9eb19 [ 1602.784602] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1602.786097] RBP: 00007fd1322141d0 R08: 0000000020000280 R09: 0000000000000000 [ 1602.787589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1602.789095] R13: 00007ffe03f9a7cf R14: 00007fd132214300 R15: 0000000000022000 [ 1602.790610] CPU: 1 PID: 8493 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 1602.791279] 9pnet: Insufficient options for proto=fd [ 1602.792483] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1602.792490] Call Trace: [ 1602.792519] dump_stack+0x107/0x167 [ 1602.792547] should_fail.cold+0x5/0xa [ 1602.798261] ? create_object.isra.0+0x3a/0xa30 [ 1602.799215] should_failslab+0x5/0x20 [ 1602.800198] kmem_cache_alloc+0x5b/0x310 [ 1602.801288] ? p9_fd_show_options+0x1c0/0x1c0 [ 1602.802421] create_object.isra.0+0x3a/0xa30 [ 1602.803521] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1602.804788] kmem_cache_alloc_trace+0x151/0x320 [ 1602.805732] p9_fd_create+0x161/0x4a0 [ 1602.806500] ? p9_conn_create+0x510/0x510 [ 1602.807341] ? p9_client_create+0x798/0x1230 [ 1602.808237] ? kfree+0xd7/0x340 [ 1602.808906] ? do_raw_spin_unlock+0x4f/0x220 [ 1602.809802] p9_client_create+0x7ff/0x1230 [ 1602.810667] ? p9_client_flush+0x430/0x430 [ 1602.811541] ? trace_hardirqs_on+0x5b/0x180 [ 1602.812427] ? lockdep_init_map_type+0x2c7/0x780 [ 1602.813398] ? __raw_spin_lock_init+0x36/0x110 [ 1602.814335] v9fs_session_init+0x1dd/0x1680 [ 1602.815210] ? lock_release+0x680/0x680 [ 1602.816035] ? kmem_cache_alloc_trace+0x151/0x320 [ 1602.817028] ? v9fs_show_options+0x690/0x690 [ 1602.817935] ? trace_hardirqs_on+0x5b/0x180 [ 1602.818814] ? kasan_unpoison_shadow+0x33/0x50 [ 1602.819761] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1602.820809] v9fs_mount+0x79/0x8f0 [ 1602.821533] ? v9fs_write_inode+0x60/0x60 [ 1602.822375] legacy_get_tree+0x105/0x220 [ 1602.823216] vfs_get_tree+0x8e/0x300 [ 1602.823976] path_mount+0x1490/0x21e0 [ 1602.824767] ? strncpy_from_user+0x9e/0x470 [ 1602.825640] ? finish_automount+0xa90/0xa90 [ 1602.826526] ? getname_flags.part.0+0x1dd/0x4f0 [ 1602.827469] ? _copy_from_user+0xfb/0x1b0 [ 1602.828334] __x64_sys_mount+0x282/0x300 [ 1602.829163] ? copy_mnt_ns+0xa00/0xa00 [ 1602.829967] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1602.831033] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1602.832078] do_syscall_64+0x33/0x40 [ 1602.832844] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1602.833894] RIP: 0033:0x7ff7dde24b19 [ 1602.834652] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1602.838395] RSP: 002b:00007ff7db39a188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1602.839959] RAX: ffffffffffffffda RBX: 00007ff7ddf37f60 RCX: 00007ff7dde24b19 [ 1602.841432] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1602.842882] RBP: 00007ff7db39a1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1602.844354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1602.845805] R13: 00007ffcd7e7b57f R14: 00007ff7db39a300 R15: 0000000000022000 12:40:11 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 33) 12:40:11 executing program 6: socket$inet6_udplite(0xa, 0x2, 0x88) mq_open(0x0, 0x2, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 29) 12:40:11 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1030], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1602.926213] FAULT_INJECTION: forcing a failure. [ 1602.926213] name failslab, interval 1, probability 0, space 0, times 0 [ 1602.928578] CPU: 0 PID: 8499 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1602.929908] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1602.931534] Call Trace: [ 1602.932052] dump_stack+0x107/0x167 [ 1602.932777] should_fail.cold+0x5/0xa [ 1602.933527] ? create_object.isra.0+0x3a/0xa30 [ 1602.934434] should_failslab+0x5/0x20 [ 1602.935184] kmem_cache_alloc+0x5b/0x310 [ 1602.935979] ? p9_fd_show_options+0x1c0/0x1c0 [ 1602.936869] create_object.isra.0+0x3a/0xa30 [ 1602.937734] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1602.938751] kmem_cache_alloc_trace+0x151/0x320 [ 1602.939678] p9_fd_create+0x161/0x4a0 [ 1602.940439] ? p9_conn_create+0x510/0x510 [ 1602.941258] ? p9_client_create+0x798/0x1230 [ 1602.942130] ? kfree+0xd7/0x340 [ 1602.942776] ? do_raw_spin_unlock+0x4f/0x220 [ 1602.943657] p9_client_create+0x7ff/0x1230 [ 1602.944507] ? p9_client_flush+0x430/0x430 [ 1602.945353] ? trace_hardirqs_on+0x5b/0x180 [ 1602.946204] ? lockdep_init_map_type+0x2c7/0x780 [ 1602.947141] ? __raw_spin_lock_init+0x36/0x110 [ 1602.948059] v9fs_session_init+0x1dd/0x1680 [ 1602.948911] ? lock_release+0x680/0x680 [ 1602.949695] ? kmem_cache_alloc_trace+0x151/0x320 [ 1602.950633] ? v9fs_show_options+0x690/0x690 [ 1602.951493] ? trace_hardirqs_on+0x5b/0x180 [ 1602.952334] ? kasan_unpoison_shadow+0x33/0x50 [ 1602.953222] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1602.954216] v9fs_mount+0x79/0x8f0 [ 1602.954917] ? v9fs_write_inode+0x60/0x60 [ 1602.955734] legacy_get_tree+0x105/0x220 [ 1602.956531] vfs_get_tree+0x8e/0x300 [ 1602.957253] path_mount+0x1490/0x21e0 [ 1602.957993] ? strncpy_from_user+0x9e/0x470 [ 1602.958833] ? finish_automount+0xa90/0xa90 [ 1602.959676] ? getname_flags.part.0+0x1dd/0x4f0 [ 1602.960590] ? _copy_from_user+0xfb/0x1b0 [ 1602.961405] __x64_sys_mount+0x282/0x300 [ 1602.962191] ? copy_mnt_ns+0xa00/0xa00 [ 1602.962957] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1602.963976] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1602.965006] do_syscall_64+0x33/0x40 [ 1602.965729] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1602.966734] RIP: 0033:0x7f850d5eab19 [ 1602.967461] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1602.971039] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1602.972532] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1602.973906] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1602.975279] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1602.976667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1602.978034] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 [ 1602.999920] FAULT_INJECTION: forcing a failure. [ 1602.999920] name failslab, interval 1, probability 0, space 0, times 0 [ 1603.002660] CPU: 1 PID: 8497 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 1603.004327] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1603.006329] Call Trace: [ 1603.006973] dump_stack+0x107/0x167 [ 1603.007857] should_fail.cold+0x5/0xa [ 1603.008791] ? create_object.isra.0+0x3a/0xa30 [ 1603.009874] should_failslab+0x5/0x20 [ 1603.010788] kmem_cache_alloc+0x5b/0x310 [ 1603.011763] create_object.isra.0+0x3a/0xa30 [ 1603.012807] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1603.014010] __kmalloc_track_caller+0x177/0x370 [ 1603.015129] ? match_number+0xaf/0x1d0 [ 1603.016058] kmemdup_nul+0x2d/0xa0 [ 1603.016914] match_number+0xaf/0x1d0 [ 1603.017802] ? match_u64+0x190/0x190 [ 1603.018694] ? __kmalloc_track_caller+0x2c6/0x370 [ 1603.019842] ? memcpy+0x39/0x60 [ 1603.020639] parse_opts.part.0+0x1f3/0x340 [ 1603.021655] ? p9_fd_show_options+0x1c0/0x1c0 [ 1603.022730] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1603.023969] ? trace_hardirqs_on+0x5b/0x180 [ 1603.025005] ? kfree+0xd7/0x340 [ 1603.025795] p9_fd_create+0x98/0x4a0 [ 1603.026679] ? p9_conn_create+0x510/0x510 [ 1603.027656] ? p9_client_create+0x798/0x1230 [ 1603.028705] ? kfree+0xd7/0x340 [ 1603.029492] ? do_raw_spin_unlock+0x4f/0x220 [ 1603.030534] p9_client_create+0x7ff/0x1230 [ 1603.031558] ? p9_client_flush+0x430/0x430 [ 1603.032572] ? trace_hardirqs_on+0x5b/0x180 [ 1603.033598] ? lockdep_init_map_type+0x2c7/0x780 [ 1603.034730] ? __raw_spin_lock_init+0x36/0x110 [ 1603.035820] v9fs_session_init+0x1dd/0x1680 [ 1603.036847] ? lock_release+0x680/0x680 [ 1603.037808] ? kmem_cache_alloc_trace+0x151/0x320 [ 1603.038959] ? v9fs_show_options+0x690/0x690 [ 1603.040010] ? trace_hardirqs_on+0x5b/0x180 [ 1603.041058] ? kasan_unpoison_shadow+0x33/0x50 [ 1603.042144] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1603.043349] v9fs_mount+0x79/0x8f0 [ 1603.044209] ? v9fs_write_inode+0x60/0x60 [ 1603.045196] legacy_get_tree+0x105/0x220 [ 1603.046140] vfs_get_tree+0x8e/0x300 [ 1603.047022] path_mount+0x1490/0x21e0 [ 1603.047925] ? strncpy_from_user+0x9e/0x470 [ 1603.048955] ? finish_automount+0xa90/0xa90 [ 1603.049989] ? getname_flags.part.0+0x1dd/0x4f0 [ 1603.051101] ? _copy_from_user+0xfb/0x1b0 [ 1603.052090] __x64_sys_mount+0x282/0x300 [ 1603.053135] ? copy_mnt_ns+0xa00/0xa00 [ 1603.054335] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1603.055939] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1603.057489] do_syscall_64+0x33/0x40 [ 1603.058415] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1603.059667] RIP: 0033:0x7fe30c5b6b19 [ 1603.060603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1603.065190] RSP: 002b:00007fe309b2c188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1603.067019] RAX: ffffffffffffffda RBX: 00007fe30c6c9f60 RCX: 00007fe30c5b6b19 [ 1603.068746] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1603.070443] RBP: 00007fe309b2c1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1603.072151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1603.073866] R13: 00007ffddf17178f R14: 00007fe309b2c300 R15: 0000000000022000 [ 1618.489912] FAULT_INJECTION: forcing a failure. [ 1618.489912] name failslab, interval 1, probability 0, space 0, times 0 [ 1618.491263] CPU: 1 PID: 8513 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 1618.492058] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1618.493028] Call Trace: [ 1618.493347] dump_stack+0x107/0x167 [ 1618.493766] should_fail.cold+0x5/0xa [ 1618.494209] ? p9_client_prepare_req.part.0+0x3a/0xac0 [ 1618.494821] should_failslab+0x5/0x20 [ 1618.495261] kmem_cache_alloc+0x5b/0x310 [ 1618.495742] p9_client_prepare_req.part.0+0x3a/0xac0 [ 1618.496337] p9_client_rpc+0x220/0x1370 [ 1618.496819] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1618.497451] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1618.498069] ? pipe_poll+0x21b/0x800 [ 1618.498501] ? p9_fd_close+0x4a0/0x4a0 [ 1618.498958] ? wait_for_partner+0x3c0/0x3c0 [ 1618.499467] ? p9_fd_poll+0x1e0/0x2c0 [ 1618.499908] ? p9_fd_create+0x357/0x4a0 [ 1618.500376] ? p9_conn_create+0x510/0x510 [ 1618.500862] ? p9_client_create+0x798/0x1230 [ 1618.501379] ? kfree+0xd7/0x340 [ 1618.501758] ? do_raw_spin_unlock+0x4f/0x220 [ 1618.502271] p9_client_create+0xa76/0x1230 [ 1618.502768] ? p9_client_flush+0x430/0x430 [ 1618.503261] ? trace_hardirqs_on+0x5b/0x180 [ 1618.503763] ? lockdep_init_map_type+0x2c7/0x780 [ 1618.504316] ? __raw_spin_lock_init+0x36/0x110 [ 1618.504860] v9fs_session_init+0x1dd/0x1680 [ 1618.505365] ? lock_release+0x680/0x680 [ 1618.505826] ? kmem_cache_alloc_trace+0x151/0x320 [ 1618.506390] ? v9fs_show_options+0x690/0x690 [ 1618.506907] ? trace_hardirqs_on+0x5b/0x180 [ 1618.507411] ? kasan_unpoison_shadow+0x33/0x50 [ 1618.507941] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1618.508543] v9fs_mount+0x79/0x8f0 [ 1618.508954] ? v9fs_write_inode+0x60/0x60 [ 1618.509449] legacy_get_tree+0x105/0x220 [ 1618.509918] vfs_get_tree+0x8e/0x300 [ 1618.510356] path_mount+0x1490/0x21e0 [ 1618.510799] ? strncpy_from_user+0x9e/0x470 [ 1618.511299] ? finish_automount+0xa90/0xa90 [ 1618.511881] ? getname_flags.part.0+0x1dd/0x4f0 [ 1618.512442] ? _copy_from_user+0xfb/0x1b0 [ 1618.512926] __x64_sys_mount+0x282/0x300 [ 1618.513400] ? copy_mnt_ns+0xa00/0xa00 [ 1618.513850] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1618.514460] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1618.515053] do_syscall_64+0x33/0x40 [ 1618.515494] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1618.516083] RIP: 0033:0x7ff7dde24b19 [ 1618.516533] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1618.518674] RSP: 002b:00007ff7db39a188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1618.519554] RAX: ffffffffffffffda RBX: 00007ff7ddf37f60 RCX: 00007ff7dde24b19 [ 1618.520388] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1618.521221] RBP: 00007ff7db39a1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1618.522052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1618.522880] R13: 00007ffcd7e7b57f R14: 00007ff7db39a300 R15: 0000000000022000 [ 1618.529132] FAULT_INJECTION: forcing a failure. [ 1618.529132] name failslab, interval 1, probability 0, space 0, times 0 [ 1618.530480] CPU: 1 PID: 8522 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1618.531260] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1618.532220] Call Trace: [ 1618.532532] dump_stack+0x107/0x167 [ 1618.532949] should_fail.cold+0x5/0xa [ 1618.533389] ? p9_client_prepare_req.part.0+0x3a/0xac0 [ 1618.533997] should_failslab+0x5/0x20 [ 1618.534440] kmem_cache_alloc+0x5b/0x310 [ 1618.534911] p9_client_prepare_req.part.0+0x3a/0xac0 [ 1618.535498] p9_client_rpc+0x220/0x1370 [ 1618.535960] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1618.536583] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1618.537202] ? pipe_poll+0x21b/0x800 [ 1618.537630] ? p9_fd_close+0x4a0/0x4a0 [ 1618.538077] ? wait_for_partner+0x3c0/0x3c0 [ 1618.538573] ? p9_fd_poll+0x1e0/0x2c0 [ 1618.539016] ? p9_fd_create+0x357/0x4a0 [ 1618.539472] ? p9_conn_create+0x510/0x510 [ 1618.539949] ? p9_client_create+0x798/0x1230 [ 1618.540471] ? kfree+0xd7/0x340 [ 1618.540853] ? do_raw_spin_unlock+0x4f/0x220 [ 1618.541363] p9_client_create+0xa76/0x1230 [ 1618.541853] ? p9_client_flush+0x430/0x430 [ 1618.542346] ? trace_hardirqs_on+0x5b/0x180 [ 1618.542848] ? lockdep_init_map_type+0x2c7/0x780 [ 1618.543395] ? __raw_spin_lock_init+0x36/0x110 [ 1618.543928] v9fs_session_init+0x1dd/0x1680 [ 1618.544436] ? lock_release+0x680/0x680 [ 1618.544897] ? kmem_cache_alloc_trace+0x151/0x320 [ 1618.545462] ? v9fs_show_options+0x690/0x690 [ 1618.545974] ? trace_hardirqs_on+0x5b/0x180 [ 1618.546473] ? kasan_unpoison_shadow+0x33/0x50 [ 1618.546996] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1618.547581] v9fs_mount+0x79/0x8f0 [ 1618.547989] ? v9fs_write_inode+0x60/0x60 [ 1618.548475] legacy_get_tree+0x105/0x220 [ 1618.548944] vfs_get_tree+0x8e/0x300 [ 1618.549371] path_mount+0x1490/0x21e0 [ 1618.549811] ? strncpy_from_user+0x9e/0x470 [ 1618.550306] ? finish_automount+0xa90/0xa90 [ 1618.550812] ? getname_flags.part.0+0x1dd/0x4f0 [ 1618.551349] ? _copy_from_user+0xfb/0x1b0 [ 1618.551832] __x64_sys_mount+0x282/0x300 [ 1618.552303] ? copy_mnt_ns+0xa00/0xa00 [ 1618.552765] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1618.553366] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1618.553965] do_syscall_64+0x33/0x40 [ 1618.554399] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1618.554993] RIP: 0033:0x7f850d5eab19 [ 1618.555423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1618.557547] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1618.558426] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1618.559250] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1618.560071] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1618.560907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1618.561725] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 12:40:27 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1802], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:40:27 executing program 6: socket$inet6_udplite(0xa, 0x2, 0x88) mq_open(0x0, 0x2, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 30) 12:40:27 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1030], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:40:27 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 28) 12:40:27 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1545], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:40:27 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1802], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:40:27 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 34) 12:40:27 executing program 5: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 34) [ 1618.575771] FAULT_INJECTION: forcing a failure. [ 1618.575771] name failslab, interval 1, probability 0, space 0, times 0 [ 1618.578381] CPU: 0 PID: 8523 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 1618.579927] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1618.581810] Call Trace: [ 1618.582413] dump_stack+0x107/0x167 [ 1618.583239] should_fail.cold+0x5/0xa [ 1618.584103] should_failslab+0x5/0x20 [ 1618.584977] __kmalloc_track_caller+0x79/0x370 [ 1618.586011] ? match_number+0xaf/0x1d0 [ 1618.586888] ? kfree+0xd7/0x340 [ 1618.587635] kmemdup_nul+0x2d/0xa0 [ 1618.588456] match_number+0xaf/0x1d0 [ 1618.589301] ? match_u64+0x190/0x190 [ 1618.590147] ? __kmalloc_track_caller+0x2c6/0x370 [ 1618.591236] ? memcpy+0x39/0x60 [ 1618.591987] parse_opts.part.0+0x1f3/0x340 [ 1618.592957] ? p9_fd_show_options+0x1c0/0x1c0 [ 1618.593983] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1618.595172] ? trace_hardirqs_on+0x5b/0x180 [ 1618.596150] ? kfree+0xd7/0x340 [ 1618.596911] p9_fd_create+0x98/0x4a0 [ 1618.597752] ? p9_conn_create+0x510/0x510 [ 1618.598686] ? p9_client_create+0x798/0x1230 [ 1618.599683] ? kfree+0xd7/0x340 [ 1618.600434] ? do_raw_spin_unlock+0x4f/0x220 [ 1618.601432] p9_client_create+0x7ff/0x1230 [ 1618.602394] ? p9_client_flush+0x430/0x430 [ 1618.603351] ? trace_hardirqs_on+0x5b/0x180 [ 1618.604327] ? lockdep_init_map_type+0x2c7/0x780 [ 1618.605409] ? __raw_spin_lock_init+0x36/0x110 [ 1618.606449] v9fs_session_init+0x1dd/0x1680 [ 1618.607443] ? lock_release+0x680/0x680 [ 1618.608350] ? kmem_cache_alloc_trace+0x151/0x320 [ 1618.609472] ? v9fs_show_options+0x690/0x690 [ 1618.610477] ? trace_hardirqs_on+0x5b/0x180 [ 1618.611474] ? kasan_unpoison_shadow+0x33/0x50 [ 1618.612521] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1618.613696] v9fs_mount+0x79/0x8f0 [ 1618.614502] ? v9fs_write_inode+0x60/0x60 [ 1618.615454] legacy_get_tree+0x105/0x220 [ 1618.616375] vfs_get_tree+0x8e/0x300 [ 1618.617247] path_mount+0x1490/0x21e0 [ 1618.618209] ? strncpy_from_user+0x9e/0x470 [ 1618.619203] ? finish_automount+0xa90/0xa90 [ 1618.620179] ? getname_flags.part.0+0x1dd/0x4f0 [ 1618.621266] ? _copy_from_user+0xfb/0x1b0 [ 1618.622208] __x64_sys_mount+0x282/0x300 [ 1618.623147] ? copy_mnt_ns+0xa00/0xa00 [ 1618.624035] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1618.625256] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1618.626422] do_syscall_64+0x33/0x40 [ 1618.627281] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1618.628453] RIP: 0033:0x7fe30c5b6b19 [ 1618.629317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1618.633505] RSP: 002b:00007fe309b2c188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1618.635284] RAX: ffffffffffffffda RBX: 00007fe30c6c9f60 RCX: 00007fe30c5b6b19 [ 1618.636491] FAULT_INJECTION: forcing a failure. [ 1618.636491] name failslab, interval 1, probability 0, space 0, times 0 [ 1618.636928] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1618.639838] RBP: 00007fe309b2c1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1618.641457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1618.643108] R13: 00007ffddf17178f R14: 00007fe309b2c300 R15: 0000000000022000 [ 1618.644752] CPU: 1 PID: 8525 Comm: syz-executor.3 Not tainted 5.10.246 #1 [ 1618.645034] 9pnet: Insufficient options for proto=fd [ 1618.645542] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1618.645545] Call Trace: [ 1618.645558] dump_stack+0x107/0x167 [ 1618.645577] should_fail.cold+0x5/0xa [ 1618.648775] should_failslab+0x5/0x20 [ 1618.649213] __kmalloc_track_caller+0x79/0x370 [ 1618.649767] ? match_number+0xaf/0x1d0 [ 1618.650219] kmemdup_nul+0x2d/0xa0 [ 1618.650637] match_number+0xaf/0x1d0 [ 1618.651063] ? match_u64+0x190/0x190 [ 1618.651485] ? __kmalloc_track_caller+0x2c6/0x370 [ 1618.652034] ? memcpy+0x39/0x60 [ 1618.652421] parse_opts.part.0+0x1f3/0x340 [ 1618.652907] ? p9_fd_show_options+0x1c0/0x1c0 [ 1618.653416] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1618.654013] ? trace_hardirqs_on+0x5b/0x180 [ 1618.654513] ? kfree+0xd7/0x340 [ 1618.654893] p9_fd_create+0x98/0x4a0 [ 1618.655314] ? p9_conn_create+0x510/0x510 [ 1618.655788] ? p9_client_create+0x798/0x1230 [ 1618.656291] ? kfree+0xd7/0x340 [ 1618.656679] ? do_raw_spin_unlock+0x4f/0x220 [ 1618.657179] p9_client_create+0x7ff/0x1230 [ 1618.657664] ? p9_client_flush+0x430/0x430 [ 1618.658149] ? trace_hardirqs_on+0x5b/0x180 [ 1618.658643] ? lockdep_init_map_type+0x2c7/0x780 [ 1618.659180] ? __raw_spin_lock_init+0x36/0x110 [ 1618.659706] v9fs_session_init+0x1dd/0x1680 [ 1618.660197] ? lock_release+0x680/0x680 [ 1618.660666] ? kmem_cache_alloc_trace+0x151/0x320 [ 1618.661225] ? v9fs_show_options+0x690/0x690 [ 1618.661730] ? trace_hardirqs_on+0x5b/0x180 [ 1618.662218] ? kasan_unpoison_shadow+0x33/0x50 [ 1618.662741] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1618.663326] v9fs_mount+0x79/0x8f0 [ 1618.663732] ? v9fs_write_inode+0x60/0x60 [ 1618.664215] legacy_get_tree+0x105/0x220 [ 1618.664695] vfs_get_tree+0x8e/0x300 [ 1618.665125] path_mount+0x1490/0x21e0 [ 1618.665562] ? strncpy_from_user+0x9e/0x470 [ 1618.666051] ? finish_automount+0xa90/0xa90 [ 1618.666543] ? getname_flags.part.0+0x1dd/0x4f0 [ 1618.667076] ? _copy_from_user+0xfb/0x1b0 [ 1618.667554] __x64_sys_mount+0x282/0x300 [ 1618.668018] ? copy_mnt_ns+0xa00/0xa00 [ 1618.668475] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1618.669071] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1618.669661] do_syscall_64+0x33/0x40 [ 1618.670089] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1618.670673] RIP: 0033:0x7fd134c9eb19 [ 1618.671109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1618.673228] RSP: 002b:00007fd132214188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1618.674097] RAX: ffffffffffffffda RBX: 00007fd134db1f60 RCX: 00007fd134c9eb19 [ 1618.674907] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1618.675720] RBP: 00007fd1322141d0 R08: 0000000020000280 R09: 0000000000000000 [ 1618.676545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1618.677374] R13: 00007ffe03f9a7cf R14: 00007fd132214300 R15: 0000000000022000 [ 1618.714592] 9pnet: Insufficient options for proto=fd 12:40:40 executing program 5: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 35) 12:40:40 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1931], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:40:40 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1802], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:40:40 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1802], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:40:40 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 35) 12:40:40 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1545], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:40:40 executing program 6: socket$inet6_udplite(0xa, 0x2, 0x88) mq_open(0x0, 0x2, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 31) 12:40:40 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 29) [ 1631.848863] FAULT_INJECTION: forcing a failure. [ 1631.848863] name failslab, interval 1, probability 0, space 0, times 0 [ 1631.851385] CPU: 0 PID: 8545 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1631.852834] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1631.854577] Call Trace: [ 1631.855132] dump_stack+0x107/0x167 [ 1631.855894] should_fail.cold+0x5/0xa [ 1631.856704] ? create_object.isra.0+0x3a/0xa30 [ 1631.857657] should_failslab+0x5/0x20 [ 1631.858455] kmem_cache_alloc+0x5b/0x310 [ 1631.859309] create_object.isra.0+0x3a/0xa30 [ 1631.860227] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1631.861305] kmem_cache_alloc+0x159/0x310 [ 1631.862181] p9_client_prepare_req.part.0+0x3a/0xac0 [ 1631.863256] p9_client_rpc+0x220/0x1370 [ 1631.864095] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1631.865223] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1631.866348] ? pipe_poll+0x21b/0x800 [ 1631.866839] FAULT_INJECTION: forcing a failure. [ 1631.866839] name failslab, interval 1, probability 0, space 0, times 0 [ 1631.867138] ? p9_fd_close+0x4a0/0x4a0 [ 1631.867160] ? wait_for_partner+0x3c0/0x3c0 [ 1631.870189] ? p9_fd_poll+0x1e0/0x2c0 [ 1631.870994] ? p9_fd_create+0x357/0x4a0 [ 1631.871829] ? p9_conn_create+0x510/0x510 [ 1631.872697] ? p9_client_create+0x798/0x1230 [ 1631.873608] ? kfree+0xd7/0x340 [ 1631.874299] ? do_raw_spin_unlock+0x4f/0x220 [ 1631.875229] p9_client_create+0xa76/0x1230 [ 1631.876121] ? p9_client_flush+0x430/0x430 [ 1631.877015] ? trace_hardirqs_on+0x5b/0x180 [ 1631.877921] ? lockdep_init_map_type+0x2c7/0x780 [ 1631.878909] ? __raw_spin_lock_init+0x36/0x110 [ 1631.879877] v9fs_session_init+0x1dd/0x1680 [ 1631.880792] ? lock_release+0x680/0x680 [ 1631.881640] ? kmem_cache_alloc_trace+0x151/0x320 [ 1631.882647] ? v9fs_show_options+0x690/0x690 [ 1631.883584] ? trace_hardirqs_on+0x5b/0x180 [ 1631.884487] ? kasan_unpoison_shadow+0x33/0x50 [ 1631.885452] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1631.886519] v9fs_mount+0x79/0x8f0 [ 1631.887261] ? v9fs_write_inode+0x60/0x60 [ 1631.888118] legacy_get_tree+0x105/0x220 [ 1631.888979] vfs_get_tree+0x8e/0x300 [ 1631.889771] path_mount+0x1490/0x21e0 [ 1631.890575] ? strncpy_from_user+0x9e/0x470 [ 1631.891482] ? finish_automount+0xa90/0xa90 [ 1631.892504] ? getname_flags.part.0+0x1dd/0x4f0 [ 1631.893616] ? _copy_from_user+0xfb/0x1b0 [ 1631.894607] __x64_sys_mount+0x282/0x300 [ 1631.895561] ? copy_mnt_ns+0xa00/0xa00 [ 1631.896494] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1631.897756] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1631.898980] do_syscall_64+0x33/0x40 [ 1631.899864] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1631.901090] RIP: 0033:0x7f850d5eab19 [ 1631.901972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1631.906350] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1631.908159] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1631.909854] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1631.911538] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1631.913221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1631.914909] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 [ 1631.916615] CPU: 1 PID: 8543 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 1631.917433] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1631.918409] Call Trace: [ 1631.918723] dump_stack+0x107/0x167 [ 1631.919156] should_fail.cold+0x5/0xa [ 1631.919612] ? create_object.isra.0+0x3a/0xa30 [ 1631.920152] should_failslab+0x5/0x20 [ 1631.920615] kmem_cache_alloc+0x5b/0x310 [ 1631.921097] ? p9_fd_show_options+0x1c0/0x1c0 [ 1631.921635] create_object.isra.0+0x3a/0xa30 [ 1631.922166] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1631.922782] kmem_cache_alloc_trace+0x151/0x320 [ 1631.923335] p9_fd_create+0x161/0x4a0 [ 1631.923793] ? p9_conn_create+0x510/0x510 [ 1631.924279] ? p9_client_create+0x798/0x1230 [ 1631.924809] ? kfree+0xd7/0x340 [ 1631.925201] ? do_raw_spin_unlock+0x4f/0x220 [ 1631.925736] p9_client_create+0x7ff/0x1230 [ 1631.926243] ? p9_client_flush+0x430/0x430 [ 1631.926741] ? trace_hardirqs_on+0x5b/0x180 [ 1631.927258] ? lockdep_init_map_type+0x2c7/0x780 [ 1631.927817] ? __raw_spin_lock_init+0x36/0x110 [ 1631.928358] v9fs_session_init+0x1dd/0x1680 [ 1631.928872] ? lock_release+0x680/0x680 [ 1631.929349] ? kmem_cache_alloc_trace+0x151/0x320 [ 1631.929916] ? v9fs_show_options+0x690/0x690 [ 1631.930437] ? trace_hardirqs_on+0x5b/0x180 [ 1631.930947] ? kasan_unpoison_shadow+0x33/0x50 [ 1631.931483] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1631.932080] v9fs_mount+0x79/0x8f0 [ 1631.932497] ? v9fs_write_inode+0x60/0x60 [ 1631.932997] legacy_get_tree+0x105/0x220 [ 1631.933481] vfs_get_tree+0x8e/0x300 [ 1631.933917] path_mount+0x1490/0x21e0 [ 1631.934368] ? strncpy_from_user+0x9e/0x470 [ 1631.934874] ? finish_automount+0xa90/0xa90 [ 1631.935382] ? getname_flags.part.0+0x1dd/0x4f0 [ 1631.935929] ? _copy_from_user+0xfb/0x1b0 [ 1631.936419] __x64_sys_mount+0x282/0x300 [ 1631.936911] ? copy_mnt_ns+0xa00/0xa00 [ 1631.937371] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1631.937991] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1631.938597] do_syscall_64+0x33/0x40 [ 1631.939036] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1631.939645] RIP: 0033:0x7ff7dde24b19 [ 1631.940083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1631.942241] RSP: 002b:00007ff7db39a188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1631.943140] RAX: ffffffffffffffda RBX: 00007ff7ddf37f60 RCX: 00007ff7dde24b19 [ 1631.943977] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1631.944822] RBP: 00007ff7db39a1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1631.945665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1631.946502] R13: 00007ffcd7e7b57f R14: 00007ff7db39a300 R15: 0000000000022000 [ 1631.948827] FAULT_INJECTION: forcing a failure. [ 1631.948827] name failslab, interval 1, probability 0, space 0, times 0 [ 1631.951465] CPU: 0 PID: 8547 Comm: syz-executor.3 Not tainted 5.10.246 #1 [ 1631.953066] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1631.954978] Call Trace: [ 1631.955589] dump_stack+0x107/0x167 [ 1631.956428] should_fail.cold+0x5/0xa [ 1631.957319] should_failslab+0x5/0x20 [ 1631.958195] __kmalloc_track_caller+0x79/0x370 [ 1631.959247] ? match_number+0xaf/0x1d0 [ 1631.960147] kmemdup_nul+0x2d/0xa0 [ 1631.960982] match_number+0xaf/0x1d0 [ 1631.961857] ? match_u64+0x190/0x190 [ 1631.962716] ? __kmalloc_track_caller+0x2c6/0x370 [ 1631.963838] ? memcpy+0x39/0x60 [ 1631.964617] parse_opts.part.0+0x1f3/0x340 [ 1631.965595] ? p9_fd_show_options+0x1c0/0x1c0 [ 1631.966630] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1631.967829] ? trace_hardirqs_on+0x5b/0x180 [ 1631.968827] ? kfree+0xd7/0x340 [ 1631.969590] p9_fd_create+0x98/0x4a0 [ 1631.970445] ? p9_conn_create+0x510/0x510 [ 1631.971394] ? p9_client_create+0x798/0x1230 [ 1631.972398] ? kfree+0xd7/0x340 [ 1631.973158] ? do_raw_spin_unlock+0x4f/0x220 [ 1631.974171] p9_client_create+0x7ff/0x1230 [ 1631.975146] ? p9_client_flush+0x430/0x430 [ 1631.976122] ? trace_hardirqs_on+0x5b/0x180 [ 1631.977125] ? lockdep_init_map_type+0x2c7/0x780 [ 1631.978215] ? __raw_spin_lock_init+0x36/0x110 [ 1631.979268] v9fs_session_init+0x1dd/0x1680 [ 1631.980266] ? lock_release+0x680/0x680 [ 1631.981193] ? kmem_cache_alloc_trace+0x151/0x320 [ 1631.982290] ? v9fs_show_options+0x690/0x690 [ 1631.983297] ? trace_hardirqs_on+0x5b/0x180 [ 1631.984284] ? kasan_unpoison_shadow+0x33/0x50 [ 1631.985331] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1631.986483] v9fs_mount+0x79/0x8f0 [ 1631.987300] ? v9fs_write_inode+0x60/0x60 [ 1631.988237] legacy_get_tree+0x105/0x220 [ 1631.989165] vfs_get_tree+0x8e/0x300 [ 1631.990021] path_mount+0x1490/0x21e0 [ 1631.990890] ? strncpy_from_user+0x9e/0x470 [ 1631.991868] ? finish_automount+0xa90/0xa90 [ 1631.992857] ? getname_flags.part.0+0x1dd/0x4f0 [ 1631.993911] ? _copy_from_user+0xfb/0x1b0 [ 1631.994859] __x64_sys_mount+0x282/0x300 [ 1631.995777] ? copy_mnt_ns+0xa00/0xa00 [ 1631.996685] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1631.997873] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1631.999040] do_syscall_64+0x33/0x40 [ 1631.999847] FAULT_INJECTION: forcing a failure. [ 1631.999847] name failslab, interval 1, probability 0, space 0, times 0 [ 1631.999883] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1632.002297] RIP: 0033:0x7fd134c9eb19 [ 1632.003137] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1632.007283] RSP: 002b:00007fd132214188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1632.009015] RAX: ffffffffffffffda RBX: 00007fd134db1f60 RCX: 00007fd134c9eb19 [ 1632.010635] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1632.012253] RBP: 00007fd1322141d0 R08: 0000000020000280 R09: 0000000000000000 [ 1632.013884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1632.015486] R13: 00007ffe03f9a7cf R14: 00007fd132214300 R15: 0000000000022000 [ 1632.017119] CPU: 1 PID: 8557 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 1632.017902] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1632.018852] Call Trace: [ 1632.019156] dump_stack+0x107/0x167 [ 1632.019575] should_fail.cold+0x5/0xa [ 1632.020009] ? create_object.isra.0+0x3a/0xa30 [ 1632.020524] should_failslab+0x5/0x20 [ 1632.020966] kmem_cache_alloc+0x5b/0x310 [ 1632.021428] create_object.isra.0+0x3a/0xa30 [ 1632.021928] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1632.022510] __kmalloc_track_caller+0x177/0x370 [ 1632.023038] ? match_number+0xaf/0x1d0 [ 1632.023479] kmemdup_nul+0x2d/0xa0 [ 1632.023886] match_number+0xaf/0x1d0 [ 1632.024314] ? match_u64+0x190/0x190 [ 1632.024755] ? __kmalloc_track_caller+0x2c6/0x370 [ 1632.025299] ? memcpy+0x39/0x60 [ 1632.025676] parse_opts.part.0+0x1f3/0x340 [ 1632.026157] ? p9_fd_show_options+0x1c0/0x1c0 [ 1632.026668] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1632.027262] ? trace_hardirqs_on+0x5b/0x180 [ 1632.027753] ? kfree+0xd7/0x340 [ 1632.028131] p9_fd_create+0x98/0x4a0 [ 1632.028560] ? p9_conn_create+0x510/0x510 [ 1632.029031] ? p9_client_create+0x798/0x1230 [ 1632.029533] ? kfree+0xd7/0x340 [ 1632.029908] ? do_raw_spin_unlock+0x4f/0x220 [ 1632.030412] p9_client_create+0x7ff/0x1230 [ 1632.030895] ? p9_client_flush+0x430/0x430 [ 1632.031373] ? trace_hardirqs_on+0x5b/0x180 [ 1632.031867] ? lockdep_init_map_type+0x2c7/0x780 [ 1632.032411] ? __raw_spin_lock_init+0x36/0x110 [ 1632.032941] v9fs_session_init+0x1dd/0x1680 [ 1632.033435] ? lock_release+0x680/0x680 [ 1632.033719] 9pnet: Insufficient options for proto=fd [ 1632.033895] ? kmem_cache_alloc_trace+0x151/0x320 [ 1632.035569] ? v9fs_show_options+0x690/0x690 [ 1632.036077] ? trace_hardirqs_on+0x5b/0x180 [ 1632.036574] ? kasan_unpoison_shadow+0x33/0x50 [ 1632.037091] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1632.037668] v9fs_mount+0x79/0x8f0 [ 1632.038074] ? v9fs_write_inode+0x60/0x60 [ 1632.038542] legacy_get_tree+0x105/0x220 [ 1632.039009] vfs_get_tree+0x8e/0x300 [ 1632.039431] path_mount+0x1490/0x21e0 [ 1632.039870] ? strncpy_from_user+0x9e/0x470 [ 1632.040361] ? finish_automount+0xa90/0xa90 [ 1632.040870] ? getname_flags.part.0+0x1dd/0x4f0 [ 1632.041398] ? _copy_from_user+0xfb/0x1b0 [ 1632.041873] __x64_sys_mount+0x282/0x300 [ 1632.042334] ? copy_mnt_ns+0xa00/0xa00 [ 1632.042780] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1632.043374] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1632.043967] do_syscall_64+0x33/0x40 [ 1632.044388] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1632.044981] RIP: 0033:0x7fe30c5b6b19 [ 1632.045405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1632.047504] RSP: 002b:00007fe309b0b188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1632.048365] RAX: ffffffffffffffda RBX: 00007fe30c6ca020 RCX: 00007fe30c5b6b19 [ 1632.049177] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1632.049988] RBP: 00007fe309b0b1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1632.050795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1632.051602] R13: 00007ffddf17178f R14: 00007fe309b0b300 R15: 0000000000022000 12:40:41 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1931], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:40:41 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 30) 12:40:41 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1545], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:40:41 executing program 5: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 36) 12:40:41 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1802], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1632.178580] FAULT_INJECTION: forcing a failure. [ 1632.178580] name failslab, interval 1, probability 0, space 0, times 0 [ 1632.179898] CPU: 1 PID: 8562 Comm: syz-executor.3 Not tainted 5.10.246 #1 [ 1632.180685] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1632.181633] Call Trace: [ 1632.181942] dump_stack+0x107/0x167 [ 1632.182358] should_fail.cold+0x5/0xa [ 1632.182801] should_failslab+0x5/0x20 [ 1632.183241] __kmalloc_track_caller+0x79/0x370 [ 1632.183770] ? match_number+0xaf/0x1d0 [ 1632.184222] kmemdup_nul+0x2d/0xa0 [ 1632.184639] match_number+0xaf/0x1d0 [ 1632.185070] ? match_u64+0x190/0x190 [ 1632.185494] ? __kmalloc_track_caller+0x2c6/0x370 [ 1632.186048] ? memcpy+0x39/0x60 [ 1632.186431] parse_opts.part.0+0x1f3/0x340 [ 1632.186911] ? p9_fd_show_options+0x1c0/0x1c0 [ 1632.187436] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1632.188036] ? trace_hardirqs_on+0x5b/0x180 [ 1632.188530] ? kfree+0xd7/0x340 [ 1632.188916] p9_fd_create+0x98/0x4a0 [ 1632.189341] ? p9_conn_create+0x510/0x510 [ 1632.189811] ? p9_client_create+0x798/0x1230 [ 1632.190313] ? kfree+0xd7/0x340 [ 1632.190690] ? do_raw_spin_unlock+0x4f/0x220 [ 1632.191195] p9_client_create+0x7ff/0x1230 [ 1632.191682] ? p9_client_flush+0x430/0x430 [ 1632.192166] ? trace_hardirqs_on+0x5b/0x180 [ 1632.192672] ? lockdep_init_map_type+0x2c7/0x780 [ 1632.193212] ? __raw_spin_lock_init+0x36/0x110 [ 1632.193739] v9fs_session_init+0x1dd/0x1680 [ 1632.194228] ? lock_release+0x680/0x680 [ 1632.194690] ? kmem_cache_alloc_trace+0x151/0x320 [ 1632.195238] ? v9fs_show_options+0x690/0x690 [ 1632.195747] ? trace_hardirqs_on+0x5b/0x180 [ 1632.196245] ? kasan_unpoison_shadow+0x33/0x50 [ 1632.196773] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1632.197354] v9fs_mount+0x79/0x8f0 [ 1632.197758] ? v9fs_write_inode+0x60/0x60 [ 1632.198234] legacy_get_tree+0x105/0x220 [ 1632.198700] vfs_get_tree+0x8e/0x300 [ 1632.199133] path_mount+0x1490/0x21e0 [ 1632.199573] ? strncpy_from_user+0x9e/0x470 [ 1632.200062] ? finish_automount+0xa90/0xa90 [ 1632.200562] ? getname_flags.part.0+0x1dd/0x4f0 [ 1632.201095] ? _copy_from_user+0xfb/0x1b0 [ 1632.201570] __x64_sys_mount+0x282/0x300 [ 1632.202037] ? copy_mnt_ns+0xa00/0xa00 [ 1632.202485] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1632.203081] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1632.203672] do_syscall_64+0x33/0x40 [ 1632.204101] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1632.204695] RIP: 0033:0x7fd134c9eb19 [ 1632.205124] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1632.207231] RSP: 002b:00007fd132214188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1632.208107] RAX: ffffffffffffffda RBX: 00007fd134db1f60 RCX: 00007fd134c9eb19 [ 1632.208935] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1632.209755] RBP: 00007fd1322141d0 R08: 0000000020000280 R09: 0000000000000000 [ 1632.210578] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1632.211396] R13: 00007ffe03f9a7cf R14: 00007fd132214300 R15: 0000000000022000 12:40:41 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1545], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:40:41 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 36) 12:40:41 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1931], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1632.257165] FAULT_INJECTION: forcing a failure. [ 1632.257165] name failslab, interval 1, probability 0, space 0, times 0 [ 1632.259886] CPU: 0 PID: 8565 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 1632.261450] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1632.263326] Call Trace: [ 1632.263929] dump_stack+0x107/0x167 [ 1632.264772] should_fail.cold+0x5/0xa [ 1632.265640] ? p9_fcall_init+0x97/0x290 [ 1632.266544] should_failslab+0x5/0x20 [ 1632.266985] 9pnet: Insufficient options for proto=fd [ 1632.267405] __kmalloc+0x72/0x390 [ 1632.267433] p9_fcall_init+0x97/0x290 [ 1632.269640] p9_client_prepare_req.part.0+0x8c/0xac0 [ 1632.270799] p9_client_rpc+0x220/0x1370 [ 1632.271710] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1632.272915] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1632.274127] ? pipe_poll+0x21b/0x800 [ 1632.274966] ? p9_fd_close+0x4a0/0x4a0 [ 1632.275852] ? wait_for_partner+0x3c0/0x3c0 [ 1632.276842] ? p9_fd_poll+0x1e0/0x2c0 [ 1632.277707] ? p9_fd_create+0x357/0x4a0 [ 1632.278607] ? p9_conn_create+0x510/0x510 [ 1632.279547] ? p9_client_create+0x798/0x1230 [ 1632.280555] ? kfree+0xd7/0x340 [ 1632.281294] ? do_raw_spin_unlock+0x4f/0x220 [ 1632.282289] p9_client_create+0xa76/0x1230 [ 1632.283255] ? p9_client_flush+0x430/0x430 [ 1632.284210] ? trace_hardirqs_on+0x5b/0x180 [ 1632.285203] ? lockdep_init_map_type+0x2c7/0x780 [ 1632.286271] ? __raw_spin_lock_init+0x36/0x110 [ 1632.287310] v9fs_session_init+0x1dd/0x1680 [ 1632.288284] ? lock_release+0x680/0x680 [ 1632.289202] ? kmem_cache_alloc_trace+0x151/0x320 [ 1632.290289] ? v9fs_show_options+0x690/0x690 [ 1632.291286] ? trace_hardirqs_on+0x5b/0x180 [ 1632.292261] ? kasan_unpoison_shadow+0x33/0x50 [ 1632.293300] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1632.294448] v9fs_mount+0x79/0x8f0 [ 1632.295251] ? v9fs_write_inode+0x60/0x60 [ 1632.296176] legacy_get_tree+0x105/0x220 [ 1632.297105] vfs_get_tree+0x8e/0x300 [ 1632.297940] path_mount+0x1490/0x21e0 [ 1632.298803] ? strncpy_from_user+0x9e/0x470 [ 1632.299805] ? finish_automount+0xa90/0xa90 [ 1632.300839] ? getname_flags.part.0+0x1dd/0x4f0 [ 1632.301884] ? _copy_from_user+0xfb/0x1b0 [ 1632.302826] __x64_sys_mount+0x282/0x300 [ 1632.303739] ? copy_mnt_ns+0xa00/0xa00 [ 1632.304631] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1632.305811] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1632.306982] do_syscall_64+0x33/0x40 [ 1632.307823] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1632.308994] RIP: 0033:0x7ff7dde24b19 [ 1632.309831] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1632.313994] RSP: 002b:00007ff7db39a188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1632.315711] RAX: ffffffffffffffda RBX: 00007ff7ddf37f60 RCX: 00007ff7dde24b19 [ 1632.317332] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1632.318931] RBP: 