s_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x6, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:32:20 executing program 5:
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

01:32:20 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 15)

01:32:20 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x25d9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:32:20 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

01:32:20 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 17)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

01:32:20 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

[ 2809.289178] FAULT_INJECTION: forcing a failure.
[ 2809.289178] name failslab, interval 1, probability 0, space 0, times 0
[ 2809.290629] CPU: 0 PID: 12164 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 2809.291423] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2809.292378] Call Trace:
[ 2809.292699]  dump_stack+0x107/0x167
[ 2809.293119]  should_fail.cold+0x5/0xa
[ 2809.293579]  ? create_object.isra.0+0x3a/0xa30
[ 2809.294116]  should_failslab+0x5/0x20
[ 2809.294582]  kmem_cache_alloc+0x5b/0x310
[ 2809.295046]  ? cred_has_capability.isra.0+0x152/0x2b0
[ 2809.295649]  create_object.isra.0+0x3a/0xa30
[ 2809.296150]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2809.296749]  kmem_cache_alloc_trace+0x151/0x320
[ 2809.297279]  ? v9fs_write_inode+0x60/0x60
[ 2809.297763]  v9fs_mount+0x5a/0x8f0
[ 2809.298180]  ? v9fs_write_inode+0x60/0x60
[ 2809.298668]  legacy_get_tree+0x105/0x220
[ 2809.299135]  vfs_get_tree+0x8e/0x300
[ 2809.299567]  path_mount+0x1490/0x21e0
[ 2809.300003]  ? strncpy_from_user+0x9e/0x470
[ 2809.300502]  ? finish_automount+0xa90/0xa90
[ 2809.300995]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2809.301533]  ? _copy_from_user+0xfb/0x1b0
[ 2809.302016]  __x64_sys_mount+0x282/0x300
[ 2809.302497]  ? copy_mnt_ns+0xa00/0xa00
[ 2809.302948]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2809.303556]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2809.304158]  do_syscall_64+0x33/0x40
[ 2809.304590]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2809.305175] RIP: 0033:0x7f8d12f8ab19
[ 2809.305639] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2809.307825] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2809.308692] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 2809