00007ff7db39a1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1632.320526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1632.322141] R13: 00007ffcd7e7b57f R14: 00007ff7db39a300 R15: 0000000000022000 [ 1632.358293] FAULT_INJECTION: forcing a failure. [ 1632.358293] name failslab, interval 1, probability 0, space 0, times 0 [ 1632.359633] CPU: 1 PID: 8574 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1632.360409] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1632.361355] Call Trace: [ 1632.361663] dump_stack+0x107/0x167 [ 1632.362078] should_fail.cold+0x5/0xa [ 1632.362515] ? p9_fcall_init+0x97/0x290 [ 1632.362971] should_failslab+0x5/0x20 [ 1632.363408] __kmalloc+0x72/0x390 [ 1632.363811] p9_fcall_init+0x97/0x290 [ 1632.364246] p9_client_prepare_req.part.0+0x8c/0xac0 [ 1632.364834] p9_client_rpc+0x220/0x1370 [ 1632.365292] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1632.365892] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1632.366507] ? pipe_poll+0x21b/0x800 [ 1632.366937] ? p9_fd_close+0x4a0/0x4a0 [ 1632.367383] ? wait_for_partner+0x3c0/0x3c0 [ 1632.367879] ? p9_fd_poll+0x1e0/0x2c0 [ 1632.368315] ? p9_fd_create+0x357/0x4a0 [ 1632.368779] ? p9_conn_create+0x510/0x510 [ 1632.369251] ? p9_client_create+0x798/0x1230 [ 1632.369759] ? kfree+0xd7/0x340 [ 1632.370136] ? do_raw_spin_unlock+0x4f/0x220 [ 1632.370638] p9_client_create+0xa76/0x1230 [ 1632.371126] ? p9_client_flush+0x430/0x430 [ 1632.371613] ? trace_hardirqs_on+0x5b/0x180 [ 1632.372108] ? lockdep_init_map_type+0x2c7/0x780 [ 1632.372661] ? __raw_spin_lock_init+0x36/0x110 [ 1632.373194] v9fs_session_init+0x1dd/0x1680 [ 1632.373690] ? lock_release+0x680/0x680 [ 1632.374157] ? kmem_cache_alloc_trace+0x151/0x320 [ 1632.374708] ? v9fs_show_options+0x690/0x690 [ 1632.375222] ? trace_hardirqs_on+0x5b/0x180 [ 1632.375715] ? kasan_unpoison_shadow+0x33/0x50 [ 1632.376239] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1632.376837] v9fs_mount+0x79/0x8f0 [ 1632.377250] ? v9fs_write_inode+0x60/0x60 [ 1632.377724] legacy_get_tree+0x105/0x220 [ 1632.378195] vfs_get_tree+0x8e/0x300 [ 1632.378622] path_mount+0x1490/0x21e0 [ 1632.379067] ? strncpy_from_user+0x9e/0x470 [ 1632.379567] ? finish_automount+0xa90/0xa90 [ 1632.380063] ? getname_flags.part.0+0x1dd/0x4f0 [ 1632.380602] ? _copy_from_user+0xfb/0x1b0 [ 1632.381077] __x64_sys_mount+0x282/0x300 [ 1632.381542] ? copy_mnt_ns+0xa00/0xa00 [ 1632.381989] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1632.382599] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1632.383189] do_syscall_64+0x33/0x40 [ 1632.383616] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1632.384202] RIP: 0033:0x7f850d5eab19 [ 1632.384635] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1632.386738] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1632.387606] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1632.388423] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1632.389247] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1632.390061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1632.390875] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 12:40:41 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 31) 12:40:41 executing program 6: socket$inet6_udplite(0xa, 0x2, 0x88) mq_open(0x0, 0x2, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 32) [ 1632.451191] FAULT_INJECTION: forcing a failure. [ 1632.451191] name failslab, interval 1, probability 0, space 0, times 0 [ 1632.452594] CPU: 1 PID: 8576 Comm: syz-executor.3 Not tainted 5.10.246 #1 [ 1632.453386] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1632.454339] Call Trace: [ 1632.454648] dump_stack+0x107/0x167 [ 1632.455066] should_fail.cold+0x5/0xa [ 1632.455507] ? create_object.isra.0+0x3a/0xa30 [ 1632.456039] should_failslab+0x5/0x20 [ 1632.456482] kmem_cache_alloc+0x5b/0x310 [ 1632.456960] create_object.isra.0+0x3a/0xa30 [ 1632.457464] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1632.458051] __kmalloc_track_caller+0x177/0x370 [ 1632.458590] ? match_number+0xaf/0x1d0 [ 1632.459039] kmemdup_nul+0x2d/0xa0 [ 1632.459446] match_number+0xaf/0x1d0 [ 1632.459871] ? match_u64+0x190/0x190 [ 1632.460300] ? __kmalloc_track_caller+0x2c6/0x370 [ 1632.460856] ? memcpy+0x39/0x60 [ 1632.461237] parse_opts.part.0+0x1f3/0x340 [ 1632.461721] ? p9_fd_show_options+0x1c0/0x1c0 [ 1632.462241] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1632.462845] ? trace_hardirqs_on+0x5b/0x180 [ 1632.463344] ? kfree+0xd7/0x340 [ 1632.463729] p9_fd_create+0x98/0x4a0 [ 1632.464158] ? p9_conn_create+0x510/0x510 [ 1632.464640] ? p9_client_create+0x798/0x1230 [ 1632.465149] ? kfree+0xd7/0x340 [ 1632.465528] ? do_raw_spin_unlock+0x4f/0x220 [ 1632.466031] p9_client_create+0x7ff/0x1230 [ 1632.466518] ? p9_client_flush+0x430/0x430 [ 1632.467003] ? trace_hardirqs_on+0x5b/0x180 [ 1632.467496] ? lockdep_init_map_type+0x2c7/0x780 [ 1632.468039] ? __raw_spin_lock_init+0x36/0x110 [ 1632.468571] v9fs_session_init+0x1dd/0x1680 [ 1632.469069] ? lock_release+0x680/0x680 [ 1632.469530] ? kmem_cache_alloc_trace+0x151/0x320 [ 1632.470081] ? v9fs_show_options+0x690/0x690 [ 1632.470586] ? trace_hardirqs_on+0x5b/0x180 [ 1632.471081] ? kasan_unpoison_shadow+0x33/0x50 [ 1632.471600] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1632.472188] v9fs_mount+0x79/0x8f0 [ 1632.472601] ? v9fs_write_inode+0x60/0x60 [ 1632.473073] legacy_get_tree+0x105/0x220 [ 1632.473542] vfs_get_tree+0x8e/0x300 [ 1632.473970] path_mount+0x1490/0x21e0 [ 1632.474410] ? strncpy_from_user+0x9e/0x470 [ 1632.474909] ? finish_automount+0xa90/0xa90 [ 1632.475404] ? getname_flags.part.0+0x1dd/0x4f0 [ 1632.475934] ? _copy_from_user+0xfb/0x1b0 [ 1632.476413] __x64_sys_mount+0x282/0x300 [ 1632.476888] ? copy_mnt_ns+0xa00/0xa00 [ 1632.477336] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1632.477939] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1632.478529] do_syscall_64+0x33/0x40 [ 1632.478958] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1632.479545] RIP: 0033:0x7fd134c9eb19 [ 1632.479974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1632.482100] RSP: 002b:00007fd132214188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1632.482976] RAX: ffffffffffffffda RBX: 00007fd134db1f60 RCX: 00007fd134c9eb19 [ 1632.483799] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1632.484628] RBP: 00007fd1322141d0 R08: 0000000020000280 R09: 0000000000000000 [ 1632.485449] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1632.486270] R13: 00007ffe03f9a7cf R14: 00007fd132214300 R15: 0000000000022000 [ 1632.511695] FAULT_INJECTION: forcing a failure. [ 1632.511695] name failslab, interval 1, probability 0, space 0, times 0 [ 1632.513023] CPU: 1 PID: 8578 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 1632.513805] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1632.514746] Call Trace: [ 1632.515055] dump_stack+0x107/0x167 [ 1632.515471] should_fail.cold+0x5/0xa [ 1632.515916] ? p9_fd_create+0x161/0x4a0 [ 1632.516373] should_failslab+0x5/0x20 [ 1632.516822] kmem_cache_alloc_trace+0x55/0x320 [ 1632.517348] p9_fd_create+0x161/0x4a0 [ 1632.517783] ? p9_conn_create+0x510/0x510 [ 1632.518254] ? p9_client_create+0x798/0x1230 [ 1632.518755] ? kfree+0xd7/0x340 [ 1632.519138] ? do_raw_spin_unlock+0x4f/0x220 [ 1632.519643] p9_client_create+0x7ff/0x1230 [ 1632.520132] ? p9_client_flush+0x430/0x430 [ 1632.520626] ? trace_hardirqs_on+0x5b/0x180 [ 1632.521123] ? lockdep_init_map_type+0x2c7/0x780 [ 1632.521665] ? __raw_spin_lock_init+0x36/0x110 [ 1632.522194] v9fs_session_init+0x1dd/0x1680 [ 1632.522687] ? lock_release+0x680/0x680 [ 1632.523146] ? kmem_cache_alloc_trace+0x151/0x320 [ 1632.523694] ? v9fs_show_options+0x690/0x690 [ 1632.524201] ? trace_hardirqs_on+0x5b/0x180 [ 1632.524704] ? kasan_unpoison_shadow+0x33/0x50 [ 1632.525227] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1632.525810] v9fs_mount+0x79/0x8f0 [ 1632.526220] ? v9fs_write_inode+0x60/0x60 [ 1632.526695] legacy_get_tree+0x105/0x220 [ 1632.527161] vfs_get_tree+0x8e/0x300 [ 1632.527586] path_mount+0x1490/0x21e0 [ 1632.528024] ? strncpy_from_user+0x9e/0x470 [ 1632.528515] ? finish_automount+0xa90/0xa90 [ 1632.529021] ? getname_flags.part.0+0x1dd/0x4f0 [ 1632.529555] ? _copy_from_user+0xfb/0x1b0 [ 1632.530035] __x64_sys_mount+0x282/0x300 [ 1632.530497] ? copy_mnt_ns+0xa00/0xa00 [ 1632.530943] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1632.531542] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1632.532133] do_syscall_64+0x33/0x40 [ 1632.532565] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1632.533157] RIP: 0033:0x7fe30c5b6b19 [ 1632.533579] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1632.535702] RSP: 002b:00007fe309b2c188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1632.536585] RAX: ffffffffffffffda RBX: 00007fe30c6c9f60 RCX: 00007fe30c5b6b19 [ 1632.537404] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1632.538218] RBP: 00007fe309b2c1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1632.539029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1632.539851] R13: 00007ffddf17178f R14: 00007fe309b2c300 R15: 0000000000022000 12:40:53 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 32) 12:40:53 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa3331"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:40:53 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 37) 12:40:53 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1802], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:40:53 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1545], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:40:53 executing program 5: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 37) 12:40:53 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1802], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:40:53 executing program 6: socket$inet6_udplite(0xa, 0x2, 0x88) mq_open(0x0, 0x2, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 33) [ 1644.960025] FAULT_INJECTION: forcing a failure. [ 1644.960025] name failslab, interval 1, probability 0, space 0, times 0 [ 1644.962550] CPU: 0 PID: 8585 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 1644.964063] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1644.965889] Call Trace: [ 1644.966479] dump_stack+0x107/0x167 [ 1644.967293] should_fail.cold+0x5/0xa [ 1644.967880] FAULT_INJECTION: forcing a failure. [ 1644.967880] name failslab, interval 1, probability 0, space 0, times 0 [ 1644.968123] ? p9_client_prepare_req.part.0+0x3a/0xac0 [ 1644.970781] should_failslab+0x5/0x20 [ 1644.971611] kmem_cache_alloc+0x5b/0x310 [ 1644.972500] p9_client_prepare_req.part.0+0x3a/0xac0 [ 1644.973611] p9_client_rpc+0x220/0x1370 [ 1644.974473] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1644.975611] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1644.976780] ? pipe_poll+0x21b/0x800 [ 1644.977583] ? p9_fd_close+0x4a0/0x4a0 [ 1644.978425] ? wait_for_partner+0x3c0/0x3c0 [ 1644.979361] ? p9_fd_poll+0x1e0/0x2c0 [ 1644.980188] ? p9_fd_create+0x357/0x4a0 [ 1644.981055] ? p9_conn_create+0x510/0x510 [ 1644.981948] ? p9_client_create+0x798/0x1230 [ 1644.982906] ? kfree+0xd7/0x340 [ 1644.983618] ? do_raw_spin_unlock+0x4f/0x220 [ 1644.984573] p9_client_create+0xa76/0x1230 [ 1644.985505] ? p9_client_flush+0x430/0x430 [ 1644.986423] ? trace_hardirqs_on+0x5b/0x180 [ 1644.987358] ? lockdep_init_map_type+0x2c7/0x780 [ 1644.988384] ? __raw_spin_lock_init+0x36/0x110 [ 1644.989391] v9fs_session_init+0x1dd/0x1680 [ 1644.990323] ? lock_release+0x680/0x680 [ 1644.991191] ? kmem_cache_alloc_trace+0x151/0x320 [ 1644.992235] ? v9fs_show_options+0x690/0x690 [ 1644.993201] ? trace_hardirqs_on+0x5b/0x180 [ 1644.994134] ? kasan_unpoison_shadow+0x33/0x50 [ 1644.995119] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1644.996217] v9fs_mount+0x79/0x8f0 [ 1644.996991] ? v9fs_write_inode+0x60/0x60 [ 1644.997881] legacy_get_tree+0x105/0x220 [ 1644.998757] vfs_get_tree+0x8e/0x300 [ 1644.999558] path_mount+0x1490/0x21e0 [ 1645.000384] ? strncpy_from_user+0x9e/0x470 [ 1645.001325] ? finish_automount+0xa90/0xa90 [ 1645.002254] ? getname_flags.part.0+0x1dd/0x4f0 [ 1645.003258] ? _copy_from_user+0xfb/0x1b0 [ 1645.004158] __x64_sys_mount+0x282/0x300 [ 1645.005045] ? copy_mnt_ns+0xa00/0xa00 [ 1645.005889] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1645.007022] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1645.008138] do_syscall_64+0x33/0x40 [ 1645.008950] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1645.010141] RIP: 0033:0x7ff7dde24b19 [ 1645.010951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1645.014941] RSP: 002b:00007ff7db39a188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1645.016601] RAX: ffffffffffffffda RBX: 00007ff7ddf37f60 RCX: 00007ff7dde24b19 [ 1645.018152] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1645.019694] RBP: 00007ff7db39a1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1645.021243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1645.022780] R13: 00007ffcd7e7b57f R14: 00007ff7db39a300 R15: 0000000000022000 [ 1645.024343] CPU: 1 PID: 8594 Comm: syz-executor.3 Not tainted 5.10.246 #1 [ 1645.025307] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1645.026459] Call Trace: [ 1645.026830] dump_stack+0x107/0x167 [ 1645.027336] should_fail.cold+0x5/0xa [ 1645.027863] ? p9_fd_create+0x161/0x4a0 [ 1645.028414] should_failslab+0x5/0x20 [ 1645.028950] kmem_cache_alloc_trace+0x55/0x320 [ 1645.029583] p9_fd_create+0x161/0x4a0 [ 1645.030115] ? p9_conn_create+0x510/0x510 [ 1645.030705] ? p9_client_create+0x798/0x1230 [ 1645.031324] ? kfree+0xd7/0x340 [ 1645.031789] ? do_raw_spin_unlock+0x4f/0x220 [ 1645.032399] p9_client_create+0x7ff/0x1230 [ 1645.032997] ? p9_client_flush+0x430/0x430 [ 1645.033596] ? trace_hardirqs_on+0x5b/0x180 [ 1645.034201] ? lockdep_init_map_type+0x2c7/0x780 [ 1645.034861] ? __raw_spin_lock_init+0x36/0x110 [ 1645.035504] v9fs_session_init+0x1dd/0x1680 [ 1645.036102] ? lock_release+0x680/0x680 [ 1645.036663] ? kmem_cache_alloc_trace+0x151/0x320 [ 1645.037336] ? v9fs_show_options+0x690/0x690 [ 1645.037953] ? trace_hardirqs_on+0x5b/0x180 [ 1645.038549] ? kasan_unpoison_shadow+0x33/0x50 [ 1645.039185] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1645.039892] v9fs_mount+0x79/0x8f0 [ 1645.040386] ? v9fs_write_inode+0x60/0x60 [ 1645.040965] legacy_get_tree+0x105/0x220 [ 1645.041540] vfs_get_tree+0x8e/0x300 [ 1645.042058] path_mount+0x1490/0x21e0 [ 1645.042598] ? strncpy_from_user+0x9e/0x470 [ 1645.043204] ? finish_automount+0xa90/0xa90 [ 1645.043801] ? getname_flags.part.0+0x1dd/0x4f0 [ 1645.044451] ? _copy_from_user+0xfb/0x1b0 [ 1645.045031] __x64_sys_mount+0x282/0x300 [ 1645.045606] ? copy_mnt_ns+0xa00/0xa00 [ 1645.046146] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1645.046874] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1645.047588] do_syscall_64+0x33/0x40 [ 1645.048110] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1645.048825] RIP: 0033:0x7fd134c9eb19 [ 1645.049335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1645.051895] RSP: 002b:00007fd132214188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1645.052960] RAX: ffffffffffffffda RBX: 00007fd134db1f60 RCX: 00007fd134c9eb19 [ 1645.053957] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1645.054943] RBP: 00007fd1322141d0 R08: 0000000020000280 R09: 0000000000000000 [ 1645.055929] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1645.056930] R13: 00007ffe03f9a7cf R14: 00007fd132214300 R15: 0000000000022000 [ 1645.060941] FAULT_INJECTION: forcing a failure. [ 1645.060941] name failslab, interval 1, probability 0, space 0, times 0 [ 1645.063413] CPU: 0 PID: 8587 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1645.064909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1645.066707] Call Trace: [ 1645.067284] dump_stack+0x107/0x167 [ 1645.068070] should_fail.cold+0x5/0xa [ 1645.068903] ? create_object.isra.0+0x3a/0xa30 [ 1645.069884] should_failslab+0x5/0x20 [ 1645.070706] kmem_cache_alloc+0x5b/0x310 [ 1645.071587] create_object.isra.0+0x3a/0xa30 [ 1645.072534] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1645.073638] __kmalloc+0x16e/0x390 [ 1645.074413] p9_fcall_init+0x97/0x290 [ 1645.075236] p9_client_prepare_req.part.0+0x8c/0xac0 [ 1645.076334] p9_client_rpc+0x220/0x1370 [ 1645.077202] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1645.078328] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1645.079480] ? pipe_poll+0x21b/0x800 [ 1645.080262] ? p9_fd_close+0x4a0/0x4a0 [ 1645.081107] ? wait_for_partner+0x3c0/0x3c0 [ 1645.082042] ? p9_fd_poll+0x1e0/0x2c0 [ 1645.082866] ? p9_fd_create+0x357/0x4a0 [ 1645.083724] ? p9_conn_create+0x510/0x510 [ 1645.084611] ? p9_client_create+0x798/0x1230 [ 1645.085567] ? kfree+0xd7/0x340 [ 1645.086275] ? do_raw_spin_unlock+0x4f/0x220 [ 1645.087227] p9_client_create+0xa76/0x1230 [ 1645.088148] ? p9_client_flush+0x430/0x430 [ 1645.089071] ? trace_hardirqs_on+0x5b/0x180 [ 1645.090003] ? lockdep_init_map_type+0x2c7/0x780 [ 1645.091032] ? __raw_spin_lock_init+0x36/0x110 [ 1645.092024] v9fs_session_init+0x1dd/0x1680 [ 1645.092965] ? lock_release+0x680/0x680 [ 1645.093835] ? kmem_cache_alloc_trace+0x151/0x320 [ 1645.094875] ? v9fs_show_options+0x690/0x690 [ 1645.095831] ? trace_hardirqs_on+0x5b/0x180 [ 1645.096770] ? kasan_unpoison_shadow+0x33/0x50 [ 1645.097753] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1645.098849] v9fs_mount+0x79/0x8f0 [ 1645.099617] ? v9fs_write_inode+0x60/0x60 [ 1645.100508] legacy_get_tree+0x105/0x220 12:40:54 executing program 5: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 38) [ 1645.101392] vfs_get_tree+0x8e/0x300 [ 1645.102356] path_mount+0x1490/0x21e0 [ 1645.103174] ? strncpy_from_user+0x9e/0x470 [ 1645.104080] ? finish_automount+0xa90/0xa90 [ 1645.105000] ? getname_flags.part.0+0x1dd/0x4f0 [ 1645.105978] ? _copy_from_user+0xfb/0x1b0 [ 1645.106859] __x64_sys_mount+0x282/0x300 [ 1645.107717] ? copy_mnt_ns+0xa00/0xa00 [ 1645.108541] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1645.109656] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1645.110742] do_syscall_64+0x33/0x40 [ 1645.111526] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1645.112603] RIP: 0033:0x7f850d5eab19 [ 1645.113393] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1645.117283] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1645.118899] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1645.120415] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1645.121938] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1645.123454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1645.124974] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 [ 1645.129414] FAULT_INJECTION: forcing a failure. [ 1645.129414] name failslab, interval 1, probability 0, space 0, times 0 [ 1645.131810] CPU: 0 PID: 8590 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 1645.133279] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1645.135047] Call Trace: [ 1645.135606] dump_stack+0x107/0x167 [ 1645.136381] should_fail.cold+0x5/0xa [ 1645.137204] ? create_object.isra.0+0x3a/0xa30 [ 1645.138165] should_failslab+0x5/0x20 [ 1645.138973] kmem_cache_alloc+0x5b/0x310 [ 1645.140003] ? p9_fd_show_options+0x1c0/0x1c0 [ 1645.141252] create_object.isra.0+0x3a/0xa30 [ 1645.142416] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1645.143660] kmem_cache_alloc_trace+0x151/0x320 [ 1645.144664] p9_fd_create+0x161/0x4a0 [ 1645.145582] ? p9_conn_create+0x510/0x510 [ 1645.146451] ? p9_client_create+0x798/0x1230 [ 1645.147402] ? kfree+0xd7/0x340 [ 1645.148095] ? do_raw_spin_unlock+0x4f/0x220 [ 1645.149072] p9_client_create+0x7ff/0x1230 [ 1645.149988] ? p9_client_flush+0x430/0x430 [ 1645.150919] ? trace_hardirqs_on+0x5b/0x180 [ 1645.151882] ? lockdep_init_map_type+0x2c7/0x780 [ 1645.152964] ? __raw_spin_lock_init+0x36/0x110 [ 1645.153982] v9fs_session_init+0x1dd/0x1680 [ 1645.154951] ? lock_release+0x680/0x680 [ 1645.155847] ? kmem_cache_alloc_trace+0x151/0x320 [ 1645.156918] ? v9fs_show_options+0x690/0x690 [ 1645.157889] ? trace_hardirqs_on+0x5b/0x180 [ 1645.158830] ? kasan_unpoison_shadow+0x33/0x50 [ 1645.159816] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1645.160928] v9fs_mount+0x79/0x8f0 [ 1645.161709] ? v9fs_write_inode+0x60/0x60 [ 1645.162608] legacy_get_tree+0x105/0x220 [ 1645.163483] vfs_get_tree+0x8e/0x300 [ 1645.164268] path_mount+0x1490/0x21e0 [ 1645.165107] ? strncpy_from_user+0x9e/0x470 [ 1645.166032] ? finish_automount+0xa90/0xa90 [ 1645.166966] ? getname_flags.part.0+0x1dd/0x4f0 [ 1645.167960] ? _copy_from_user+0xfb/0x1b0 [ 1645.168865] __x64_sys_mount+0x282/0x300 [ 1645.169745] ? copy_mnt_ns+0xa00/0xa00 [ 1645.170596] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1645.171707] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1645.172811] do_syscall_64+0x33/0x40 [ 1645.173597] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1645.174684] RIP: 0033:0x7fe30c5b6b19 [ 1645.175491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1645.179475] RSP: 002b:00007fe309b2c188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1645.181147] RAX: ffffffffffffffda RBX: 00007fe30c6c9f60 RCX: 00007fe30c5b6b19 [ 1645.182678] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1645.184229] RBP: 00007fe309b2c1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1645.185769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1645.187306] R13: 00007ffddf17178f R14: 00007fe309b2c300 R15: 0000000000022000 12:40:54 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 33) [ 1645.238586] FAULT_INJECTION: forcing a failure. [ 1645.238586] name failslab, interval 1, probability 0, space 0, times 0 [ 1645.241003] CPU: 1 PID: 8604 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 1645.242463] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1645.244261] Call Trace: [ 1645.244833] dump_stack+0x107/0x167 [ 1645.245658] should_fail.cold+0x5/0xa [ 1645.246510] ? p9_fcall_init+0x97/0x290 [ 1645.247422] should_failslab+0x5/0x20 [ 1645.248267] __kmalloc+0x72/0x390 [ 1645.248995] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1645.249183] FAULT_INJECTION: forcing a failure. [ 1645.249183] name failslab, interval 1, probability 0, space 0, times 0 [ 1645.250059] p9_fcall_init+0x97/0x290 [ 1645.250080] p9_client_prepare_req.part.0+0xf4/0xac0 [ 1645.250110] p9_client_rpc+0x220/0x1370 [ 1645.255112] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1645.256218] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1645.257331] ? pipe_poll+0x21b/0x800 [ 1645.258116] ? p9_fd_close+0x4a0/0x4a0 [ 1645.259028] ? wait_for_partner+0x3c0/0x3c0 [ 1645.259929] ? p9_fd_poll+0x1e0/0x2c0 [ 1645.260741] ? p9_fd_create+0x357/0x4a0 [ 1645.261563] ? p9_conn_create+0x510/0x510 [ 1645.262443] ? p9_client_create+0x798/0x1230 [ 1645.263364] ? kfree+0xd7/0x340 [ 1645.264064] ? do_raw_spin_unlock+0x4f/0x220 [ 1645.265011] p9_client_create+0xa76/0x1230 [ 1645.265919] ? p9_client_flush+0x430/0x430 [ 1645.266827] ? trace_hardirqs_on+0x5b/0x180 [ 1645.267753] ? lockdep_init_map_type+0x2c7/0x780 [ 1645.268772] ? __raw_spin_lock_init+0x36/0x110 [ 1645.269752] v9fs_session_init+0x1dd/0x1680 [ 1645.270672] ? lock_release+0x680/0x680 [ 1645.271526] ? kmem_cache_alloc_trace+0x151/0x320 [ 1645.272552] ? v9fs_show_options+0x690/0x690 [ 1645.273485] ? trace_hardirqs_on+0x5b/0x180 [ 1645.274409] ? kasan_unpoison_shadow+0x33/0x50 [ 1645.275382] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1645.276462] v9fs_mount+0x79/0x8f0 [ 1645.277225] ? v9fs_write_inode+0x60/0x60 [ 1645.278110] legacy_get_tree+0x105/0x220 [ 1645.278980] vfs_get_tree+0x8e/0x300 [ 1645.279771] path_mount+0x1490/0x21e0 [ 1645.280592] ? strncpy_from_user+0x9e/0x470 [ 1645.281518] ? finish_automount+0xa90/0xa90 [ 1645.282437] ? getname_flags.part.0+0x1dd/0x4f0 [ 1645.283427] ? _copy_from_user+0xfb/0x1b0 [ 1645.284319] __x64_sys_mount+0x282/0x300 [ 1645.285193] ? copy_mnt_ns+0xa00/0xa00 [ 1645.286027] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1645.287146] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1645.288241] do_syscall_64+0x33/0x40 [ 1645.289041] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1645.290134] RIP: 0033:0x7ff7dde24b19 [ 1645.290923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1645.294849] RSP: 002b:00007ff7db39a188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1645.296485] RAX: ffffffffffffffda RBX: 00007ff7ddf37f60 RCX: 00007ff7dde24b19 [ 1645.298024] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1645.299550] RBP: 00007ff7db39a1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1645.301084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1645.302614] R13: 00007ffcd7e7b57f R14: 00007ff7db39a300 R15: 0000000000022000 [ 1645.304173] CPU: 0 PID: 8606 Comm: syz-executor.3 Not tainted 5.10.246 #1 [ 1645.305639] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1645.307383] Call Trace: [ 1645.307937] dump_stack+0x107/0x167 [ 1645.308733] should_fail.cold+0x5/0xa [ 1645.309544] ? create_object.isra.0+0x3a/0xa30 [ 1645.310510] should_failslab+0x5/0x20 [ 1645.311311] kmem_cache_alloc+0x5b/0x310 [ 1645.312175] ? p9_fd_show_options+0x1c0/0x1c0 [ 1645.313145] create_object.isra.0+0x3a/0xa30 [ 1645.314070] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1645.315139] kmem_cache_alloc_trace+0x151/0x320 [ 1645.316129] p9_fd_create+0x161/0x4a0 [ 1645.316936] ? p9_conn_create+0x510/0x510 [ 1645.317800] ? p9_client_create+0x798/0x1230 [ 1645.318722] ? kfree+0xd7/0x340 [ 1645.319418] ? do_raw_spin_unlock+0x4f/0x220 [ 1645.320353] p9_client_create+0x7ff/0x1230 [ 1645.321261] ? p9_client_flush+0x430/0x430 [ 1645.322349] ? trace_hardirqs_on+0x5b/0x180 [ 1645.323268] ? lockdep_init_map_type+0x2c7/0x780 [ 1645.324276] ? __raw_spin_lock_init+0x36/0x110 [ 1645.325253] v9fs_session_init+0x1dd/0x1680 [ 1645.326160] ? lock_release+0x680/0x680 [ 1645.326987] ? kmem_cache_alloc_trace+0x151/0x320 [ 1645.327989] ? v9fs_show_options+0x690/0x690 [ 1645.328948] ? trace_hardirqs_on+0x5b/0x180 [ 1645.329865] ? kasan_unpoison_shadow+0x33/0x50 [ 1645.330829] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1645.331897] v9fs_mount+0x79/0x8f0 [ 1645.332663] ? v9fs_write_inode+0x60/0x60 [ 1645.333549] legacy_get_tree+0x105/0x220 [ 1645.334410] vfs_get_tree+0x8e/0x300 [ 1645.335195] path_mount+0x1490/0x21e0 [ 1645.335990] ? strncpy_from_user+0x9e/0x470 [ 1645.336920] ? finish_automount+0xa90/0xa90 [ 1645.337828] ? getname_flags.part.0+0x1dd/0x4f0 [ 1645.338809] ? _copy_from_user+0xfb/0x1b0 [ 1645.339684] __x64_sys_mount+0x282/0x300 [ 1645.340540] ? copy_mnt_ns+0xa00/0xa00 [ 1645.341384] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1645.342481] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1645.343562] do_syscall_64+0x33/0x40 [ 1645.344421] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1645.345765] RIP: 0033:0x7fd134c9eb19 [ 1645.346727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1645.350761] RSP: 002b:00007fd132214188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1645.352382] RAX: ffffffffffffffda RBX: 00007fd134db1f60 RCX: 00007fd134c9eb19 [ 1645.353872] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1645.355362] RBP: 00007fd1322141d0 R08: 0000000020000280 R09: 0000000000000000 [ 1645.356873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1645.358365] R13: 00007ffe03f9a7cf R14: 00007fd132214300 R15: 0000000000022000 12:40:54 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1802], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:40:54 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1931], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:40:54 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1802], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:40:54 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa3331"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:40:54 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 38) 12:40:54 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1931], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:40:54 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1802], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:40:54 executing program 6: socket$inet6_udplite(0xa, 0x2, 0x88) mq_open(0x0, 0x2, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 34) 12:40:54 executing program 5: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 39) [ 1645.633007] FAULT_INJECTION: forcing a failure. [ 1645.633007] name failslab, interval 1, probability 0, space 0, times 0 [ 1645.635537] CPU: 0 PID: 8619 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1645.636998] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1645.638753] Call Trace: [ 1645.639319] dump_stack+0x107/0x167 [ 1645.640090] should_fail.cold+0x5/0xa [ 1645.640915] ? p9_fcall_init+0x97/0x290 [ 1645.641951] should_failslab+0x5/0x20 [ 1645.642763] __kmalloc+0x72/0x390 [ 1645.643502] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1645.644587] p9_fcall_init+0x97/0x290 [ 1645.645419] p9_client_prepare_req.part.0+0xf4/0xac0 [ 1645.646496] p9_client_rpc+0x220/0x1370 [ 1645.647350] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1645.648468] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1645.649611] ? pipe_poll+0x21b/0x800 [ 1645.650407] ? p9_fd_close+0x4a0/0x4a0 [ 1645.651236] ? wait_for_partner+0x3c0/0x3c0 [ 1645.652395] ? p9_fd_poll+0x1e0/0x2c0 [ 1645.653485] ? p9_fd_create+0x357/0x4a0 [ 1645.654574] ? p9_conn_create+0x510/0x510 [ 1645.655650] ? p9_client_create+0x798/0x1230 [ 1645.656604] ? kfree+0xd7/0x340 [ 1645.657357] ? do_raw_spin_unlock+0x4f/0x220 [ 1645.658384] p9_client_create+0xa76/0x1230 [ 1645.659358] ? p9_client_flush+0x430/0x430 [ 1645.660308] ? trace_hardirqs_on+0x5b/0x180 [ 1645.661249] ? lockdep_init_map_type+0x2c7/0x780 [ 1645.662250] ? __raw_spin_lock_init+0x36/0x110 [ 1645.663223] v9fs_session_init+0x1dd/0x1680 [ 1645.664141] ? lock_release+0x680/0x680 [ 1645.665006] ? kmem_cache_alloc_trace+0x151/0x320 [ 1645.666029] ? v9fs_show_options+0x690/0x690 [ 1645.666964] ? trace_hardirqs_on+0x5b/0x180 [ 1645.667875] ? kasan_unpoison_shadow+0x33/0x50 [ 1645.668845] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1645.669931] v9fs_mount+0x79/0x8f0 [ 1645.670690] ? v9fs_write_inode+0x60/0x60 [ 1645.671567] legacy_get_tree+0x105/0x220 [ 1645.672432] vfs_get_tree+0x8e/0x300 [ 1645.673227] path_mount+0x1490/0x21e0 [ 1645.674047] ? strncpy_from_user+0x9e/0x470 [ 1645.674955] ? finish_automount+0xa90/0xa90 [ 1645.675862] ? getname_flags.part.0+0x1dd/0x4f0 [ 1645.675949] FAULT_INJECTION: forcing a failure. [ 1645.675949] name failslab, interval 1, probability 0, space 0, times 0 [ 1645.676852] ? _copy_from_user+0xfb/0x1b0 [ 1645.676888] __x64_sys_mount+0x282/0x300 [ 1645.680851] ? copy_mnt_ns+0xa00/0xa00 [ 1645.681672] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1645.682780] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1645.683863] do_syscall_64+0x33/0x40 [ 1645.684645] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1645.685728] RIP: 0033:0x7f850d5eab19 [ 1645.686513] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1645.690406] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1645.692011] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1645.693526] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1645.695032] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1645.696533] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1645.698044] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 12:40:54 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa3331"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1645.699576] CPU: 1 PID: 8624 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 1645.701313] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1645.703057] Call Trace: [ 1645.703616] dump_stack+0x107/0x167 [ 1645.704368] should_fail.cold+0x5/0xa [ 1645.705159] ? create_object.isra.0+0x3a/0xa30 [ 1645.706111] should_failslab+0x5/0x20 [ 1645.706898] kmem_cache_alloc+0x5b/0x310 [ 1645.707740] create_object.isra.0+0x3a/0xa30 [ 1645.708675] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1645.709732] __kmalloc+0x16e/0x390 [ 1645.710467] p9_fcall_init+0x97/0x290 [ 1645.711258] p9_client_prepare_req.part.0+0xf4/0xac0 [ 1645.712309] p9_client_rpc+0x220/0x1370 [ 1645.713133] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1645.714224] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1645.715339] ? pipe_poll+0x21b/0x800 [ 1645.716096] ? p9_fd_close+0x4a0/0x4a0 [ 1645.716906] ? wait_for_partner+0x3c0/0x3c0 [ 1645.717807] ? p9_fd_poll+0x1e0/0x2c0 [ 1645.718594] ? p9_fd_create+0x357/0x4a0 [ 1645.719412] ? p9_conn_create+0x510/0x510 [ 1645.720255] ? p9_client_create+0x798/0x1230 [ 1645.721174] ? kfree+0xd7/0x340 [ 1645.721866] ? do_raw_spin_unlock+0x4f/0x220 [ 1645.722765] p9_client_create+0xa76/0x1230 [ 1645.723638] ? p9_client_flush+0x430/0x430 [ 1645.724503] ? trace_hardirqs_on+0x5b/0x180 [ 1645.725410] ? lockdep_init_map_type+0x2c7/0x780 [ 1645.726376] ? __raw_spin_lock_init+0x36/0x110 [ 1645.727320] v9fs_session_init+0x1dd/0x1680 [ 1645.728216] ? lock_release+0x680/0x680 [ 1645.729050] ? kmem_cache_alloc_trace+0x151/0x320 [ 1645.730035] ? v9fs_show_options+0x690/0x690 [ 1645.730945] ? trace_hardirqs_on+0x5b/0x180 [ 1645.731820] ? kasan_unpoison_shadow+0x33/0x50 [ 1645.732767] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1645.733840] v9fs_mount+0x79/0x8f0 [ 1645.734597] ? v9fs_write_inode+0x60/0x60 [ 1645.735445] legacy_get_tree+0x105/0x220 [ 1645.736272] vfs_get_tree+0x8e/0x300 [ 1645.737098] path_mount+0x1490/0x21e0 [ 1645.737892] ? strncpy_from_user+0x9e/0x470 [ 1645.738820] ? finish_automount+0xa90/0xa90 [ 1645.739767] ? getname_flags.part.0+0x1dd/0x4f0 [ 1645.740774] ? _copy_from_user+0xfb/0x1b0 [ 1645.741655] __x64_sys_mount+0x282/0x300 [ 1645.742509] ? copy_mnt_ns+0xa00/0xa00 [ 1645.743325] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1645.744428] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1645.745505] do_syscall_64+0x33/0x40 [ 1645.746268] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1645.747361] RIP: 0033:0x7ff7dde24b19 [ 1645.748143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1645.751923] RSP: 002b:00007ff7db39a188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1645.753510] RAX: ffffffffffffffda RBX: 00007ff7ddf37f60 RCX: 00007ff7dde24b19 [ 1645.754999] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1645.756518] RBP: 00007ff7db39a1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1645.757992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1645.759532] R13: 00007ffcd7e7b57f R14: 00007ff7db39a300 R15: 0000000000022000 [ 1645.774489] FAULT_INJECTION: forcing a failure. [ 1645.774489] name failslab, interval 1, probability 0, space 0, times 0 [ 1645.776958] CPU: 1 PID: 8625 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 1645.778393] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1645.780109] Call Trace: [ 1645.780656] dump_stack+0x107/0x167 [ 1645.781430] should_fail.cold+0x5/0xa [ 1645.782209] ? p9_fd_create+0x161/0x4a0 [ 1645.783040] should_failslab+0x5/0x20 [ 1645.783830] kmem_cache_alloc_trace+0x55/0x320 [ 1645.784798] p9_fd_create+0x161/0x4a0 [ 1645.785597] ? p9_conn_create+0x510/0x510 [ 1645.786475] ? p9_client_create+0x798/0x1230 [ 1645.787370] ? kfree+0xd7/0x340 [ 1645.788041] ? do_raw_spin_unlock+0x4f/0x220 [ 1645.788963] p9_client_create+0x7ff/0x1230 [ 1645.789863] ? p9_client_flush+0x430/0x430 [ 1645.790727] ? trace_hardirqs_on+0x5b/0x180 [ 1645.791625] ? lockdep_init_map_type+0x2c7/0x780 [ 1645.792626] ? __raw_spin_lock_init+0x36/0x110 [ 1645.793569] v9fs_session_init+0x1dd/0x1680 [ 1645.794467] ? lock_release+0x680/0x680 [ 1645.795304] ? kmem_cache_alloc_trace+0x151/0x320 [ 1645.796289] ? v9fs_show_options+0x690/0x690 [ 1645.797216] ? trace_hardirqs_on+0x5b/0x180 [ 1645.798104] ? kasan_unpoison_shadow+0x33/0x50 [ 1645.799036] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1645.800084] v9fs_mount+0x79/0x8f0 [ 1645.800843] ? v9fs_write_inode+0x60/0x60 [ 1645.801688] legacy_get_tree+0x105/0x220 [ 1645.802533] vfs_get_tree+0x8e/0x300 [ 1645.803294] path_mount+0x1490/0x21e0 [ 1645.804073] ? strncpy_from_user+0x9e/0x470 [ 1645.804961] ? finish_automount+0xa90/0xa90 [ 1645.805871] ? getname_flags.part.0+0x1dd/0x4f0 [ 1645.806823] ? _copy_from_user+0xfb/0x1b0 [ 1645.807680] __x64_sys_mount+0x282/0x300 [ 1645.808513] ? copy_mnt_ns+0xa00/0xa00 [ 1645.809316] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1645.810404] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1645.811473] do_syscall_64+0x33/0x40 [ 1645.812272] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1645.813331] RIP: 0033:0x7fe30c5b6b19 [ 1645.814096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1645.817896] RSP: 002b:00007fe309b2c188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1645.819483] RAX: ffffffffffffffda RBX: 00007fe30c6c9f60 RCX: 00007fe30c5b6b19 [ 1645.820966] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1645.822451] RBP: 00007fe309b2c1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1645.823943] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1645.825412] R13: 00007ffddf17178f R14: 00007fe309b2c300 R15: 0000000000022000 12:40:54 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 39) 12:40:54 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 34) [ 1645.983425] FAULT_INJECTION: forcing a failure. [ 1645.983425] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1645.986051] CPU: 0 PID: 8631 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1645.987498] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1645.989261] Call Trace: [ 1645.989824] dump_stack+0x107/0x167 [ 1645.990601] should_fail.cold+0x5/0xa [ 1645.991415] __alloc_pages_nodemask+0x182/0x600 [ 1645.992405] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1645.993689] ? __kmalloc+0x379/0x390 [ 1645.994480] alloc_pages_current+0x187/0x280 [ 1645.995403] allocate_slab+0x26f/0x380 [ 1645.996231] ___slab_alloc+0x470/0x700 [ 1645.997054] ? p9_fcall_init+0x97/0x290 [ 1645.997892] ? p9_fcall_init+0x97/0x290 [ 1645.998730] ? __kmalloc+0x379/0x390 [ 1645.999511] ? p9_fcall_init+0x97/0x290 [ 1646.000341] __kmalloc+0x379/0x390 [ 1646.001102] p9_fcall_init+0x97/0x290 [ 1646.001901] p9_client_prepare_req.part.0+0xf4/0xac0 [ 1646.002972] p9_client_rpc+0x220/0x1370 [ 1646.003816] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1646.004936] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1646.006060] ? pipe_poll+0x21b/0x800 [ 1646.006842] ? p9_fd_close+0x4a0/0x4a0 [ 1646.007662] ? wait_for_partner+0x3c0/0x3c0 [ 1646.008566] ? p9_fd_poll+0x1e0/0x2c0 [ 1646.009371] ? p9_fd_create+0x357/0x4a0 [ 1646.010196] ? p9_conn_create+0x510/0x510 [ 1646.011063] ? p9_client_create+0x798/0x1230 [ 1646.011986] ? kfree+0xd7/0x340 [ 1646.012679] ? do_raw_spin_unlock+0x4f/0x220 [ 1646.013611] p9_client_create+0xa76/0x1230 [ 1646.014508] ? p9_client_flush+0x430/0x430 [ 1646.015392] ? trace_hardirqs_on+0x5b/0x180 [ 1646.016293] ? lockdep_init_map_type+0x2c7/0x780 [ 1646.017288] ? __raw_spin_lock_init+0x36/0x110 [ 1646.018257] v9fs_session_init+0x1dd/0x1680 [ 1646.019165] ? lock_release+0x680/0x680 [ 1646.020005] ? kmem_cache_alloc_trace+0x151/0x320 [ 1646.021020] ? v9fs_show_options+0x690/0x690 [ 1646.021943] ? trace_hardirqs_on+0x5b/0x180 [ 1646.022840] ? kasan_unpoison_shadow+0x33/0x50 [ 1646.023793] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1646.024874] v9fs_mount+0x79/0x8f0 [ 1646.025625] ? v9fs_write_inode+0x60/0x60 [ 1646.026491] legacy_get_tree+0x105/0x220 [ 1646.027341] vfs_get_tree+0x8e/0x300 [ 1646.028123] path_mount+0x1490/0x21e0 [ 1646.028938] ? strncpy_from_user+0x9e/0x470 [ 1646.029836] ? finish_automount+0xa90/0xa90 [ 1646.030754] ? getname_flags.part.0+0x1dd/0x4f0 [ 1646.031734] ? _copy_from_user+0xfb/0x1b0 [ 1646.032614] __x64_sys_mount+0x282/0x300 [ 1646.033475] ? copy_mnt_ns+0xa00/0xa00 [ 1646.034293] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1646.035393] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1646.036472] do_syscall_64+0x33/0x40 [ 1646.037259] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1646.038328] RIP: 0033:0x7f850d5eab19 [ 1646.039093] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1646.042907] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1646.044484] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1646.045963] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1646.047449] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1646.048927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1646.050404] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 [ 1646.064825] FAULT_INJECTION: forcing a failure. [ 1646.064825] name failslab, interval 1, probability 0, space 0, times 0 [ 1646.067185] CPU: 0 PID: 8632 Comm: syz-executor.3 Not tainted 5.10.246 #1 [ 1646.068592] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1646.070320] Call Trace: [ 1646.070864] dump_stack+0x107/0x167 [ 1646.071614] should_fail.cold+0x5/0xa [ 1646.072398] ? p9_client_prepare_req.part.0+0x3a/0xac0 [ 1646.073492] should_failslab+0x5/0x20 [ 1646.074279] kmem_cache_alloc+0x5b/0x310 [ 1646.075115] p9_client_prepare_req.part.0+0x3a/0xac0 [ 1646.076158] p9_client_rpc+0x220/0x1370 [ 1646.076980] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1646.078063] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1646.079156] ? pipe_poll+0x21b/0x800 [ 1646.079926] ? p9_fd_close+0x4a0/0x4a0 [ 1646.080733] ? wait_for_partner+0x3c0/0x3c0 [ 1646.081624] ? p9_fd_poll+0x1e0/0x2c0 [ 1646.082406] ? p9_fd_create+0x357/0x4a0 [ 1646.083220] ? p9_conn_create+0x510/0x510 [ 1646.084067] ? p9_client_create+0x798/0x1230 [ 1646.084977] ? kfree+0xd7/0x340 [ 1646.085651] ? do_raw_spin_unlock+0x4f/0x220 [ 1646.086555] p9_client_create+0xa76/0x1230 [ 1646.087432] ? p9_client_flush+0x430/0x430 [ 1646.088302] ? trace_hardirqs_on+0x5b/0x180 [ 1646.089197] ? lockdep_init_map_type+0x2c7/0x780 [ 1646.090166] ? __raw_spin_lock_init+0x36/0x110 [ 1646.091103] v9fs_session_init+0x1dd/0x1680 [ 1646.091984] ? lock_release+0x680/0x680 [ 1646.092814] ? kmem_cache_alloc_trace+0x151/0x320 [ 1646.093804] ? v9fs_show_options+0x690/0x690 [ 1646.094708] ? trace_hardirqs_on+0x5b/0x180 [ 1646.095593] ? kasan_unpoison_shadow+0x33/0x50 [ 1646.096525] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1646.097568] v9fs_mount+0x79/0x8f0 [ 1646.098293] ? v9fs_write_inode+0x60/0x60 [ 1646.099142] legacy_get_tree+0x105/0x220 [ 1646.099973] vfs_get_tree+0x8e/0x300 [ 1646.100743] path_mount+0x1490/0x21e0 [ 1646.101528] ? strncpy_from_user+0x9e/0x470 [ 1646.102409] ? finish_automount+0xa90/0xa90 [ 1646.103296] ? getname_flags.part.0+0x1dd/0x4f0 [ 1646.104236] ? _copy_from_user+0xfb/0x1b0 [ 1646.105104] __x64_sys_mount+0x282/0x300 [ 1646.105925] ? copy_mnt_ns+0xa00/0xa00 [ 1646.106723] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1646.107788] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1646.108847] do_syscall_64+0x33/0x40 [ 1646.109603] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1646.110641] RIP: 0033:0x7fd134c9eb19 [ 1646.111396] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1646.115156] RSP: 002b:00007fd132214188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1646.116707] RAX: ffffffffffffffda RBX: 00007fd134db1f60 RCX: 00007fd134c9eb19 [ 1646.118159] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1646.119601] RBP: 00007fd1322141d0 R08: 0000000020000280 R09: 0000000000000000 [ 1646.121046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1646.122493] R13: 00007ffe03f9a7cf R14: 00007fd132214300 R15: 0000000000022000 12:41:09 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 35) 12:41:09 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 40) [ 1660.763379] FAULT_INJECTION: forcing a failure. [ 1660.763379] name failslab, interval 1, probability 0, space 0, times 0 [ 1660.765936] CPU: 0 PID: 8646 Comm: syz-executor.3 Not tainted 5.10.246 #1 [ 1660.767464] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1660.769382] Call Trace: [ 1660.769978] dump_stack+0x107/0x167 [ 1660.770800] should_fail.cold+0x5/0xa [ 1660.771663] ? create_object.isra.0+0x3a/0xa30 [ 1660.772689] should_failslab+0x5/0x20 [ 1660.773569] kmem_cache_alloc+0x5b/0x310 [ 1660.774494] create_object.isra.0+0x3a/0xa30 [ 1660.775716] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1660.776876] kmem_cache_alloc+0x159/0x310 [ 1660.777848] p9_client_prepare_req.part.0+0x3a/0xac0 [ 1660.779005] p9_client_rpc+0x220/0x1370 [ 1660.779910] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1660.781139] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1660.782352] ? pipe_poll+0x21b/0x800 [ 1660.783180] ? p9_fd_close+0x4a0/0x4a0 [ 1660.784064] ? wait_for_partner+0x3c0/0x3c0 [ 1660.785062] ? p9_fd_poll+0x1e0/0x2c0 [ 1660.785916] ? p9_fd_create+0x357/0x4a0 [ 1660.786796] ? p9_conn_create+0x510/0x510 [ 1660.787719] ? p9_client_create+0x798/0x1230 [ 1660.788708] ? kfree+0xd7/0x340 [ 1660.789478] ? do_raw_spin_unlock+0x4f/0x220 [ 1660.790472] p9_client_create+0xa76/0x1230 [ 1660.791425] ? p9_client_flush+0x430/0x430 [ 1660.792374] ? trace_hardirqs_on+0x5b/0x180 [ 1660.793372] ? lockdep_init_map_type+0x2c7/0x780 [ 1660.794441] ? __raw_spin_lock_init+0x36/0x110 [ 1660.795482] v9fs_session_init+0x1dd/0x1680 [ 1660.796447] ? lock_release+0x680/0x680 [ 1660.797382] ? kmem_cache_alloc_trace+0x151/0x320 [ 1660.798460] ? v9fs_show_options+0x690/0x690 [ 1660.799446] ? trace_hardirqs_on+0x5b/0x180 [ 1660.800404] ? kasan_unpoison_shadow+0x33/0x50 [ 1660.801453] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1660.802578] v9fs_mount+0x79/0x8f0 [ 1660.803365] ? v9fs_write_inode+0x60/0x60 [ 1660.804290] legacy_get_tree+0x105/0x220 [ 1660.805215] vfs_get_tree+0x8e/0x300 [ 1660.806045] path_mount+0x1490/0x21e0 [ 1660.806895] ? strncpy_from_user+0x9e/0x470 [ 1660.807853] ? finish_automount+0xa90/0xa90 [ 1660.808811] ? getname_flags.part.0+0x1dd/0x4f0 [ 1660.809872] ? _copy_from_user+0xfb/0x1b0 [ 1660.810807] __x64_sys_mount+0x282/0x300 [ 1660.811711] ? copy_mnt_ns+0xa00/0xa00 [ 1660.812575] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1660.813776] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1660.814933] do_syscall_64+0x33/0x40 [ 1660.815776] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1660.816957] RIP: 0033:0x7fd134c9eb19 [ 1660.817811] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1660.822043] RSP: 002b:00007fd132214188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1660.823779] RAX: ffffffffffffffda RBX: 00007fd134db1f60 RCX: 00007fd134c9eb19 [ 1660.825432] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1660.827051] RBP: 00007fd1322141d0 R08: 0000000020000280 R09: 0000000000000000 [ 1660.828674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1660.830319] R13: 00007ffe03f9a7cf R14: 00007fd132214300 R15: 0000000000022000 [ 1660.835878] FAULT_INJECTION: forcing a failure. [ 1660.835878] name failslab, interval 1, probability 0, space 0, times 0 [ 1660.838465] CPU: 1 PID: 8652 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 1660.840006] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1660.842102] Call Trace: [ 1660.842847] dump_stack+0x107/0x167 12:41:09 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa3331"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:41:09 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1802], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:41:09 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1931], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:41:09 executing program 6: socket$inet6_udplite(0xa, 0x2, 0x88) mq_open(0x0, 0x2, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 35) 12:41:09 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, 0xffffffffffffffff) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03324c4b0e"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:41:09 executing program 5: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 40) [ 1660.843848] should_fail.cold+0x5/0xa [ 1660.844838] ? create_object.isra.0+0x3a/0xa30 [ 1660.845932] should_failslab+0x5/0x20 [ 1660.846828] kmem_cache_alloc+0x5b/0x310 [ 1660.847757] create_object.isra.0+0x3a/0xa30 [ 1660.848755] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1660.849882] kmem_cache_alloc+0x159/0x310 [ 1660.850828] p9_client_prepare_req.part.0+0x3a/0xac0 [ 1660.851998] p9_client_rpc+0x220/0x1370 [ 1660.852875] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1660.854076] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1660.855296] ? pipe_poll+0x21b/0x800 [ 1660.856094] ? p9_fd_close+0x4a0/0x4a0 [ 1660.857003] ? wait_for_partner+0x3c0/0x3c0 [ 1660.858001] ? p9_fd_poll+0x1e0/0x2c0 [ 1660.858884] ? p9_fd_create+0x357/0x4a0 [ 1660.859754] ? p9_conn_create+0x510/0x510 [ 1660.860682] ? p9_client_create+0x798/0x1230 [ 1660.861705] ? kfree+0xd7/0x340 [ 1660.862446] ? do_raw_spin_unlock+0x4f/0x220 [ 1660.863439] p9_client_create+0xa76/0x1230 [ 1660.864421] ? p9_client_flush+0x430/0x430 [ 1660.865414] ? trace_hardirqs_on+0x5b/0x180 [ 1660.866424] ? lockdep_init_map_type+0x2c7/0x780 [ 1660.867526] ? __raw_spin_lock_init+0x36/0x110 [ 1660.868563] v9fs_session_init+0x1dd/0x1680 [ 1660.869532] ? lock_release+0x680/0x680 [ 1660.869592] FAULT_INJECTION: forcing a failure. [ 1660.869592] name failslab, interval 1, probability 0, space 0, times 0 [ 1660.870464] ? kmem_cache_alloc_trace+0x151/0x320 [ 1660.870491] ? v9fs_show_options+0x690/0x690 [ 1660.870520] ? trace_hardirqs_on+0x5b/0x180 [ 1660.876298] ? kasan_unpoison_shadow+0x33/0x50 [ 1660.877366] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1660.878444] v9fs_mount+0x79/0x8f0 [ 1660.879203] ? v9fs_write_inode+0x60/0x60 [ 1660.880084] legacy_get_tree+0x105/0x220 [ 1660.880956] vfs_get_tree+0x8e/0x300 [ 1660.881747] path_mount+0x1490/0x21e0 [ 1660.882563] ? strncpy_from_user+0x9e/0x470 [ 1660.883482] ? finish_automount+0xa90/0xa90 [ 1660.884400] ? getname_flags.part.0+0x1dd/0x4f0 [ 1660.885396] ? _copy_from_user+0xfb/0x1b0 [ 1660.886290] __x64_sys_mount+0x282/0x300 [ 1660.887150] ? copy_mnt_ns+0xa00/0xa00 [ 1660.887977] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1660.889099] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1660.890189] do_syscall_64+0x33/0x40 [ 1660.890978] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1660.892061] RIP: 0033:0x7fe30c5b6b19 [ 1660.892864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1660.896778] RSP: 002b:00007fe309b0b188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1660.898396] RAX: ffffffffffffffda RBX: 00007fe30c6ca020 RCX: 00007fe30c5b6b19 [ 1660.899898] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1660.901413] RBP: 00007fe309b0b1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1660.902920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1660.904428] R13: 00007ffddf17178f R14: 00007fe309b0b300 R15: 0000000000022000 [ 1660.905988] CPU: 0 PID: 8656 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 1660.907547] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1660.907565] FAULT_INJECTION: forcing a failure. [ 1660.907565] name failslab, interval 1, probability 0, space 0, times 0 [ 1660.911925] Call Trace: [ 1660.912528] dump_stack+0x107/0x167 [ 1660.913384] should_fail.cold+0x5/0xa [ 1660.914254] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1660.915545] should_failslab+0x5/0x20 [ 1660.916405] kmem_cache_alloc+0x5b/0x310 [ 1660.917362] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1660.918625] idr_get_free+0x4b5/0x8f0 [ 1660.919495] idr_alloc_u32+0x170/0x2d0 [ 1660.920372] ? __fprop_inc_percpu_max+0x130/0x130 [ 1660.921494] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1660.922706] ? lock_release+0x680/0x680 [ 1660.923608] idr_alloc+0xc2/0x130 [ 1660.924389] ? idr_alloc_u32+0x2d0/0x2d0 [ 1660.925327] ? rwlock_bug.part.0+0x90/0x90 [ 1660.926294] p9_client_prepare_req.part.0+0x612/0xac0 [ 1660.927463] p9_client_rpc+0x220/0x1370 [ 1660.928363] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1660.929574] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1660.930776] ? pipe_poll+0x21b/0x800 [ 1660.931614] ? p9_fd_close+0x4a0/0x4a0 [ 1660.932488] ? wait_for_partner+0x3c0/0x3c0 [ 1660.933493] ? p9_fd_poll+0x1e0/0x2c0 [ 1660.934363] ? p9_fd_create+0x357/0x4a0 [ 1660.935260] ? p9_conn_create+0x510/0x510 [ 1660.936195] ? p9_client_create+0x798/0x1230 [ 1660.937217] ? kfree+0xd7/0x340 [ 1660.937963] ? do_raw_spin_unlock+0x4f/0x220 [ 1660.938955] p9_client_create+0xa76/0x1230 [ 1660.939916] ? p9_client_flush+0x430/0x430 [ 1660.940884] ? trace_hardirqs_on+0x5b/0x180 [ 1660.941885] ? lockdep_init_map_type+0x2c7/0x780 [ 1660.942953] ? __raw_spin_lock_init+0x36/0x110 [ 1660.943989] v9fs_session_init+0x1dd/0x1680 [ 1660.944999] ? lock_release+0x680/0x680 [ 1660.945916] ? kmem_cache_alloc_trace+0x151/0x320 [ 1660.947012] ? v9fs_show_options+0x690/0x690 [ 1660.948012] ? trace_hardirqs_on+0x5b/0x180 [ 1660.949018] ? kasan_unpoison_shadow+0x33/0x50 [ 1660.950055] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1660.951203] v9fs_mount+0x79/0x8f0 [ 1660.952009] ? v9fs_write_inode+0x60/0x60 [ 1660.952969] legacy_get_tree+0x105/0x220 [ 1660.953889] vfs_get_tree+0x8e/0x300 [ 1660.954725] path_mount+0x1490/0x21e0 [ 1660.955598] ? strncpy_from_user+0x9e/0x470 [ 1660.956567] ? finish_automount+0xa90/0xa90 [ 1660.957574] ? getname_flags.part.0+0x1dd/0x4f0 [ 1660.958633] ? _copy_from_user+0xfb/0x1b0 [ 1660.959587] __x64_sys_mount+0x282/0x300 [ 1660.960502] ? copy_mnt_ns+0xa00/0xa00 [ 1660.961412] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1660.962590] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1660.963757] do_syscall_64+0x33/0x40 [ 1660.964600] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1660.965782] RIP: 0033:0x7ff7dde24b19 [ 1660.966617] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1660.970789] RSP: 002b:00007ff7db39a188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1660.972505] RAX: ffffffffffffffda RBX: 00007ff7ddf37f60 RCX: 00007ff7dde24b19 [ 1660.974175] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1660.975776] RBP: 00007ff7db39a1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1660.977408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1660.979014] R13: 00007ffcd7e7b57f R14: 00007ff7db39a300 R15: 0000000000022000 [ 1660.980650] CPU: 1 PID: 8644 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1660.982112] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1660.983870] Call Trace: [ 1660.984427] dump_stack+0x107/0x167 [ 1660.985201] should_fail.cold+0x5/0xa [ 1660.986006] ? p9_fcall_init+0x97/0x290 [ 1660.986843] should_failslab+0x5/0x20 [ 1660.987642] __kmalloc+0x72/0x390 [ 1660.988367] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1660.989452] p9_fcall_init+0x97/0x290 [ 1660.990265] p9_client_prepare_req.part.0+0xf4/0xac0 [ 1660.991342] p9_client_rpc+0x220/0x1370 [ 1660.992198] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1660.993320] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1660.994444] ? pipe_poll+0x21b/0x800 [ 1660.995226] ? p9_fd_close+0x4a0/0x4a0 [ 1660.996043] ? wait_for_partner+0x3c0/0x3c0 [ 1660.996966] ? p9_fd_poll+0x1e0/0x2c0 [ 1660.997770] ? p9_fd_create+0x357/0x4a0 [ 1660.998609] ? p9_conn_create+0x510/0x510 [ 1660.999478] ? p9_client_create+0x798/0x1230 [ 1661.000405] ? kfree+0xd7/0x340 [ 1661.001112] ? do_raw_spin_unlock+0x4f/0x220 [ 1661.002041] p9_client_create+0xa76/0x1230 [ 1661.002938] ? p9_client_flush+0x430/0x430 [ 1661.003831] ? trace_hardirqs_on+0x5b/0x180 [ 1661.004741] ? lockdep_init_map_type+0x2c7/0x780 [ 1661.005751] ? __raw_spin_lock_init+0x36/0x110 [ 1661.006715] v9fs_session_init+0x1dd/0x1680 [ 1661.007629] ? lock_release+0x680/0x680 [ 1661.008477] ? kmem_cache_alloc_trace+0x151/0x320 [ 1661.009497] ? v9fs_show_options+0x690/0x690 [ 1661.010443] ? trace_hardirqs_on+0x5b/0x180 [ 1661.011355] ? kasan_unpoison_shadow+0x33/0x50 [ 1661.012315] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1661.013398] v9fs_mount+0x79/0x8f0 [ 1661.014147] ? v9fs_write_inode+0x60/0x60 [ 1661.015026] legacy_get_tree+0x105/0x220 [ 1661.015886] vfs_get_tree+0x8e/0x300 [ 1661.016670] path_mount+0x1490/0x21e0 [ 1661.017495] ? strncpy_from_user+0x9e/0x470 [ 1661.018412] ? finish_automount+0xa90/0xa90 [ 1661.019319] ? getname_flags.part.0+0x1dd/0x4f0 [ 1661.020296] ? _copy_from_user+0xfb/0x1b0 [ 1661.021185] __x64_sys_mount+0x282/0x300 [ 1661.022048] ? copy_mnt_ns+0xa00/0xa00 [ 1661.022873] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1661.023972] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1661.025063] do_syscall_64+0x33/0x40 [ 1661.025856] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1661.026934] RIP: 0033:0x7f850d5eab19 [ 1661.027723] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1661.031589] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1661.033218] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1661.034726] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1661.036231] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1661.037746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1661.039254] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 12:41:10 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 41) 12:41:10 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa3331"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:41:10 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1931], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:41:10 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d0"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:41:10 executing program 6: socket$inet6_udplite(0xa, 0x2, 0x88) mq_open(0x0, 0x2, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 36) [ 1661.206998] FAULT_INJECTION: forcing a failure. [ 1661.206998] name failslab, interval 1, probability 0, space 0, times 0 [ 1661.209386] CPU: 1 PID: 8664 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1661.210840] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1661.212593] Call Trace: [ 1661.213178] dump_stack+0x107/0x167 [ 1661.213949] should_fail.cold+0x5/0xa [ 1661.214758] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1661.215969] should_failslab+0x5/0x20 [ 1661.216772] kmem_cache_alloc+0x5b/0x310 [ 1661.217658] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1661.218845] idr_get_free+0x4b5/0x8f0 [ 1661.219675] idr_alloc_u32+0x170/0x2d0 [ 1661.220506] ? __fprop_inc_percpu_max+0x130/0x130 [ 1661.221546] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1661.222678] ? lock_release+0x680/0x680 [ 1661.223522] idr_alloc+0xc2/0x130 [ 1661.224248] ? idr_alloc_u32+0x2d0/0x2d0 [ 1661.225116] ? rwlock_bug.part.0+0x90/0x90 [ 1661.226028] p9_client_prepare_req.part.0+0x612/0xac0 [ 1661.227125] p9_client_rpc+0x220/0x1370 [ 1661.227962] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1661.229081] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1661.230217] ? pipe_poll+0x21b/0x800 [ 1661.231008] ? p9_fd_close+0x4a0/0x4a0 [ 1661.231828] ? wait_for_partner+0x3c0/0x3c0 [ 1661.232745] ? p9_fd_poll+0x1e0/0x2c0 [ 1661.233561] ? p9_fd_create+0x357/0x4a0 [ 1661.234401] ? p9_conn_create+0x510/0x510 [ 1661.235273] ? p9_client_create+0x798/0x1230 [ 1661.236202] ? kfree+0xd7/0x340 [ 1661.236903] ? do_raw_spin_unlock+0x4f/0x220 [ 1661.237843] p9_client_create+0xa76/0x1230 [ 1661.238756] ? p9_client_flush+0x430/0x430 [ 1661.239659] ? trace_hardirqs_on+0x5b/0x180 [ 1661.240583] ? lockdep_init_map_type+0x2c7/0x780 [ 1661.241604] ? __raw_spin_lock_init+0x36/0x110 [ 1661.242583] v9fs_session_init+0x1dd/0x1680 [ 1661.243505] ? lock_release+0x680/0x680 [ 1661.244364] ? kmem_cache_alloc_trace+0x151/0x320 [ 1661.245392] ? v9fs_show_options+0x690/0x690 [ 1661.246330] ? trace_hardirqs_on+0x5b/0x180 [ 1661.247244] ? kasan_unpoison_shadow+0x33/0x50 [ 1661.248214] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1661.249300] v9fs_mount+0x79/0x8f0 [ 1661.250049] ? v9fs_write_inode+0x60/0x60 [ 1661.250930] legacy_get_tree+0x105/0x220 [ 1661.251777] vfs_get_tree+0x8e/0x300 [ 1661.252539] path_mount+0x1490/0x21e0 [ 1661.253361] ? strncpy_from_user+0x9e/0x470 [ 1661.254269] ? finish_automount+0xa90/0xa90 [ 1661.255172] ? getname_flags.part.0+0x1dd/0x4f0 [ 1661.256150] ? _copy_from_user+0xfb/0x1b0 [ 1661.257033] __x64_sys_mount+0x282/0x300 [ 1661.257895] ? copy_mnt_ns+0xa00/0xa00 [ 1661.258733] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1661.259843] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1661.260946] do_syscall_64+0x33/0x40 [ 1661.261753] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1661.262830] RIP: 0033:0x7f850d5eab19 [ 1661.263616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1661.267503] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1661.269121] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1661.270633] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1661.272140] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1661.273658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1661.275171] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 12:41:10 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, 0x0, 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1661.346574] FAULT_INJECTION: forcing a failure. [ 1661.346574] name failslab, interval 1, probability 0, space 0, times 0 [ 1661.348421] CPU: 0 PID: 8672 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 1661.349537] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1661.350874] Call Trace: [ 1661.351318] dump_stack+0x107/0x167 [ 1661.351920] should_fail.cold+0x5/0xa [ 1661.352523] ? p9_fcall_init+0x97/0x290 [ 1661.353158] should_failslab+0x5/0x20 [ 1661.353752] __kmalloc+0x72/0x390 [ 1661.354303] p9_fcall_init+0x97/0x290 [ 1661.354895] p9_client_prepare_req.part.0+0x8c/0xac0 [ 1661.355762] p9_client_rpc+0x220/0x1370 [ 1661.356396] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1661.357247] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1661.358076] ? pipe_poll+0x21b/0x800 [ 1661.358666] ? p9_fd_close+0x4a0/0x4a0 [ 1661.359270] ? wait_for_partner+0x3c0/0x3c0 [ 1661.359939] ? p9_fd_poll+0x1e0/0x2c0 [ 1661.360535] ? p9_fd_create+0x357/0x4a0 [ 1661.361168] ? p9_conn_create+0x510/0x510 [ 1661.361816] ? p9_client_create+0x798/0x1230 [ 1661.362570] ? kfree+0xd7/0x340 [ 1661.363096] ? do_raw_spin_unlock+0x4f/0x220 [ 1661.363793] p9_client_create+0xa76/0x1230 [ 1661.364466] ? p9_client_flush+0x430/0x430 [ 1661.365140] ? trace_hardirqs_on+0x5b/0x180 [ 1661.365820] ? lockdep_init_map_type+0x2c7/0x780 [ 1661.366565] ? __raw_spin_lock_init+0x36/0x110 [ 1661.367294] v9fs_session_init+0x1dd/0x1680 [ 1661.367982] ? lock_release+0x680/0x680 [ 1661.368623] ? kmem_cache_alloc_trace+0x151/0x320 [ 1661.369400] ? v9fs_show_options+0x690/0x690 [ 1661.370106] ? trace_hardirqs_on+0x5b/0x180 [ 1661.370786] ? kasan_unpoison_shadow+0x33/0x50 [ 1661.371506] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1661.372365] v9fs_mount+0x79/0x8f0 [ 1661.372939] ? v9fs_write_inode+0x60/0x60 [ 1661.373600] legacy_get_tree+0x105/0x220 [ 1661.374240] vfs_get_tree+0x8e/0x300 [ 1661.374830] path_mount+0x1490/0x21e0 [ 1661.375431] ? strncpy_from_user+0x9e/0x470 [ 1661.376099] ? finish_automount+0xa90/0xa90 [ 1661.376765] ? getname_flags.part.0+0x1dd/0x4f0 [ 1661.377556] ? _copy_from_user+0xfb/0x1b0 [ 1661.378211] __x64_sys_mount+0x282/0x300 [ 1661.378841] ? copy_mnt_ns+0xa00/0xa00 [ 1661.379456] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1661.380269] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1661.381089] do_syscall_64+0x33/0x40 [ 1661.381674] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1661.382475] RIP: 0033:0x7fe30c5b6b19 [ 1661.383053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1661.385909] RSP: 002b:00007fe309b2c188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1661.387098] RAX: ffffffffffffffda RBX: 00007fe30c6c9f60 RCX: 00007fe30c5b6b19 [ 1661.388213] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1661.389349] RBP: 00007fe309b2c1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1661.390477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1661.391592] R13: 00007ffddf17178f R14: 00007fe309b2c300 R15: 0000000000022000 [ 1674.924980] FAULT_INJECTION: forcing a failure. [ 1674.924980] name failslab, interval 1, probability 0, space 0, times 0 [ 1674.926339] CPU: 1 PID: 8689 Comm: syz-executor.3 Not tainted 5.10.246 #1 [ 1674.927115] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1674.928058] Call Trace: [ 1674.928371] dump_stack+0x107/0x167 [ 1674.928789] should_fail.cold+0x5/0xa [ 1674.929235] ? create_object.isra.0+0x3a/0xa30 [ 1674.929759] should_failslab+0x5/0x20 [ 1674.930196] kmem_cache_alloc+0x5b/0x310 [ 1674.930668] create_object.isra.0+0x3a/0xa30 [ 1674.931168] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1674.931749] kmem_cache_alloc+0x159/0x310 [ 1674.932226] p9_client_prepare_req.part.0+0x3a/0xac0 [ 1674.932808] p9_client_rpc+0x220/0x1370 [ 1674.933272] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1674.933873] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1674.934486] ? pipe_poll+0x21b/0x800 [ 1674.934906] ? p9_fd_close+0x4a0/0x4a0 [ 1674.935347] ? wait_for_partner+0x3c0/0x3c0 [ 1674.935838] ? p9_fd_poll+0x1e0/0x2c0 [ 1674.936278] ? p9_fd_create+0x357/0x4a0 [ 1674.936731] ? p9_conn_create+0x510/0x510 [ 1674.937207] ? p9_client_create+0x798/0x1230 [ 1674.937713] ? kfree+0xd7/0x340 [ 1674.938088] ? do_raw_spin_unlock+0x4f/0x220 [ 1674.938593] p9_client_create+0xa76/0x1230 [ 1674.939079] ? p9_client_flush+0x430/0x430 [ 1674.939559] ? trace_hardirqs_on+0x5b/0x180 [ 1674.940059] ? lockdep_init_map_type+0x2c7/0x780 [ 1674.940600] ? __raw_spin_lock_init+0x36/0x110 [ 1674.941138] v9fs_session_init+0x1dd/0x1680 [ 1674.941633] ? lock_release+0x680/0x680 [ 1674.942096] ? kmem_cache_alloc_trace+0x151/0x320 [ 1674.942649] ? v9fs_show_options+0x690/0x690 [ 1674.943155] ? trace_hardirqs_on+0x5b/0x180 [ 1674.943648] ? kasan_unpoison_shadow+0x33/0x50 [ 1674.944168] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1674.944748] v9fs_mount+0x79/0x8f0 [ 1674.945166] ? v9fs_write_inode+0x60/0x60 [ 1674.945643] legacy_get_tree+0x105/0x220 [ 1674.946109] vfs_get_tree+0x8e/0x300 [ 1674.946535] path_mount+0x1490/0x21e0 [ 1674.946974] ? strncpy_from_user+0x9e/0x470 [ 1674.947470] ? finish_automount+0xa90/0xa90 [ 1674.947962] ? getname_flags.part.0+0x1dd/0x4f0 [ 1674.948496] ? _copy_from_user+0xfb/0x1b0 [ 1674.948975] __x64_sys_mount+0x282/0x300 [ 1674.949447] ? copy_mnt_ns+0xa00/0xa00 [ 1674.949934] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1674.950531] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1674.951116] do_syscall_64+0x33/0x40 [ 1674.951539] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1674.952123] RIP: 0033:0x7fd134c9eb19 [ 1674.952542] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1674.954639] RSP: 002b:00007fd132214188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1674.955511] RAX: ffffffffffffffda RBX: 00007fd134db1f60 RCX: 00007fd134c9eb19 [ 1674.956327] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1674.957151] RBP: 00007fd1322141d0 R08: 0000000020000280 R09: 0000000000000000 [ 1674.957972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1674.958788] R13: 00007ffe03f9a7cf R14: 00007fd132214300 R15: 0000000000022000 [ 1674.960756] FAULT_INJECTION: forcing a failure. [ 1674.960756] name failslab, interval 1, probability 0, space 0, times 0 [ 1674.962061] CPU: 1 PID: 8688 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 1674.962130] FAULT_INJECTION: forcing a failure. [ 1674.962130] name failslab, interval 1, probability 0, space 0, times 0 [ 1674.962843] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1674.962859] Call Trace: [ 1674.966933] dump_stack+0x107/0x167 [ 1674.967351] should_fail.cold+0x5/0xa [ 1674.967786] ? create_object.isra.0+0x3a/0xa30 [ 1674.968305] should_failslab+0x5/0x20 [ 1674.968738] kmem_cache_alloc+0x5b/0x310 [ 1674.969215] create_object.isra.0+0x3a/0xa30 [ 1674.969715] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1674.970293] __kmalloc+0x16e/0x390 [ 1674.970704] p9_fcall_init+0x97/0x290 [ 1674.971139] p9_client_prepare_req.part.0+0x8c/0xac0 [ 1674.971718] p9_client_rpc+0x220/0x1370 [ 1674.972173] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1674.972772] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1674.973391] ? pipe_poll+0x21b/0x800 [ 1674.973815] ? p9_fd_close+0x4a0/0x4a0 [ 1674.974264] ? wait_for_partner+0x3c0/0x3c0 [ 1674.974754] ? p9_fd_poll+0x1e0/0x2c0 [ 1674.975192] ? p9_fd_create+0x357/0x4a0 [ 1674.975647] ? p9_conn_create+0x510/0x510 [ 1674.976121] ? p9_client_create+0x798/0x1230 [ 1674.976623] ? kfree+0xd7/0x340 [ 1674.977001] ? do_raw_spin_unlock+0x4f/0x220 [ 1674.977512] p9_client_create+0xa76/0x1230 [ 1674.978000] ? p9_client_flush+0x430/0x430 [ 1674.978481] ? trace_hardirqs_on+0x5b/0x180 [ 1674.978975] ? lockdep_init_map_type+0x2c7/0x780 [ 1674.979517] ? __raw_spin_lock_init+0x36/0x110 [ 1674.980041] v9fs_session_init+0x1dd/0x1680 [ 1674.980540] ? kmem_cache_alloc_trace+0x151/0x320 [ 1674.981102] ? v9fs_show_options+0x690/0x690 [ 1674.981607] ? trace_hardirqs_on+0x5b/0x180 [ 1674.982098] ? kasan_unpoison_shadow+0x33/0x50 [ 1674.982617] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1674.983192] v9fs_mount+0x79/0x8f0 [ 1674.983595] ? v9fs_write_inode+0x60/0x60 [ 1674.984067] legacy_get_tree+0x105/0x220 [ 1674.984531] vfs_get_tree+0x8e/0x300 [ 1674.984960] path_mount+0x1490/0x21e0 [ 1674.985405] ? strncpy_from_user+0x9e/0x470 [ 1674.985900] ? finish_automount+0xa90/0xa90 [ 1674.986392] ? getname_flags.part.0+0x1dd/0x4f0 [ 1674.986926] ? _copy_from_user+0xfb/0x1b0 [ 1674.987403] __x64_sys_mount+0x282/0x300 [ 1674.987863] ? copy_mnt_ns+0xa00/0xa00 [ 1674.988312] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1674.988902] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1674.989506] do_syscall_64+0x33/0x40 [ 1674.989931] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1674.990520] RIP: 0033:0x7fe30c5b6b19 [ 1674.990940] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1674.993041] RSP: 002b:00007fe309b2c188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1674.993908] RAX: ffffffffffffffda RBX: 00007fe30c6c9f60 RCX: 00007fe30c5b6b19 [ 1674.994720] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1674.995533] RBP: 00007fe309b2c1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1674.996339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1674.997155] R13: 00007ffddf17178f R14: 00007fe309b2c300 R15: 0000000000022000 [ 1674.998007] CPU: 0 PID: 8684 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1674.999690] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1675.001459] Call Trace: [ 1675.002032] dump_stack+0x107/0x167 [ 1675.002839] should_fail.cold+0x5/0xa [ 1675.003649] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1675.004854] should_failslab+0x5/0x20 [ 1675.005672] kmem_cache_alloc+0x5b/0x310 [ 1675.006537] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1675.007729] idr_get_free+0x4b5/0x8f0 [ 1675.008542] idr_alloc_u32+0x170/0x2d0 [ 1675.009374] ? __fprop_inc_percpu_max+0x130/0x130 [ 1675.010509] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1675.011660] ? lock_release+0x680/0x680 [ 1675.012506] idr_alloc+0xc2/0x130 [ 1675.013247] ? idr_alloc_u32+0x2d0/0x2d0 [ 1675.014102] ? rwlock_bug.part.0+0x90/0x90 [ 1675.015003] p9_client_prepare_req.part.0+0x612/0xac0 [ 1675.016101] p9_client_rpc+0x220/0x1370 [ 1675.016946] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1675.018070] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1675.019199] ? pipe_poll+0x21b/0x800 [ 1675.019987] ? p9_fd_close+0x4a0/0x4a0 [ 1675.020815] ? wait_for_partner+0x3c0/0x3c0 [ 1675.021736] ? p9_fd_poll+0x1e0/0x2c0 [ 1675.022553] ? p9_fd_create+0x357/0x4a0 [ 1675.023406] ? p9_conn_create+0x510/0x510 [ 1675.024279] ? p9_client_create+0x798/0x1230 [ 1675.025234] ? kfree+0xd7/0x340 [ 1675.025929] ? do_raw_spin_unlock+0x4f/0x220 [ 1675.026864] p9_client_create+0xa76/0x1230 [ 1675.027769] ? p9_client_flush+0x430/0x430 [ 1675.028672] ? trace_hardirqs_on+0x5b/0x180 [ 1675.029592] ? lockdep_init_map_type+0x2c7/0x780 [ 1675.030596] ? __raw_spin_lock_init+0x36/0x110 [ 1675.031569] v9fs_session_init+0x1dd/0x1680 [ 1675.032482] ? lock_release+0x680/0x680 [ 1675.033340] ? kmem_cache_alloc_trace+0x151/0x320 [ 1675.034365] ? v9fs_show_options+0x690/0x690 [ 1675.035319] ? trace_hardirqs_on+0x5b/0x180 [ 1675.036223] ? kasan_unpoison_shadow+0x33/0x50 [ 1675.037192] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1675.038256] v9fs_mount+0x79/0x8f0 [ 1675.039012] ? v9fs_write_inode+0x60/0x60 [ 1675.039881] legacy_get_tree+0x105/0x220 [ 1675.040926] vfs_get_tree+0x8e/0x300 [ 1675.041947] path_mount+0x1490/0x21e0 [ 1675.042975] ? strncpy_from_user+0x9e/0x470 [ 1675.044139] ? finish_automount+0xa90/0xa90 [ 1675.045191] ? getname_flags.part.0+0x1dd/0x4f0 [ 1675.046243] ? _copy_from_user+0xfb/0x1b0 [ 1675.047186] __x64_sys_mount+0x282/0x300 [ 1675.048158] ? copy_mnt_ns+0xa00/0xa00 [ 1675.049005] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1675.050204] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1675.051303] do_syscall_64+0x33/0x40 [ 1675.052091] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1675.053177] RIP: 0033:0x7f850d5eab19 [ 1675.053961] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1675.057842] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1675.059460] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1675.060967] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1675.062487] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1675.064001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1675.065512] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 [ 1675.069914] FAULT_INJECTION: forcing a failure. 12:41:23 executing program 5: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 41) 12:41:23 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, 0xffffffffffffffff) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03324c4b0e"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:41:23 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 42) 12:41:23 executing program 6: socket$inet6_udplite(0xa, 0x2, 0x88) mq_open(0x0, 0x2, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 37) 12:41:23 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 36) 12:41:23 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d0"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1675.069914] name failslab, interval 1, probability 0, space 0, times 0 [ 1675.071511] CPU: 1 PID: 8691 Comm: syz-executor.5 Not tainted 5.10.246 #1 12:41:24 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa3331"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:41:24 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1931], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1675.072475] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1675.073562] Call Trace: [ 1675.073871] dump_stack+0x107/0x167 [ 1675.074285] should_fail.cold+0x5/0xa [ 1675.074725] ? create_object.isra.0+0x3a/0xa30 [ 1675.075250] should_failslab+0x5/0x20 [ 1675.075682] kmem_cache_alloc+0x5b/0x310 [ 1675.076149] create_object.isra.0+0x3a/0xa30 [ 1675.076649] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1675.077235] kmem_cache_alloc+0x159/0x310 [ 1675.077717] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1675.078355] idr_get_free+0x4b5/0x8f0 [ 1675.078797] idr_alloc_u32+0x170/0x2d0 [ 1675.079242] ? __fprop_inc_percpu_max+0x130/0x130 [ 1675.079795] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1675.080406] ? lock_release+0x680/0x680 [ 1675.080860] idr_alloc+0xc2/0x130 [ 1675.081263] ? idr_alloc_u32+0x2d0/0x2d0 [ 1675.081729] ? rwlock_bug.part.0+0x90/0x90 [ 1675.082216] p9_client_prepare_req.part.0+0x612/0xac0 [ 1675.082806] p9_client_rpc+0x220/0x1370 [ 1675.083261] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1675.083861] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1675.084474] ? pipe_poll+0x21b/0x800 [ 1675.084902] ? p9_fd_close+0x4a0/0x4a0 [ 1675.085354] ? wait_for_partner+0x3c0/0x3c0 [ 1675.085845] ? p9_fd_poll+0x1e0/0x2c0 [ 1675.086281] ? p9_fd_create+0x357/0x4a0 [ 1675.086735] ? p9_conn_create+0x510/0x510 [ 1675.087206] ? p9_client_create+0x798/0x1230 [ 1675.087707] ? kfree+0xd7/0x340 [ 1675.088083] ? do_raw_spin_unlock+0x4f/0x220 [ 1675.088590] p9_client_create+0xa76/0x1230 [ 1675.089083] ? p9_client_flush+0x430/0x430 [ 1675.089578] ? trace_hardirqs_on+0x5b/0x180 [ 1675.090083] ? lockdep_init_map_type+0x2c7/0x780 [ 1675.090636] ? __raw_spin_lock_init+0x36/0x110 [ 1675.091158] v9fs_session_init+0x1dd/0x1680 [ 1675.091650] ? lock_release+0x680/0x680 [ 1675.092105] ? kmem_cache_alloc_trace+0x151/0x320 [ 1675.092655] ? v9fs_show_options+0x690/0x690 [ 1675.093166] ? trace_hardirqs_on+0x5b/0x180 [ 1675.093659] ? kasan_unpoison_shadow+0x33/0x50 [ 1675.094176] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1675.094758] v9fs_mount+0x79/0x8f0 [ 1675.095167] ? v9fs_write_inode+0x60/0x60 [ 1675.095639] legacy_get_tree+0x105/0x220 [ 1675.096107] vfs_get_tree+0x8e/0x300 [ 1675.096536] path_mount+0x1490/0x21e0 [ 1675.096978] ? strncpy_from_user+0x9e/0x470 [ 1675.097476] ? finish_automount+0xa90/0xa90 [ 1675.097971] ? getname_flags.part.0+0x1dd/0x4f0 [ 1675.098506] ? _copy_from_user+0xfb/0x1b0 [ 1675.098980] __x64_sys_mount+0x282/0x300 [ 1675.099443] ? copy_mnt_ns+0xa00/0xa00 [ 1675.099893] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1675.100494] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1675.101092] do_syscall_64+0x33/0x40 [ 1675.101519] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1675.102103] RIP: 0033:0x7ff7dde24b19 [ 1675.102531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1675.104622] RSP: 002b:00007ff7db39a188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1675.105496] RAX: ffffffffffffffda RBX: 00007ff7ddf37f60 RCX: 00007ff7dde24b19 [ 1675.106311] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1675.107124] RBP: 00007ff7db39a1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1675.107940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1675.108753] R13: 00007ffcd7e7b57f R14: 00007ff7db39a300 R15: 0000000000022000 12:41:24 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d0"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:41:24 executing program 6: socket$inet6_udplite(0xa, 0x2, 0x88) mq_open(0x0, 0x2, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 38) 12:41:24 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 37) 12:41:24 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, 0xffffffffffffffff) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03324c4b0e"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1675.216074] FAULT_INJECTION: forcing a failure. [ 1675.216074] name failslab, interval 1, probability 0, space 0, times 0 [ 1675.217499] CPU: 1 PID: 8708 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 1675.218287] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1675.219248] Call Trace: [ 1675.219558] dump_stack+0x107/0x167 [ 1675.219977] should_fail.cold+0x5/0xa [ 1675.220420] ? p9_fcall_init+0x97/0x290 [ 1675.220878] should_failslab+0x5/0x20 [ 1675.221329] __kmalloc+0x72/0x390 [ 1675.221726] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1675.222322] p9_fcall_init+0x97/0x290 [ 1675.222766] p9_client_prepare_req.part.0+0xf4/0xac0 [ 1675.223353] p9_client_rpc+0x220/0x1370 [ 1675.223810] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1675.224411] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1675.225032] ? pipe_poll+0x21b/0x800 [ 1675.225456] ? p9_fd_close+0x4a0/0x4a0 [ 1675.225906] ? wait_for_partner+0x3c0/0x3c0 [ 1675.226395] ? p9_fd_poll+0x1e0/0x2c0 [ 1675.226832] ? p9_fd_create+0x357/0x4a0 [ 1675.227284] ? p9_conn_create+0x510/0x510 [ 1675.227754] ? p9_client_create+0x798/0x1230 [ 1675.228259] ? kfree+0xd7/0x340 [ 1675.228641] ? do_raw_spin_unlock+0x4f/0x220 [ 1675.229154] p9_client_create+0xa76/0x1230 [ 1675.229635] ? p9_client_flush+0x430/0x430 [ 1675.230121] ? trace_hardirqs_on+0x5b/0x180 [ 1675.230626] ? lockdep_init_map_type+0x2c7/0x780 [ 1675.231169] ? __raw_spin_lock_init+0x36/0x110 [ 1675.231700] v9fs_session_init+0x1dd/0x1680 [ 1675.232189] ? lock_release+0x680/0x680 [ 1675.232652] ? kmem_cache_alloc_trace+0x151/0x320 [ 1675.233215] ? v9fs_show_options+0x690/0x690 [ 1675.233724] ? trace_hardirqs_on+0x5b/0x180 [ 1675.234219] ? kasan_unpoison_shadow+0x33/0x50 [ 1675.234737] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1675.235319] v9fs_mount+0x79/0x8f0 [ 1675.235730] ? v9fs_write_inode+0x60/0x60 [ 1675.236205] legacy_get_tree+0x105/0x220 [ 1675.236671] vfs_get_tree+0x8e/0x300 [ 1675.237104] path_mount+0x1490/0x21e0 [ 1675.237544] ? strncpy_from_user+0x9e/0x470 [ 1675.238042] ? finish_automount+0xa90/0xa90 [ 1675.238534] ? getname_flags.part.0+0x1dd/0x4f0 [ 1675.239062] ? _copy_from_user+0xfb/0x1b0 [ 1675.239547] __x64_sys_mount+0x282/0x300 [ 1675.240014] ? copy_mnt_ns+0xa00/0xa00 [ 1675.240470] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1675.241083] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1675.241681] do_syscall_64+0x33/0x40 [ 1675.242113] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1675.242705] RIP: 0033:0x7fe30c5b6b19 [ 1675.243133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1675.245252] RSP: 002b:00007fe309b2c188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1675.246120] RAX: ffffffffffffffda RBX: 00007fe30c6c9f60 RCX: 00007fe30c5b6b19 [ 1675.246941] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1675.247755] RBP: 00007fe309b2c1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1675.248570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1675.249390] R13: 00007ffddf17178f R14: 00007fe309b2c300 R15: 0000000000022000 [ 1675.258862] FAULT_INJECTION: forcing a failure. [ 1675.258862] name failslab, interval 1, probability 0, space 0, times 0 [ 1675.261338] CPU: 0 PID: 8707 Comm: syz-executor.3 Not tainted 5.10.246 #1 [ 1675.262795] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1675.264565] Call Trace: [ 1675.265149] dump_stack+0x107/0x167 [ 1675.265935] should_fail.cold+0x5/0xa [ 1675.266757] ? p9_fcall_init+0x97/0x290 [ 1675.267604] should_failslab+0x5/0x20 [ 1675.268409] __kmalloc+0x72/0x390 [ 1675.269164] p9_fcall_init+0x97/0x290 [ 1675.269971] p9_client_prepare_req.part.0+0x8c/0xac0 [ 1675.271049] p9_client_rpc+0x220/0x1370 [ 1675.271898] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1675.273020] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1675.274150] ? pipe_poll+0x21b/0x800 [ 1675.274951] ? p9_fd_close+0x4a0/0x4a0 [ 1675.275773] ? wait_for_partner+0x3c0/0x3c0 [ 1675.276694] ? p9_fd_poll+0x1e0/0x2c0 [ 1675.277535] ? p9_fd_create+0x357/0x4a0 [ 1675.278368] ? p9_conn_create+0x510/0x510 [ 1675.279234] ? p9_client_create+0x798/0x1230 [ 1675.280155] ? kfree+0xd7/0x340 [ 1675.280848] ? do_raw_spin_unlock+0x4f/0x220 [ 1675.281790] p9_client_create+0xa76/0x1230 [ 1675.282682] ? p9_client_flush+0x430/0x430 [ 1675.283574] ? trace_hardirqs_on+0x5b/0x180 [ 1675.284479] ? lockdep_init_map_type+0x2c7/0x780 [ 1675.285489] ? __raw_spin_lock_init+0x36/0x110 [ 1675.286455] v9fs_session_init+0x1dd/0x1680 [ 1675.287373] ? lock_release+0x680/0x680 [ 1675.288214] ? kmem_cache_alloc_trace+0x151/0x320 [ 1675.289239] ? v9fs_show_options+0x690/0x690 [ 1675.290168] ? trace_hardirqs_on+0x5b/0x180 [ 1675.291074] ? kasan_unpoison_shadow+0x33/0x50 [ 1675.292031] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1675.293105] v9fs_mount+0x79/0x8f0 [ 1675.293853] ? v9fs_write_inode+0x60/0x60 [ 1675.294717] legacy_get_tree+0x105/0x220 [ 1675.295571] vfs_get_tree+0x8e/0x300 [ 1675.296358] path_mount+0x1490/0x21e0 [ 1675.297175] ? strncpy_from_user+0x9e/0x470 [ 1675.298081] ? finish_automount+0xa90/0xa90 [ 1675.298986] ? getname_flags.part.0+0x1dd/0x4f0 [ 1675.299969] ? _copy_from_user+0xfb/0x1b0 [ 1675.300850] __x64_sys_mount+0x282/0x300 [ 1675.301715] ? copy_mnt_ns+0xa00/0xa00 [ 1675.302539] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1675.303644] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1675.304730] do_syscall_64+0x33/0x40 [ 1675.305526] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1675.306603] RIP: 0033:0x7fd134c9eb19 [ 1675.307390] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1675.311296] RSP: 002b:00007fd132214188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1675.312912] RAX: ffffffffffffffda RBX: 00007fd134db1f60 RCX: 00007fd134c9eb19 [ 1675.314439] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1675.315958] RBP: 00007fd1322141d0 R08: 0000000020000280 R09: 0000000000000000 [ 1675.317481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1675.319002] R13: 00007ffe03f9a7cf R14: 00007fd132214300 R15: 0000000000022000 12:41:36 executing program 6: socket$inet6_udplite(0xa, 0x2, 0x88) mq_open(0x0, 0x2, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 39) 12:41:36 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00"/1931], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:41:36 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df7"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:41:36 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 43) 12:41:36 executing program 5: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 42) 12:41:36 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03324c4b0e"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:41:36 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 38) 12:41:36 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) [ 1687.850915] FAULT_INJECTION: forcing a failure. [ 1687.850915] name failslab, interval 1, probability 0, space 0, times 0 [ 1687.852379] CPU: 1 PID: 8725 Comm: syz-executor.3 Not tainted 5.10.246 #1 [ 1687.853167] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1687.854102] Call Trace: [ 1687.854407] dump_stack+0x107/0x167 [ 1687.854874] should_fail.cold+0x5/0xa [ 1687.855379] ? p9_fcall_init+0x97/0x290 [ 1687.855893] should_failslab+0x5/0x20 [ 1687.856347] __kmalloc+0x72/0x390 [ 1687.856769] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa3331"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1687.857385] p9_fcall_init+0x97/0x290 [ 1687.858012] p9_client_prepare_req.part.0+0xf4/0xac0 [ 1687.858585] p9_client_rpc+0x220/0x1370 [ 1687.859058] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1687.859693] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1687.860309] ? pipe_poll+0x21b/0x800 [ 1687.860738] ? p9_fd_close+0x4a0/0x4a0 [ 1687.861204] ? wait_for_partner+0x3c0/0x3c0 [ 1687.861700] ? p9_fd_poll+0x1e0/0x2c0 [ 1687.862130] ? p9_fd_create+0x357/0x4a0 [ 1687.862603] ? p9_conn_create+0x510/0x510 [ 1687.863151] ? p9_client_create+0x798/0x1230 [ 1687.863723] ? kfree+0xd7/0x340 [ 1687.864153] ? do_raw_spin_unlock+0x4f/0x220 [ 1687.864245] FAULT_INJECTION: forcing a failure. [ 1687.864245] name failslab, interval 1, probability 0, space 0, times 0 [ 1687.864723] p9_client_create+0xa76/0x1230 [ 1687.867939] ? p9_client_flush+0x430/0x430 [ 1687.868475] ? trace_hardirqs_on+0x5b/0x180 [ 1687.869039] ? lockdep_init_map_type+0x2c7/0x780 [ 1687.869651] ? __raw_spin_lock_init+0x36/0x110 [ 1687.870238] v9fs_session_init+0x1dd/0x1680 [ 1687.870742] ? kmem_cache_alloc_trace+0x151/0x320 [ 1687.871280] ? v9fs_show_options+0x690/0x690 [ 1687.871789] ? trace_hardirqs_on+0x5b/0x180 [ 1687.872321] ? kasan_unpoison_shadow+0x33/0x50 [ 1687.872897] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1687.873510] v9fs_mount+0x79/0x8f0 [ 1687.873917] ? v9fs_write_inode+0x60/0x60 [ 1687.874398] legacy_get_tree+0x105/0x220 [ 1687.874859] vfs_get_tree+0x8e/0x300 [ 1687.875298] path_mount+0x1490/0x21e0 [ 1687.875752] ? strncpy_from_user+0x9e/0x470 [ 1687.876240] ? finish_automount+0xa90/0xa90 [ 1687.876768] ? getname_flags.part.0+0x1dd/0x4f0 [ 1687.877383] ? _copy_from_user+0xfb/0x1b0 [ 1687.877929] __x64_sys_mount+0x282/0x300 [ 1687.878414] ? copy_mnt_ns+0xa00/0xa00 [ 1687.878912] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1687.879593] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1687.880228] do_syscall_64+0x33/0x40 [ 1687.880711] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1687.881391] RIP: 0033:0x7fd134c9eb19 [ 1687.881869] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1687.884137] RSP: 002b:00007fd132214188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1687.885087] RAX: ffffffffffffffda RBX: 00007fd134db1f60 RCX: 00007fd134c9eb19 [ 1687.885982] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1687.886804] RBP: 00007fd1322141d0 R08: 0000000020000280 R09: 0000000000000000 [ 1687.887613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1687.888408] R13: 00007ffe03f9a7cf R14: 00007fd132214300 R15: 0000000000022000 [ 1687.889323] CPU: 0 PID: 8727 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1687.891010] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1687.893061] Call Trace: [ 1687.893735] dump_stack+0x107/0x167 [ 1687.894433] should_fail.cold+0x5/0xa [ 1687.895047] ? create_object.isra.0+0x3a/0xa30 [ 1687.895784] should_failslab+0x5/0x20 [ 1687.896400] kmem_cache_alloc+0x5b/0x310 [ 1687.897060] create_object.isra.0+0x3a/0xa30 [ 1687.897786] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1687.898586] kmem_cache_alloc+0x159/0x310 [ 1687.899243] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1687.900106] idr_get_free+0x4b5/0x8f0 [ 1687.900706] idr_alloc_u32+0x170/0x2d0 [ 1687.901329] ? __fprop_inc_percpu_max+0x130/0x130 [ 1687.902066] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1687.902900] ? lock_release+0x680/0x680 [ 1687.903514] idr_alloc+0xc2/0x130 [ 1687.904053] ? idr_alloc_u32+0x2d0/0x2d0 [ 1687.904692] ? rwlock_bug.part.0+0x90/0x90 [ 1687.905364] p9_client_prepare_req.part.0+0x612/0xac0 [ 1687.906165] p9_client_rpc+0x220/0x1370 [ 1687.906788] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1687.907617] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1687.908454] ? pipe_poll+0x21b/0x800 [ 1687.909032] ? p9_fd_close+0x4a0/0x4a0 [ 1687.909640] ? wait_for_partner+0x3c0/0x3c0 [ 1687.910315] ? p9_fd_poll+0x1e0/0x2c0 [ 1687.910913] ? p9_fd_create+0x357/0x4a0 [ 1687.911532] ? p9_conn_create+0x510/0x510 [ 1687.912174] ? p9_client_create+0x798/0x1230 [ 1687.912853] ? kfree+0xd7/0x340 [ 1687.913365] ? do_raw_spin_unlock+0x4f/0x220 [ 1687.914045] p9_client_create+0xa76/0x1230 [ 1687.914704] ? p9_client_flush+0x430/0x430 [ 1687.915359] ? trace_hardirqs_on+0x5b/0x180 [ 1687.916022] ? lockdep_init_map_type+0x2c7/0x780 [ 1687.916762] ? __raw_spin_lock_init+0x36/0x110 [ 1687.917484] v9fs_session_init+0x1dd/0x1680 [ 1687.918153] ? lock_release+0x680/0x680 [ 1687.918781] ? kmem_cache_alloc_trace+0x151/0x320 [ 1687.919524] ? v9fs_show_options+0x690/0x690 [ 1687.920211] ? trace_hardirqs_on+0x5b/0x180 [ 1687.920872] ? kasan_unpoison_shadow+0x33/0x50 [ 1687.921588] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1687.922385] v9fs_mount+0x79/0x8f0 [ 1687.922934] ? v9fs_write_inode+0x60/0x60 [ 1687.923575] legacy_get_tree+0x105/0x220 [ 1687.924202] vfs_get_tree+0x8e/0x300 [ 1687.924775] path_mount+0x1490/0x21e0 [ 1687.925377] ? strncpy_from_user+0x9e/0x470 [ 1687.926056] ? finish_automount+0xa90/0xa90 [ 1687.926723] ? getname_flags.part.0+0x1dd/0x4f0 [ 1687.927443] ? _copy_from_user+0xfb/0x1b0 [ 1687.928091] __x64_sys_mount+0x282/0x300 [ 1687.928721] ? copy_mnt_ns+0xa00/0xa00 [ 1687.929331] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1687.930137] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1687.930930] do_syscall_64+0x33/0x40 [ 1687.931500] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1687.932284] RIP: 0033:0x7f850d5eab19 [ 1687.932855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1687.935696] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1687.936873] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1687.937980] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1687.939077] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1687.940171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1687.941278] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 [ 1687.945387] FAULT_INJECTION: forcing a failure. [ 1687.945387] name failslab, interval 1, probability 0, space 0, times 0 [ 1687.945787] FAULT_INJECTION: forcing a failure. [ 1687.945787] name failslab, interval 1, probability 0, space 0, times 0 [ 1687.946988] CPU: 1 PID: 8716 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 1687.949627] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1687.950794] Call Trace: [ 1687.951166] dump_stack+0x107/0x167 [ 1687.951678] should_fail.cold+0x5/0xa [ 1687.952217] ? create_object.isra.0+0x3a/0xa30 [ 1687.952859] should_failslab+0x5/0x20 [ 1687.953414] kmem_cache_alloc+0x5b/0x310 [ 1687.953989] create_object.isra.0+0x3a/0xa30 [ 1687.954607] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1687.955323] __kmalloc+0x16e/0x390 [ 1687.955830] p9_fcall_init+0x97/0x290 [ 1687.956364] p9_client_prepare_req.part.0+0x8c/0xac0 [ 1687.957081] p9_client_rpc+0x220/0x1370 [ 1687.957645] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1687.958397] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1687.959151] ? pipe_poll+0x21b/0x800 [ 1687.959678] ? p9_fd_close+0x4a0/0x4a0 [ 1687.960228] ? wait_for_partner+0x3c0/0x3c0 [ 1687.960830] ? p9_fd_poll+0x1e0/0x2c0 [ 1687.961377] ? p9_fd_create+0x357/0x4a0 [ 1687.961936] ? p9_conn_create+0x510/0x510 [ 1687.962520] ? p9_client_create+0x798/0x1230 [ 1687.963142] ? kfree+0xd7/0x340 [ 1687.963603] ? do_raw_spin_unlock+0x4f/0x220 [ 1687.964226] p9_client_create+0xa76/0x1230 [ 1687.964821] ? p9_client_flush+0x430/0x430 [ 1687.965414] ? trace_hardirqs_on+0x5b/0x180 [ 1687.966027] ? lockdep_init_map_type+0x2c7/0x780 [ 1687.966696] ? __raw_spin_lock_init+0x36/0x110 [ 1687.967342] v9fs_session_init+0x1dd/0x1680 [ 1687.967952] ? lock_release+0x680/0x680 [ 1687.968514] ? kmem_cache_alloc_trace+0x151/0x320 [ 1687.969197] ? v9fs_show_options+0x690/0x690 [ 1687.969820] ? trace_hardirqs_on+0x5b/0x180 [ 1687.970426] ? kasan_unpoison_shadow+0x33/0x50 [ 1687.971066] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1687.971787] v9fs_mount+0x79/0x8f0 [ 1687.972292] ? v9fs_write_inode+0x60/0x60 [ 1687.972870] legacy_get_tree+0x105/0x220 [ 1687.973449] vfs_get_tree+0x8e/0x300 [ 1687.973974] path_mount+0x1490/0x21e0 [ 1687.974512] ? strncpy_from_user+0x9e/0x470 [ 1687.975120] ? finish_automount+0xa90/0xa90 [ 1687.975736] ? getname_flags.part.0+0x1dd/0x4f0 [ 1687.976386] ? _copy_from_user+0xfb/0x1b0 [ 1687.976978] __x64_sys_mount+0x282/0x300 [ 1687.977549] ? copy_mnt_ns+0xa00/0xa00 [ 1687.978105] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1687.978844] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1687.979563] do_syscall_64+0x33/0x40 [ 1687.980092] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1687.980812] RIP: 0033:0x7fe30c5b6b19 [ 1687.981535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1687.986109] RSP: 002b:00007fe309b2c188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1687.987799] RAX: ffffffffffffffda RBX: 00007fe30c6c9f60 RCX: 00007fe30c5b6b19 [ 1687.989379] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1687.990951] RBP: 00007fe309b2c1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1687.992525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1687.994108] R13: 00007ffddf17178f R14: 00007fe309b2c300 R15: 0000000000022000 [ 1687.995703] CPU: 0 PID: 8724 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 1687.996795] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1687.998121] Call Trace: [ 1687.998541] dump_stack+0x107/0x167 [ 1687.999120] should_fail.cold+0x5/0xa [ 1687.999728] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1688.000645] should_failslab+0x5/0x20 [ 1688.001257] kmem_cache_alloc+0x5b/0x310 [ 1688.001910] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1688.002803] idr_get_free+0x4b5/0x8f0 [ 1688.003418] idr_alloc_u32+0x170/0x2d0 [ 1688.004039] ? __fprop_inc_percpu_max+0x130/0x130 [ 1688.004805] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1688.005660] ? lock_release+0x680/0x680 [ 1688.006292] idr_alloc+0xc2/0x130 [ 1688.006843] ? idr_alloc_u32+0x2d0/0x2d0 [ 1688.007486] ? rwlock_bug.part.0+0x90/0x90 [ 1688.008163] p9_client_prepare_req.part.0+0x612/0xac0 [ 1688.008987] p9_client_rpc+0x220/0x1370 [ 1688.009625] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1688.010462] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1688.011307] ? pipe_poll+0x21b/0x800 [ 1688.011895] ? p9_fd_close+0x4a0/0x4a0 [ 1688.012514] ? wait_for_partner+0x3c0/0x3c0 [ 1688.013205] ? p9_fd_poll+0x1e0/0x2c0 [ 1688.013815] ? p9_fd_create+0x357/0x4a0 [ 1688.014443] ? p9_conn_create+0x510/0x510 [ 1688.015097] ? p9_client_create+0x798/0x1230 [ 1688.015796] ? kfree+0xd7/0x340 [ 1688.016315] ? do_raw_spin_unlock+0x4f/0x220 [ 1688.017016] p9_client_create+0xa76/0x1230 [ 1688.017699] ? p9_client_flush+0x430/0x430 [ 1688.018338] ? trace_hardirqs_on+0x5b/0x180 [ 1688.018985] ? lockdep_init_map_type+0x2c7/0x780 [ 1688.019690] ? __raw_spin_lock_init+0x36/0x110 [ 1688.020366] v9fs_session_init+0x1dd/0x1680 [ 1688.021007] ? lock_release+0x680/0x680 [ 1688.021640] ? kmem_cache_alloc_trace+0x151/0x320 [ 1688.022345] ? v9fs_show_options+0x690/0x690 [ 1688.023005] ? trace_hardirqs_on+0x5b/0x180 [ 1688.023663] ? kasan_unpoison_shadow+0x33/0x50 [ 1688.024331] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1688.025078] v9fs_mount+0x79/0x8f0 [ 1688.025616] ? v9fs_write_inode+0x60/0x60 [ 1688.026231] legacy_get_tree+0x105/0x220 [ 1688.026830] vfs_get_tree+0x8e/0x300 [ 1688.027386] path_mount+0x1490/0x21e0 [ 1688.027953] ? strncpy_from_user+0x9e/0x470 [ 1688.028598] ? finish_automount+0xa90/0xa90 [ 1688.029248] ? getname_flags.part.0+0x1dd/0x4f0 [ 1688.029944] ? _copy_from_user+0xfb/0x1b0 [ 1688.030561] __x64_sys_mount+0x282/0x300 [ 1688.031168] ? copy_mnt_ns+0xa00/0xa00 [ 1688.031760] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1688.032541] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1688.033312] do_syscall_64+0x33/0x40 [ 1688.033862] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1688.034624] RIP: 0033:0x7ff7dde24b19 [ 1688.035175] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1688.037888] RSP: 002b:00007ff7db39a188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1688.039004] RAX: ffffffffffffffda RBX: 00007ff7ddf37f60 RCX: 00007ff7dde24b19 [ 1688.040054] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1688.041124] RBP: 00007ff7db39a1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1688.042199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1688.043245] R13: 00007ffcd7e7b57f R14: 00007ff7db39a300 R15: 0000000000022000 12:41:37 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 39) 12:41:37 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d0"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:41:37 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df7"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1688.137701] FAULT_INJECTION: forcing a failure. [ 1688.137701] name failslab, interval 1, probability 0, space 0, times 0 [ 1688.140252] CPU: 1 PID: 8734 Comm: syz-executor.3 Not tainted 5.10.246 #1 [ 1688.141675] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1688.143407] Call Trace: [ 1688.143966] dump_stack+0x107/0x167 [ 1688.144733] should_fail.cold+0x5/0xa [ 1688.145542] ? create_object.isra.0+0x3a/0xa30 [ 1688.146498] should_failslab+0x5/0x20 [ 1688.147287] kmem_cache_alloc+0x5b/0x310 [ 1688.148353] create_object.isra.0+0x3a/0xa30 [ 1688.149298] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1688.150615] __kmalloc+0x16e/0x390 [ 1688.151427] p9_fcall_init+0x97/0x290 [ 1688.152416] p9_client_prepare_req.part.0+0xf4/0xac0 [ 1688.153491] p9_client_rpc+0x220/0x1370 [ 1688.154323] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1688.155414] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1688.156532] ? pipe_poll+0x21b/0x800 [ 1688.157322] ? p9_fd_close+0x4a0/0x4a0 [ 1688.158129] ? wait_for_partner+0x3c0/0x3c0 [ 1688.159029] ? p9_fd_poll+0x1e0/0x2c0 [ 1688.159835] ? p9_fd_create+0x357/0x4a0 [ 1688.160870] ? p9_conn_create+0x510/0x510 [ 1688.161763] ? p9_client_create+0x798/0x1230 [ 1688.162686] ? kfree+0xd7/0x340 [ 1688.163547] ? do_raw_spin_unlock+0x4f/0x220 [ 1688.164490] p9_client_create+0xa76/0x1230 [ 1688.165603] ? p9_client_flush+0x430/0x430 [ 1688.166567] ? trace_hardirqs_on+0x5b/0x180 [ 1688.167673] ? lockdep_init_map_type+0x2c7/0x780 [ 1688.168695] ? __raw_spin_lock_init+0x36/0x110 [ 1688.169720] v9fs_session_init+0x1dd/0x1680 [ 1688.170644] ? lock_release+0x680/0x680 [ 1688.171483] ? kmem_cache_alloc_trace+0x151/0x320 [ 1688.172749] ? v9fs_show_options+0x690/0x690 [ 1688.173706] ? trace_hardirqs_on+0x5b/0x180 [ 1688.174600] ? kasan_unpoison_shadow+0x33/0x50 [ 1688.175551] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1688.176865] v9fs_mount+0x79/0x8f0 [ 1688.177701] ? v9fs_write_inode+0x60/0x60 [ 1688.178571] legacy_get_tree+0x105/0x220 [ 1688.179621] vfs_get_tree+0x8e/0x300 [ 1688.180459] path_mount+0x1490/0x21e0 [ 1688.181443] ? strncpy_from_user+0x9e/0x470 [ 1688.182348] ? finish_automount+0xa90/0xa90 [ 1688.183243] ? getname_flags.part.0+0x1dd/0x4f0 [ 1688.184214] ? _copy_from_user+0xfb/0x1b0 [ 1688.185087] __x64_sys_mount+0x282/0x300 [ 1688.185948] ? copy_mnt_ns+0xa00/0xa00 [ 1688.186764] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1688.187859] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1688.188926] do_syscall_64+0x33/0x40 [ 1688.189713] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1688.190766] RIP: 0033:0x7fd134c9eb19 [ 1688.191555] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1688.195403] RSP: 002b:00007fd132214188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1688.196983] RAX: ffffffffffffffda RBX: 00007fd134db1f60 RCX: 00007fd134c9eb19 [ 1688.198479] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1688.199971] RBP: 00007fd1322141d0 R08: 0000000020000280 R09: 0000000000000000 [ 1688.201474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1688.202967] R13: 00007ffe03f9a7cf R14: 00007fd132214300 R15: 0000000000022000 12:41:37 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa3331"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:41:37 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, 0xffffffffffffffff) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03324c4b0e"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:41:37 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d0"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:41:37 executing program 6: socket$inet6_udplite(0xa, 0x2, 0x88) mq_open(0x0, 0x2, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 40) 12:41:37 executing program 5: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 43) 12:41:37 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 44) [ 1688.451417] FAULT_INJECTION: forcing a failure. [ 1688.451417] name failslab, interval 1, probability 0, space 0, times 0 [ 1688.452962] CPU: 0 PID: 8747 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 1688.453872] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1688.454996] Call Trace: [ 1688.455358] dump_stack+0x107/0x167 [ 1688.455852] should_fail.cold+0x5/0xa [ 1688.456358] ? create_object.isra.0+0x3a/0xa30 [ 1688.456968] should_failslab+0x5/0x20 [ 1688.457487] kmem_cache_alloc+0x5b/0x310 [ 1688.458023] create_object.isra.0+0x3a/0xa30 [ 1688.458610] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1688.459287] __kmalloc+0x16e/0x390 [ 1688.459764] p9_fcall_init+0x97/0x290 [ 1688.460271] p9_client_prepare_req.part.0+0xf4/0xac0 [ 1688.460950] p9_client_rpc+0x220/0x1370 [ 1688.461493] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1688.462199] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1688.462919] ? pipe_poll+0x21b/0x800 [ 1688.463412] ? p9_fd_close+0x4a0/0x4a0 [ 1688.463922] ? wait_for_partner+0x3c0/0x3c0 [ 1688.464500] ? p9_fd_poll+0x1e0/0x2c0 [ 1688.465005] ? p9_fd_create+0x357/0x4a0 [ 1688.465539] ? p9_conn_create+0x510/0x510 [ 1688.466116] ? p9_client_create+0x798/0x1230 [ 1688.466705] ? kfree+0xd7/0x340 [ 1688.467134] ? do_raw_spin_unlock+0x4f/0x220 [ 1688.467710] p9_client_create+0xa76/0x1230 [ 1688.468279] ? p9_client_flush+0x430/0x430 [ 1688.468854] ? trace_hardirqs_on+0x5b/0x180 [ 1688.469435] ? lockdep_init_map_type+0x2c7/0x780 [ 1688.470070] ? __raw_spin_lock_init+0x36/0x110 [ 1688.470694] v9fs_session_init+0x1dd/0x1680 [ 1688.471270] ? lock_release+0x680/0x680 [ 1688.471812] ? kmem_cache_alloc_trace+0x151/0x320 [ 1688.472455] ? v9fs_show_options+0x690/0x690 [ 1688.473042] ? trace_hardirqs_on+0x5b/0x180 [ 1688.473641] ? kasan_unpoison_shadow+0x33/0x50 [ 1688.474243] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1688.474918] v9fs_mount+0x79/0x8f0 [ 1688.475385] ? v9fs_write_inode+0x60/0x60 [ 1688.475929] legacy_get_tree+0x105/0x220 [ 1688.476466] vfs_get_tree+0x8e/0x300 [ 1688.476963] path_mount+0x1490/0x21e0 [ 1688.477483] ? strncpy_from_user+0x9e/0x470 [ 1688.478055] ? finish_automount+0xa90/0xa90 [ 1688.478621] ? getname_flags.part.0+0x1dd/0x4f0 [ 1688.479246] ? _copy_from_user+0xfb/0x1b0 [ 1688.479800] __x64_sys_mount+0x282/0x300 [ 1688.480329] ? copy_mnt_ns+0xa00/0xa00 [ 1688.480843] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1688.481539] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1688.482228] do_syscall_64+0x33/0x40 [ 1688.482710] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1688.483392] RIP: 0033:0x7fe30c5b6b19 [ 1688.483885] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1688.486333] RSP: 002b:00007fe309b2c188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1688.487344] RAX: ffffffffffffffda RBX: 00007fe30c6c9f60 RCX: 00007fe30c5b6b19 [ 1688.488282] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1688.489226] RBP: 00007fe309b2c1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1688.490171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1688.491119] R13: 00007ffddf17178f R14: 00007fe309b2c300 R15: 0000000000022000 12:41:37 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df7"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:41:37 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 40) [ 1688.537933] FAULT_INJECTION: forcing a failure. [ 1688.537933] name failslab, interval 1, probability 0, space 0, times 0 [ 1688.540296] CPU: 1 PID: 8751 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 1688.541714] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1688.543434] Call Trace: [ 1688.543993] dump_stack+0x107/0x167 [ 1688.544762] should_fail.cold+0x5/0xa [ 1688.545586] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1688.546778] should_failslab+0x5/0x20 [ 1688.547571] kmem_cache_alloc+0x5b/0x310 [ 1688.548430] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1688.549620] idr_get_free+0x4b5/0x8f0 [ 1688.550432] idr_alloc_u32+0x170/0x2d0 [ 1688.551240] ? __fprop_inc_percpu_max+0x130/0x130 [ 1688.552240] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1688.553361] ? lock_release+0x680/0x680 [ 1688.554184] idr_alloc+0xc2/0x130 [ 1688.554899] ? idr_alloc_u32+0x2d0/0x2d0 [ 1688.555738] ? rwlock_bug.part.0+0x90/0x90 [ 1688.556617] p9_client_prepare_req.part.0+0x612/0xac0 [ 1688.557697] p9_client_rpc+0x220/0x1370 [ 1688.558524] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1688.559624] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1688.560736] ? pipe_poll+0x21b/0x800 [ 1688.561512] ? p9_fd_close+0x4a0/0x4a0 [ 1688.562314] ? wait_for_partner+0x3c0/0x3c0 [ 1688.563200] ? p9_fd_poll+0x1e0/0x2c0 [ 1688.563989] ? p9_fd_create+0x357/0x4a0 [ 1688.564812] ? p9_conn_create+0x510/0x510 [ 1688.565674] ? p9_client_create+0x798/0x1230 [ 1688.566585] ? kfree+0xd7/0x340 [ 1688.567260] ? do_raw_spin_unlock+0x4f/0x220 [ 1688.568180] p9_client_create+0xa76/0x1230 [ 1688.569063] ? p9_client_flush+0x430/0x430 [ 1688.569956] ? trace_hardirqs_on+0x5b/0x180 [ 1688.570851] ? lockdep_init_map_type+0x2c7/0x780 [ 1688.571846] ? __raw_spin_lock_init+0x36/0x110 [ 1688.572797] v9fs_session_init+0x1dd/0x1680 [ 1688.573692] ? lock_release+0x680/0x680 [ 1688.574554] ? kmem_cache_alloc_trace+0x151/0x320 [ 1688.575814] ? v9fs_show_options+0x690/0x690 [ 1688.576805] ? trace_hardirqs_on+0x5b/0x180 [ 1688.577939] ? kasan_unpoison_shadow+0x33/0x50 [ 1688.579118] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1688.580251] v9fs_mount+0x79/0x8f0 [ 1688.580992] ? v9fs_write_inode+0x60/0x60 [ 1688.581861] legacy_get_tree+0x105/0x220 [ 1688.582699] vfs_get_tree+0x8e/0x300 [ 1688.583472] path_mount+0x1490/0x21e0 [ 1688.584262] ? strncpy_from_user+0x9e/0x470 [ 1688.585150] ? finish_automount+0xa90/0xa90 [ 1688.586059] ? getname_flags.part.0+0x1dd/0x4f0 [ 1688.587020] ? _copy_from_user+0xfb/0x1b0 [ 1688.587888] __x64_sys_mount+0x282/0x300 [ 1688.588716] ? copy_mnt_ns+0xa00/0xa00 [ 1688.589544] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1688.590619] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1688.591690] do_syscall_64+0x33/0x40 [ 1688.592458] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1688.593525] RIP: 0033:0x7ff7dde24b19 [ 1688.594293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1688.598093] RSP: 002b:00007ff7db39a188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1688.599667] RAX: ffffffffffffffda RBX: 00007ff7ddf37f60 RCX: 00007ff7dde24b19 [ 1688.601131] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1688.602611] RBP: 00007ff7db39a1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1688.604075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1688.605562] R13: 00007ffcd7e7b57f R14: 00007ff7db39a300 R15: 0000000000022000 [ 1688.617114] FAULT_INJECTION: forcing a failure. [ 1688.617114] name failslab, interval 1, probability 0, space 0, times 0 [ 1688.618548] CPU: 0 PID: 8753 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1688.619397] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1688.620449] Call Trace: [ 1688.620795] dump_stack+0x107/0x167 [ 1688.621259] should_fail.cold+0x5/0xa [ 1688.621731] ? create_object.isra.0+0x3a/0xa30 [ 1688.622284] should_failslab+0x5/0x20 [ 1688.622755] kmem_cache_alloc+0x5b/0x310 [ 1688.623248] create_object.isra.0+0x3a/0xa30 [ 1688.623779] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1688.624396] kmem_cache_alloc+0x159/0x310 [ 1688.624908] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1688.625601] idr_get_free+0x4b5/0x8f0 [ 1688.626073] idr_alloc_u32+0x170/0x2d0 [ 1688.626547] ? __fprop_inc_percpu_max+0x130/0x130 [ 1688.627141] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1688.627787] ? lock_release+0x680/0x680 [ 1688.628270] idr_alloc+0xc2/0x130 [ 1688.628697] ? idr_alloc_u32+0x2d0/0x2d0 [ 1688.629195] ? rwlock_bug.part.0+0x90/0x90 [ 1688.629711] p9_client_prepare_req.part.0+0x612/0xac0 [ 1688.630340] p9_client_rpc+0x220/0x1370 [ 1688.630823] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1688.631410] FAULT_INJECTION: forcing a failure. [ 1688.631410] name failslab, interval 1, probability 0, space 0, times 0 [ 1688.631475] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1688.634435] ? pipe_poll+0x21b/0x800 [ 1688.634882] ? p9_fd_close+0x4a0/0x4a0 [ 1688.635347] ? wait_for_partner+0x3c0/0x3c0 [ 1688.635866] ? p9_fd_poll+0x1e0/0x2c0 [ 1688.636324] ? p9_fd_create+0x357/0x4a0 [ 1688.636801] ? p9_conn_create+0x510/0x510 [ 1688.637304] ? p9_client_create+0x798/0x1230 [ 1688.637834] ? kfree+0xd7/0x340 [ 1688.638237] ? do_raw_spin_unlock+0x4f/0x220 [ 1688.638770] p9_client_create+0xa76/0x1230 [ 1688.639292] ? p9_client_flush+0x430/0x430 [ 1688.639803] ? trace_hardirqs_on+0x5b/0x180 [ 1688.640322] ? lockdep_init_map_type+0x2c7/0x780 [ 1688.640892] ? __raw_spin_lock_init+0x36/0x110 [ 1688.641459] v9fs_session_init+0x1dd/0x1680 [ 1688.641991] ? lock_release+0x680/0x680 [ 1688.642481] ? kmem_cache_alloc_trace+0x151/0x320 [ 1688.643069] ? v9fs_show_options+0x690/0x690 [ 1688.643617] ? trace_hardirqs_on+0x5b/0x180 [ 1688.644153] ? kasan_unpoison_shadow+0x33/0x50 [ 1688.644713] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1688.645345] v9fs_mount+0x79/0x8f0 [ 1688.645778] ? v9fs_write_inode+0x60/0x60 [ 1688.646278] legacy_get_tree+0x105/0x220 [ 1688.646770] vfs_get_tree+0x8e/0x300 [ 1688.647231] path_mount+0x1490/0x21e0 [ 1688.647705] ? strncpy_from_user+0x9e/0x470 [ 1688.648238] ? finish_automount+0xa90/0xa90 [ 1688.648768] ? getname_flags.part.0+0x1dd/0x4f0 [ 1688.649354] ? _copy_from_user+0xfb/0x1b0 [ 1688.649859] __x64_sys_mount+0x282/0x300 [ 1688.650353] ? copy_mnt_ns+0xa00/0xa00 [ 1688.650835] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1688.651485] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1688.652111] do_syscall_64+0x33/0x40 [ 1688.652574] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1688.653206] RIP: 0033:0x7f850d5eab19 [ 1688.653660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1688.655930] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1688.656871] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1688.657751] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1688.658634] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1688.659509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1688.660387] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 [ 1688.661292] CPU: 1 PID: 8755 Comm: syz-executor.3 Not tainted 5.10.246 #1 [ 1688.662777] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1688.664568] Call Trace: [ 1688.665133] dump_stack+0x107/0x167 [ 1688.665909] should_fail.cold+0x5/0xa [ 1688.666708] ? create_object.isra.0+0x3a/0xa30 [ 1688.667802] should_failslab+0x5/0x20 [ 1688.668650] kmem_cache_alloc+0x5b/0x310 [ 1688.669574] create_object.isra.0+0x3a/0xa30 [ 1688.670556] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1688.671704] __kmalloc+0x16e/0x390 [ 1688.672478] p9_fcall_init+0x97/0x290 [ 1688.673354] p9_client_prepare_req.part.0+0xf4/0xac0 [ 1688.674408] p9_client_rpc+0x220/0x1370 [ 1688.675224] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1688.676301] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1688.677419] ? pipe_poll+0x21b/0x800 [ 1688.678176] ? p9_fd_close+0x4a0/0x4a0 [ 1688.678989] ? wait_for_partner+0x3c0/0x3c0 [ 1688.680007] ? p9_fd_poll+0x1e0/0x2c0 [ 1688.680880] ? p9_fd_create+0x357/0x4a0 [ 1688.681789] ? p9_conn_create+0x510/0x510 [ 1688.682709] ? p9_client_create+0x798/0x1230 [ 1688.683705] ? kfree+0xd7/0x340 [ 1688.684451] ? do_raw_spin_unlock+0x4f/0x220 [ 1688.685414] p9_client_create+0xa76/0x1230 [ 1688.686376] ? p9_client_flush+0x430/0x430 [ 1688.687351] ? trace_hardirqs_on+0x5b/0x180 [ 1688.688309] ? lockdep_init_map_type+0x2c7/0x780 [ 1688.689306] ? __raw_spin_lock_init+0x36/0x110 [ 1688.690251] v9fs_session_init+0x1dd/0x1680 [ 1688.691134] ? lock_release+0x680/0x680 [ 1688.691953] ? kmem_cache_alloc_trace+0x151/0x320 [ 1688.692944] ? v9fs_show_options+0x690/0x690 [ 1688.693857] ? trace_hardirqs_on+0x5b/0x180 [ 1688.694741] ? kasan_unpoison_shadow+0x33/0x50 [ 1688.695668] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1688.696707] v9fs_mount+0x79/0x8f0 [ 1688.697445] ? v9fs_write_inode+0x60/0x60 [ 1688.698303] legacy_get_tree+0x105/0x220 [ 1688.699147] vfs_get_tree+0x8e/0x300 [ 1688.699918] path_mount+0x1490/0x21e0 [ 1688.700699] ? strncpy_from_user+0x9e/0x470 [ 1688.701593] ? finish_automount+0xa90/0xa90 [ 1688.702488] ? getname_flags.part.0+0x1dd/0x4f0 [ 1688.703438] ? _copy_from_user+0xfb/0x1b0 [ 1688.704292] __x64_sys_mount+0x282/0x300 [ 1688.705131] ? copy_mnt_ns+0xa00/0xa00 [ 1688.705948] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1688.707014] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1688.708068] do_syscall_64+0x33/0x40 [ 1688.708832] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1688.709900] RIP: 0033:0x7fd134c9eb19 [ 1688.710660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1688.714417] RSP: 002b:00007fd132214188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1688.715986] RAX: ffffffffffffffda RBX: 00007fd134db1f60 RCX: 00007fd134c9eb19 [ 1688.717467] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1688.718940] RBP: 00007fd1322141d0 R08: 0000000020000280 R09: 0000000000000000 [ 1688.720425] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1688.721902] R13: 00007ffe03f9a7cf R14: 00007fd132214300 R15: 0000000000022000 12:41:50 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 45) 12:41:50 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 41) 12:41:50 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df7"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:41:50 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa3331"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:41:50 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:41:50 executing program 6: socket$inet6_udplite(0xa, 0x2, 0x88) mq_open(0x0, 0x2, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 41) 12:41:50 executing program 5: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 44) 12:41:50 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d0"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1701.614482] FAULT_INJECTION: forcing a failure. [ 1701.614482] name failslab, interval 1, probability 0, space 0, times 0 [ 1701.616844] CPU: 0 PID: 8763 Comm: syz-executor.3 Not tainted 5.10.246 #1 [ 1701.618307] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1701.620062] Call Trace: [ 1701.620632] dump_stack+0x107/0x167 [ 1701.621413] should_fail.cold+0x5/0xa [ 1701.622220] ? create_object.isra.0+0x3a/0xa30 [ 1701.623183] should_failslab+0x5/0x20 [ 1701.624001] kmem_cache_alloc+0x5b/0x310 [ 1701.624876] create_object.isra.0+0x3a/0xa30 [ 1701.625812] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1701.626893] kmem_cache_alloc+0x159/0x310 [ 1701.627783] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1701.628969] idr_get_free+0x4b5/0x8f0 [ 1701.629799] idr_alloc_u32+0x170/0x2d0 [ 1701.630631] ? __fprop_inc_percpu_max+0x130/0x130 [ 1701.631654] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1701.632515] FAULT_INJECTION: forcing a failure. [ 1701.632515] name failslab, interval 1, probability 0, space 0, times 0 [ 1701.632775] ? lock_release+0x680/0x680 [ 1701.634967] idr_alloc+0xc2/0x130 [ 1701.635693] ? idr_alloc_u32+0x2d0/0x2d0 [ 1701.636546] ? rwlock_bug.part.0+0x90/0x90 [ 1701.637460] p9_client_prepare_req.part.0+0x612/0xac0 [ 1701.638547] p9_client_rpc+0x220/0x1370 [ 1701.639388] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1701.640487] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1701.641621] ? pipe_poll+0x21b/0x800 [ 1701.642401] ? p9_fd_close+0x4a0/0x4a0 [ 1701.643222] ? wait_for_partner+0x3c0/0x3c0 [ 1701.644129] ? p9_fd_poll+0x1e0/0x2c0 [ 1701.644929] ? p9_fd_create+0x357/0x4a0 [ 1701.645775] ? p9_conn_create+0x510/0x510 [ 1701.646646] ? p9_client_create+0x798/0x1230 [ 1701.647569] ? kfree+0xd7/0x340 [ 1701.648257] ? do_raw_spin_unlock+0x4f/0x220 [ 1701.649190] p9_client_create+0xa76/0x1230 [ 1701.650100] ? p9_client_flush+0x430/0x430 [ 1701.650997] ? trace_hardirqs_on+0x5b/0x180 [ 1701.651908] ? lockdep_init_map_type+0x2c7/0x780 [ 1701.652909] ? __raw_spin_lock_init+0x36/0x110 [ 1701.653877] v9fs_session_init+0x1dd/0x1680 [ 1701.654785] ? lock_release+0x680/0x680 [ 1701.655629] ? kmem_cache_alloc_trace+0x151/0x320 [ 1701.656640] ? v9fs_show_options+0x690/0x690 [ 1701.657595] ? trace_hardirqs_on+0x5b/0x180 [ 1701.658507] ? kasan_unpoison_shadow+0x33/0x50 [ 1701.659471] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1701.660534] v9fs_mount+0x79/0x8f0 [ 1701.661279] ? v9fs_write_inode+0x60/0x60 [ 1701.662150] legacy_get_tree+0x105/0x220 [ 1701.663005] vfs_get_tree+0x8e/0x300 [ 1701.663792] path_mount+0x1490/0x21e0 [ 1701.664593] ? strncpy_from_user+0x9e/0x470 [ 1701.665504] ? finish_automount+0xa90/0xa90 [ 1701.666405] ? getname_flags.part.0+0x1dd/0x4f0 [ 1701.667379] ? _copy_from_user+0xfb/0x1b0 [ 1701.668260] __x64_sys_mount+0x282/0x300 [ 1701.669106] ? copy_mnt_ns+0xa00/0xa00 [ 1701.669930] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1701.671034] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1701.672111] do_syscall_64+0x33/0x40 [ 1701.672891] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1701.673972] RIP: 0033:0x7fd134c9eb19 [ 1701.674749] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1701.678635] RSP: 002b:00007fd132214188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1701.680240] RAX: ffffffffffffffda RBX: 00007fd134db1f60 RCX: 00007fd134c9eb19 [ 1701.681746] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1701.683249] RBP: 00007fd1322141d0 R08: 0000000020000280 R09: 0000000000000000 [ 1701.684745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1701.686257] R13: 00007ffe03f9a7cf R14: 00007fd132214300 R15: 0000000000022000 [ 1701.687781] CPU: 1 PID: 8769 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 1701.688606] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1701.689584] Call Trace: [ 1701.689902] dump_stack+0x107/0x167 [ 1701.690328] should_fail.cold+0x5/0xa [ 1701.690775] ? create_object.isra.0+0x3a/0xa30 [ 1701.691303] should_failslab+0x5/0x20 [ 1701.691748] kmem_cache_alloc+0x5b/0x310 [ 1701.692229] create_object.isra.0+0x3a/0xa30 [ 1701.692741] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1701.693345] kmem_cache_alloc+0x159/0x310 [ 1701.693834] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1701.694494] idr_get_free+0x4b5/0x8f0 [ 1701.694946] idr_alloc_u32+0x170/0x2d0 [ 1701.695406] ? __fprop_inc_percpu_max+0x130/0x130 [ 1701.695969] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1701.696592] ? lock_release+0x680/0x680 [ 1701.697059] idr_alloc+0xc2/0x130 [ 1701.697474] ? idr_alloc_u32+0x2d0/0x2d0 [ 1701.697950] ? rwlock_bug.part.0+0x90/0x90 [ 1701.698458] p9_client_prepare_req.part.0+0x612/0xac0 [ 1701.699069] p9_client_rpc+0x220/0x1370 [ 1701.699533] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1701.700144] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1701.700767] ? pipe_poll+0x21b/0x800 [ 1701.701199] ? p9_fd_close+0x4a0/0x4a0 [ 1701.701662] ? wait_for_partner+0x3c0/0x3c0 [ 1701.702168] ? p9_fd_poll+0x1e0/0x2c0 [ 1701.702616] ? p9_fd_create+0x357/0x4a0 [ 1701.703078] ? p9_conn_create+0x510/0x510 [ 1701.703559] ? p9_client_create+0x798/0x1230 [ 1701.704083] ? kfree+0xd7/0x340 [ 1701.704468] ? do_raw_spin_unlock+0x4f/0x220 [ 1701.704982] p9_client_create+0xa76/0x1230 [ 1701.705497] ? p9_client_flush+0x430/0x430 [ 1701.705989] ? trace_hardirqs_on+0x5b/0x180 [ 1701.706497] ? lockdep_init_map_type+0x2c7/0x780 [ 1701.707044] ? __raw_spin_lock_init+0x36/0x110 [ 1701.707577] v9fs_session_init+0x1dd/0x1680 [ 1701.708078] ? lock_release+0x680/0x680 [ 1701.708543] ? kmem_cache_alloc_trace+0x151/0x320 [ 1701.709099] ? v9fs_show_options+0x690/0x690 [ 1701.709620] ? trace_hardirqs_on+0x5b/0x180 [ 1701.710117] ? kasan_unpoison_shadow+0x33/0x50 [ 1701.710648] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1701.711239] v9fs_mount+0x79/0x8f0 [ 1701.711657] ? v9fs_write_inode+0x60/0x60 [ 1701.712153] legacy_get_tree+0x105/0x220 [ 1701.712633] vfs_get_tree+0x8e/0x300 [ 1701.713065] path_mount+0x1490/0x21e0 [ 1701.713522] ? strncpy_from_user+0x9e/0x470 [ 1701.714022] ? finish_automount+0xa90/0xa90 [ 1701.714521] ? getname_flags.part.0+0x1dd/0x4f0 [ 1701.715068] ? _copy_from_user+0xfb/0x1b0 [ 1701.715557] __x64_sys_mount+0x282/0x300 [ 1701.716031] ? copy_mnt_ns+0xa00/0xa00 [ 1701.716488] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1701.717097] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1701.717708] do_syscall_64+0x33/0x40 [ 1701.718139] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1701.718735] RIP: 0033:0x7ff7dde24b19 [ 1701.719172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1701.721316] RSP: 002b:00007ff7db39a188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1701.722195] RAX: ffffffffffffffda RBX: 00007ff7ddf37f60 RCX: 00007ff7dde24b19 [ 1701.723009] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1701.723824] RBP: 00007ff7db39a1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1701.724641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1701.725472] R13: 00007ffcd7e7b57f R14: 00007ff7db39a300 R15: 0000000000022000 [ 1701.736097] FAULT_INJECTION: forcing a failure. [ 1701.736097] name failslab, interval 1, probability 0, space 0, times 0 [ 1701.738490] CPU: 0 PID: 8772 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1701.739935] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1701.741704] Call Trace: [ 1701.742282] dump_stack+0x107/0x167 [ 1701.743061] should_fail.cold+0x5/0xa [ 1701.743862] ? create_object.isra.0+0x3a/0xa30 [ 1701.744820] should_failslab+0x5/0x20 [ 1701.745627] kmem_cache_alloc+0x5b/0x310 [ 1701.746489] create_object.isra.0+0x3a/0xa30 [ 1701.747415] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1701.748487] kmem_cache_alloc+0x159/0x310 [ 1701.749374] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1701.750556] idr_get_free+0x4b5/0x8f0 [ 1701.751374] idr_alloc_u32+0x170/0x2d0 [ 1701.752199] ? __fprop_inc_percpu_max+0x130/0x130 [ 1701.753212] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1701.754346] ? lock_release+0x680/0x680 [ 1701.755186] idr_alloc+0xc2/0x130 [ 1701.755917] ? idr_alloc_u32+0x2d0/0x2d0 [ 1701.756767] ? rwlock_bug.part.0+0x90/0x90 [ 1701.757677] p9_client_prepare_req.part.0+0x612/0xac0 [ 1701.758770] p9_client_rpc+0x220/0x1370 [ 1701.759602] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1701.760706] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1701.761839] ? pipe_poll+0x21b/0x800 [ 1701.762617] ? p9_fd_close+0x4a0/0x4a0 [ 1701.763436] ? wait_for_partner+0x3c0/0x3c0 [ 1701.764343] ? p9_fd_poll+0x1e0/0x2c0 [ 1701.765145] ? p9_fd_create+0x357/0x4a0 [ 1701.765991] ? p9_conn_create+0x510/0x510 [ 1701.766860] ? p9_client_create+0x798/0x1230 [ 1701.767780] ? kfree+0xd7/0x340 [ 1701.768468] ? do_raw_spin_unlock+0x4f/0x220 [ 1701.769404] p9_client_create+0xa76/0x1230 [ 1701.770305] ? p9_client_flush+0x430/0x430 [ 1701.771191] ? trace_hardirqs_on+0x5b/0x180 [ 1701.772100] ? lockdep_init_map_type+0x2c7/0x780 [ 1701.773095] ? __raw_spin_lock_init+0x36/0x110 [ 1701.774066] v9fs_session_init+0x1dd/0x1680 [ 1701.774977] ? lock_release+0x680/0x680 [ 1701.775819] ? kmem_cache_alloc_trace+0x151/0x320 [ 1701.776829] ? v9fs_show_options+0x690/0x690 [ 1701.777764] ? trace_hardirqs_on+0x5b/0x180 [ 1701.778670] ? kasan_unpoison_shadow+0x33/0x50 [ 1701.779633] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1701.780695] v9fs_mount+0x79/0x8f0 [ 1701.781453] ? v9fs_write_inode+0x60/0x60 [ 1701.782334] legacy_get_tree+0x105/0x220 [ 1701.783188] vfs_get_tree+0x8e/0x300 [ 1701.783968] path_mount+0x1490/0x21e0 [ 1701.784774] ? strncpy_from_user+0x9e/0x470 [ 1701.785690] ? finish_automount+0xa90/0xa90 [ 1701.786594] ? getname_flags.part.0+0x1dd/0x4f0 [ 1701.787567] ? _copy_from_user+0xfb/0x1b0 [ 1701.788447] __x64_sys_mount+0x282/0x300 [ 1701.789322] ? copy_mnt_ns+0xa00/0xa00 [ 1701.790144] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1701.791243] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1701.792328] do_syscall_64+0x33/0x40 [ 1701.793114] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1701.794193] RIP: 0033:0x7f850d5eab19 [ 1701.794980] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1701.798844] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1701.800454] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1701.801973] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1701.803474] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1701.804979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1701.806494] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 [ 1701.811672] FAULT_INJECTION: forcing a failure. [ 1701.811672] name failslab, interval 1, probability 0, space 0, times 0 [ 1701.813022] CPU: 1 PID: 8775 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 1701.813852] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1701.814823] Call Trace: [ 1701.815158] dump_stack+0x107/0x167 [ 1701.815592] should_fail.cold+0x5/0xa [ 1701.816032] ? create_object.isra.0+0x3a/0xa30 [ 1701.816553] should_failslab+0x5/0x20 [ 1701.816985] kmem_cache_alloc+0x5b/0x310 [ 1701.817460] create_object.isra.0+0x3a/0xa30 [ 1701.817959] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1701.818542] kmem_cache_alloc+0x159/0x310 [ 1701.819024] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1701.819669] idr_get_free+0x4b5/0x8f0 [ 1701.820112] idr_alloc_u32+0x170/0x2d0 [ 1701.820558] ? __fprop_inc_percpu_max+0x130/0x130 [ 1701.821107] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1701.821736] ? lock_release+0x680/0x680 [ 1701.822195] idr_alloc+0xc2/0x130 [ 1701.822592] ? idr_alloc_u32+0x2d0/0x2d0 [ 1701.823051] ? rwlock_bug.part.0+0x90/0x90 [ 1701.823537] p9_client_prepare_req.part.0+0x612/0xac0 [ 1701.824129] p9_client_rpc+0x220/0x1370 [ 1701.824585] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1701.825188] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1701.825811] ? pipe_poll+0x21b/0x800 [ 1701.826234] ? p9_fd_close+0x4a0/0x4a0 [ 1701.826678] ? wait_for_partner+0x3c0/0x3c0 [ 1701.827172] ? p9_fd_poll+0x1e0/0x2c0 [ 1701.827611] ? p9_fd_create+0x357/0x4a0 [ 1701.828063] ? p9_conn_create+0x510/0x510 [ 1701.828534] ? p9_client_create+0x798/0x1230 [ 1701.829032] ? kfree+0xd7/0x340 [ 1701.829416] ? do_raw_spin_unlock+0x4f/0x220 [ 1701.829920] p9_client_create+0xa76/0x1230 [ 1701.830408] ? p9_client_flush+0x430/0x430 [ 1701.830896] ? trace_hardirqs_on+0x5b/0x180 [ 1701.831389] ? lockdep_init_map_type+0x2c7/0x780 [ 1701.831932] ? __raw_spin_lock_init+0x36/0x110 [ 1701.832459] v9fs_session_init+0x1dd/0x1680 [ 1701.832955] ? lock_release+0x680/0x680 [ 1701.833419] ? kmem_cache_alloc_trace+0x151/0x320 [ 1701.833968] ? v9fs_show_options+0x690/0x690 [ 1701.834474] ? trace_hardirqs_on+0x5b/0x180 [ 1701.834968] ? kasan_unpoison_shadow+0x33/0x50 [ 1701.835492] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1701.836073] v9fs_mount+0x79/0x8f0 [ 1701.836480] ? v9fs_write_inode+0x60/0x60 [ 1701.836952] legacy_get_tree+0x105/0x220 [ 1701.837424] vfs_get_tree+0x8e/0x300 [ 1701.837852] path_mount+0x1490/0x21e0 [ 1701.838290] ? strncpy_from_user+0x9e/0x470 [ 1701.838778] ? finish_automount+0xa90/0xa90 [ 1701.839268] ? getname_flags.part.0+0x1dd/0x4f0 [ 1701.839799] ? _copy_from_user+0xfb/0x1b0 [ 1701.840278] __x64_sys_mount+0x282/0x300 [ 1701.840765] ? copy_mnt_ns+0xa00/0xa00 [ 1701.841213] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1701.841827] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1701.842416] do_syscall_64+0x33/0x40 [ 1701.842842] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1701.843427] RIP: 0033:0x7fe30c5b6b19 [ 1701.843851] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1701.845951] RSP: 002b:00007fe309b2c188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1701.846817] RAX: ffffffffffffffda RBX: 00007fe30c6c9f60 RCX: 00007fe30c5b6b19 [ 1701.847630] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1701.848442] RBP: 00007fe309b2c1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1701.849253] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1701.850074] R13: 00007ffddf17178f R14: 00007fe309b2c300 R15: 0000000000022000 12:41:50 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:41:50 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa3331"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:41:51 executing program 5: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 45) 12:41:51 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df7"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:41:51 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 46) 12:41:51 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d0"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:41:51 executing program 6: socket$inet6_udplite(0xa, 0x2, 0x88) mq_open(0x0, 0x2, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 42) [ 1702.058801] FAULT_INJECTION: forcing a failure. [ 1702.058801] name failslab, interval 1, probability 0, space 0, times 0 [ 1702.058986] FAULT_INJECTION: forcing a failure. [ 1702.058986] name failslab, interval 1, probability 0, space 0, times 0 [ 1702.061141] CPU: 0 PID: 8789 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 1702.061152] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1702.061164] Call Trace: [ 1702.061193] dump_stack+0x107/0x167 [ 1702.066973] should_fail.cold+0x5/0xa [ 1702.067782] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1702.068996] should_failslab+0x5/0x20 [ 1702.069808] kmem_cache_alloc+0x5b/0x310 [ 1702.070671] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1702.071848] idr_get_free+0x4b5/0x8f0 [ 1702.072664] idr_alloc_u32+0x170/0x2d0 [ 1702.073495] ? __fprop_inc_percpu_max+0x130/0x130 [ 1702.074512] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1702.075671] ? lock_release+0x680/0x680 [ 1702.076536] idr_alloc+0xc2/0x130 [ 1702.077288] ? idr_alloc_u32+0x2d0/0x2d0 [ 1702.078176] ? rwlock_bug.part.0+0x90/0x90 [ 1702.079102] p9_client_prepare_req.part.0+0x612/0xac0 [ 1702.080223] p9_client_rpc+0x220/0x1370 [ 1702.081086] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1702.082234] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1702.083393] ? pipe_poll+0x21b/0x800 [ 1702.084195] ? p9_fd_close+0x4a0/0x4a0 [ 1702.085035] ? wait_for_partner+0x3c0/0x3c0 [ 1702.085974] ? p9_fd_poll+0x1e0/0x2c0 [ 1702.086801] ? p9_fd_create+0x357/0x4a0 [ 1702.087656] ? p9_conn_create+0x510/0x510 [ 1702.088544] ? p9_client_create+0x798/0x1230 [ 1702.089497] ? kfree+0xd7/0x340 [ 1702.090206] ? do_raw_spin_unlock+0x4f/0x220 [ 1702.091156] p9_client_create+0xa76/0x1230 [ 1702.092075] ? p9_client_flush+0x430/0x430 [ 1702.092988] ? trace_hardirqs_on+0x5b/0x180 [ 1702.093930] ? lockdep_init_map_type+0x2c7/0x780 [ 1702.094955] ? __raw_spin_lock_init+0x36/0x110 [ 1702.095946] v9fs_session_init+0x1dd/0x1680 [ 1702.096876] ? lock_release+0x680/0x680 [ 1702.097752] ? kmem_cache_alloc_trace+0x151/0x320 [ 1702.098790] ? v9fs_show_options+0x690/0x690 [ 1702.099747] ? trace_hardirqs_on+0x5b/0x180 [ 1702.100678] ? kasan_unpoison_shadow+0x33/0x50 [ 1702.101671] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1702.102768] v9fs_mount+0x79/0x8f0 [ 1702.103537] ? v9fs_write_inode+0x60/0x60 [ 1702.104427] legacy_get_tree+0x105/0x220 [ 1702.105314] vfs_get_tree+0x8e/0x300 [ 1702.106117] path_mount+0x1490/0x21e0 [ 1702.106946] ? strncpy_from_user+0x9e/0x470 [ 1702.107878] ? finish_automount+0xa90/0xa90 [ 1702.108810] ? getname_flags.part.0+0x1dd/0x4f0 [ 1702.109823] ? _copy_from_user+0xfb/0x1b0 [ 1702.110727] __x64_sys_mount+0x282/0x300 [ 1702.111601] ? copy_mnt_ns+0xa00/0xa00 [ 1702.112447] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1702.113587] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1702.114700] do_syscall_64+0x33/0x40 [ 1702.115501] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1702.116602] RIP: 0033:0x7ff7dde24b19 [ 1702.117410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1702.121379] RSP: 002b:00007ff7db39a188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1702.123020] RAX: ffffffffffffffda RBX: 00007ff7ddf37f60 RCX: 00007ff7dde24b19 [ 1702.124555] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1702.126105] RBP: 00007ff7db39a1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1702.127638] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1702.129155] R13: 00007ffcd7e7b57f R14: 00007ff7db39a300 R15: 0000000000022000 [ 1702.130738] CPU: 1 PID: 8788 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1702.131601] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1702.132569] Call Trace: [ 1702.132884] dump_stack+0x107/0x167 [ 1702.133320] should_fail.cold+0x5/0xa [ 1702.133772] ? p9pdu_readf+0xadb/0x1d40 [ 1702.134238] should_failslab+0x5/0x20 [ 1702.134683] __kmalloc+0x72/0x390 [ 1702.135097] p9pdu_readf+0xadb/0x1d40 [ 1702.135550] ? pipe_poll+0x21b/0x800 [ 1702.136005] ? p9pdu_writef+0x100/0x100 [ 1702.136476] ? p9_fd_poll+0x1e0/0x2c0 [ 1702.136922] ? p9_fd_create+0x357/0x4a0 [ 1702.137394] ? p9_conn_create+0x510/0x510 [ 1702.137882] ? p9_client_create+0x798/0x1230 [ 1702.138388] ? kfree+0xd7/0x340 [ 1702.138775] ? do_raw_spin_unlock+0x4f/0x220 [ 1702.139289] p9_client_create+0xaee/0x1230 [ 1702.139786] ? p9_client_flush+0x430/0x430 [ 1702.140279] ? trace_hardirqs_on+0x5b/0x180 [ 1702.140784] ? lockdep_init_map_type+0x2c7/0x780 [ 1702.141351] ? __raw_spin_lock_init+0x36/0x110 [ 1702.141886] v9fs_session_init+0x1dd/0x1680 [ 1702.142392] ? lock_release+0x680/0x680 [ 1702.142860] ? kmem_cache_alloc_trace+0x151/0x320 [ 1702.143421] ? v9fs_show_options+0x690/0x690 [ 1702.143934] ? trace_hardirqs_on+0x5b/0x180 [ 1702.144439] ? kasan_unpoison_shadow+0x33/0x50 [ 1702.144975] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1702.145580] v9fs_mount+0x79/0x8f0 [ 1702.145992] ? v9fs_write_inode+0x60/0x60 [ 1702.146476] legacy_get_tree+0x105/0x220 [ 1702.146946] vfs_get_tree+0x8e/0x300 [ 1702.147379] path_mount+0x1490/0x21e0 [ 1702.147824] ? strncpy_from_user+0x9e/0x470 [ 1702.148321] ? finish_automount+0xa90/0xa90 [ 1702.148820] ? getname_flags.part.0+0x1dd/0x4f0 [ 1702.149367] ? _copy_from_user+0xfb/0x1b0 [ 1702.149852] __x64_sys_mount+0x282/0x300 [ 1702.150329] ? copy_mnt_ns+0xa00/0xa00 [ 1702.150785] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1702.151395] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1702.151992] do_syscall_64+0x33/0x40 [ 1702.152424] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1702.153017] RIP: 0033:0x7f850d5eab19 [ 1702.153465] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1702.155618] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1702.156515] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1702.157355] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1702.158181] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1702.159008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1702.159845] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 [ 1702.168063] FAULT_INJECTION: forcing a failure. [ 1702.168063] name failslab, interval 1, probability 0, space 0, times 0 [ 1702.169399] CPU: 1 PID: 8792 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 1702.170193] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1702.171169] Call Trace: [ 1702.171483] dump_stack+0x107/0x167 [ 1702.171910] should_fail.cold+0x5/0xa [ 1702.172362] ? create_object.isra.0+0x3a/0xa30 [ 1702.172899] should_failslab+0x5/0x20 [ 1702.173351] kmem_cache_alloc+0x5b/0x310 [ 1702.173829] create_object.isra.0+0x3a/0xa30 [ 1702.174342] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1702.174937] kmem_cache_alloc+0x159/0x310 [ 1702.175429] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1702.176094] idr_get_free+0x4b5/0x8f0 [ 1702.176558] idr_alloc_u32+0x170/0x2d0 [ 1702.177023] ? __fprop_inc_percpu_max+0x130/0x130 [ 1702.177601] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1702.178228] ? lock_release+0x680/0x680 [ 1702.178697] idr_alloc+0xc2/0x130 [ 1702.179103] ? idr_alloc_u32+0x2d0/0x2d0 [ 1702.179579] ? rwlock_bug.part.0+0x90/0x90 [ 1702.180097] p9_client_prepare_req.part.0+0x612/0xac0 [ 1702.180705] p9_client_rpc+0x220/0x1370 [ 1702.181172] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1702.181797] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1702.182424] ? pipe_poll+0x21b/0x800 [ 1702.182857] ? p9_fd_close+0x4a0/0x4a0 [ 1702.183314] ? wait_for_partner+0x3c0/0x3c0 [ 1702.183815] ? p9_fd_poll+0x1e0/0x2c0 [ 1702.184261] ? p9_fd_create+0x357/0x4a0 [ 1702.184722] ? p9_conn_create+0x510/0x510 [ 1702.185208] ? p9_client_create+0x798/0x1230 [ 1702.185727] ? kfree+0xd7/0x340 [ 1702.186113] ? do_raw_spin_unlock+0x4f/0x220 [ 1702.186636] p9_client_create+0xa76/0x1230 [ 1702.187130] ? p9_client_flush+0x430/0x430 [ 1702.187627] ? trace_hardirqs_on+0x5b/0x180 [ 1702.188133] ? lockdep_init_map_type+0x2c7/0x780 [ 1702.188689] ? __raw_spin_lock_init+0x36/0x110 [ 1702.189226] v9fs_session_init+0x1dd/0x1680 [ 1702.189741] ? lock_release+0x680/0x680 [ 1702.190212] ? kmem_cache_alloc_trace+0x151/0x320 [ 1702.190778] ? v9fs_show_options+0x690/0x690 [ 1702.191293] ? trace_hardirqs_on+0x5b/0x180 [ 1702.191796] ? kasan_unpoison_shadow+0x33/0x50 [ 1702.192332] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1702.192928] v9fs_mount+0x79/0x8f0 [ 1702.193352] ? v9fs_write_inode+0x60/0x60 [ 1702.193830] legacy_get_tree+0x105/0x220 [ 1702.194310] vfs_get_tree+0x8e/0x300 [ 1702.194745] path_mount+0x1490/0x21e0 [ 1702.195200] ? strncpy_from_user+0x9e/0x470 [ 1702.195705] ? finish_automount+0xa90/0xa90 [ 1702.196209] ? getname_flags.part.0+0x1dd/0x4f0 [ 1702.196751] ? _copy_from_user+0xfb/0x1b0 [ 1702.197243] __x64_sys_mount+0x282/0x300 [ 1702.197729] ? copy_mnt_ns+0xa00/0xa00 [ 1702.198188] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1702.198800] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1702.199403] do_syscall_64+0x33/0x40 [ 1702.199838] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1702.200439] RIP: 0033:0x7fe30c5b6b19 [ 1702.200878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1702.203037] RSP: 002b:00007fe309b2c188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1702.203929] RAX: ffffffffffffffda RBX: 00007fe30c6c9f60 RCX: 00007fe30c5b6b19 [ 1702.204757] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1702.205604] RBP: 00007fe309b2c1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1702.206432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1702.207262] R13: 00007ffddf17178f R14: 00007fe309b2c300 R15: 0000000000022000 12:41:51 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d0"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:41:51 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df7"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:41:51 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 42) 12:41:51 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:41:51 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 47) [ 1702.305632] FAULT_INJECTION: forcing a failure. [ 1702.305632] name failslab, interval 1, probability 0, space 0, times 0 [ 1702.307034] CPU: 1 PID: 8803 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1702.307813] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1702.308756] Call Trace: [ 1702.309063] dump_stack+0x107/0x167 [ 1702.309497] should_fail.cold+0x5/0xa [ 1702.309932] ? p9pdu_readf+0xadb/0x1d40 [ 1702.310390] should_failslab+0x5/0x20 [ 1702.310827] __kmalloc+0x72/0x390 [ 1702.311221] p9pdu_readf+0xadb/0x1d40 [ 1702.311660] ? pipe_poll+0x21b/0x800 [ 1702.312082] ? p9pdu_writef+0x100/0x100 [ 1702.312546] ? p9_fd_poll+0x1e0/0x2c0 [ 1702.312983] ? p9_fd_create+0x357/0x4a0 [ 1702.313455] ? p9_conn_create+0x510/0x510 [ 1702.313931] ? p9_client_create+0x798/0x1230 [ 1702.314432] ? kfree+0xd7/0x340 [ 1702.314805] ? do_raw_spin_unlock+0x4f/0x220 [ 1702.315312] p9_client_create+0xaee/0x1230 [ 1702.315800] ? p9_client_flush+0x430/0x430 [ 1702.316281] ? trace_hardirqs_on+0x5b/0x180 [ 1702.316779] ? lockdep_init_map_type+0x2c7/0x780 [ 1702.317340] ? __raw_spin_lock_init+0x36/0x110 [ 1702.317868] v9fs_session_init+0x1dd/0x1680 [ 1702.318375] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1702.318997] ? trace_hardirqs_on+0x5b/0x180 [ 1702.319496] ? v9fs_show_options+0x690/0x690 [ 1702.320002] ? _raw_spin_unlock_irqrestore+0x25/0x40 [ 1702.320582] ? kasan_unpoison_shadow+0x33/0x50 [ 1702.321109] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1702.321709] v9fs_mount+0x79/0x8f0 [ 1702.322117] ? v9fs_write_inode+0x60/0x60 [ 1702.322590] legacy_get_tree+0x105/0x220 [ 1702.323054] vfs_get_tree+0x8e/0x300 [ 1702.323481] path_mount+0x1490/0x21e0 [ 1702.323925] ? strncpy_from_user+0x9e/0x470 [ 1702.324428] ? finish_automount+0xa90/0xa90 [ 1702.324928] ? getname_flags.part.0+0x1dd/0x4f0 [ 1702.325468] ? _copy_from_user+0xfb/0x1b0 [ 1702.325943] __x64_sys_mount+0x282/0x300 [ 1702.326407] ? copy_mnt_ns+0xa00/0xa00 [ 1702.326859] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1702.327465] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1702.328065] do_syscall_64+0x33/0x40 [ 1702.328494] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1702.329078] RIP: 0033:0x7f850d5eab19 [ 1702.329516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1702.331636] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1702.332513] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1702.333345] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1702.334161] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1702.334973] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1702.335788] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 [ 1702.350561] FAULT_INJECTION: forcing a failure. [ 1702.350561] name failslab, interval 1, probability 0, space 0, times 0 [ 1702.352945] CPU: 0 PID: 8806 Comm: syz-executor.3 Not tainted 5.10.246 #1 [ 1702.354392] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1702.356143] Call Trace: [ 1702.356710] dump_stack+0x107/0x167 [ 1702.357492] should_fail.cold+0x5/0xa [ 1702.358303] ? create_object.isra.0+0x3a/0xa30 [ 1702.359277] should_failslab+0x5/0x20 [ 1702.360082] kmem_cache_alloc+0x5b/0x310 [ 1702.360955] create_object.isra.0+0x3a/0xa30 [ 1702.361899] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1702.362972] kmem_cache_alloc+0x159/0x310 [ 1702.363857] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1702.365044] idr_get_free+0x4b5/0x8f0 [ 1702.365877] idr_alloc_u32+0x170/0x2d0 [ 1702.366702] ? __fprop_inc_percpu_max+0x130/0x130 [ 1702.367719] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1702.368868] ? lock_release+0x680/0x680 [ 1702.369718] idr_alloc+0xc2/0x130 [ 1702.370449] ? idr_alloc_u32+0x2d0/0x2d0 12:41:51 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 48) [ 1702.371298] ? rwlock_bug.part.0+0x90/0x90 [ 1702.372376] p9_client_prepare_req.part.0+0x612/0xac0 [ 1702.373482] p9_client_rpc+0x220/0x1370 [ 1702.374328] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1702.375446] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1702.376584] ? pipe_poll+0x21b/0x800 [ 1702.377381] ? p9_fd_close+0x4a0/0x4a0 [ 1702.378205] ? wait_for_partner+0x3c0/0x3c0 [ 1702.379117] ? p9_fd_poll+0x1e0/0x2c0 [ 1702.379925] ? p9_fd_create+0x357/0x4a0 [ 1702.380769] ? p9_conn_create+0x510/0x510 [ 1702.381635] ? p9_client_create+0x798/0x1230 [ 1702.382558] ? kfree+0xd7/0x340 [ 1702.383249] ? do_raw_spin_unlock+0x4f/0x220 [ 1702.384184] p9_client_create+0xa76/0x1230 [ 1702.385083] ? p9_client_flush+0x430/0x430 [ 1702.385990] ? trace_hardirqs_on+0x5b/0x180 [ 1702.386901] ? lockdep_init_map_type+0x2c7/0x780 [ 1702.387910] ? __raw_spin_lock_init+0x36/0x110 [ 1702.388102] FAULT_INJECTION: forcing a failure. [ 1702.388102] name failslab, interval 1, probability 0, space 0, times 0 [ 1702.388876] v9fs_session_init+0x1dd/0x1680 [ 1702.388897] ? lock_release+0x680/0x680 [ 1702.388927] ? kmem_cache_alloc_trace+0x151/0x320 [ 1702.393000] ? v9fs_show_options+0x690/0x690 [ 1702.393968] ? trace_hardirqs_on+0x5b/0x180 [ 1702.394902] ? kasan_unpoison_shadow+0x33/0x50 [ 1702.395885] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1702.396979] v9fs_mount+0x79/0x8f0 [ 1702.397757] ? v9fs_write_inode+0x60/0x60 [ 1702.398655] legacy_get_tree+0x105/0x220 [ 1702.399536] vfs_get_tree+0x8e/0x300 [ 1702.400344] path_mount+0x1490/0x21e0 [ 1702.401173] ? strncpy_from_user+0x9e/0x470 [ 1702.402109] ? finish_automount+0xa90/0xa90 [ 1702.403039] ? getname_flags.part.0+0x1dd/0x4f0 [ 1702.404040] ? _copy_from_user+0xfb/0x1b0 [ 1702.404938] __x64_sys_mount+0x282/0x300 [ 1702.405819] ? copy_mnt_ns+0xa00/0xa00 [ 1702.406665] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1702.407802] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1702.408919] do_syscall_64+0x33/0x40 [ 1702.409733] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1702.410835] RIP: 0033:0x7fd134c9eb19 [ 1702.411636] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1702.415601] RSP: 002b:00007fd132214188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1702.417233] RAX: ffffffffffffffda RBX: 00007fd134db1f60 RCX: 00007fd134c9eb19 [ 1702.418777] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1702.420319] RBP: 00007fd1322141d0 R08: 0000000020000280 R09: 0000000000000000 [ 1702.421864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1702.423396] R13: 00007ffe03f9a7cf R14: 00007fd132214300 R15: 0000000000022000 [ 1702.424973] CPU: 1 PID: 8808 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1702.426639] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1702.428448] Call Trace: [ 1702.429032] dump_stack+0x107/0x167 [ 1702.429844] should_fail.cold+0x5/0xa [ 1702.430680] ? create_object.isra.0+0x3a/0xa30 [ 1702.431673] should_failslab+0x5/0x20 [ 1702.432501] kmem_cache_alloc+0x5b/0x310 [ 1702.433398] create_object.isra.0+0x3a/0xa30 [ 1702.434353] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1702.435466] __kmalloc+0x16e/0x390 [ 1702.436246] p9pdu_readf+0xadb/0x1d40 [ 1702.437087] ? pipe_poll+0x21b/0x800 [ 1702.437908] ? p9pdu_writef+0x100/0x100 [ 1702.438776] ? p9_fd_poll+0x1e0/0x2c0 [ 1702.439610] ? p9_fd_create+0x357/0x4a0 [ 1702.440479] ? p9_conn_create+0x510/0x510 [ 1702.441389] ? p9_client_create+0x798/0x1230 [ 1702.442341] ? kfree+0xd7/0x340 [ 1702.443059] ? do_raw_spin_unlock+0x4f/0x220 [ 1702.444022] p9_client_create+0xaee/0x1230 [ 1702.444945] ? p9_client_flush+0x430/0x430 [ 1702.445878] ? trace_hardirqs_on+0x5b/0x180 [ 1702.446818] ? lockdep_init_map_type+0x2c7/0x780 [ 1702.447844] ? __raw_spin_lock_init+0x36/0x110 [ 1702.448850] v9fs_session_init+0x1dd/0x1680 [ 1702.449800] ? lock_release+0x680/0x680 [ 1702.450674] ? kmem_cache_alloc_trace+0x151/0x320 [ 1702.451725] ? v9fs_show_options+0x690/0x690 [ 1702.452689] ? trace_hardirqs_on+0x5b/0x180 [ 1702.453801] ? kasan_unpoison_shadow+0x33/0x50 [ 1702.454792] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1702.455889] v9fs_mount+0x79/0x8f0 [ 1702.456659] ? v9fs_write_inode+0x60/0x60 [ 1702.457568] legacy_get_tree+0x105/0x220 [ 1702.458445] vfs_get_tree+0x8e/0x300 [ 1702.459252] path_mount+0x1490/0x21e0 [ 1702.460081] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1702.461249] ? finish_automount+0xa90/0xa90 [ 1702.462200] __x64_sys_mount+0x282/0x300 [ 1702.463075] ? copy_mnt_ns+0xa00/0xa00 [ 1702.463920] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1702.465053] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1702.466178] do_syscall_64+0x33/0x40 [ 1702.466983] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1702.468089] RIP: 0033:0x7f850d5eab19 [ 1702.468893] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1702.472871] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1702.474521] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1702.476057] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1702.477601] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1702.479141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1702.480678] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 12:41:51 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 43) 12:41:51 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 49) 12:41:51 executing program 6: socket$inet6_udplite(0xa, 0x2, 0x88) mq_open(0x0, 0x2, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 43) [ 1702.710633] FAULT_INJECTION: forcing a failure. [ 1702.710633] name failslab, interval 1, probability 0, space 0, times 0 [ 1702.713094] CPU: 0 PID: 8812 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1702.714556] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1702.715022] FAULT_INJECTION: forcing a failure. [ 1702.715022] name failslab, interval 1, probability 0, space 0, times 0 [ 1702.716310] Call Trace: [ 1702.716348] dump_stack+0x107/0x167 [ 1702.719985] should_fail.cold+0x5/0xa [ 1702.720787] should_failslab+0x5/0x20 [ 1702.721604] __kmalloc_track_caller+0x79/0x370 [ 1702.722558] ? kasprintf+0xbb/0xf0 [ 1702.723308] ? __delete_object+0xb3/0x100 [ 1702.724178] kvasprintf+0xb5/0x150 [ 1702.724921] ? bust_spinlocks+0xe0/0xe0 [ 1702.725765] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1702.726880] kasprintf+0xbb/0xf0 [ 1702.727589] ? kvasprintf_const+0x1a0/0x1a0 [ 1702.728489] ? kmem_cache_free+0x249/0x2d0 [ 1702.729391] ? p9_client_create+0xbfa/0x1230 [ 1702.730310] p9_client_create+0xc1b/0x1230 [ 1702.731203] ? p9_client_flush+0x430/0x430 [ 1702.732095] ? trace_hardirqs_on+0x5b/0x180 [ 1702.732999] ? lockdep_init_map_type+0x2c7/0x780 [ 1702.734002] ? __raw_spin_lock_init+0x36/0x110 [ 1702.734962] v9fs_session_init+0x1dd/0x1680 [ 1702.735872] ? lock_release+0x680/0x680 [ 1702.736712] ? kmem_cache_alloc_trace+0x151/0x320 [ 1702.737732] ? v9fs_show_options+0x690/0x690 [ 1702.738660] ? trace_hardirqs_on+0x5b/0x180 [ 1702.739563] ? kasan_unpoison_shadow+0x33/0x50 [ 1702.740524] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1702.741596] v9fs_mount+0x79/0x8f0 [ 1702.742347] ? v9fs_write_inode+0x60/0x60 [ 1702.743218] legacy_get_tree+0x105/0x220 [ 1702.744071] vfs_get_tree+0x8e/0x300 [ 1702.744850] path_mount+0x1490/0x21e0 [ 1702.745658] ? strncpy_from_user+0x9e/0x470 [ 1702.746564] ? finish_automount+0xa90/0xa90 [ 1702.747472] ? getname_flags.part.0+0x1dd/0x4f0 [ 1702.748446] ? _copy_from_user+0xfb/0x1b0 [ 1702.749331] __x64_sys_mount+0x282/0x300 [ 1702.750182] ? copy_mnt_ns+0xa00/0xa00 [ 1702.751006] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1702.752105] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1702.753190] do_syscall_64+0x33/0x40 [ 1702.753984] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1702.755058] RIP: 0033:0x7f850d5eab19 [ 1702.755840] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1702.759706] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1702.761306] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1702.762821] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1702.764319] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1702.765832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1702.767328] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 [ 1702.768862] CPU: 1 PID: 8814 Comm: syz-executor.3 Not tainted 5.10.246 #1 [ 1702.770319] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1702.772072] Call Trace: [ 1702.772636] dump_stack+0x107/0x167 [ 1702.773414] should_fail.cold+0x5/0xa [ 1702.774227] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1702.775445] should_failslab+0x5/0x20 [ 1702.776252] kmem_cache_alloc+0x5b/0x310 [ 1702.777120] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1702.778310] idr_get_free+0x4b5/0x8f0 [ 1702.779128] idr_alloc_u32+0x170/0x2d0 [ 1702.779958] ? __fprop_inc_percpu_max+0x130/0x130 [ 1702.780980] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1702.782118] ? lock_release+0x680/0x680 [ 1702.782963] idr_alloc+0xc2/0x130 [ 1702.783697] ? idr_alloc_u32+0x2d0/0x2d0 [ 1702.784549] ? rwlock_bug.part.0+0x90/0x90 [ 1702.785470] p9_client_prepare_req.part.0+0x612/0xac0 [ 1702.786567] p9_client_rpc+0x220/0x1370 [ 1702.787407] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1702.788524] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1702.789658] ? pipe_poll+0x21b/0x800 [ 1702.790443] ? p9_fd_close+0x4a0/0x4a0 [ 1702.791261] ? wait_for_partner+0x3c0/0x3c0 [ 1702.792176] ? p9_fd_poll+0x1e0/0x2c0 [ 1702.792991] ? p9_fd_create+0x357/0x4a0 [ 1702.793837] ? p9_conn_create+0x510/0x510 [ 1702.794709] ? p9_client_create+0x798/0x1230 [ 1702.795644] ? kfree+0xd7/0x340 [ 1702.796337] ? do_raw_spin_unlock+0x4f/0x220 [ 1702.797273] p9_client_create+0xa76/0x1230 [ 1702.798179] ? p9_client_flush+0x430/0x430 [ 1702.799081] ? trace_hardirqs_on+0x5b/0x180 [ 1702.799997] ? lockdep_init_map_type+0x2c7/0x780 [ 1702.801002] ? __raw_spin_lock_init+0x36/0x110 [ 1702.801984] v9fs_session_init+0x1dd/0x1680 [ 1702.802894] ? lock_release+0x680/0x680 [ 1702.803749] ? kmem_cache_alloc_trace+0x151/0x320 [ 1702.804773] ? v9fs_show_options+0x690/0x690 [ 1702.805728] ? trace_hardirqs_on+0x5b/0x180 [ 1702.806641] ? kasan_unpoison_shadow+0x33/0x50 [ 1702.807615] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1702.808688] v9fs_mount+0x79/0x8f0 [ 1702.809450] ? v9fs_write_inode+0x60/0x60 [ 1702.810332] legacy_get_tree+0x105/0x220 [ 1702.811196] vfs_get_tree+0x8e/0x300 [ 1702.811990] path_mount+0x1490/0x21e0 [ 1702.812802] ? strncpy_from_user+0x9e/0x470 [ 1702.813734] ? finish_automount+0xa90/0xa90 [ 1702.814647] ? getname_flags.part.0+0x1dd/0x4f0 [ 1702.815638] ? _copy_from_user+0xfb/0x1b0 [ 1702.816527] __x64_sys_mount+0x282/0x300 [ 1702.817396] ? copy_mnt_ns+0xa00/0xa00 [ 1702.818228] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1702.819342] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1702.820442] do_syscall_64+0x33/0x40 [ 1702.821236] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1702.822328] RIP: 0033:0x7fd134c9eb19 [ 1702.823122] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1702.827031] RSP: 002b:00007fd132214188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1702.828648] RAX: ffffffffffffffda RBX: 00007fd134db1f60 RCX: 00007fd134c9eb19 [ 1702.830171] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1702.831687] RBP: 00007fd1322141d0 R08: 0000000020000280 R09: 0000000000000000 [ 1702.833203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1702.834722] R13: 00007ffe03f9a7cf R14: 00007fd132214300 R15: 0000000000022000 [ 1702.851404] FAULT_INJECTION: forcing a failure. [ 1702.851404] name failslab, interval 1, probability 0, space 0, times 0 [ 1702.853729] CPU: 0 PID: 8813 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 1702.855152] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1702.856876] Call Trace: [ 1702.857434] dump_stack+0x107/0x167 [ 1702.858194] should_fail.cold+0x5/0xa [ 1702.858972] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1702.860137] should_failslab+0x5/0x20 [ 1702.860909] kmem_cache_alloc+0x5b/0x310 [ 1702.861751] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1702.862894] idr_get_free+0x4b5/0x8f0 [ 1702.863704] idr_alloc_u32+0x170/0x2d0 [ 1702.864507] ? __fprop_inc_percpu_max+0x130/0x130 [ 1702.865527] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1702.866648] ? lock_release+0x680/0x680 [ 1702.867481] idr_alloc+0xc2/0x130 [ 1702.868205] ? idr_alloc_u32+0x2d0/0x2d0 [ 1702.869052] ? rwlock_bug.part.0+0x90/0x90 [ 1702.869956] p9_client_prepare_req.part.0+0x612/0xac0 [ 1702.871037] p9_client_rpc+0x220/0x1370 [ 1702.871868] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1702.872966] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1702.874105] ? pipe_poll+0x21b/0x800 [ 1702.874884] ? p9_fd_close+0x4a0/0x4a0 [ 1702.875698] ? wait_for_partner+0x3c0/0x3c0 [ 1702.876600] ? p9_fd_poll+0x1e0/0x2c0 [ 1702.877411] ? p9_fd_create+0x357/0x4a0 [ 1702.878246] ? p9_conn_create+0x510/0x510 [ 1702.879108] ? p9_client_create+0x798/0x1230 [ 1702.880049] ? kfree+0xd7/0x340 [ 1702.880734] ? do_raw_spin_unlock+0x4f/0x220 [ 1702.881667] p9_client_create+0xa76/0x1230 [ 1702.882555] ? p9_client_flush+0x430/0x430 [ 1702.883435] ? trace_hardirqs_on+0x5b/0x180 [ 1702.884336] ? lockdep_init_map_type+0x2c7/0x780 [ 1702.885330] ? __raw_spin_lock_init+0x36/0x110 [ 1702.886287] v9fs_session_init+0x1dd/0x1680 [ 1702.887181] ? lock_release+0x680/0x680 [ 1702.888019] ? kmem_cache_alloc_trace+0x151/0x320 [ 1702.889021] ? v9fs_show_options+0x690/0x690 [ 1702.889951] ? trace_hardirqs_on+0x5b/0x180 [ 1702.890847] ? kasan_unpoison_shadow+0x33/0x50 [ 1702.891794] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1702.892848] v9fs_mount+0x79/0x8f0 [ 1702.893571] ? v9fs_write_inode+0x60/0x60 [ 1702.894376] legacy_get_tree+0x105/0x220 [ 1702.895197] vfs_get_tree+0x8e/0x300 [ 1702.895947] path_mount+0x1490/0x21e0 [ 1702.896738] ? strncpy_from_user+0x9e/0x470 [ 1702.897613] ? finish_automount+0xa90/0xa90 [ 1702.898482] ? getname_flags.part.0+0x1dd/0x4f0 [ 1702.899421] ? _copy_from_user+0xfb/0x1b0 [ 1702.900260] __x64_sys_mount+0x282/0x300 [ 1702.901071] ? copy_mnt_ns+0xa00/0xa00 [ 1702.901867] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1702.902923] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1702.903961] do_syscall_64+0x33/0x40 [ 1702.904713] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1702.905747] RIP: 0033:0x7fe30c5b6b19 [ 1702.906501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1702.910167] RSP: 002b:00007fe309b2c188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1702.911688] RAX: ffffffffffffffda RBX: 00007fe30c6c9f60 RCX: 00007fe30c5b6b19 [ 1702.913116] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1702.914540] RBP: 00007fe309b2c1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1702.915964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1702.917398] R13: 00007ffddf17178f R14: 00007fe309b2c300 R15: 0000000000022000 12:42:07 executing program 5: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 46) 12:42:07 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 44) [ 1718.647110] FAULT_INJECTION: forcing a failure. [ 1718.647110] name failslab, interval 1, probability 0, space 0, times 0 [ 1718.649699] CPU: 0 PID: 8828 Comm: syz-executor.3 Not tainted 5.10.246 #1 [ 1718.651278] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1718.653198] Call Trace: [ 1718.653827] dump_stack+0x107/0x167 [ 1718.654682] should_fail.cold+0x5/0xa [ 1718.655895] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1718.657241] should_failslab+0x5/0x20 [ 1718.658147] kmem_cache_alloc+0x5b/0x310 [ 1718.659110] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1718.660422] idr_get_free+0x4b5/0x8f0 [ 1718.661330] idr_alloc_u32+0x170/0x2d0 [ 1718.662258] ? __fprop_inc_percpu_max+0x130/0x130 [ 1718.663387] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1718.664637] ? lock_release+0x680/0x680 [ 1718.665582] idr_alloc+0xc2/0x130 [ 1718.666392] ? idr_alloc_u32+0x2d0/0x2d0 [ 1718.667044] FAULT_INJECTION: forcing a failure. [ 1718.667044] name failslab, interval 1, probability 0, space 0, times 0 [ 1718.667332] ? rwlock_bug.part.0+0x90/0x90 [ 1718.667367] p9_client_prepare_req.part.0+0x612/0xac0 [ 1718.671974] p9_client_rpc+0x220/0x1370 [ 1718.672902] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1718.674138] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1718.675382] ? pipe_poll+0x21b/0x800 [ 1718.676244] ? p9_fd_close+0x4a0/0x4a0 [ 1718.677146] ? wait_for_partner+0x3c0/0x3c0 [ 1718.678156] ? p9_fd_poll+0x1e0/0x2c0 [ 1718.679045] ? p9_fd_create+0x357/0x4a0 [ 1718.679965] ? p9_conn_create+0x510/0x510 [ 1718.680922] ? p9_client_create+0x798/0x1230 [ 1718.681959] ? kfree+0xd7/0x340 [ 1718.682725] ? do_raw_spin_unlock+0x4f/0x220 [ 1718.683757] p9_client_create+0xa76/0x1230 [ 1718.684750] ? p9_client_flush+0x430/0x430 [ 1718.685747] ? trace_hardirqs_on+0x5b/0x180 [ 1718.686752] ? lockdep_init_map_type+0x2c7/0x780 [ 1718.687855] ? __raw_spin_lock_init+0x36/0x110 [ 1718.688923] v9fs_session_init+0x1dd/0x1680 [ 1718.689936] ? lock_release+0x680/0x680 [ 1718.690874] ? kmem_cache_alloc_trace+0x151/0x320 [ 1718.691999] ? v9fs_show_options+0x690/0x690 [ 1718.693033] ? trace_hardirqs_on+0x5b/0x180 [ 1718.694049] ? kasan_unpoison_shadow+0x33/0x50 [ 1718.695108] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1718.696287] v9fs_mount+0x79/0x8f0 [ 1718.697115] ? v9fs_write_inode+0x60/0x60 [ 1718.698087] legacy_get_tree+0x105/0x220 [ 1718.699038] vfs_get_tree+0x8e/0x300 [ 1718.699908] path_mount+0x1490/0x21e0 [ 1718.700808] ? strncpy_from_user+0x9e/0x470 [ 1718.701820] ? finish_automount+0xa90/0xa90 [ 1718.702824] ? getname_flags.part.0+0x1dd/0x4f0 [ 1718.703907] ? _copy_from_user+0xfb/0x1b0 [ 1718.704879] __x64_sys_mount+0x282/0x300 [ 1718.705832] ? copy_mnt_ns+0xa00/0xa00 [ 1718.706749] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1718.707975] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1718.709182] do_syscall_64+0x33/0x40 [ 1718.710059] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1718.711249] RIP: 0033:0x7fd134c9eb19 [ 1718.712117] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1718.716406] RSP: 002b:00007fd132214188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1718.718188] RAX: ffffffffffffffda RBX: 00007fd134db1f60 RCX: 00007fd134c9eb19 [ 1718.719847] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1718.721516] RBP: 00007fd1322141d0 R08: 0000000020000280 R09: 0000000000000000 [ 1718.723186] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1718.724850] R13: 00007ffe03f9a7cf R14: 00007fd132214300 R15: 0000000000022000 [ 1718.726558] CPU: 1 PID: 8833 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 1718.728108] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1718.730302] Call Trace: 12:42:07 executing program 6: socket$inet6_udplite(0xa, 0x2, 0x88) mq_open(0x0, 0x2, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 44) 12:42:07 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df7"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:42:07 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d0"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:42:07 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) [ 1718.730935] dump_stack+0x107/0x167 write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:42:07 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 50) 12:42:07 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa3331"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1718.731794] should_fail.cold+0x5/0xa [ 1718.732823] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1718.734113] should_failslab+0x5/0x20 [ 1718.734950] kmem_cache_alloc+0x5b/0x310 [ 1718.735336] FAULT_INJECTION: forcing a failure. [ 1718.735336] name failslab, interval 1, probability 0, space 0, times 0 [ 1718.735849] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1718.739639] idr_get_free+0x4b5/0x8f0 [ 1718.740487] idr_alloc_u32+0x170/0x2d0 [ 1718.741347] ? __fprop_inc_percpu_max+0x130/0x130 [ 1718.742418] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1718.743589] ? lock_release+0x680/0x680 [ 1718.744462] idr_alloc+0xc2/0x130 [ 1718.745223] ? idr_alloc_u32+0x2d0/0x2d0 [ 1718.746120] ? rwlock_bug.part.0+0x90/0x90 [ 1718.747055] p9_client_prepare_req.part.0+0x612/0xac0 [ 1718.748192] p9_client_rpc+0x220/0x1370 [ 1718.749063] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1718.750225] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1718.751396] ? pipe_poll+0x21b/0x800 [ 1718.752208] ? p9_fd_close+0x4a0/0x4a0 [ 1718.753060] ? wait_for_partner+0x3c0/0x3c0 [ 1718.754016] ? p9_fd_poll+0x1e0/0x2c0 [ 1718.754855] ? p9_fd_create+0x357/0x4a0 [ 1718.755724] ? p9_conn_create+0x510/0x510 [ 1718.756629] ? p9_client_create+0x798/0x1230 [ 1718.757604] ? kfree+0xd7/0x340 [ 1718.758323] ? do_raw_spin_unlock+0x4f/0x220 [ 1718.759291] p9_client_create+0xa76/0x1230 [ 1718.760225] ? p9_client_flush+0x430/0x430 [ 1718.761153] ? trace_hardirqs_on+0x5b/0x180 [ 1718.762108] ? lockdep_init_map_type+0x2c7/0x780 [ 1718.763149] ? __raw_spin_lock_init+0x36/0x110 [ 1718.764155] v9fs_session_init+0x1dd/0x1680 [ 1718.765103] ? lock_release+0x680/0x680 [ 1718.765994] ? kmem_cache_alloc_trace+0x151/0x320 [ 1718.767049] ? v9fs_show_options+0x690/0x690 [ 1718.768020] ? trace_hardirqs_on+0x5b/0x180 [ 1718.768967] ? kasan_unpoison_shadow+0x33/0x50 [ 1718.769973] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1718.771081] v9fs_mount+0x79/0x8f0 [ 1718.771858] ? v9fs_write_inode+0x60/0x60 [ 1718.772760] legacy_get_tree+0x105/0x220 [ 1718.773656] vfs_get_tree+0x8e/0x300 [ 1718.774469] path_mount+0x1490/0x21e0 [ 1718.775305] ? strncpy_from_user+0x9e/0x470 [ 1718.776247] ? finish_automount+0xa90/0xa90 [ 1718.777189] ? getname_flags.part.0+0x1dd/0x4f0 [ 1718.778214] ? _copy_from_user+0xfb/0x1b0 [ 1718.779126] __x64_sys_mount+0x282/0x300 [ 1718.780011] ? copy_mnt_ns+0xa00/0xa00 [ 1718.780869] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1718.782023] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1718.783149] do_syscall_64+0x33/0x40 [ 1718.783962] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1718.785081] RIP: 0033:0x7fe30c5b6b19 [ 1718.785901] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1718.789920] RSP: 002b:00007fe309b2c188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1718.791599] RAX: ffffffffffffffda RBX: 00007fe30c6c9f60 RCX: 00007fe30c5b6b19 [ 1718.793174] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1718.794756] RBP: 00007fe309b2c1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1718.796329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1718.797909] R13: 00007ffddf17178f R14: 00007fe309b2c300 R15: 0000000000022000 [ 1718.799523] CPU: 0 PID: 8834 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 1718.801169] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1718.803130] Call Trace: [ 1718.803754] dump_stack+0x107/0x167 [ 1718.804610] should_fail.cold+0x5/0xa [ 1718.805515] ? create_object.isra.0+0x3a/0xa30 [ 1718.806580] should_failslab+0x5/0x20 [ 1718.807469] kmem_cache_alloc+0x5b/0x310 [ 1718.808424] create_object.isra.0+0x3a/0xa30 [ 1718.809449] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1718.810648] kmem_cache_alloc+0x159/0x310 [ 1718.811629] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1718.812937] idr_get_free+0x4b5/0x8f0 [ 1718.813851] idr_alloc_u32+0x170/0x2d0 [ 1718.814763] ? __fprop_inc_percpu_max+0x130/0x130 [ 1718.815887] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1718.817133] ? lock_release+0x680/0x680 [ 1718.818072] idr_alloc+0xc2/0x130 [ 1718.818879] ? idr_alloc_u32+0x2d0/0x2d0 [ 1718.819821] ? rwlock_bug.part.0+0x90/0x90 [ 1718.820819] p9_client_prepare_req.part.0+0x612/0xac0 [ 1718.822035] p9_client_rpc+0x220/0x1370 [ 1718.822964] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1718.824193] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1718.825443] ? pipe_poll+0x21b/0x800 [ 1718.826320] ? p9_fd_close+0x4a0/0x4a0 [ 1718.827227] ? wait_for_partner+0x3c0/0x3c0 [ 1718.828235] ? p9_fd_poll+0x1e0/0x2c0 [ 1718.829133] ? p9_fd_create+0x357/0x4a0 [ 1718.830067] ? p9_conn_create+0x510/0x510 [ 1718.831036] ? p9_client_create+0x798/0x1230 [ 1718.832033] ? kfree+0xd7/0x340 [ 1718.832792] ? do_raw_spin_unlock+0x4f/0x220 [ 1718.833822] p9_client_create+0xa76/0x1230 [ 1718.834807] ? p9_client_flush+0x430/0x430 [ 1718.835789] ? trace_hardirqs_on+0x5b/0x180 [ 1718.836787] ? lockdep_init_map_type+0x2c7/0x780 [ 1718.837892] ? __raw_spin_lock_init+0x36/0x110 [ 1718.838957] v9fs_session_init+0x1dd/0x1680 [ 1718.839968] ? lock_release+0x680/0x680 [ 1718.840899] ? kmem_cache_alloc_trace+0x151/0x320 [ 1718.842021] ? v9fs_show_options+0x690/0x690 [ 1718.843022] ? trace_hardirqs_on+0x5b/0x180 [ 1718.844029] ? kasan_unpoison_shadow+0x33/0x50 [ 1718.845092] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1718.846291] v9fs_mount+0x79/0x8f0 [ 1718.847119] ? v9fs_write_inode+0x60/0x60 [ 1718.848088] legacy_get_tree+0x105/0x220 [ 1718.849038] vfs_get_tree+0x8e/0x300 [ 1718.849915] path_mount+0x1490/0x21e0 [ 1718.850809] ? strncpy_from_user+0x9e/0x470 [ 1718.851817] ? finish_automount+0xa90/0xa90 [ 1718.852822] ? getname_flags.part.0+0x1dd/0x4f0 [ 1718.853915] ? _copy_from_user+0xfb/0x1b0 [ 1718.854886] __x64_sys_mount+0x282/0x300 [ 1718.855829] ? copy_mnt_ns+0xa00/0xa00 [ 1718.856739] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1718.857939] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1718.859111] do_syscall_64+0x33/0x40 [ 1718.859951] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1718.861148] RIP: 0033:0x7ff7dde24b19 [ 1718.862030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1718.866307] RSP: 002b:00007ff7db39a188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1718.868077] RAX: ffffffffffffffda RBX: 00007ff7ddf37f60 RCX: 00007ff7dde24b19 [ 1718.869732] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1718.871343] RBP: 00007ff7db39a1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1718.872999] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1718.874626] R13: 00007ffcd7e7b57f R14: 00007ff7db39a300 R15: 0000000000022000 [ 1718.929630] FAULT_INJECTION: forcing a failure. [ 1718.929630] name failslab, interval 1, probability 0, space 0, times 0 [ 1718.932658] CPU: 0 PID: 8839 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1718.934162] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1718.936047] Call Trace: [ 1718.936607] dump_stack+0x107/0x167 [ 1718.937404] should_fail.cold+0x5/0xa [ 1718.938293] should_failslab+0x5/0x20 [ 1718.939174] __kmalloc_track_caller+0x79/0x370 [ 1718.940235] ? kstrdup_const+0x53/0x80 [ 1718.941146] kstrdup+0x36/0x70 [ 1718.941912] kstrdup_const+0x53/0x80 [ 1718.942805] kmem_cache_create_usercopy+0x12f/0x2f0 [ 1718.943979] p9_client_create+0xc6a/0x1230 [ 1718.944975] ? p9_client_flush+0x430/0x430 [ 1718.945945] ? trace_hardirqs_on+0x5b/0x180 [ 1718.946849] ? lockdep_init_map_type+0x2c7/0x780 [ 1718.947934] ? __raw_spin_lock_init+0x36/0x110 [ 1718.949001] v9fs_session_init+0x1dd/0x1680 [ 1718.950017] ? lock_release+0x680/0x680 [ 1718.950955] ? kmem_cache_alloc_trace+0x151/0x320 [ 1718.952075] ? v9fs_show_options+0x690/0x690 [ 1718.953121] ? trace_hardirqs_on+0x5b/0x180 [ 1718.954082] ? kasan_unpoison_shadow+0x33/0x50 [ 1718.955089] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1718.956293] v9fs_mount+0x79/0x8f0 [ 1718.957132] ? v9fs_write_inode+0x60/0x60 [ 1718.958072] legacy_get_tree+0x105/0x220 [ 1718.959041] vfs_get_tree+0x8e/0x300 [ 1718.959921] path_mount+0x1490/0x21e0 [ 1718.960833] ? strncpy_from_user+0x9e/0x470 [ 1718.961841] ? finish_automount+0xa90/0xa90 [ 1718.962745] ? getname_flags.part.0+0x1dd/0x4f0 [ 1718.963800] ? _copy_from_user+0xfb/0x1b0 [ 1718.964790] __x64_sys_mount+0x282/0x300 [ 1718.965763] ? copy_mnt_ns+0xa00/0xa00 [ 1718.966691] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1718.967935] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1718.969168] do_syscall_64+0x33/0x40 [ 1718.970020] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1718.971095] RIP: 0033:0x7f850d5eab19 [ 1718.971984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1718.976261] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1718.977962] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1718.979515] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1718.980997] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1718.982480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1718.983956] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 [ 1718.985543] kmem_cache_create(9p-fcall-cache-825) failed with error -12 [ 1718.986954] CPU: 0 PID: 8839 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1718.988355] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1718.990044] Call Trace: [ 1718.990596] dump_stack+0x107/0x167 [ 1718.991350] kmem_cache_create_usercopy.cold+0x17/0x65 [ 1718.992430] p9_client_create+0xc6a/0x1230 [ 1718.993311] ? p9_client_flush+0x430/0x430 [ 1718.994189] ? trace_hardirqs_on+0x5b/0x180 [ 1718.995080] ? lockdep_init_map_type+0x2c7/0x780 [ 1718.996049] ? __raw_spin_lock_init+0x36/0x110 [ 1718.996987] v9fs_session_init+0x1dd/0x1680 [ 1718.997890] ? lock_release+0x680/0x680 [ 1718.998711] ? kmem_cache_alloc_trace+0x151/0x320 [ 1718.999712] ? v9fs_show_options+0x690/0x690 [ 1719.000629] ? trace_hardirqs_on+0x5b/0x180 [ 1719.001536] ? kasan_unpoison_shadow+0x33/0x50 [ 1719.002486] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1719.003549] v9fs_mount+0x79/0x8f0 [ 1719.004293] ? v9fs_write_inode+0x60/0x60 [ 1719.005143] legacy_get_tree+0x105/0x220 [ 1719.006003] vfs_get_tree+0x8e/0x300 [ 1719.006785] path_mount+0x1490/0x21e0 [ 1719.007596] ? strncpy_from_user+0x9e/0x470 [ 1719.008506] ? finish_automount+0xa90/0xa90 [ 1719.009417] ? getname_flags.part.0+0x1dd/0x4f0 [ 1719.010420] ? _copy_from_user+0xfb/0x1b0 [ 1719.011310] __x64_sys_mount+0x282/0x300 [ 1719.012172] ? copy_mnt_ns+0xa00/0xa00 [ 1719.013006] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1719.014133] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1719.015229] do_syscall_64+0x33/0x40 [ 1719.016023] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1719.017115] RIP: 0033:0x7f850d5eab19 [ 1719.017921] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1719.021863] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1719.023475] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1719.025002] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1719.026537] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1719.028070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1719.029617] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 12:42:07 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:42:08 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 45) 12:42:08 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d0"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:42:08 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa3331"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:42:08 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1719.104042] FAULT_INJECTION: forcing a failure. [ 1719.104042] name failslab, interval 1, probability 0, space 0, times 0 [ 1719.106434] CPU: 1 PID: 8850 Comm: syz-executor.3 Not tainted 5.10.246 #1 [ 1719.107871] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1719.109693] Call Trace: [ 1719.110257] dump_stack+0x107/0x167 [ 1719.111049] should_fail.cold+0x5/0xa [ 1719.111891] ? create_object.isra.0+0x3a/0xa30 [ 1719.112877] should_failslab+0x5/0x20 [ 1719.113716] kmem_cache_alloc+0x5b/0x310 [ 1719.114611] create_object.isra.0+0x3a/0xa30 [ 1719.115572] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1719.116692] kmem_cache_alloc+0x159/0x310 [ 1719.117617] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1719.118824] idr_get_free+0x4b5/0x8f0 [ 1719.119674] idr_alloc_u32+0x170/0x2d0 [ 1719.120505] ? __fprop_inc_percpu_max+0x130/0x130 [ 1719.121561] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1719.122697] ? lock_release+0x680/0x680 [ 1719.123563] idr_alloc+0xc2/0x130 [ 1719.124303] ? idr_alloc_u32+0x2d0/0x2d0 [ 1719.125183] ? rwlock_bug.part.0+0x90/0x90 [ 1719.126115] p9_client_prepare_req.part.0+0x612/0xac0 [ 1719.127218] p9_client_rpc+0x220/0x1370 [ 1719.128089] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1719.129214] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1719.130378] ? pipe_poll+0x21b/0x800 [ 1719.131175] ? p9_fd_close+0x4a0/0x4a0 [ 1719.132012] ? wait_for_partner+0x3c0/0x3c0 [ 1719.132928] ? p9_fd_poll+0x1e0/0x2c0 [ 1719.133895] ? p9_fd_create+0x357/0x4a0 [ 1719.134889] ? p9_conn_create+0x510/0x510 [ 1719.135921] ? p9_client_create+0x798/0x1230 [ 1719.137027] ? kfree+0xd7/0x340 [ 1719.137869] ? do_raw_spin_unlock+0x4f/0x220 [ 1719.138806] p9_client_create+0xa76/0x1230 [ 1719.139691] ? p9_client_flush+0x430/0x430 [ 1719.140585] ? trace_hardirqs_on+0x5b/0x180 [ 1719.141505] ? lockdep_init_map_type+0x2c7/0x780 [ 1719.142493] ? __raw_spin_lock_init+0x36/0x110 [ 1719.143453] v9fs_session_init+0x1dd/0x1680 [ 1719.144355] ? lock_release+0x680/0x680 [ 1719.145190] ? kmem_cache_alloc_trace+0x151/0x320 [ 1719.146205] ? v9fs_show_options+0x690/0x690 [ 1719.147132] ? trace_hardirqs_on+0x5b/0x180 [ 1719.148037] ? kasan_unpoison_shadow+0x33/0x50 [ 1719.148982] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1719.150060] v9fs_mount+0x79/0x8f0 [ 1719.150801] ? v9fs_write_inode+0x60/0x60 [ 1719.151674] legacy_get_tree+0x105/0x220 [ 1719.152530] vfs_get_tree+0x8e/0x300 [ 1719.153304] path_mount+0x1490/0x21e0 [ 1719.154113] ? strncpy_from_user+0x9e/0x470 [ 1719.155014] ? finish_automount+0xa90/0xa90 [ 1719.155920] ? getname_flags.part.0+0x1dd/0x4f0 [ 1719.156889] ? _copy_from_user+0xfb/0x1b0 [ 1719.157771] __x64_sys_mount+0x282/0x300 [ 1719.158624] ? copy_mnt_ns+0xa00/0xa00 [ 1719.159466] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1719.160564] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1719.161648] do_syscall_64+0x33/0x40 [ 1719.162424] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1719.163497] RIP: 0033:0x7fd134c9eb19 [ 1719.164281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1719.168126] RSP: 002b:00007fd132214188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1719.169741] RAX: ffffffffffffffda RBX: 00007fd134db1f60 RCX: 00007fd134c9eb19 [ 1719.171240] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1719.172750] RBP: 00007fd1322141d0 R08: 0000000020000280 R09: 0000000000000000 [ 1719.174251] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1719.175759] R13: 00007ffe03f9a7cf R14: 00007fd132214300 R15: 0000000000022000 12:42:20 executing program 6: socket$inet6_udplite(0xa, 0x2, 0x88) mq_open(0x0, 0x2, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 45) 12:42:20 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa3331"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:42:20 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:42:20 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) [ 1731.859138] FAULT_INJECTION: forcing a failure. [ 1731.859138] name failslab, interval 1, probability 0, space 0, times 0 [ 1731.860853] CPU: 0 PID: 8863 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 1731.861926] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1731.863205] Call Trace: [ 1731.863628] dump_stack+0x107/0x167 [ 1731.864200] should_fail.cold+0x5/0xa [ 1731.864819] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1731.865740] should_failslab+0x5/0x20 [ 1731.866349] kmem_cache_alloc+0x5b/0x310 [ 1731.866981] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1731.867875] idr_get_free+0x4b5/0x8f0 [ 1731.868509] idr_alloc_u32+0x170/0x2d0 [ 1731.869114] ? __fprop_inc_percpu_max+0x130/0x130 [ 1731.869883] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1731.870727] ? lock_release+0x680/0x680 [ 1731.871362] idr_alloc+0xc2/0x130 [ 1731.871910] ? idr_alloc_u32+0x2d0/0x2d0 [ 1731.872564] ? rwlock_bug.part.0+0x90/0x90 [ 1731.873239] p9_client_prepare_req.part.0+0x612/0xac0 [ 1731.874081] p9_client_rpc+0x220/0x1370 [ 1731.874701] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1731.875508] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1731.876371] ? pipe_poll+0x21b/0x800 [ 1731.876954] ? p9_fd_close+0x4a0/0x4a0 [ 1731.877574] ? wait_for_partner+0x3c0/0x3c0 [ 1731.878266] ? p9_fd_poll+0x1e0/0x2c0 [ 1731.878871] ? p9_fd_create+0x357/0x4a0 [ 1731.879494] ? p9_conn_create+0x510/0x510 [ 1731.880130] ? p9_client_create+0x798/0x1230 [ 1731.880818] ? kfree+0xd7/0x340 [ 1731.881340] ? do_raw_spin_unlock+0x4f/0x220 [ 1731.882040] p9_client_create+0xa76/0x1230 [ 1731.882724] ? p9_client_flush+0x430/0x430 [ 1731.883401] ? trace_hardirqs_on+0x5b/0x180 [ 1731.884095] ? lockdep_init_map_type+0x2c7/0x780 [ 1731.884904] ? __raw_spin_lock_init+0x36/0x110 [ 1731.885647] v9fs_session_init+0x1dd/0x1680 [ 1731.886428] ? lock_release+0x680/0x680 [ 1731.887180] ? kmem_cache_alloc_trace+0x151/0x320 [ 1731.888056] ? v9fs_show_options+0x690/0x690 [ 1731.888858] ? trace_hardirqs_on+0x5b/0x180 [ 1731.889543] ? kasan_unpoison_shadow+0x33/0x50 [ 1731.890280] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1731.891097] v9fs_mount+0x79/0x8f0 [ 1731.891666] ? v9fs_write_inode+0x60/0x60 [ 1731.892332] legacy_get_tree+0x105/0x220 [ 1731.892989] vfs_get_tree+0x8e/0x300 [ 1731.893572] path_mount+0x1490/0x21e0 [ 1731.894187] ? strncpy_from_user+0x9e/0x470 [ 1731.894867] ? finish_automount+0xa90/0xa90 [ 1731.895554] ? getname_flags.part.0+0x1dd/0x4f0 [ 1731.896271] ? _copy_from_user+0xfb/0x1b0 [ 1731.896925] __x64_sys_mount+0x282/0x300 [ 1731.897577] ? copy_mnt_ns+0xa00/0xa00 [ 1731.898205] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1731.899014] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1731.899821] do_syscall_64+0x33/0x40 [ 1731.900396] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1731.901191] RIP: 0033:0x7fe30c5b6b19 [ 1731.901814] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1731.904692] RSP: 002b:00007fe309b2c188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1731.905910] RAX: ffffffffffffffda RBX: 00007fe30c6c9f60 RCX: 00007fe30c5b6b19 [ 1731.907155] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1731.908418] RBP: 00007fe309b2c1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1731.909731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1731.911021] R13: 00007ffddf17178f R14: 00007fe309b2c300 R15: 0000000000022000 write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df7"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:42:20 executing program 5: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 47) 12:42:20 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 51) 12:42:20 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:42:20 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 46) [ 1731.920415] FAULT_INJECTION: forcing a failure. [ 1731.920415] name failslab, interval 1, probability 0, space 0, times 0 [ 1731.922242] CPU: 0 PID: 8865 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 1731.923297] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1731.924584] Call Trace: [ 1731.924987] dump_stack+0x107/0x167 [ 1731.925568] should_fail.cold+0x5/0xa [ 1731.926172] ? create_object.isra.0+0x3a/0xa30 [ 1731.926878] should_failslab+0x5/0x20 [ 1731.927475] kmem_cache_alloc+0x5b/0x310 [ 1731.928109] create_object.isra.0+0x3a/0xa30 [ 1731.928800] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1731.929598] __kmalloc+0x16e/0x390 [ 1731.930169] p9pdu_readf+0xadb/0x1d40 [ 1731.930798] ? pipe_poll+0x21b/0x800 [ 1731.931383] ? p9pdu_writef+0x100/0x100 [ 1731.931995] ? p9_fd_poll+0x1e0/0x2c0 [ 1731.932595] ? p9_fd_create+0x357/0x4a0 [ 1731.933204] ? p9_conn_create+0x510/0x510 [ 1731.933861] ? p9_client_create+0x798/0x1230 [ 1731.934564] ? kfree+0xd7/0x340 [ 1731.935066] ? do_raw_spin_unlock+0x4f/0x220 [ 1731.935843] p9_client_create+0xaee/0x1230 [ 1731.936612] ? p9_client_flush+0x430/0x430 [ 1731.937282] ? trace_hardirqs_on+0x5b/0x180 [ 1731.937992] ? lockdep_init_map_type+0x2c7/0x780 [ 1731.938727] ? __raw_spin_lock_init+0x36/0x110 [ 1731.939453] v9fs_session_init+0x1dd/0x1680 [ 1731.940125] ? lock_release+0x680/0x680 [ 1731.940755] ? kmem_cache_alloc_trace+0x151/0x320 [ 1731.941515] ? v9fs_show_options+0x690/0x690 [ 1731.942218] ? trace_hardirqs_on+0x5b/0x180 [ 1731.942897] ? kasan_unpoison_shadow+0x33/0x50 [ 1731.943612] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1731.944396] v9fs_mount+0x79/0x8f0 [ 1731.944965] ? v9fs_write_inode+0x60/0x60 [ 1731.945623] legacy_get_tree+0x105/0x220 [ 1731.946263] vfs_get_tree+0x8e/0x300 [ 1731.946846] path_mount+0x1490/0x21e0 [ 1731.947452] ? strncpy_from_user+0x9e/0x470 [ 1731.948107] ? finish_automount+0xa90/0xa90 [ 1731.948777] ? getname_flags.part.0+0x1dd/0x4f0 [ 1731.949493] ? _copy_from_user+0xfb/0x1b0 [ 1731.950162] __x64_sys_mount+0x282/0x300 [ 1731.950817] ? copy_mnt_ns+0xa00/0xa00 [ 1731.951434] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1731.952243] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1731.953041] do_syscall_64+0x33/0x40 [ 1731.953621] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1731.954468] RIP: 0033:0x7ff7dde24b19 [ 1731.955038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1731.957896] RSP: 002b:00007ff7db39a188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1731.959070] RAX: ffffffffffffffda RBX: 00007ff7ddf37f60 RCX: 00007ff7dde24b19 [ 1731.960195] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1731.961310] RBP: 00007ff7db39a1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1731.962433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1731.963542] R13: 00007ffcd7e7b57f R14: 00007ff7db39a300 R15: 0000000000022000 [ 1731.968728] FAULT_INJECTION: forcing a failure. [ 1731.968728] name failslab, interval 1, probability 0, space 0, times 0 [ 1731.970584] CPU: 0 PID: 8870 Comm: syz-executor.3 Not tainted 5.10.246 #1 [ 1731.971643] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1731.972926] Call Trace: [ 1731.973347] dump_stack+0x107/0x167 [ 1731.973926] should_fail.cold+0x5/0xa [ 1731.974517] ? p9pdu_readf+0xadb/0x1d40 [ 1731.975128] should_failslab+0x5/0x20 [ 1731.975727] __kmalloc+0x72/0x390 [ 1731.976265] p9pdu_readf+0xadb/0x1d40 [ 1731.976866] ? pipe_poll+0x21b/0x800 [ 1731.977467] ? p9pdu_writef+0x100/0x100 [ 1731.978094] ? p9_fd_poll+0x1e0/0x2c0 [ 1731.978712] ? p9_fd_create+0x357/0x4a0 [ 1731.979356] ? p9_conn_create+0x510/0x510 [ 1731.979985] ? p9_client_create+0x798/0x1230 [ 1731.980671] ? kfree+0xd7/0x340 [ 1731.981177] ? do_raw_spin_unlock+0x4f/0x220 [ 1731.981880] p9_client_create+0xaee/0x1230 [ 1731.982561] ? p9_client_flush+0x430/0x430 [ 1731.983222] ? trace_hardirqs_on+0x5b/0x180 [ 1731.983905] ? lockdep_init_map_type+0x2c7/0x780 [ 1731.984643] ? __raw_spin_lock_init+0x36/0x110 [ 1731.985367] v9fs_session_init+0x1dd/0x1680 [ 1731.986041] ? lock_release+0x680/0x680 [ 1731.986663] ? kmem_cache_alloc_trace+0x151/0x320 [ 1731.987407] ? v9fs_show_options+0x690/0x690 [ 1731.988085] ? trace_hardirqs_on+0x5b/0x180 [ 1731.988872] ? kasan_unpoison_shadow+0x33/0x50 [ 1731.989727] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1731.990654] v9fs_mount+0x79/0x8f0 [ 1731.991298] ? v9fs_write_inode+0x60/0x60 [ 1731.991951] legacy_get_tree+0x105/0x220 [ 1731.992584] vfs_get_tree+0x8e/0x300 [ 1731.993160] path_mount+0x1490/0x21e0 [ 1731.993779] ? strncpy_from_user+0x9e/0x470 [ 1731.994445] ? finish_automount+0xa90/0xa90 [ 1731.995098] ? getname_flags.part.0+0x1dd/0x4f0 [ 1731.995833] ? _copy_from_user+0xfb/0x1b0 [ 1731.996487] __x64_sys_mount+0x282/0x300 [ 1731.997106] ? copy_mnt_ns+0xa00/0xa00 [ 1731.997741] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1731.998556] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1731.999369] do_syscall_64+0x33/0x40 [ 1731.999939] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1732.000755] RIP: 0033:0x7fd134c9eb19 [ 1732.001339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1732.004249] RSP: 002b:00007fd132214188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1732.005465] RAX: ffffffffffffffda RBX: 00007fd134db1f60 RCX: 00007fd134c9eb19 [ 1732.006615] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1732.007742] RBP: 00007fd1322141d0 R08: 0000000020000280 R09: 0000000000000000 [ 1732.008923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1732.010206] R13: 00007ffe03f9a7cf R14: 00007fd132214300 R15: 0000000000022000 12:42:20 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03324c"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1732.013652] FAULT_INJECTION: forcing a failure. [ 1732.013652] name failslab, interval 1, probability 0, space 0, times 0 [ 1732.015594] CPU: 0 PID: 8871 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1732.016693] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1732.018020] Call Trace: [ 1732.018454] dump_stack+0x107/0x167 [ 1732.019030] should_fail.cold+0x5/0xa [ 1732.019640] ? create_object.isra.0+0x3a/0xa30 [ 1732.020368] should_failslab+0x5/0x20 [ 1732.020968] kmem_cache_alloc+0x5b/0x310 [ 1732.021618] ? lock_acquire+0x197/0x470 [ 1732.022257] create_object.isra.0+0x3a/0xa30 [ 1732.022958] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1732.023788] __kmalloc_track_caller+0x177/0x370 [ 1732.024529] ? kstrdup_const+0x53/0x80 [ 1732.025138] ? kasprintf+0xbb/0xf0 [ 1732.025717] kstrdup+0x36/0x70 [ 1732.026225] kstrdup_const+0x53/0x80 [ 1732.026830] kmem_cache_create_usercopy+0x12f/0x2f0 [ 1732.027634] p9_client_create+0xc6a/0x1230 [ 1732.028316] ? p9_client_flush+0x430/0x430 [ 1732.028998] ? trace_hardirqs_on+0x5b/0x180 [ 1732.029700] ? lockdep_init_map_type+0x2c7/0x780 [ 1732.030467] ? __raw_spin_lock_init+0x36/0x110 [ 1732.031199] v9fs_session_init+0x1dd/0x1680 [ 1732.031892] ? lock_release+0x680/0x680 [ 1732.032556] ? kmem_cache_alloc_trace+0x151/0x320 [ 1732.033334] ? v9fs_show_options+0x690/0x690 [ 1732.034052] ? trace_hardirqs_on+0x5b/0x180 [ 1732.034742] ? kasan_unpoison_shadow+0x33/0x50 [ 1732.035472] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1732.036270] v9fs_mount+0x79/0x8f0 [ 1732.036843] ? v9fs_write_inode+0x60/0x60 [ 1732.037513] legacy_get_tree+0x105/0x220 [ 1732.038163] vfs_get_tree+0x8e/0x300 [ 1732.038759] path_mount+0x1490/0x21e0 [ 1732.039379] ? strncpy_from_user+0x9e/0x470 [ 1732.040059] ? finish_automount+0xa90/0xa90 [ 1732.040752] ? getname_flags.part.0+0x1dd/0x4f0 [ 1732.041495] ? _copy_from_user+0xfb/0x1b0 [ 1732.042167] __x64_sys_mount+0x282/0x300 [ 1732.042832] ? copy_mnt_ns+0xa00/0xa00 [ 1732.043461] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1732.044291] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1732.045111] do_syscall_64+0x33/0x40 [ 1732.045718] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1732.046543] RIP: 0033:0x7f850d5eab19 [ 1732.047132] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1732.050075] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1732.051298] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1732.052438] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1732.053566] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1732.054718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1732.055859] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 12:42:21 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:42:21 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 47) 12:42:21 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa3331"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:42:21 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df7"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:42:21 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03324c"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1732.155778] FAULT_INJECTION: forcing a failure. [ 1732.155778] name failslab, interval 1, probability 0, space 0, times 0 [ 1732.158802] CPU: 1 PID: 8884 Comm: syz-executor.3 Not tainted 5.10.246 #1 [ 1732.160564] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1732.162705] Call Trace: [ 1732.163392] dump_stack+0x107/0x167 [ 1732.164326] should_fail.cold+0x5/0xa [ 1732.165304] ? create_object.isra.0+0x3a/0xa30 [ 1732.166479] should_failslab+0x5/0x20 [ 1732.167455] kmem_cache_alloc+0x5b/0x310 [ 1732.168499] create_object.isra.0+0x3a/0xa30 [ 1732.169617] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1732.170914] __kmalloc+0x16e/0x390 [ 1732.171817] p9pdu_readf+0xadb/0x1d40 [ 1732.172794] ? pipe_poll+0x21b/0x800 [ 1732.173740] ? p9pdu_writef+0x100/0x100 [ 1732.174742] ? p9_fd_poll+0x1e0/0x2c0 [ 1732.175716] ? p9_fd_create+0x357/0x4a0 [ 1732.176719] ? p9_conn_create+0x510/0x510 [ 1732.177772] ? p9_client_create+0x798/0x1230 [ 1732.178880] ? kfree+0xd7/0x340 [ 1732.179717] ? do_raw_spin_unlock+0x4f/0x220 [ 1732.180842] p9_client_create+0xaee/0x1230 [ 1732.181924] ? p9_client_flush+0x430/0x430 [ 1732.183007] ? trace_hardirqs_on+0x5b/0x180 [ 1732.184113] ? lockdep_init_map_type+0x2c7/0x780 [ 1732.185307] ? __raw_spin_lock_init+0x36/0x110 [ 1732.186481] v9fs_session_init+0x1dd/0x1680 [ 1732.187561] ? lock_release+0x680/0x680 [ 1732.188563] ? kmem_cache_alloc_trace+0x151/0x320 [ 1732.189776] ? v9fs_show_options+0x690/0x690 [ 1732.190882] ? trace_hardirqs_on+0x5b/0x180 [ 1732.191958] ? kasan_unpoison_shadow+0x33/0x50 [ 1732.193096] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1732.194382] v9fs_mount+0x79/0x8f0 [ 1732.195270] ? v9fs_write_inode+0x60/0x60 [ 1732.196299] legacy_get_tree+0x105/0x220 [ 1732.197313] vfs_get_tree+0x8e/0x300 [ 1732.198249] path_mount+0x1490/0x21e0 [ 1732.199208] ? strncpy_from_user+0x9e/0x470 [ 1732.200291] ? finish_automount+0xa90/0xa90 [ 1732.201367] ? getname_flags.part.0+0x1dd/0x4f0 [ 1732.202528] ? _copy_from_user+0xfb/0x1b0 [ 1732.203561] __x64_sys_mount+0x282/0x300 [ 1732.204562] ? copy_mnt_ns+0xa00/0xa00 [ 1732.205530] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1732.206836] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1732.208110] do_syscall_64+0x33/0x40 [ 1732.209039] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1732.210324] RIP: 0033:0x7fd134c9eb19 [ 1732.211253] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1732.215833] RSP: 002b:00007fd132214188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1732.217734] RAX: ffffffffffffffda RBX: 00007fd134db1f60 RCX: 00007fd134c9eb19 [ 1732.219510] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1732.221263] RBP: 00007fd1322141d0 R08: 0000000020000280 R09: 0000000000000000 [ 1732.223031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1732.224793] R13: 00007ffe03f9a7cf R14: 00007fd132214300 R15: 0000000000022000 12:42:33 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 52) 12:42:33 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 48) 12:42:33 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03324c"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:42:33 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df7"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:42:33 executing program 6: socket$inet6_udplite(0xa, 0x2, 0x88) mq_open(0x0, 0x2, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 46) 12:42:33 executing program 5: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 48) 12:42:33 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d0"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:42:33 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1744.967738] FAULT_INJECTION: forcing a failure. [ 1744.967738] name failslab, interval 1, probability 0, space 0, times 0 [ 1744.970481] CPU: 1 PID: 8907 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1744.972090] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1744.973989] Call Trace: [ 1744.974595] dump_stack+0x107/0x167 [ 1744.975418] FAULT_INJECTION: forcing a failure. [ 1744.975418] name failslab, interval 1, probability 0, space 0, times 0 [ 1744.977902] should_fail.cold+0x5/0xa [ 1744.978767] ? create_object.isra.0+0x3a/0xa30 [ 1744.979799] should_failslab+0x5/0x20 [ 1744.980662] kmem_cache_alloc+0x5b/0x310 [ 1744.981585] create_object.isra.0+0x3a/0xa30 [ 1744.982589] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1744.983740] kmem_cache_alloc+0x159/0x310 [ 1744.984686] kmem_cache_create_usercopy+0x190/0x2f0 [ 1744.985827] p9_client_create+0xc6a/0x1230 [ 1744.986792] ? p9_client_flush+0x430/0x430 [ 1744.987743] ? trace_hardirqs_on+0x5b/0x180 [ 1744.988719] ? lockdep_init_map_type+0x2c7/0x780 [ 1744.989809] ? __raw_spin_lock_init+0x36/0x110 [ 1744.990854] v9fs_session_init+0x1dd/0x1680 [ 1744.991836] ? lock_release+0x680/0x680 [ 1744.992748] ? kmem_cache_alloc_trace+0x151/0x320 [ 1744.993862] ? v9fs_show_options+0x690/0x690 [ 1744.994866] ? trace_hardirqs_on+0x5b/0x180 [ 1744.995846] ? kasan_unpoison_shadow+0x33/0x50 [ 1744.996879] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1744.998028] v9fs_mount+0x79/0x8f0 [ 1744.998834] ? v9fs_write_inode+0x60/0x60 [ 1744.999768] legacy_get_tree+0x105/0x220 [ 1745.000692] vfs_get_tree+0x8e/0x300 [ 1745.001534] path_mount+0x1490/0x21e0 [ 1745.002405] ? strncpy_from_user+0x9e/0x470 [ 1745.003379] ? finish_automount+0xa90/0xa90 [ 1745.004351] ? getname_flags.part.0+0x1dd/0x4f0 [ 1745.005403] ? _copy_from_user+0xfb/0x1b0 [ 1745.006358] __x64_sys_mount+0x282/0x300 [ 1745.007263] ? copy_mnt_ns+0xa00/0xa00 [ 1745.008152] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1745.009341] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1745.010515] do_syscall_64+0x33/0x40 [ 1745.011357] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1745.012511] RIP: 0033:0x7f850d5eab19 [ 1745.013355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1745.017512] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1745.019242] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1745.020862] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1745.022486] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1745.024094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1745.025710] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 [ 1745.027354] CPU: 0 PID: 8905 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 1745.028264] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1745.029327] Call Trace: [ 1745.029668] dump_stack+0x107/0x167 [ 1745.030146] should_fail.cold+0x5/0xa [ 1745.030629] ? p9pdu_readf+0xadb/0x1d40 [ 1745.031144] should_failslab+0x5/0x20 [ 1745.031627] __kmalloc+0x72/0x390 [ 1745.032075] p9pdu_readf+0xadb/0x1d40 [ 1745.032562] ? pipe_poll+0x21b/0x800 [ 1745.033030] ? p9pdu_writef+0x100/0x100 [ 1745.033532] ? p9_fd_poll+0x1e0/0x2c0 [ 1745.034043] ? p9_fd_create+0x357/0x4a0 [ 1745.034540] ? p9_conn_create+0x510/0x510 [ 1745.035059] ? p9_client_create+0x798/0x1230 [ 1745.035610] ? kfree+0xd7/0x340 [ 1745.036026] ? do_raw_spin_unlock+0x4f/0x220 [ 1745.036579] p9_client_create+0xaee/0x1230 [ 1745.037116] ? p9_client_flush+0x430/0x430 [ 1745.037649] ? trace_hardirqs_on+0x5b/0x180 [ 1745.038199] ? lockdep_init_map_type+0x2c7/0x780 [ 1745.038817] ? __raw_spin_lock_init+0x36/0x110 [ 1745.039409] v9fs_session_init+0x1dd/0x1680 [ 1745.039970] ? lock_release+0x680/0x680 [ 1745.040487] ? kmem_cache_alloc_trace+0x151/0x320 [ 1745.041097] ? v9fs_show_options+0x690/0x690 [ 1745.041664] ? trace_hardirqs_on+0x5b/0x180 [ 1745.042226] ? kasan_unpoison_shadow+0x33/0x50 [ 1745.042803] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1745.043436] v9fs_mount+0x79/0x8f0 [ 1745.043879] ? v9fs_write_inode+0x60/0x60 [ 1745.044103] FAULT_INJECTION: forcing a failure. [ 1745.044103] name failslab, interval 1, probability 0, space 0, times 0 [ 1745.044393] legacy_get_tree+0x105/0x220 [ 1745.044406] vfs_get_tree+0x8e/0x300 [ 1745.044418] path_mount+0x1490/0x21e0 [ 1745.044441] ? strncpy_from_user+0x9e/0x470 [ 1745.048866] ? finish_automount+0xa90/0xa90 [ 1745.049401] ? getname_flags.part.0+0x1dd/0x4f0 [ 1745.050004] ? _copy_from_user+0xfb/0x1b0 [ 1745.050525] __x64_sys_mount+0x282/0x300 [ 1745.051034] ? copy_mnt_ns+0xa00/0xa00 [ 1745.051523] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1745.052179] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1745.052818] do_syscall_64+0x33/0x40 [ 1745.053282] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1745.053927] RIP: 0033:0x7fe30c5b6b19 [ 1745.054406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1745.056683] RSP: 002b:00007fe309b2c188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1745.057633] RAX: ffffffffffffffda RBX: 00007fe30c6c9f60 RCX: 00007fe30c5b6b19 [ 1745.058529] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1745.059412] RBP: 00007fe309b2c1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1745.060299] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1745.061191] R13: 00007ffddf17178f R14: 00007fe309b2c300 R15: 0000000000022000 [ 1745.062109] CPU: 1 PID: 8914 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 1745.063660] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1745.065527] Call Trace: [ 1745.066140] dump_stack+0x107/0x167 [ 1745.066978] should_fail.cold+0x5/0xa [ 1745.067844] should_failslab+0x5/0x20 [ 1745.068713] __kmalloc_track_caller+0x79/0x370 [ 1745.069740] ? kasprintf+0xbb/0xf0 [ 1745.070550] ? __delete_object+0xb3/0x100 [ 1745.071480] kvasprintf+0xb5/0x150 [ 1745.072285] ? bust_spinlocks+0xe0/0xe0 [ 1745.073181] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1745.074398] kasprintf+0xbb/0xf0 [ 1745.075155] ? kvasprintf_const+0x1a0/0x1a0 [ 1745.076134] ? kmem_cache_free+0x249/0x2d0 [ 1745.077089] ? p9_client_create+0xbfa/0x1230 [ 1745.078095] p9_client_create+0xc1b/0x1230 [ 1745.079049] ? p9_client_flush+0x430/0x430 [ 1745.080013] ? trace_hardirqs_on+0x5b/0x180 [ 1745.080982] ? lockdep_init_map_type+0x2c7/0x780 [ 1745.082067] ? __raw_spin_lock_init+0x36/0x110 [ 1745.083098] v9fs_session_init+0x1dd/0x1680 [ 1745.084077] ? lock_release+0x680/0x680 [ 1745.084981] ? kmem_cache_alloc_trace+0x151/0x320 [ 1745.086089] ? v9fs_show_options+0x690/0x690 [ 1745.087082] ? trace_hardirqs_on+0x5b/0x180 [ 1745.088062] ? kasan_unpoison_shadow+0x33/0x50 [ 1745.089088] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1745.090251] v9fs_mount+0x79/0x8f0 [ 1745.091058] ? v9fs_write_inode+0x60/0x60 [ 1745.091990] legacy_get_tree+0x105/0x220 [ 1745.092917] vfs_get_tree+0x8e/0x300 [ 1745.093757] path_mount+0x1490/0x21e0 [ 1745.094646] ? strncpy_from_user+0x9e/0x470 [ 1745.095621] ? finish_automount+0xa90/0xa90 [ 1745.096604] ? getname_flags.part.0+0x1dd/0x4f0 [ 1745.097651] ? _copy_from_user+0xfb/0x1b0 [ 1745.098623] __x64_sys_mount+0x282/0x300 [ 1745.099533] ? copy_mnt_ns+0xa00/0xa00 [ 1745.100422] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1745.101602] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1745.102778] do_syscall_64+0x33/0x40 [ 1745.103633] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1745.104781] RIP: 0033:0x7ff7dde24b19 [ 1745.105626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1745.109749] RSP: 002b:00007ff7db39a188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1745.111496] RAX: ffffffffffffffda RBX: 00007ff7ddf37f60 RCX: 00007ff7dde24b19 [ 1745.113113] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1745.114739] RBP: 00007ff7db39a1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1745.116371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1745.117990] R13: 00007ffcd7e7b57f R14: 00007ff7db39a300 R15: 0000000000022000 [ 1745.121372] 9pnet: Insufficient options for proto=fd 12:42:34 executing program 6: socket$inet6_udplite(0xa, 0x2, 0x88) mq_open(0x0, 0x2, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 47) [ 1745.154613] FAULT_INJECTION: forcing a failure. [ 1745.154613] name failslab, interval 1, probability 0, space 0, times 0 [ 1745.157327] CPU: 1 PID: 8920 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 1745.158875] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1745.160736] Call Trace: [ 1745.161331] dump_stack+0x107/0x167 [ 1745.162161] should_fail.cold+0x5/0xa [ 1745.163022] ? create_object.isra.0+0x3a/0xa30 [ 1745.164058] should_failslab+0x5/0x20 [ 1745.164927] kmem_cache_alloc+0x5b/0x310 [ 1745.165860] create_object.isra.0+0x3a/0xa30 [ 1745.166844] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1745.168001] __kmalloc+0x16e/0x390 [ 1745.168808] p9pdu_readf+0xadb/0x1d40 [ 1745.169672] ? pipe_poll+0x21b/0x800 [ 1745.170518] ? p9pdu_writef+0x100/0x100 [ 1745.171423] ? p9_fd_poll+0x1e0/0x2c0 [ 1745.172284] ? p9_fd_create+0x357/0x4a0 [ 1745.173185] ? p9_conn_create+0x510/0x510 [ 1745.174138] ? p9_client_create+0x798/0x1230 [ 1745.175128] ? kfree+0xd7/0x340 [ 1745.175866] ? do_raw_spin_unlock+0x4f/0x220 [ 1745.176867] p9_client_create+0xaee/0x1230 [ 1745.177832] ? p9_client_flush+0x430/0x430 [ 1745.178791] ? trace_hardirqs_on+0x5b/0x180 [ 1745.179763] ? lockdep_init_map_type+0x2c7/0x780 [ 1745.180844] ? __raw_spin_lock_init+0x36/0x110 [ 1745.181887] v9fs_session_init+0x1dd/0x1680 [ 1745.182860] ? lock_release+0x680/0x680 [ 1745.183760] ? kmem_cache_alloc_trace+0x151/0x320 [ 1745.184847] ? v9fs_show_options+0x690/0x690 [ 1745.185846] ? trace_hardirqs_on+0x5b/0x180 [ 1745.186826] ? kasan_unpoison_shadow+0x33/0x50 [ 1745.187847] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1745.188993] v9fs_mount+0x79/0x8f0 [ 1745.189849] ? v9fs_write_inode+0x60/0x60 [ 1745.190789] legacy_get_tree+0x105/0x220 [ 1745.191698] vfs_get_tree+0x8e/0x300 [ 1745.192542] path_mount+0x1490/0x21e0 [ 1745.193398] ? strncpy_from_user+0x9e/0x470 [ 1745.194363] ? finish_automount+0xa90/0xa90 [ 1745.195293] ? getname_flags.part.0+0x1dd/0x4f0 [ 1745.196368] ? _copy_from_user+0xfb/0x1b0 [ 1745.197409] __x64_sys_mount+0x282/0x300 [ 1745.198425] ? copy_mnt_ns+0xa00/0xa00 [ 1745.199305] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1745.200563] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1745.201752] do_syscall_64+0x33/0x40 [ 1745.202674] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1745.203882] RIP: 0033:0x7fe30c5b6b19 [ 1745.204767] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1745.209147] RSP: 002b:00007fe309b2c188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1745.210917] RAX: ffffffffffffffda RBX: 00007fe30c6c9f60 RCX: 00007fe30c5b6b19 [ 1745.212651] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1745.214502] RBP: 00007fe309b2c1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1745.216133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1745.217981] R13: 00007ffddf17178f R14: 00007fe309b2c300 R15: 0000000000022000 [ 1745.230264] FAULT_INJECTION: forcing a failure. [ 1745.230264] name failslab, interval 1, probability 0, space 0, times 0 [ 1745.232090] CPU: 0 PID: 8924 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1745.232890] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1745.233880] Call Trace: [ 1745.234197] dump_stack+0x107/0x167 [ 1745.234632] should_fail.cold+0x5/0xa [ 1745.235085] ? __kmem_cache_create+0x10e/0x520 [ 1745.235636] should_failslab+0x5/0x20 [ 1745.236088] kmem_cache_alloc_node+0x55/0x330 [ 1745.236613] __kmem_cache_create+0x10e/0x520 [ 1745.237154] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1745.237968] p9_client_create+0xc6a/0x1230 [ 1745.238481] ? p9_client_flush+0x430/0x430 [ 1745.238986] ? trace_hardirqs_on+0x5b/0x180 [ 1745.239497] ? lockdep_init_map_type+0x2c7/0x780 [ 1745.240066] ? __raw_spin_lock_init+0x36/0x110 [ 1745.240615] v9fs_session_init+0x1dd/0x1680 [ 1745.241124] ? lock_release+0x680/0x680 [ 1745.241601] ? kmem_cache_alloc_trace+0x151/0x320 [ 1745.242167] ? v9fs_show_options+0x690/0x690 [ 1745.242699] ? trace_hardirqs_on+0x5b/0x180 [ 1745.243208] ? kasan_unpoison_shadow+0x33/0x50 [ 1745.243743] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1745.244339] v9fs_mount+0x79/0x8f0 [ 1745.244766] ? v9fs_write_inode+0x60/0x60 [ 1745.245252] legacy_get_tree+0x105/0x220 [ 1745.245734] vfs_get_tree+0x8e/0x300 [ 1745.246181] path_mount+0x1490/0x21e0 [ 1745.246638] ? strncpy_from_user+0x9e/0x470 [ 1745.247143] ? finish_automount+0xa90/0xa90 [ 1745.247658] ? getname_flags.part.0+0x1dd/0x4f0 [ 1745.248209] ? _copy_from_user+0xfb/0x1b0 [ 1745.248702] __x64_sys_mount+0x282/0x300 [ 1745.249177] ? copy_mnt_ns+0xa00/0xa00 [ 1745.249643] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1745.250264] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1745.250871] do_syscall_64+0x33/0x40 [ 1745.251316] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1745.251924] RIP: 0033:0x7f850d5eab19 [ 1745.252366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1745.254585] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1745.255501] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1745.256349] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1745.257195] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1745.258048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1745.258901] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 [ 1745.260372] kmem_cache_create(9p-fcall-cache-846) failed with error -22 [ 1745.261158] CPU: 0 PID: 8924 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1745.261981] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1745.262952] Call Trace: [ 1745.263255] dump_stack+0x107/0x167 [ 1745.263684] kmem_cache_create_usercopy.cold+0x17/0x65 [ 1745.264288] p9_client_create+0xc6a/0x1230 [ 1745.264783] ? p9_client_flush+0x430/0x430 [ 1745.265266] ? trace_hardirqs_on+0x5b/0x180 [ 1745.265788] ? lockdep_init_map_type+0x2c7/0x780 [ 1745.266348] ? __raw_spin_lock_init+0x36/0x110 [ 1745.266886] v9fs_session_init+0x1dd/0x1680 [ 1745.267388] ? lock_release+0x680/0x680 [ 1745.267859] ? kmem_cache_alloc_trace+0x151/0x320 [ 1745.268426] ? v9fs_show_options+0x690/0x690 [ 1745.268951] ? trace_hardirqs_on+0x5b/0x180 [ 1745.269453] ? kasan_unpoison_shadow+0x33/0x50 [ 1745.269991] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1745.270582] v9fs_mount+0x79/0x8f0 [ 1745.270997] ? v9fs_write_inode+0x60/0x60 [ 1745.271474] legacy_get_tree+0x105/0x220 [ 1745.271957] vfs_get_tree+0x8e/0x300 [ 1745.272386] path_mount+0x1490/0x21e0 [ 1745.272829] ? strncpy_from_user+0x9e/0x470 [ 1745.273338] ? finish_automount+0xa90/0xa90 [ 1745.273847] ? getname_flags.part.0+0x1dd/0x4f0 [ 1745.274384] ? _copy_from_user+0xfb/0x1b0 [ 1745.274877] __x64_sys_mount+0x282/0x300 [ 1745.275344] ? copy_mnt_ns+0xa00/0xa00 [ 1745.275799] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1745.276413] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1745.277011] do_syscall_64+0x33/0x40 [ 1745.277442] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1745.278044] RIP: 0033:0x7f850d5eab19 [ 1745.278471] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1745.280558] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1745.281419] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1745.282239] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1745.283059] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1745.283887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1745.284694] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 12:42:34 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 53) 12:42:34 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03324c4b"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:42:34 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d0"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:42:34 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:42:34 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 12:42:47 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03324c4b"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:42:47 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:42:47 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:42:47 executing program 6: socket$inet6_udplite(0xa, 0x2, 0x88) mq_open(0x0, 0x2, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 48) 12:42:47 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 54) 12:42:47 executing program 5: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 49) 12:42:47 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x2, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 12:42:47 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df7"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1758.290237] FAULT_INJECTION: forcing a failure. [ 1758.290237] name failslab, interval 1, probability 0, space 0, times 0 [ 1758.292865] CPU: 1 PID: 8949 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1758.294381] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1758.296221] Call Trace: [ 1758.296808] dump_stack+0x107/0x167 [ 1758.297616] should_fail.cold+0x5/0xa [ 1758.297825] FAULT_INJECTION: forcing a failure. [ 1758.297825] name failslab, interval 1, probability 0, space 0, times 0 [ 1758.298458] ? __kmem_cache_create+0x10e/0x520 [ 1758.301106] should_failslab+0x5/0x20 [ 1758.301953] kmem_cache_alloc_node+0x55/0x330 [ 1758.302943] __kmem_cache_create+0x10e/0x520 [ 1758.303911] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1758.305014] p9_client_create+0xc6a/0x1230 [ 1758.305960] ? p9_client_flush+0x430/0x430 [ 1758.306891] ? trace_hardirqs_on+0x5b/0x180 [ 1758.307834] ? lockdep_init_map_type+0x2c7/0x780 [ 1758.308876] ? __raw_spin_lock_init+0x36/0x110 [ 1758.309885] v9fs_session_init+0x1dd/0x1680 [ 1758.310856] ? lock_release+0x680/0x680 [ 1758.311738] ? kmem_cache_alloc_trace+0x151/0x320 [ 1758.312798] ? v9fs_show_options+0x690/0x690 [ 1758.313771] ? trace_hardirqs_on+0x5b/0x180 [ 1758.314726] ? kasan_unpoison_shadow+0x33/0x50 [ 1758.315727] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1758.316853] v9fs_mount+0x79/0x8f0 [ 1758.317631] ? v9fs_write_inode+0x60/0x60 [ 1758.318554] legacy_get_tree+0x105/0x220 [ 1758.319446] vfs_get_tree+0x8e/0x300 [ 1758.320263] path_mount+0x1490/0x21e0 [ 1758.321110] ? strncpy_from_user+0x9e/0x470 [ 1758.322072] ? finish_automount+0xa90/0xa90 [ 1758.323019] ? getname_flags.part.0+0x1dd/0x4f0 [ 1758.324050] ? _copy_from_user+0xfb/0x1b0 [ 1758.324969] __x64_sys_mount+0x282/0x300 [ 1758.325859] ? copy_mnt_ns+0xa00/0xa00 [ 1758.326727] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1758.327885] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1758.329026] do_syscall_64+0x33/0x40 [ 1758.329849] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1758.330998] RIP: 0033:0x7f850d5eab19 [ 1758.331811] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1758.335864] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1758.337530] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1758.339101] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1758.340661] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1758.342217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1758.343770] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 [ 1758.345358] CPU: 0 PID: 8950 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 1758.345527] kmem_cache_create(9p-fcall-cache-852) failed with error -22 [ 1758.346369] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1758.346375] Call Trace: [ 1758.346397] dump_stack+0x107/0x167 [ 1758.346417] should_fail.cold+0x5/0xa [ 1758.350446] should_failslab+0x5/0x20 [ 1758.350990] __kmalloc_track_caller+0x79/0x370 [ 1758.351641] ? kasprintf+0xbb/0xf0 [ 1758.352149] ? __delete_object+0xb3/0x100 [ 1758.352739] kvasprintf+0xb5/0x150 [ 1758.353249] ? bust_spinlocks+0xe0/0xe0 [ 1758.353824] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1758.354584] kasprintf+0xbb/0xf0 [ 1758.355065] ? kvasprintf_const+0x1a0/0x1a0 [ 1758.355677] ? kmem_cache_free+0x249/0x2d0 [ 1758.356280] ? p9_client_create+0xbfa/0x1230 [ 1758.356906] p9_client_create+0xc1b/0x1230 [ 1758.357510] ? p9_client_flush+0x430/0x430 [ 1758.358121] ? trace_hardirqs_on+0x5b/0x180 [ 1758.358736] ? lockdep_init_map_type+0x2c7/0x780 [ 1758.359409] ? __raw_spin_lock_init+0x36/0x110 [ 1758.360067] v9fs_session_init+0x1dd/0x1680 [ 1758.360683] ? lock_release+0x680/0x680 [ 1758.361253] ? kmem_cache_alloc_trace+0x151/0x320 [ 1758.361940] ? v9fs_show_options+0x690/0x690 [ 1758.362571] ? trace_hardirqs_on+0x5b/0x180 [ 1758.363180] ? kasan_unpoison_shadow+0x33/0x50 [ 1758.363831] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1758.364550] v9fs_mount+0x79/0x8f0 [ 1758.365047] ? v9fs_write_inode+0x60/0x60 [ 1758.365628] legacy_get_tree+0x105/0x220 [ 1758.366199] vfs_get_tree+0x8e/0x300 [ 1758.366725] path_mount+0x1490/0x21e0 [ 1758.367267] ? strncpy_from_user+0x9e/0x470 [ 1758.367870] ? finish_automount+0xa90/0xa90 [ 1758.368478] ? getname_flags.part.0+0x1dd/0x4f0 [ 1758.369130] ? _copy_from_user+0xfb/0x1b0 [ 1758.369717] __x64_sys_mount+0x282/0x300 [ 1758.370294] ? copy_mnt_ns+0xa00/0xa00 [ 1758.370844] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1758.371583] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1758.372309] do_syscall_64+0x33/0x40 [ 1758.372837] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1758.373560] RIP: 0033:0x7fe30c5b6b19 [ 1758.374092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1758.376682] RSP: 002b:00007fe309b2c188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1758.377756] RAX: ffffffffffffffda RBX: 00007fe30c6c9f60 RCX: 00007fe30c5b6b19 [ 1758.378765] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1758.379766] RBP: 00007fe309b2c1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1758.380766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1758.381766] R13: 00007ffddf17178f R14: 00007fe309b2c300 R15: 0000000000022000 [ 1758.382805] CPU: 1 PID: 8949 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1758.384342] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1758.386177] Call Trace: [ 1758.386760] dump_stack+0x107/0x167 [ 1758.387564] kmem_cache_create_usercopy.cold+0x17/0x65 [ 1758.388719] p9_client_create+0xc6a/0x1230 [ 1758.389654] ? p9_client_flush+0x430/0x430 [ 1758.390591] ? trace_hardirqs_on+0x5b/0x180 [ 1758.391539] ? lockdep_init_map_type+0x2c7/0x780 [ 1758.392585] ? __raw_spin_lock_init+0x36/0x110 [ 1758.393594] v9fs_session_init+0x1dd/0x1680 [ 1758.394549] ? lock_release+0x680/0x680 [ 1758.395434] ? kmem_cache_alloc_trace+0x151/0x320 [ 1758.396486] ? v9fs_show_options+0x690/0x690 [ 1758.397464] ? trace_hardirqs_on+0x5b/0x180 [ 1758.398419] ? kasan_unpoison_shadow+0x33/0x50 [ 1758.399414] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1758.400535] v9fs_mount+0x79/0x8f0 [ 1758.401316] ? v9fs_write_inode+0x60/0x60 [ 1758.402225] legacy_get_tree+0x105/0x220 [ 1758.403126] vfs_get_tree+0x8e/0x300 [ 1758.403938] path_mount+0x1490/0x21e0 [ 1758.404780] ? strncpy_from_user+0x9e/0x470 [ 1758.405728] ? finish_automount+0xa90/0xa90 [ 1758.406685] ? getname_flags.part.0+0x1dd/0x4f0 [ 1758.407703] ? _copy_from_user+0xfb/0x1b0 [ 1758.408618] __x64_sys_mount+0x282/0x300 [ 1758.409511] ? copy_mnt_ns+0xa00/0xa00 [ 1758.410377] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1758.411529] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1758.412655] do_syscall_64+0x33/0x40 [ 1758.413472] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1758.414601] RIP: 0033:0x7f850d5eab19 [ 1758.415418] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1758.419483] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1758.421157] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1758.422744] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1758.424304] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1758.425872] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1758.427441] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 [ 1758.443443] FAULT_INJECTION: forcing a failure. [ 1758.443443] name failslab, interval 1, probability 0, space 0, times 0 [ 1758.446301] CPU: 1 PID: 8955 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 1758.447914] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1758.449771] Call Trace: [ 1758.450378] dump_stack+0x107/0x167 [ 1758.451197] should_fail.cold+0x5/0xa [ 1758.452054] ? create_object.isra.0+0x3a/0xa30 [ 1758.453066] should_failslab+0x5/0x20 [ 1758.453918] kmem_cache_alloc+0x5b/0x310 [ 1758.454845] ? vsnprintf+0x4ba/0x1600 [ 1758.455705] create_object.isra.0+0x3a/0xa30 [ 1758.456676] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1758.457808] __kmalloc_track_caller+0x177/0x370 [ 1758.458848] ? kasprintf+0xbb/0xf0 [ 1758.459647] kvasprintf+0xb5/0x150 [ 1758.460452] ? bust_spinlocks+0xe0/0xe0 [ 1758.461345] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1758.462535] kasprintf+0xbb/0xf0 [ 1758.463293] ? kvasprintf_const+0x1a0/0x1a0 [ 1758.464264] ? kmem_cache_free+0x249/0x2d0 [ 1758.465207] ? p9_client_create+0xbfa/0x1230 [ 1758.466183] p9_client_create+0xc1b/0x1230 [ 1758.467121] ? p9_client_flush+0x430/0x430 [ 1758.468055] ? trace_hardirqs_on+0x5b/0x180 [ 1758.469014] ? lockdep_init_map_type+0x2c7/0x780 [ 1758.470065] ? __raw_spin_lock_init+0x36/0x110 [ 1758.471085] v9fs_session_init+0x1dd/0x1680 [ 1758.472052] ? kmem_cache_alloc_trace+0x151/0x320 [ 1758.473112] ? v9fs_show_options+0x690/0x690 [ 1758.474095] ? trace_hardirqs_on+0x5b/0x180 [ 1758.475041] ? kasan_unpoison_shadow+0x33/0x50 [ 1758.476039] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1758.477160] v9fs_mount+0x79/0x8f0 [ 1758.477948] ? v9fs_write_inode+0x60/0x60 [ 1758.478856] legacy_get_tree+0x105/0x220 [ 1758.479751] vfs_get_tree+0x8e/0x300 [ 1758.480569] path_mount+0x1490/0x21e0 [ 1758.481412] ? strncpy_from_user+0x9e/0x470 [ 1758.482371] ? finish_automount+0xa90/0xa90 [ 1758.483306] ? getname_flags.part.0+0x1dd/0x4f0 [ 1758.484324] ? _copy_from_user+0xfb/0x1b0 [ 1758.485232] __x64_sys_mount+0x282/0x300 [ 1758.486131] ? copy_mnt_ns+0xa00/0xa00 [ 1758.486993] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1758.488145] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1758.489281] do_syscall_64+0x33/0x40 [ 1758.490116] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1758.491246] RIP: 0033:0x7ff7dde24b19 [ 1758.492061] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1758.496113] RSP: 002b:00007ff7db379188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1758.497790] RAX: ffffffffffffffda RBX: 00007ff7ddf38020 RCX: 00007ff7dde24b19 [ 1758.499369] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1758.500941] RBP: 00007ff7db3791d0 R08: 0000000020000280 R09: 0000000000000000 [ 1758.502521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1758.504094] R13: 00007ffcd7e7b57f R14: 00007ff7db379300 R15: 0000000000022000 12:42:47 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(0xffffffffffffffff, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03324c4b0e"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:42:47 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:42:47 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x3, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 12:42:47 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:42:47 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03324c4b"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:42:47 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, 0x0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03324c4b0e"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:43:02 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, 0x0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03324c4b0e"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:43:02 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03324c4b0e"], 0x7bd) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:43:02 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:43:02 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03324c"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:43:02 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x4, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 12:43:02 executing program 6: socket$inet6_udplite(0xa, 0x2, 0x88) mq_open(0x0, 0x2, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 49) 12:43:02 executing program 5: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 50) 12:43:02 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 55) [ 1773.104141] FAULT_INJECTION: forcing a failure. [ 1773.104141] name failslab, interval 1, probability 0, space 0, times 0 [ 1773.105630] CPU: 1 PID: 8991 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1773.106496] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1773.107545] Call Trace: [ 1773.107886] dump_stack+0x107/0x167 [ 1773.108348] should_fail.cold+0x5/0xa [ 1773.108837] ? create_object.isra.0+0x3a/0xa30 [ 1773.109410] should_failslab+0x5/0x20 [ 1773.109895] kmem_cache_alloc+0x5b/0x310 [ 1773.110415] create_object.isra.0+0x3a/0xa30 [ 1773.110981] kmemleak_alloc_percpu+0xa0/0x100 [ 1773.111548] pcpu_alloc+0x4e2/0x1240 [ 1773.112031] __kmem_cache_create+0x35a/0x520 [ 1773.112588] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1773.113219] p9_client_create+0xc6a/0x1230 [ 1773.113766] ? p9_client_flush+0x430/0x430 [ 1773.114315] ? trace_hardirqs_on+0x5b/0x180 [ 1773.114863] ? lockdep_init_map_type+0x2c7/0x780 [ 1773.115466] ? __raw_spin_lock_init+0x36/0x110 [ 1773.116045] v9fs_session_init+0x1dd/0x1680 [ 1773.116588] ? lock_release+0x680/0x680 [ 1773.117099] ? kmem_cache_alloc_trace+0x151/0x320 [ 1773.117702] ? v9fs_show_options+0x690/0x690 [ 1773.118331] ? trace_hardirqs_on+0x5b/0x180 [ 1773.118874] ? kasan_unpoison_shadow+0x33/0x50 [ 1773.119447] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1773.120098] v9fs_mount+0x79/0x8f0 [ 1773.120546] ? v9fs_write_inode+0x60/0x60 [ 1773.121065] legacy_get_tree+0x105/0x220 [ 1773.121172] FAULT_INJECTION: forcing a failure. [ 1773.121172] name failslab, interval 1, probability 0, space 0, times 0 [ 1773.121578] vfs_get_tree+0x8e/0x300 [ 1773.121590] path_mount+0x1490/0x21e0 [ 1773.121612] ? strncpy_from_user+0x9e/0x470 [ 1773.125467] ? finish_automount+0xa90/0xa90 [ 1773.126006] ? getname_flags.part.0+0x1dd/0x4f0 [ 1773.126603] ? _copy_from_user+0xfb/0x1b0 [ 1773.127124] __x64_sys_mount+0x282/0x300 [ 1773.127630] ? copy_mnt_ns+0xa00/0xa00 [ 1773.128120] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1773.128777] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1773.129423] do_syscall_64+0x33/0x40 [ 1773.129889] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1773.130538] RIP: 0033:0x7f850d5eab19 [ 1773.131004] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1773.133295] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1773.134255] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1773.135141] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1773.136035] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1773.136925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1773.137809] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 12:43:02 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x5, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) [ 1773.138740] CPU: 0 PID: 8994 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 1773.140348] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1773.142149] Call Trace: [ 1773.142718] dump_stack+0x107/0x167 [ 1773.143515] should_fail.cold+0x5/0xa [ 1773.144335] ? create_object.isra.0+0x3a/0xa30 [ 1773.145304] should_failslab+0x5/0x20 [ 1773.146125] kmem_cache_alloc+0x5b/0x310 [ 1773.146988] ? vsnprintf+0x4ba/0x1600 [ 1773.147801] create_object.isra.0+0x3a/0xa30 [ 1773.148734] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1773.149836] __kmalloc_track_caller+0x177/0x370 [ 1773.150833] ? kasprintf+0xbb/0xf0 [ 1773.151592] kvasprintf+0xb5/0x150 [ 1773.152359] ? bust_spinlocks+0xe0/0xe0 [ 1773.153215] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1773.154360] kasprintf+0xbb/0xf0 [ 1773.155086] ? kvasprintf_const+0x1a0/0x1a0 [ 1773.156009] ? kmem_cache_free+0x249/0x2d0 [ 1773.156920] ? p9_client_create+0xbfa/0x1230 [ 1773.157865] p9_client_create+0xc1b/0x1230 [ 1773.158794] ? p9_client_flush+0x430/0x430 [ 1773.159709] ? trace_hardirqs_on+0x5b/0x180 [ 1773.160640] ? lockdep_init_map_type+0x2c7/0x780 [ 1773.161662] ? __raw_spin_lock_init+0x36/0x110 [ 1773.162659] v9fs_session_init+0x1dd/0x1680 [ 1773.163587] ? lock_release+0x680/0x680 [ 1773.164445] ? kmem_cache_alloc_trace+0x151/0x320 [ 1773.165473] ? v9fs_show_options+0x690/0x690 [ 1773.166425] ? trace_hardirqs_on+0x5b/0x180 [ 1773.167470] ? kasan_unpoison_shadow+0x33/0x50 [ 1773.168447] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1773.169530] v9fs_mount+0x79/0x8f0 [ 1773.170297] ? v9fs_write_inode+0x60/0x60 [ 1773.171184] legacy_get_tree+0x105/0x220 [ 1773.172059] vfs_get_tree+0x8e/0x300 [ 1773.172854] path_mount+0x1490/0x21e0 [ 1773.173675] ? strncpy_from_user+0x9e/0x470 [ 1773.174609] ? finish_automount+0xa90/0xa90 [ 1773.175533] ? getname_flags.part.0+0x1dd/0x4f0 [ 1773.176530] ? _copy_from_user+0xfb/0x1b0 [ 1773.177424] __x64_sys_mount+0x282/0x300 [ 1773.178306] ? copy_mnt_ns+0xa00/0xa00 [ 1773.179152] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1773.180278] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1773.181389] do_syscall_64+0x33/0x40 [ 1773.182201] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1773.183304] RIP: 0033:0x7fe30c5b6b19 [ 1773.184103] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1773.188099] RSP: 002b:00007fe309b2c188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1773.189748] RAX: ffffffffffffffda RBX: 00007fe30c6c9f60 RCX: 00007fe30c5b6b19 [ 1773.191314] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1773.192857] RBP: 00007fe309b2c1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1773.194407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1773.195945] R13: 00007ffddf17178f R14: 00007fe309b2c300 R15: 0000000000022000 12:43:02 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x6, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) [ 1773.252937] FAULT_INJECTION: forcing a failure. [ 1773.252937] name failslab, interval 1, probability 0, space 0, times 0 [ 1773.254521] CPU: 1 PID: 8993 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 1773.255365] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1773.256395] Call Trace: [ 1773.256728] dump_stack+0x107/0x167 [ 1773.257185] should_fail.cold+0x5/0xa [ 1773.257652] should_failslab+0x5/0x20 [ 1773.258126] __kmalloc_track_caller+0x79/0x370 [ 1773.258682] ? kstrdup_const+0x53/0x80 [ 1773.259155] kstrdup+0x36/0x70 [ 1773.259544] kstrdup_const+0x53/0x80 [ 1773.259999] kmem_cache_create_usercopy+0x12f/0x2f0 [ 1773.260617] p9_client_create+0xc6a/0x1230 [ 1773.261142] ? p9_client_flush+0x430/0x430 [ 1773.261675] ? trace_hardirqs_on+0x5b/0x180 [ 1773.262211] ? lockdep_init_map_type+0x2c7/0x780 [ 1773.262801] ? __raw_spin_lock_init+0x36/0x110 [ 1773.263371] v9fs_session_init+0x1dd/0x1680 [ 1773.263895] ? lock_release+0x680/0x680 [ 1773.264385] ? kmem_cache_alloc_trace+0x151/0x320 [ 1773.264986] ? v9fs_show_options+0x690/0x690 [ 1773.265526] ? trace_hardirqs_on+0x5b/0x180 [ 1773.266057] ? kasan_unpoison_shadow+0x33/0x50 [ 1773.266616] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1773.267239] v9fs_mount+0x79/0x8f0 [ 1773.267682] ? v9fs_write_inode+0x60/0x60 [ 1773.268195] legacy_get_tree+0x105/0x220 [ 1773.268690] vfs_get_tree+0x8e/0x300 [ 1773.269145] path_mount+0x1490/0x21e0 [ 1773.269617] ? strncpy_from_user+0x9e/0x470 [ 1773.270156] ? finish_automount+0xa90/0xa90 [ 1773.270687] ? getname_flags.part.0+0x1dd/0x4f0 [ 1773.271254] ? _copy_from_user+0xfb/0x1b0 [ 1773.271764] __x64_sys_mount+0x282/0x300 [ 1773.272257] ? copy_mnt_ns+0xa00/0xa00 [ 1773.272738] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1773.273382] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1773.274012] do_syscall_64+0x33/0x40 [ 1773.274470] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1773.275118] RIP: 0033:0x7ff7dde24b19 [ 1773.275567] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1773.277813] RSP: 002b:00007ff7db39a188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1773.278755] RAX: ffffffffffffffda RBX: 00007ff7ddf37f60 RCX: 00007ff7dde24b19 [ 1773.279633] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1773.280491] RBP: 00007ff7db39a1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1773.281370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1773.282248] R13: 00007ffcd7e7b57f R14: 00007ff7db39a300 R15: 0000000000022000 [ 1773.283164] kmem_cache_create(9p-fcall-cache-865) failed with error -12 [ 1773.283998] CPU: 1 PID: 8993 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 1773.284829] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1773.285853] Call Trace: [ 1773.286179] dump_stack+0x107/0x167 [ 1773.286631] kmem_cache_create_usercopy.cold+0x17/0x65 [ 1773.287270] p9_client_create+0xc6a/0x1230 [ 1773.287783] ? p9_client_flush+0x430/0x430 [ 1773.288298] ? trace_hardirqs_on+0x5b/0x180 [ 1773.288818] ? lockdep_init_map_type+0x2c7/0x780 [ 1773.289397] ? __raw_spin_lock_init+0x36/0x110 [ 1773.289951] v9fs_session_init+0x1dd/0x1680 [ 1773.290479] ? lock_release+0x680/0x680 [ 1773.290966] ? kmem_cache_alloc_trace+0x151/0x320 [ 1773.291558] ? v9fs_show_options+0x690/0x690 [ 1773.292090] ? trace_hardirqs_on+0x5b/0x180 [ 1773.292611] ? kasan_unpoison_shadow+0x33/0x50 [ 1773.293164] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1773.293775] v9fs_mount+0x79/0x8f0 [ 1773.294233] ? v9fs_write_inode+0x60/0x60 [ 1773.294729] legacy_get_tree+0x105/0x220 [ 1773.295217] vfs_get_tree+0x8e/0x300 [ 1773.295664] path_mount+0x1490/0x21e0 [ 1773.296125] ? strncpy_from_user+0x9e/0x470 [ 1773.296642] ? finish_automount+0xa90/0xa90 [ 1773.297161] ? getname_flags.part.0+0x1dd/0x4f0 [ 1773.297732] ? _copy_from_user+0xfb/0x1b0 [ 1773.298246] __x64_sys_mount+0x282/0x300 [ 1773.298734] ? copy_mnt_ns+0xa00/0xa00 [ 1773.299229] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1773.299865] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1773.300481] do_syscall_64+0x33/0x40 [ 1773.300929] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1773.301544] RIP: 0033:0x7ff7dde24b19 [ 1773.301990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1773.304206] RSP: 002b:00007ff7db39a188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1773.305121] RAX: ffffffffffffffda RBX: 00007ff7ddf37f60 RCX: 00007ff7dde24b19 [ 1773.305973] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1773.306866] RBP: 00007ff7db39a1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1773.307720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1773.308572] R13: 00007ffcd7e7b57f R14: 00007ff7db39a300 R15: 0000000000022000 12:43:02 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x7, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 12:43:02 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, 0x0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03324c4b0e"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:43:02 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x8, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 12:43:02 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 56) 12:43:02 executing program 5: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 51) 12:43:02 executing program 6: socket$inet6_udplite(0xa, 0x2, 0x88) mq_open(0x0, 0x2, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 50) 12:43:02 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03324c4b0e"], 0x7bd) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:43:02 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03324c"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:43:02 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1773.491256] FAULT_INJECTION: forcing a failure. [ 1773.491256] name failslab, interval 1, probability 0, space 0, times 0 [ 1773.492613] CPU: 1 PID: 9016 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1773.493398] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1773.494361] Call Trace: [ 1773.494680] dump_stack+0x107/0x167 [ 1773.495104] should_fail.cold+0x5/0xa [ 1773.495549] ? create_object.isra.0+0x3a/0xa30 [ 1773.496074] should_failslab+0x5/0x20 [ 1773.496521] kmem_cache_alloc+0x5b/0x310 [ 1773.496995] create_object.isra.0+0x3a/0xa30 [ 1773.497499] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1773.498098] kmem_cache_alloc_node+0x169/0x330 [ 1773.498629] __kmem_cache_create+0x10e/0x520 [ 1773.499138] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1773.499715] p9_client_create+0xc6a/0x1230 [ 1773.500206] ? p9_client_flush+0x430/0x430 [ 1773.500694] ? trace_hardirqs_on+0x5b/0x180 [ 1773.501192] ? lockdep_init_map_type+0x2c7/0x780 [ 1773.501737] ? __raw_spin_lock_init+0x36/0x110 [ 1773.502277] v9fs_session_init+0x1dd/0x1680 [ 1773.502776] ? lock_release+0x680/0x680 [ 1773.503238] ? kmem_cache_alloc_trace+0x151/0x320 [ 1773.503794] ? v9fs_show_options+0x690/0x690 [ 1773.504305] ? trace_hardirqs_on+0x5b/0x180 [ 1773.504799] ? kasan_unpoison_shadow+0x33/0x50 [ 1773.505327] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1773.505910] v9fs_mount+0x79/0x8f0 [ 1773.506326] ? v9fs_write_inode+0x60/0x60 [ 1773.506804] legacy_get_tree+0x105/0x220 [ 1773.507275] vfs_get_tree+0x8e/0x300 [ 1773.507703] path_mount+0x1490/0x21e0 [ 1773.508148] ? strncpy_from_user+0x9e/0x470 [ 1773.508643] ? finish_automount+0xa90/0xa90 [ 1773.509139] ? getname_flags.part.0+0x1dd/0x4f0 [ 1773.509680] ? _copy_from_user+0xfb/0x1b0 [ 1773.510167] __x64_sys_mount+0x282/0x300 [ 1773.510633] ? copy_mnt_ns+0xa00/0xa00 [ 1773.511084] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1773.511691] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1773.512285] do_syscall_64+0x33/0x40 [ 1773.512716] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1773.513308] RIP: 0033:0x7f850d5eab19 [ 1773.513751] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1773.515874] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1773.516760] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1773.517579] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1773.518409] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1773.519231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1773.520060] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 12:43:02 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) [ 1773.543634] FAULT_INJECTION: forcing a failure. [ 1773.543634] name failslab, interval 1, probability 0, space 0, times 0 [ 1773.546588] CPU: 0 PID: 9021 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 1773.548022] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1773.549755] Call Trace: [ 1773.550342] dump_stack+0x107/0x167 [ 1773.551117] should_fail.cold+0x5/0xa [ 1773.551925] ? create_object.isra.0+0x3a/0xa30 [ 1773.552887] should_failslab+0x5/0x20 [ 1773.553691] kmem_cache_alloc+0x5b/0x310 [ 1773.554557] ? vsnprintf+0x4ba/0x1600 [ 1773.555365] create_object.isra.0+0x3a/0xa30 [ 1773.556304] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1773.557384] __kmalloc_track_caller+0x177/0x370 [ 1773.558371] ? kasprintf+0xbb/0xf0 [ 1773.559124] kvasprintf+0xb5/0x150 [ 1773.559870] ? bust_spinlocks+0xe0/0xe0 [ 1773.560687] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1773.561806] kasprintf+0xbb/0xf0 [ 1773.562525] ? kvasprintf_const+0x1a0/0x1a0 [ 1773.563431] ? kmem_cache_free+0x249/0x2d0 [ 1773.564327] ? p9_client_create+0xbfa/0x1230 [ 1773.565256] p9_client_create+0xc1b/0x1230 [ 1773.566166] ? p9_client_flush+0x430/0x430 [ 1773.567059] ? trace_hardirqs_on+0x5b/0x180 [ 1773.567972] ? lockdep_init_map_type+0x2c7/0x780 [ 1773.568985] ? __raw_spin_lock_init+0x36/0x110 [ 1773.569921] v9fs_session_init+0x1dd/0x1680 [ 1773.570850] ? lock_release+0x680/0x680 [ 1773.571706] ? kmem_cache_alloc_trace+0x151/0x320 [ 1773.572728] ? v9fs_show_options+0x690/0x690 [ 1773.573677] ? trace_hardirqs_on+0x5b/0x180 [ 1773.574595] ? kasan_unpoison_shadow+0x33/0x50 [ 1773.575561] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1773.576648] v9fs_mount+0x79/0x8f0 [ 1773.577397] ? v9fs_write_inode+0x60/0x60 [ 1773.578294] legacy_get_tree+0x105/0x220 [ 1773.579157] vfs_get_tree+0x8e/0x300 [ 1773.579949] path_mount+0x1490/0x21e0 [ 1773.580763] ? strncpy_from_user+0x9e/0x470 [ 1773.581678] ? finish_automount+0xa90/0xa90 [ 1773.582598] ? getname_flags.part.0+0x1dd/0x4f0 [ 1773.583553] ? _copy_from_user+0xfb/0x1b0 [ 1773.584448] __x64_sys_mount+0x282/0x300 [ 1773.585308] ? copy_mnt_ns+0xa00/0xa00 [ 1773.586145] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1773.587254] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1773.588346] do_syscall_64+0x33/0x40 [ 1773.589133] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1773.590213] RIP: 0033:0x7fe30c5b6b19 [ 1773.591006] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1773.594917] RSP: 002b:00007fe309b2c188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1773.596534] RAX: ffffffffffffffda RBX: 00007fe30c6c9f60 RCX: 00007fe30c5b6b19 [ 1773.598048] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1773.599567] RBP: 00007fe309b2c1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1773.601067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1773.602587] R13: 00007ffddf17178f R14: 00007fe309b2c300 R15: 0000000000022000 [ 1773.604284] FAULT_INJECTION: forcing a failure. [ 1773.604284] name failslab, interval 1, probability 0, space 0, times 0 [ 1773.607821] CPU: 0 PID: 9018 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 1773.609275] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1773.611037] Call Trace: [ 1773.611595] dump_stack+0x107/0x167 [ 1773.612370] should_fail.cold+0x5/0xa [ 1773.613178] should_failslab+0x5/0x20 [ 1773.613979] __kmalloc_track_caller+0x79/0x370 [ 1773.614951] ? kstrdup_const+0x53/0x80 [ 1773.615773] kstrdup+0x36/0x70 [ 1773.616460] kstrdup_const+0x53/0x80 [ 1773.617245] kmem_cache_create_usercopy+0x12f/0x2f0 [ 1773.618315] p9_client_create+0xc6a/0x1230 [ 1773.619214] ? p9_client_flush+0x430/0x430 [ 1773.620105] ? trace_hardirqs_on+0x5b/0x180 [ 1773.621025] ? lockdep_init_map_type+0x2c7/0x780 [ 1773.622025] ? __raw_spin_lock_init+0x36/0x110 [ 1773.622998] v9fs_session_init+0x1dd/0x1680 [ 1773.623908] ? lock_release+0x680/0x680 [ 1773.624771] ? kmem_cache_alloc_trace+0x151/0x320 [ 1773.625786] ? v9fs_show_options+0x690/0x690 [ 1773.626731] ? trace_hardirqs_on+0x5b/0x180 [ 1773.627650] ? kasan_unpoison_shadow+0x33/0x50 [ 1773.628609] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1773.629685] v9fs_mount+0x79/0x8f0 [ 1773.630445] ? v9fs_write_inode+0x60/0x60 [ 1773.631320] legacy_get_tree+0x105/0x220 [ 1773.632182] vfs_get_tree+0x8e/0x300 [ 1773.632970] path_mount+0x1490/0x21e0 [ 1773.633785] ? strncpy_from_user+0x9e/0x470 [ 1773.634710] ? finish_automount+0xa90/0xa90 [ 1773.635618] ? getname_flags.part.0+0x1dd/0x4f0 [ 1773.636599] ? _copy_from_user+0xfb/0x1b0 [ 1773.637496] __x64_sys_mount+0x282/0x300 [ 1773.638365] ? copy_mnt_ns+0xa00/0xa00 [ 1773.639194] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1773.640303] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1773.641394] do_syscall_64+0x33/0x40 [ 1773.642205] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1773.643282] RIP: 0033:0x7ff7dde24b19 [ 1773.644065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1773.647941] RSP: 002b:00007ff7db39a188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1773.649555] RAX: ffffffffffffffda RBX: 00007ff7ddf37f60 RCX: 00007ff7dde24b19 [ 1773.651089] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1773.652603] RBP: 00007ff7db39a1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1773.654131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1773.655647] R13: 00007ffcd7e7b57f R14: 00007ff7db39a300 R15: 0000000000022000 [ 1773.657403] kmem_cache_create(9p-fcall-cache-870) failed with error -12 [ 1773.658877] CPU: 0 PID: 9018 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 1773.660319] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1773.662069] Call Trace: [ 1773.662634] dump_stack+0x107/0x167 [ 1773.663406] kmem_cache_create_usercopy.cold+0x17/0x65 [ 1773.664511] p9_client_create+0xc6a/0x1230 [ 1773.665415] ? p9_client_flush+0x430/0x430 [ 1773.666323] ? trace_hardirqs_on+0x5b/0x180 [ 1773.667233] ? lockdep_init_map_type+0x2c7/0x780 [ 1773.668233] ? __raw_spin_lock_init+0x36/0x110 [ 1773.669201] v9fs_session_init+0x1dd/0x1680 [ 1773.670116] ? lock_release+0x680/0x680 [ 1773.670964] ? kmem_cache_alloc_trace+0x151/0x320 [ 1773.671986] ? v9fs_show_options+0x690/0x690 [ 1773.672920] ? trace_hardirqs_on+0x5b/0x180 [ 1773.673828] ? kasan_unpoison_shadow+0x33/0x50 [ 1773.674788] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1773.675856] v9fs_mount+0x79/0x8f0 [ 1773.676595] ? v9fs_write_inode+0x60/0x60 [ 1773.677453] legacy_get_tree+0x105/0x220 [ 1773.678308] vfs_get_tree+0x8e/0x300 [ 1773.679082] path_mount+0x1490/0x21e0 [ 1773.679886] ? strncpy_from_user+0x9e/0x470 [ 1773.680795] ? finish_automount+0xa90/0xa90 [ 1773.681691] ? getname_flags.part.0+0x1dd/0x4f0 [ 1773.682669] ? _copy_from_user+0xfb/0x1b0 [ 1773.683545] __x64_sys_mount+0x282/0x300 [ 1773.684395] ? copy_mnt_ns+0xa00/0xa00 [ 1773.685206] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1773.686306] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1773.687383] do_syscall_64+0x33/0x40 [ 1773.688163] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1773.689227] RIP: 0033:0x7ff7dde24b19 [ 1773.690003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1773.693867] RSP: 002b:00007ff7db39a188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1773.695477] RAX: ffffffffffffffda RBX: 00007ff7ddf37f60 RCX: 00007ff7dde24b19 [ 1773.696988] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1773.698500] RBP: 00007ff7db39a1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1773.699998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1773.701487] R13: 00007ffcd7e7b57f R14: 00007ff7db39a300 R15: 0000000000022000 12:43:15 executing program 5: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 52) 12:43:15 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03324c4b0e"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:43:15 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:43:15 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03324c"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:43:15 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 57) 12:43:15 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03324c4b0e"], 0x7bd) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:43:15 executing program 6: socket$inet6_udplite(0xa, 0x2, 0x88) mq_open(0x0, 0x2, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 51) 12:43:15 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xa, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) [ 1786.333769] FAULT_INJECTION: forcing a failure. [ 1786.333769] name failslab, interval 1, probability 0, space 0, times 0 [ 1786.336256] CPU: 0 PID: 9038 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 1786.337736] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1786.339516] Call Trace: [ 1786.340091] dump_stack+0x107/0x167 [ 1786.340880] should_fail.cold+0x5/0xa [ 1786.341680] ? create_object.isra.0+0x3a/0xa30 [ 1786.342660] should_failslab+0x5/0x20 [ 1786.343473] kmem_cache_alloc+0x5b/0x310 [ 1786.344338] ? vsnprintf+0x4ba/0x1600 [ 1786.345159] create_object.isra.0+0x3a/0xa30 [ 1786.346082] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1786.347182] __kmalloc_track_caller+0x177/0x370 [ 1786.348166] ? kasprintf+0xbb/0xf0 [ 1786.348938] kvasprintf+0xb5/0x150 [ 1786.349838] ? bust_spinlocks+0xe0/0xe0 [ 1786.350852] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1786.352192] kasprintf+0xbb/0xf0 [ 1786.353051] ? kvasprintf_const+0x1a0/0x1a0 [ 1786.354040] ? kmem_cache_free+0x249/0x2d0 [ 1786.355137] ? p9_client_create+0xbfa/0x1230 [ 1786.356284] p9_client_create+0xc1b/0x1230 [ 1786.357321] ? p9_client_flush+0x430/0x430 [ 1786.358280] ? trace_hardirqs_on+0x5b/0x180 [ 1786.359244] ? lockdep_init_map_type+0x2c7/0x780 [ 1786.360312] ? __raw_spin_lock_init+0x36/0x110 [ 1786.361343] v9fs_session_init+0x1dd/0x1680 [ 1786.362317] ? lock_release+0x680/0x680 [ 1786.363227] ? kmem_cache_alloc_trace+0x151/0x320 [ 1786.364317] ? v9fs_show_options+0x690/0x690 [ 1786.365343] ? trace_hardirqs_on+0x5b/0x180 [ 1786.366358] ? kasan_unpoison_shadow+0x33/0x50 [ 1786.367415] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1786.368594] v9fs_mount+0x79/0x8f0 [ 1786.369426] ? v9fs_write_inode+0x60/0x60 [ 1786.370397] legacy_get_tree+0x105/0x220 [ 1786.371321] vfs_get_tree+0x8e/0x300 [ 1786.372149] path_mount+0x1490/0x21e0 [ 1786.372371] FAULT_INJECTION: forcing a failure. [ 1786.372371] name failslab, interval 1, probability 0, space 0, times 0 [ 1786.373034] ? strncpy_from_user+0x9e/0x470 [ 1786.373054] ? finish_automount+0xa90/0xa90 [ 1786.373084] ? getname_flags.part.0+0x1dd/0x4f0 [ 1786.379015] ? _copy_from_user+0xfb/0x1b0 [ 1786.379961] __x64_sys_mount+0x282/0x300 [ 1786.380888] ? copy_mnt_ns+0xa00/0xa00 [ 1786.381781] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1786.382996] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1786.384255] do_syscall_64+0x33/0x40 [ 1786.385224] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1786.386545] RIP: 0033:0x7ff7dde24b19 [ 1786.387409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1786.391630] RSP: 002b:00007ff7db39a188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1786.393423] RAX: ffffffffffffffda RBX: 00007ff7ddf37f60 RCX: 00007ff7dde24b19 [ 1786.395083] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1786.396734] RBP: 00007ff7db39a1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1786.398395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1786.400114] R13: 00007ffcd7e7b57f R14: 00007ff7db39a300 R15: 0000000000022000 [ 1786.401741] CPU: 1 PID: 9050 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1786.403214] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1786.404982] Call Trace: [ 1786.405547] dump_stack+0x107/0x167 [ 1786.406332] should_fail.cold+0x5/0xa [ 1786.407144] should_failslab+0x5/0x20 [ 1786.407959] __kmalloc_track_caller+0x79/0x370 [ 1786.408921] ? kstrdup_const+0x53/0x80 [ 1786.409751] kstrdup+0x36/0x70 [ 1786.410442] kstrdup_const+0x53/0x80 [ 1786.411229] kvasprintf_const+0x10c/0x1a0 [ 1786.412109] kobject_set_name_vargs+0x56/0x150 [ 1786.413090] kobject_init_and_add+0xc9/0x160 [ 1786.414034] ? kobject_create_and_add+0xb0/0xb0 [ 1786.415047] ? wait_for_completion_io+0x270/0x270 [ 1786.416057] ? kernfs_name_hash+0xe7/0x110 [ 1786.416957] ? kernfs_find_ns+0x256/0x380 [ 1786.417836] sysfs_slab_add+0x172/0x200 [ 1786.418687] __kmem_cache_create+0x3db/0x520 [ 1786.419619] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1786.420675] p9_client_create+0xc6a/0x1230 [ 1786.421573] ? p9_client_flush+0x430/0x430 [ 1786.422477] ? _raw_spin_unlock_irqrestore+0x25/0x40 [ 1786.423557] ? lockdep_init_map_type+0x2c7/0x780 [ 1786.424565] ? __raw_spin_lock_init+0x36/0x110 [ 1786.425532] v9fs_session_init+0x1dd/0x1680 [ 1786.426453] ? lock_release+0x680/0x680 [ 1786.427309] ? kmem_cache_alloc_trace+0x151/0x320 [ 1786.428331] ? v9fs_show_options+0x690/0x690 [ 1786.429265] ? trace_hardirqs_on+0x5b/0x180 [ 1786.430182] ? kasan_unpoison_shadow+0x33/0x50 [ 1786.431157] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1786.432233] v9fs_mount+0x79/0x8f0 [ 1786.432983] ? v9fs_write_inode+0x60/0x60 [ 1786.433857] legacy_get_tree+0x105/0x220 [ 1786.434737] vfs_get_tree+0x8e/0x300 [ 1786.435528] path_mount+0x1490/0x21e0 [ 1786.436343] ? strncpy_from_user+0x9e/0x470 [ 1786.437253] ? finish_automount+0xa90/0xa90 [ 1786.438169] ? getname_flags.part.0+0x1dd/0x4f0 [ 1786.439173] ? _copy_from_user+0xfb/0x1b0 [ 1786.440058] __x64_sys_mount+0x282/0x300 [ 1786.440918] ? copy_mnt_ns+0xa00/0xa00 [ 1786.441747] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1786.442885] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1786.443982] do_syscall_64+0x33/0x40 [ 1786.444767] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1786.445856] RIP: 0033:0x7f850d5eab19 [ 1786.446658] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1786.450552] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1786.452187] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1786.453703] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1786.455227] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1786.456759] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1786.458291] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 [ 1786.460578] kobject: can not set name properly! [ 1786.461772] kmem_cache_create(9p-fcall-cache-876) failed with error -12 [ 1786.462196] FAULT_INJECTION: forcing a failure. [ 1786.462196] name failslab, interval 1, probability 0, space 0, times 0 [ 1786.463247] CPU: 1 PID: 9050 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1786.463258] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1786.463264] Call Trace: [ 1786.463300] dump_stack+0x107/0x167 [ 1786.470317] kmem_cache_create_usercopy.cold+0x17/0x65 [ 1786.471417] p9_client_create+0xc6a/0x1230 [ 1786.472313] ? p9_client_flush+0x430/0x430 [ 1786.473202] ? _raw_spin_unlock_irqrestore+0x25/0x40 [ 1786.474347] ? lockdep_init_map_type+0x2c7/0x780 [ 1786.475358] ? __raw_spin_lock_init+0x36/0x110 [ 1786.476330] v9fs_session_init+0x1dd/0x1680 [ 1786.477258] ? lock_release+0x680/0x680 [ 1786.478106] ? kmem_cache_alloc_trace+0x151/0x320 [ 1786.479132] ? v9fs_show_options+0x690/0x690 [ 1786.480063] ? trace_hardirqs_on+0x5b/0x180 [ 1786.480978] ? kasan_unpoison_shadow+0x33/0x50 [ 1786.481934] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1786.483014] v9fs_mount+0x79/0x8f0 [ 1786.483768] ? v9fs_write_inode+0x60/0x60 [ 1786.484647] legacy_get_tree+0x105/0x220 [ 1786.485517] vfs_get_tree+0x8e/0x300 [ 1786.486309] path_mount+0x1490/0x21e0 [ 1786.487115] ? strncpy_from_user+0x9e/0x470 [ 1786.488045] ? finish_automount+0xa90/0xa90 [ 1786.488961] ? getname_flags.part.0+0x1dd/0x4f0 [ 1786.489962] ? _copy_from_user+0xfb/0x1b0 [ 1786.490845] __x64_sys_mount+0x282/0x300 [ 1786.491706] ? copy_mnt_ns+0xa00/0xa00 [ 1786.492529] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1786.493625] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1786.494731] do_syscall_64+0x33/0x40 [ 1786.495513] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1786.496586] RIP: 0033:0x7f850d5eab19 [ 1786.497376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1786.501253] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1786.502875] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1786.504386] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1786.505912] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1786.507441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1786.508950] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 [ 1786.510493] CPU: 0 PID: 9053 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 1786.511975] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1786.513793] Call Trace: [ 1786.514396] dump_stack+0x107/0x167 [ 1786.515190] should_fail.cold+0x5/0xa [ 1786.516016] ? create_object.isra.0+0x3a/0xa30 [ 1786.516970] should_failslab+0x5/0x20 [ 1786.517809] kmem_cache_alloc+0x5b/0x310 [ 1786.518700] create_object.isra.0+0x3a/0xa30 [ 1786.519639] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1786.520916] __kmalloc_track_caller+0x177/0x370 [ 1786.522066] ? kstrdup_const+0x53/0x80 [ 1786.522948] kstrdup+0x36/0x70 [ 1786.523658] kstrdup_const+0x53/0x80 [ 1786.524506] kmem_cache_create_usercopy+0x12f/0x2f0 [ 1786.525587] p9_client_create+0xc6a/0x1230 [ 1786.526566] ? p9_client_flush+0x430/0x430 [ 1786.527527] ? trace_hardirqs_on+0x5b/0x180 [ 1786.528506] ? lockdep_init_map_type+0x2c7/0x780 [ 1786.529588] ? __raw_spin_lock_init+0x36/0x110 [ 1786.530764] v9fs_session_init+0x1dd/0x1680 [ 1786.531745] ? lock_release+0x680/0x680 [ 1786.532662] ? kmem_cache_alloc_trace+0x151/0x320 [ 1786.533743] ? v9fs_show_options+0x690/0x690 [ 1786.534760] ? trace_hardirqs_on+0x5b/0x180 [ 1786.535733] ? kasan_unpoison_shadow+0x33/0x50 [ 1786.536757] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1786.537888] v9fs_mount+0x79/0x8f0 [ 1786.538700] ? v9fs_write_inode+0x60/0x60 [ 1786.539636] legacy_get_tree+0x105/0x220 [ 1786.540492] vfs_get_tree+0x8e/0x300 [ 1786.541433] path_mount+0x1490/0x21e0 [ 1786.542320] ? strncpy_from_user+0x9e/0x470 [ 1786.543294] ? finish_automount+0xa90/0xa90 [ 1786.544198] ? getname_flags.part.0+0x1dd/0x4f0 [ 1786.545386] ? _copy_from_user+0xfb/0x1b0 [ 1786.546349] __x64_sys_mount+0x282/0x300 [ 1786.547357] ? copy_mnt_ns+0xa00/0xa00 [ 1786.548221] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1786.549335] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1786.550507] do_syscall_64+0x33/0x40 [ 1786.551358] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1786.552583] RIP: 0033:0x7fe30c5b6b19 [ 1786.553553] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1786.557642] RSP: 002b:00007fe309b2c188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1786.559220] RAX: ffffffffffffffda RBX: 00007fe30c6c9f60 RCX: 00007fe30c5b6b19 [ 1786.560679] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1786.562177] RBP: 00007fe309b2c1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1786.563668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1786.565136] R13: 00007ffddf17178f R14: 00007fe309b2c300 R15: 0000000000022000 12:43:15 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03324c"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:43:15 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03324c4b0e"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:43:15 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03324c4b"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:43:30 executing program 5: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 53) 12:43:30 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 12:43:30 executing program 6: socket$inet6_udplite(0xa, 0x2, 0x88) mq_open(0x0, 0x2, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 52) 12:43:30 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03324c4b"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:43:30 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03324c"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:43:30 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp6\x00') read(r1, &(0x7f00000002c0)=""/225, 0xe1) read(r1, &(0x7f00000003c0)=""/225, 0xe1) (fail_nth: 1) 12:43:30 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 58) 12:43:30 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03324c4b0e"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, 0x0) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1801.839453] FAULT_INJECTION: forcing a failure. [ 1801.839453] name failslab, interval 1, probability 0, space 0, times 0 [ 1801.841215] CPU: 1 PID: 9076 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 1801.842186] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1801.843400] Call Trace: [ 1801.843791] dump_stack+0x107/0x167 [ 1801.844309] should_fail.cold+0x5/0xa [ 1801.844849] ? __kmem_cache_create+0x10e/0x520 [ 1801.845490] should_failslab+0x5/0x20 [ 1801.846026] kmem_cache_alloc_node+0x55/0x330 [ 1801.846667] __kmem_cache_create+0x10e/0x520 [ 1801.847288] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1801.847993] p9_client_create+0xc6a/0x1230 [ 1801.848602] ? p9_client_flush+0x430/0x430 [ 1801.849202] ? trace_hardirqs_on+0x5b/0x180 [ 1801.849813] ? lockdep_init_map_type+0x2c7/0x780 [ 1801.850488] ? __raw_spin_lock_init+0x36/0x110 [ 1801.851142] v9fs_session_init+0x1dd/0x1680 [ 1801.851750] ? lock_release+0x680/0x680 [ 1801.852318] ? kmem_cache_alloc_trace+0x151/0x320 [ 1801.852996] ? v9fs_show_options+0x690/0x690 [ 1801.853624] ? trace_hardirqs_on+0x5b/0x180 [ 1801.854239] ? kasan_unpoison_shadow+0x33/0x50 [ 1801.854892] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1801.855617] v9fs_mount+0x79/0x8f0 [ 1801.856131] ? v9fs_write_inode+0x60/0x60 [ 1801.856713] legacy_get_tree+0x105/0x220 [ 1801.857290] vfs_get_tree+0x8e/0x300 [ 1801.857815] path_mount+0x1490/0x21e0 [ 1801.858363] ? strncpy_from_user+0x9e/0x470 [ 1801.858982] ? finish_automount+0xa90/0xa90 [ 1801.859593] ? getname_flags.part.0+0x1dd/0x4f0 [ 1801.860259] ? _copy_from_user+0xfb/0x1b0 [ 1801.860849] __x64_sys_mount+0x282/0x300 [ 1801.861419] ? copy_mnt_ns+0xa00/0xa00 [ 1801.861972] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1801.862725] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1801.863470] do_syscall_64+0x33/0x40 [ 1801.863995] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1801.864724] RIP: 0033:0x7ff7dde24b19 [ 1801.865249] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1801.867861] RSP: 002b:00007ff7db39a188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1801.868933] RAX: ffffffffffffffda RBX: 00007ff7ddf37f60 RCX: 00007ff7dde24b19 [ 1801.869942] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1801.870951] RBP: 00007ff7db39a1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1801.871955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1801.872956] R13: 00007ffcd7e7b57f R14: 00007ff7db39a300 R15: 0000000000022000 [ 1801.874049] kmem_cache_create(9p-fcall-cache-881) failed with error -22 [ 1801.875021] CPU: 1 PID: 9076 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 1801.875453] FAULT_INJECTION: forcing a failure. [ 1801.875453] name failslab, interval 1, probability 0, space 0, times 0 [ 1801.875981] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1801.875993] Call Trace: [ 1801.879887] dump_stack+0x107/0x167 [ 1801.880405] kmem_cache_create_usercopy.cold+0x17/0x65 [ 1801.881143] p9_client_create+0xc6a/0x1230 [ 1801.881758] ? p9_client_flush+0x430/0x430 [ 1801.882350] ? trace_hardirqs_on+0x5b/0x180 [ 1801.882982] ? lockdep_init_map_type+0x2c7/0x780 [ 1801.883654] ? __raw_spin_lock_init+0x36/0x110 [ 1801.884302] v9fs_session_init+0x1dd/0x1680 [ 1801.884911] ? lock_release+0x680/0x680 [ 1801.885475] ? kmem_cache_alloc_trace+0x151/0x320 [ 1801.886155] ? v9fs_show_options+0x690/0x690 [ 1801.886804] ? trace_hardirqs_on+0x5b/0x180 [ 1801.887412] ? kasan_unpoison_shadow+0x33/0x50 [ 1801.888067] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1801.888781] v9fs_mount+0x79/0x8f0 [ 1801.889282] ? v9fs_write_inode+0x60/0x60 [ 1801.889863] legacy_get_tree+0x105/0x220 [ 1801.890452] vfs_get_tree+0x8e/0x300 [ 1801.890991] path_mount+0x1490/0x21e0 [ 1801.891529] ? strncpy_from_user+0x9e/0x470 [ 1801.892138] ? finish_automount+0xa90/0xa90 [ 1801.892747] ? getname_flags.part.0+0x1dd/0x4f0 [ 1801.893408] ? _copy_from_user+0xfb/0x1b0 [ 1801.894003] __x64_sys_mount+0x282/0x300 [ 1801.894606] ? copy_mnt_ns+0xa00/0xa00 [ 1801.895156] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1801.895891] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1801.896625] do_syscall_64+0x33/0x40 [ 1801.897151] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1801.897871] RIP: 0033:0x7ff7dde24b19 [ 1801.898402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1801.900995] RSP: 002b:00007ff7db39a188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1801.902070] RAX: ffffffffffffffda RBX: 00007ff7ddf37f60 RCX: 00007ff7dde24b19 [ 1801.903135] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1801.904187] RBP: 00007ff7db39a1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1801.905236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1801.906284] R13: 00007ffcd7e7b57f R14: 00007ff7db39a300 R15: 0000000000022000 [ 1801.907371] CPU: 0 PID: 9079 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1801.908874] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1801.910700] Call Trace: [ 1801.911277] dump_stack+0x107/0x167 [ 1801.912080] should_fail.cold+0x5/0xa 12:43:30 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x10, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) [ 1801.912915] ? create_object.isra.0+0x3a/0xa30 [ 1801.914012] should_failslab+0x5/0x20 [ 1801.914854] kmem_cache_alloc+0x5b/0x310 [ 1801.915754] create_object.isra.0+0x3a/0xa30 [ 1801.916724] kmemleak_alloc_percpu+0xa0/0x100 [ 1801.917119] FAULT_INJECTION: forcing a failure. [ 1801.917119] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1801.917708] pcpu_alloc+0x4e2/0x1240 [ 1801.917744] __kmem_cache_create+0x35a/0x520 [ 1801.917770] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1801.922341] p9_client_create+0xc6a/0x1230 [ 1801.923282] ? p9_client_flush+0x430/0x430 [ 1801.924207] ? trace_hardirqs_on+0x5b/0x180 [ 1801.925131] ? lockdep_init_map_type+0x2c7/0x780 [ 1801.926144] ? __raw_spin_lock_init+0x36/0x110 [ 1801.927131] v9fs_session_init+0x1dd/0x1680 [ 1801.928054] ? lock_release+0x680/0x680 [ 1801.928914] ? kmem_cache_alloc_trace+0x151/0x320 [ 1801.929943] ? v9fs_show_options+0x690/0x690 [ 1801.930905] ? trace_hardirqs_on+0x5b/0x180 [ 1801.931828] ? kasan_unpoison_shadow+0x33/0x50 [ 1801.932802] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1801.933886] v9fs_mount+0x79/0x8f0 [ 1801.934651] ? v9fs_write_inode+0x60/0x60 [ 1801.935535] legacy_get_tree+0x105/0x220 [ 1801.936404] vfs_get_tree+0x8e/0x300 [ 1801.937204] path_mount+0x1490/0x21e0 [ 1801.938025] ? strncpy_from_user+0x9e/0x470 [ 1801.938954] ? finish_automount+0xa90/0xa90 [ 1801.939882] ? getname_flags.part.0+0x1dd/0x4f0 [ 1801.940878] ? _copy_from_user+0xfb/0x1b0 [ 1801.941773] __x64_sys_mount+0x282/0x300 [ 1801.942648] ? copy_mnt_ns+0xa00/0xa00 [ 1801.943482] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1801.944603] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1801.945708] do_syscall_64+0x33/0x40 [ 1801.946517] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1801.947610] RIP: 0033:0x7f850d5eab19 [ 1801.948405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1801.952324] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1801.953961] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1801.955502] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1801.957034] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1801.958576] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1801.960115] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 [ 1801.961672] CPU: 1 PID: 9085 Comm: syz-executor.4 Not tainted 5.10.246 #1 [ 1801.962701] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1801.963918] Call Trace: [ 1801.964290] dump_stack+0x107/0x167 [ 1801.964808] should_fail.cold+0x5/0xa [ 1801.965346] _copy_to_user+0x2e/0x180 [ 1801.965885] simple_read_from_buffer+0xcc/0x160 [ 1801.966564] proc_fail_nth_read+0x198/0x230 [ 1801.967172] ? proc_sessionid_read+0x230/0x230 [ 1801.967812] ? security_file_permission+0xb1/0xe0 [ 1801.968490] ? proc_sessionid_read+0x230/0x230 [ 1801.969133] vfs_read+0x228/0x620 [ 1801.969625] ksys_read+0x12d/0x260 [ 1801.970124] ? vfs_write+0xb10/0xb10 [ 1801.970672] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1801.971406] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1801.972133] do_syscall_64+0x33/0x40 [ 1801.972654] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1801.973370] RIP: 0033:0x7f976c1e169c [ 1801.973891] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 1801.976495] RSP: 002b:00007f97697a4170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1801.977569] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f976c1e169c [ 1801.978589] RDX: 000000000000000f RSI: 00007f97697a41e0 RDI: 0000000000000005 [ 1801.979608] RBP: 00007f97697a41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1801.980605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1801.981611] R13: 00007ffe8e23246f R14: 00007f97697a4300 R15: 0000000000022000 12:43:31 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03324c4b"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:43:31 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp6\x00') read(r1, &(0x7f00000002c0)=""/225, 0xe1) read(r1, &(0x7f00000003c0)=""/225, 0xe1) [ 1802.047204] FAULT_INJECTION: forcing a failure. [ 1802.047204] name failslab, interval 1, probability 0, space 0, times 0 [ 1802.049679] CPU: 0 PID: 9086 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 1802.051145] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1802.052922] Call Trace: [ 1802.053490] dump_stack+0x107/0x167 [ 1802.054269] should_fail.cold+0x5/0xa [ 1802.055091] ? create_object.isra.0+0x3a/0xa30 [ 1802.056065] should_failslab+0x5/0x20 [ 1802.056877] kmem_cache_alloc+0x5b/0x310 [ 1802.057751] create_object.isra.0+0x3a/0xa30 [ 1802.058692] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1802.059781] kmem_cache_alloc+0x159/0x310 [ 1802.060665] kmem_cache_create_usercopy+0x190/0x2f0 [ 1802.061733] p9_client_create+0xc6a/0x1230 [ 1802.062648] ? p9_client_flush+0x430/0x430 [ 1802.063553] ? trace_hardirqs_on+0x5b/0x180 [ 1802.064476] ? lockdep_init_map_type+0x2c7/0x780 [ 1802.065488] ? __raw_spin_lock_init+0x36/0x110 [ 1802.066480] v9fs_session_init+0x1dd/0x1680 [ 1802.067403] ? lock_release+0x680/0x680 [ 1802.068259] ? kmem_cache_alloc_trace+0x151/0x320 [ 1802.069287] ? v9fs_show_options+0x690/0x690 [ 1802.070240] ? trace_hardirqs_on+0x5b/0x180 [ 1802.071162] ? kasan_unpoison_shadow+0x33/0x50 [ 1802.072302] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1802.073374] v9fs_mount+0x79/0x8f0 [ 1802.074124] ? v9fs_write_inode+0x60/0x60 [ 1802.075027] legacy_get_tree+0x105/0x220 [ 1802.075887] vfs_get_tree+0x8e/0x300 [ 1802.076669] path_mount+0x1490/0x21e0 [ 1802.077481] ? strncpy_from_user+0x9e/0x470 [ 1802.078387] ? finish_automount+0xa90/0xa90 [ 1802.079312] ? getname_flags.part.0+0x1dd/0x4f0 [ 1802.080291] ? _copy_from_user+0xfb/0x1b0 [ 1802.081171] __x64_sys_mount+0x282/0x300 [ 1802.082024] ? copy_mnt_ns+0xa00/0xa00 [ 1802.082855] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1802.083958] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1802.085048] do_syscall_64+0x33/0x40 [ 1802.085833] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1802.086919] RIP: 0033:0x7fe30c5b6b19 [ 1802.087701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1802.091574] RSP: 002b:00007fe309b2c188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1802.093176] RAX: ffffffffffffffda RBX: 00007fe30c6c9f60 RCX: 00007fe30c5b6b19 [ 1802.094687] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1802.096182] RBP: 00007fe309b2c1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1802.097680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1802.099180] R13: 00007ffddf17178f R14: 00007fe309b2c300 R15: 0000000000022000 12:43:31 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x2e, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 12:43:31 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03324c"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, &(0x7f0000000140)={'lo\x00'}) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 12:43:31 executing program 5: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 54) 12:43:31 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp6\x00') read(r1, &(0x7f00000002c0)=""/225, 0xe1) read(r1, &(0x7f00000003c0)=""/225, 0x61) 12:43:31 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 59) 12:43:31 executing program 6: socket$inet6_udplite(0xa, 0x2, 0x88) mq_open(0x0, 0x2, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 53) 12:43:31 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) r2 = mq_open(&(0x7f0000000100)='wfdno', 0x2, 0x1a5, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) io_uring_enter(r1, 0xae0, 0xa518, 0x2, &(0x7f00000002c0)={[0xa]}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) r6 = dup2(r5, r5) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$binfmt_elf64(r5, &(0x7f0000000fc0)=ANY=[@ANYBLOB="7f454c460509071f090000000000000002000300000000009f030000000000004000000000000000460300000000000000000000a80038000100d9b5008004000300000002000000e69f000000000000a60000000000000044000000000000003f00000000000000c70d000000000000f7ffffffffffffff0b02badd675e7a76d81b0a2ba82a3fb57f3c78fbfddbcfdfdbb663fc2015a834a400c38cc9c1eda0c98449bde7f9fb11b015021b68cb3332051b5252fbc38d1b2b4f600c1c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000012dc2985f511970e94f621318e9883dca174faabfc867757aa33317471347b06c4f6631f215ec99f3439524dee6e553b78a5a3ddbfae67264513d01578d681ed12d666e97c65c84c1c2df75e9242e233c8b2c5c98c7d03324c4b0e"], 0x7bd) ioctl$sock_SIOCGIFINDEX(r7, 0x8914, 0x0) fcntl$setflags(r7, 0x2, 0x0) ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000240), 0x3002808, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r2, @ANYBLOB=',cachetag=,version=9p2000.L,version=9p2000.L,noextend,version=9p2000.L,access=any,dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c63616368657461673d2c76657273696f6e3d3970323030302e4c2c7375626a5f726f6c653d2526267d243a2c27892c6d6561737572652c00"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1802.406473] FAULT_INJECTION: forcing a failure. [ 1802.406473] name failslab, interval 1, probability 0, space 0, times 0 [ 1802.408995] CPU: 0 PID: 9103 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1802.410495] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1802.412306] Call Trace: [ 1802.412886] dump_stack+0x107/0x167 [ 1802.413683] should_fail.cold+0x5/0xa [ 1802.414528] should_failslab+0x5/0x20 [ 1802.415360] __kmalloc_track_caller+0x79/0x370 [ 1802.416355] ? kstrdup_const+0x53/0x80 [ 1802.417207] kstrdup+0x36/0x70 [ 1802.417908] kstrdup_const+0x53/0x80 [ 1802.418729] __kernfs_new_node+0x9d/0x860 [ 1802.419635] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1802.420685] ? lock_acquire+0x197/0x470 [ 1802.421566] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1802.422726] ? lock_release+0x680/0x680 [ 1802.423593] ? find_held_lock+0x2c/0x110 [ 1802.424486] kernfs_new_node+0x18d/0x250 [ 1802.425375] kernfs_create_dir_ns+0x49/0x160 [ 1802.426326] sysfs_create_dir_ns+0x127/0x290 [ 1802.427291] ? sysfs_create_mount_point+0xb0/0xb0 [ 1802.428331] ? rwlock_bug.part.0+0x90/0x90 [ 1802.429252] ? do_raw_spin_unlock+0x4f/0x220 [ 1802.430207] kobject_add_internal+0x25e/0xa30 [ 1802.431192] kobject_init_and_add+0x101/0x160 [ 1802.432152] ? kobject_create_and_add+0xb0/0xb0 [ 1802.433162] ? wait_for_completion_io+0x270/0x270 [ 1802.434180] ? kernfs_name_hash+0xe7/0x110 [ 1802.435092] ? kernfs_find_ns+0x256/0x380 [ 1802.435977] sysfs_slab_add+0x172/0x200 [ 1802.436833] __kmem_cache_create+0x3db/0x520 [ 1802.437806] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1802.438901] p9_client_create+0xc6a/0x1230 [ 1802.439821] ? p9_client_flush+0x430/0x430 [ 1802.440737] ? trace_hardirqs_on+0x5b/0x180 [ 1802.441663] ? lockdep_init_map_type+0x2c7/0x780 [ 1802.442695] ? __raw_spin_lock_init+0x36/0x110 [ 1802.443685] v9fs_session_init+0x1dd/0x1680 [ 1802.444612] ? lock_release+0x680/0x680 [ 1802.445474] ? kmem_cache_alloc_trace+0x151/0x320 [ 1802.446519] ? v9fs_show_options+0x690/0x690 [ 1802.447468] ? trace_hardirqs_on+0x5b/0x180 [ 1802.448392] ? kasan_unpoison_shadow+0x33/0x50 [ 1802.449372] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1802.450470] v9fs_mount+0x79/0x8f0 [ 1802.451239] ? v9fs_write_inode+0x60/0x60 [ 1802.452124] legacy_get_tree+0x105/0x220 [ 1802.452996] vfs_get_tree+0x8e/0x300 [ 1802.453794] path_mount+0x1490/0x21e0 [ 1802.454631] ? strncpy_from_user+0x9e/0x470 [ 1802.455553] ? finish_automount+0xa90/0xa90 [ 1802.456487] ? getname_flags.part.0+0x1dd/0x4f0 [ 1802.457479] ? _copy_from_user+0xfb/0x1b0 [ 1802.458369] __x64_sys_mount+0x282/0x300 [ 1802.459245] ? copy_mnt_ns+0xa00/0xa00 [ 1802.460076] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1802.461187] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1802.462277] do_syscall_64+0x33/0x40 [ 1802.463076] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1802.464160] RIP: 0033:0x7f850d5eab19 [ 1802.464949] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1802.468831] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1802.470454] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1802.471964] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1802.473467] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1802.474970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1802.476463] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 [ 1802.478203] kobject_add_internal failed for 9p-fcall-cache-885 (error: -12 parent: slab) [ 1802.480019] kmem_cache_create(9p-fcall-cache-885) failed with error -12 [ 1802.481460] CPU: 0 PID: 9103 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1802.482030] FAULT_INJECTION: forcing a failure. [ 1802.482030] name failslab, interval 1, probability 0, space 0, times 0 [ 1802.482902] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1802.482909] Call Trace: [ 1802.482936] dump_stack+0x107/0x167 [ 1802.487294] kmem_cache_create_usercopy.cold+0x17/0x65 [ 1802.488402] p9_client_create+0xc6a/0x1230 [ 1802.489298] ? p9_client_flush+0x430/0x430 [ 1802.490182] ? trace_hardirqs_on+0x5b/0x180 [ 1802.491091] ? lockdep_init_map_type+0x2c7/0x780 [ 1802.492080] ? __raw_spin_lock_init+0x36/0x110 [ 1802.493043] v9fs_session_init+0x1dd/0x1680 [ 1802.493945] ? lock_release+0x680/0x680 [ 1802.494792] ? kmem_cache_alloc_trace+0x151/0x320 [ 1802.495800] ? v9fs_show_options+0x690/0x690 [ 1802.496727] ? trace_hardirqs_on+0x5b/0x180 [ 1802.497636] ? kasan_unpoison_shadow+0x33/0x50 [ 1802.498596] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1802.499659] v9fs_mount+0x79/0x8f0 [ 1802.500406] ? v9fs_write_inode+0x60/0x60 [ 1802.501271] legacy_get_tree+0x105/0x220 [ 1802.502122] vfs_get_tree+0x8e/0x300 [ 1802.502907] path_mount+0x1490/0x21e0 [ 1802.503716] ? strncpy_from_user+0x9e/0x470 [ 1802.504704] ? finish_automount+0xa90/0xa90 [ 1802.505740] ? getname_flags.part.0+0x1dd/0x4f0 [ 1802.506860] ? _copy_from_user+0xfb/0x1b0 [ 1802.507854] __x64_sys_mount+0x282/0x300 [ 1802.508828] ? copy_mnt_ns+0xa00/0xa00 [ 1802.509767] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1802.511042] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1802.512273] do_syscall_64+0x33/0x40 [ 1802.513164] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1802.514385] RIP: 0033:0x7f850d5eab19 [ 1802.515279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1802.519669] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1802.521469] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1802.523197] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1802.524891] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1802.526595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1802.528275] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 [ 1802.529985] CPU: 1 PID: 9114 Comm: syz-executor.5 Not tainted 5.10.246 #1 [ 1802.530794] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1802.531769] Call Trace: [ 1802.532076] dump_stack+0x107/0x167 [ 1802.532505] should_fail.cold+0x5/0xa [ 1802.532953] ? create_object.isra.0+0x3a/0xa30 [ 1802.533485] should_failslab+0x5/0x20 [ 1802.533928] kmem_cache_alloc+0x5b/0x310 [ 1802.534413] create_object.isra.0+0x3a/0xa30 [ 1802.534922] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1802.535513] kmem_cache_alloc_node+0x169/0x330 [ 1802.536048] __kmem_cache_create+0x10e/0x520 [ 1802.536561] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1802.537148] p9_client_create+0xc6a/0x1230 [ 1802.537646] ? p9_client_flush+0x430/0x430 [ 1802.538140] ? trace_hardirqs_on+0x5b/0x180 [ 1802.538651] ? lockdep_init_map_type+0x2c7/0x780 [ 1802.539202] ? __raw_spin_lock_init+0x36/0x110 [ 1802.539735] v9fs_session_init+0x1dd/0x1680 [ 1802.540236] ? lock_release+0x680/0x680 [ 1802.540702] ? kmem_cache_alloc_trace+0x151/0x320 [ 1802.541261] ? v9fs_show_options+0x690/0x690 [ 1802.541777] ? trace_hardirqs_on+0x5b/0x180 [ 1802.542279] ? kasan_unpoison_shadow+0x33/0x50 [ 1802.542817] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1802.543413] v9fs_mount+0x79/0x8f0 [ 1802.543827] ? v9fs_write_inode+0x60/0x60 [ 1802.544309] legacy_get_tree+0x105/0x220 [ 1802.544781] vfs_get_tree+0x8e/0x300 [ 1802.545213] path_mount+0x1490/0x21e0 [ 1802.545661] ? strncpy_from_user+0x9e/0x470 [ 1802.546162] ? finish_automount+0xa90/0xa90 [ 1802.546672] ? getname_flags.part.0+0x1dd/0x4f0 [ 1802.547213] ? _copy_from_user+0xfb/0x1b0 [ 1802.547700] __x64_sys_mount+0x282/0x300 [ 1802.548174] ? copy_mnt_ns+0xa00/0xa00 [ 1802.548626] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1802.549230] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1802.549825] do_syscall_64+0x33/0x40 [ 1802.550263] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1802.550861] RIP: 0033:0x7ff7dde24b19 [ 1802.551290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1802.553408] RSP: 002b:00007ff7db39a188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1802.554286] RAX: ffffffffffffffda RBX: 00007ff7ddf37f60 RCX: 00007ff7dde24b19 [ 1802.555109] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1802.555929] RBP: 00007ff7db39a1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1802.556745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1802.557564] R13: 00007ffcd7e7b57f R14: 00007ff7db39a300 R15: 0000000000022000 12:43:31 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp6\x00') read(r1, &(0x7f00000002c0)=""/225, 0xe1) read(r1, &(0x7f00000003c0)=""/225, 0x3fff) 12:43:31 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x48, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 12:43:31 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp6\x00') read(r1, &(0x7f00000002c0)=""/225, 0xe1) read(r1, &(0x7f00000003c0)=""/225, 0x200004a1) [ 1802.611179] FAULT_INJECTION: forcing a failure. [ 1802.611179] name failslab, interval 1, probability 0, space 0, times 0 [ 1802.613751] CPU: 0 PID: 9105 Comm: syz-executor.6 Not tainted 5.10.246 #1 [ 1802.615289] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1802.617166] Call Trace: [ 1802.617761] dump_stack+0x107/0x167 [ 1802.618594] should_fail.cold+0x5/0xa [ 1802.619456] ? create_object.isra.0+0x3a/0xa30 [ 1802.620507] should_failslab+0x5/0x20 [ 1802.621362] kmem_cache_alloc+0x5b/0x310 [ 1802.622284] create_object.isra.0+0x3a/0xa30 [ 1802.623281] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1802.624427] kmem_cache_alloc+0x159/0x310 [ 1802.625362] kmem_cache_create_usercopy+0x190/0x2f0 [ 1802.626498] p9_client_create+0xc6a/0x1230 [ 1802.627451] ? p9_client_flush+0x430/0x430 [ 1802.628404] ? trace_hardirqs_on+0x5b/0x180 [ 1802.629379] ? lockdep_init_map_type+0x2c7/0x780 [ 1802.630448] ? __raw_spin_lock_init+0x36/0x110 [ 1802.631475] v9fs_session_init+0x1dd/0x1680 [ 1802.632442] ? lock_release+0x680/0x680 [ 1802.633347] ? kmem_cache_alloc_trace+0x151/0x320 [ 1802.634445] ? v9fs_show_options+0x690/0x690 [ 1802.635460] ? trace_hardirqs_on+0x5b/0x180 [ 1802.636434] ? kasan_unpoison_shadow+0x33/0x50 [ 1802.637453] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1802.638593] v9fs_mount+0x79/0x8f0 [ 1802.639389] ? v9fs_write_inode+0x60/0x60 [ 1802.640312] legacy_get_tree+0x105/0x220 [ 1802.641232] vfs_get_tree+0x8e/0x300 [ 1802.642067] path_mount+0x1490/0x21e0 [ 1802.642942] ? strncpy_from_user+0x9e/0x470 [ 1802.643914] ? finish_automount+0xa90/0xa90 [ 1802.644892] ? getname_flags.part.0+0x1dd/0x4f0 [ 1802.645948] ? _copy_from_user+0xfb/0x1b0 [ 1802.646908] __x64_sys_mount+0x282/0x300 [ 1802.647834] ? copy_mnt_ns+0xa00/0xa00 [ 1802.648715] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1802.649895] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1802.651086] do_syscall_64+0x33/0x40 [ 1802.651922] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1802.653069] RIP: 0033:0x7fe30c5b6b19 [ 1802.653903] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1802.658060] RSP: 002b:00007fe309b2c188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1802.659777] RAX: ffffffffffffffda RBX: 00007fe30c6c9f60 RCX: 00007fe30c5b6b19 [ 1802.661370] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1802.662993] RBP: 00007fe309b2c1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1802.664598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1802.666206] R13: 00007ffddf17178f R14: 00007fe309b2c300 R15: 0000000000022000 12:43:31 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x4c, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 12:43:31 executing program 0: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 60) 12:43:31 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x7fffffff) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp6\x00') r2 = syz_open_procfs(0x0, &(0x7f0000000000)='oom_score_adj\x00') write$cgroup_int(r2, &(0x7f0000000040), 0x12) read(r2, &(0x7f0000000080)=""/227, 0xe3) read(r1, &(0x7f00000003c0)=""/225, 0xe1) 12:43:31 executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x68, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) [ 1802.767507] FAULT_INJECTION: forcing a failure. [ 1802.767507] name failslab, interval 1, probability 0, space 0, times 0 [ 1802.768918] CPU: 1 PID: 9134 Comm: syz-executor.0 Not tainted 5.10.246 #1 [ 1802.769691] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1802.770641] Call Trace: [ 1802.770946] dump_stack+0x107/0x167 [ 1802.771357] should_fail.cold+0x5/0xa [ 1802.771789] ? create_object.isra.0+0x3a/0xa30 [ 1802.772303] should_failslab+0x5/0x20 [ 1802.772743] kmem_cache_alloc+0x5b/0x310 [ 1802.773204] create_object.isra.0+0x3a/0xa30 [ 1802.773699] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1802.774272] __kmalloc_track_caller+0x177/0x370 [ 1802.774805] ? kstrdup_const+0x53/0x80 [ 1802.775243] kstrdup+0x36/0x70 [ 1802.775603] kstrdup_const+0x53/0x80 [ 1802.776023] __kernfs_new_node+0x9d/0x860 [ 1802.776487] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1802.777024] ? lock_acquire+0x197/0x470 [ 1802.777472] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1802.778063] ? lock_release+0x680/0x680 [ 1802.778521] ? find_held_lock+0x2c/0x110 [ 1802.778982] kernfs_new_node+0x18d/0x250 [ 1802.779443] kernfs_create_dir_ns+0x49/0x160 [ 1802.779938] sysfs_create_dir_ns+0x127/0x290 [ 1802.780429] ? sysfs_create_mount_point+0xb0/0xb0 [ 1802.780970] ? rwlock_bug.part.0+0x90/0x90 [ 1802.781448] ? do_raw_spin_unlock+0x4f/0x220 [ 1802.781946] kobject_add_internal+0x25e/0xa30 [ 1802.782463] kobject_init_and_add+0x101/0x160 [ 1802.782969] ? kobject_create_and_add+0xb0/0xb0 [ 1802.783495] ? wait_for_completion_io+0x270/0x270 [ 1802.784033] ? kernfs_name_hash+0xe7/0x110 [ 1802.784510] ? kernfs_find_ns+0x256/0x380 [ 1802.784984] sysfs_slab_add+0x172/0x200 [ 1802.785432] __kmem_cache_create+0x3db/0x520 [ 1802.785932] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1802.786502] p9_client_create+0xc6a/0x1230 [ 1802.786984] ? p9_client_flush+0x430/0x430 [ 1802.787465] ? trace_hardirqs_on+0x5b/0x180 [ 1802.787954] ? lockdep_init_map_type+0x2c7/0x780 [ 1802.788492] ? __raw_spin_lock_init+0x36/0x110 [ 1802.789013] v9fs_session_init+0x1dd/0x1680 [ 1802.789502] ? lock_release+0x680/0x680 [ 1802.789958] ? kmem_cache_alloc_trace+0x151/0x320 [ 1802.790507] ? v9fs_show_options+0x690/0x690 [ 1802.791008] ? trace_hardirqs_on+0x5b/0x180 [ 1802.791495] ? kasan_unpoison_shadow+0x33/0x50 [ 1802.792009] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1802.792581] v9fs_mount+0x79/0x8f0 [ 1802.792983] ? v9fs_write_inode+0x60/0x60 [ 1802.793449] legacy_get_tree+0x105/0x220 [ 1802.793907] vfs_get_tree+0x8e/0x300 [ 1802.794325] path_mount+0x1490/0x21e0 [ 1802.794831] ? strncpy_from_user+0x9e/0x470 [ 1802.795313] ? finish_automount+0xa90/0xa90 [ 1802.795795] ? getname_flags.part.0+0x1dd/0x4f0 [ 1802.796313] ? _copy_from_user+0xfb/0x1b0 [ 1802.796782] __x64_sys_mount+0x282/0x300 [ 1802.797238] ? copy_mnt_ns+0xa00/0xa00 [ 1802.797678] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1802.798266] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1802.798861] do_syscall_64+0x33/0x40 [ 1802.799282] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1802.799858] RIP: 0033:0x7f850d5eab19 [ 1802.800275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1802.802338] RSP: 002b:00007f850ab60188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1802.803207] RAX: ffffffffffffffda RBX: 00007f850d6fdf60 RCX: 00007f850d5eab19 [ 1802.804008] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1802.804811] RBP: 00007f850ab601d0 R08: 0000000020000280 R09: 0000000000000000 [ 1802.805618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1802.806428] R13: 00007ffc9f93404f R14: 00007f850ab60300 R15: 0000000000022000 [ 1814.516231] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) BUG: memory leak unreferenced object 0xffff88800997fa80 (size 32): comm "syz-executor.0", pid 9103, jiffies 4296469308 (age 19.319s) hex dump (first 32 bytes): 39 70 2d 66 63 61 6c 6c 2d 63 61 63 68 65 2d 38 9p-fcall-cache-8 38 35 00 09 80 88 ff ff 12 00 00 00 00 00 00 00 85.............. backtrace: [<00000000a27536d2>] kstrdup+0x36/0x70 [<0000000031cd8b27>] kstrdup_const+0x53/0x80 [<00000000524777ed>] kvasprintf_const+0x10c/0x1a0 [<00000000a6f732eb>] kobject_set_name_vargs+0x56/0x150 [<00000000d07226e8>] kobject_init_and_add+0xc9/0x160 [<0000000073ee4849>] sysfs_slab_add+0x172/0x200 [<00000000e6437b26>] __kmem_cache_create+0x3db/0x520 [<0000000014c5860d>] kmem_cache_create_usercopy+0x1db/0x2f0 [<00000000f3fca975>] p9_client_create+0xc6a/0x1230 [<00000000cd324cc5>] v9fs_session_init+0x1dd/0x1680 [<00000000e2eece6f>] v9fs_mount+0x79/0x8f0 [<00000000858e568b>] legacy_get_tree+0x105/0x220 [<00000000750b55ee>] vfs_get_tree+0x8e/0x300 [<00000000b6759ee6>] path_mount+0x1490/0x21e0 [<000000008d78c254>] __x64_sys_mount+0x282/0x300 [<00000000d5e359dc>] do_syscall_64+0x33/0x40 BUG: leak checking failed VM DIAGNOSIS: 12:43:51 Registers: info registers vcpu 0 RAX=ffffffff83e9ba40 RBX=0000000000000000 RCX=ffffffff83e836ac RDX=0000000000000000 RSI=0000000000000000 RDI=ffffffff83e9c208 RBP=0000000000000000 RSP=ffffffff84e07e38 R8 =0000000000000001 R9 =ffff88806ce3c12b R10=ffffed100d9c7825 R11=0000000000000001 R12=0000000000000000 R13=ffffffff8567acc8 R14=0000000000000000 R15=dffffc0000000000 RIP=ffffffff83e9ba4e RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ffffb312750 CR3=000000000cb7a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=0a64656c69616620676e696b63656863 XMM02=31636e75662e6e75522e6c697475736f XMM03=00000000000000000000000000000000 XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962 XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72 XMM08=3133aa577786fcabfa74a1dc83988e31 XMM09=5239349fc95e211f63f6c4067b347174 XMM10=d013452667aebfdda3a5783b556eee4d XMM11=f72d1c4cc8657ce966d612ed81d67815 XMM12=0e4b4c32037d8cc9c5b2c833e242925e XMM13=663778302826202c3078302834747865 XMM14=662f2e273d2930383130303030303030 XMM15=202c307830202c273030785c30656c69 info registers vcpu 1 RAX=ffffffff83e9ba40 RBX=0000000000000001 RCX=ffffffff83e836ac RDX=0000000000000000 RSI=0000000000000000 RDI=ffffffff83e9c208 RBP=0000000000000001 RSP=ffff888008987e70 R8 =0000000000000001 R9 =ffff88806cf3c12b R10=ffffed100d9e7825 R11=0000000000000001 R12=0000000000000001 R13=ffffffff8567acc8 R14=0000000000000000 R15=dffffc0000000000 RIP=ffffffff83e9ba4e RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f5a11b92020 CR3=000000000cb7a000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=000000000000000041844998c0000000 XMM03=0000ff00000000000000000000000000 XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962 XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000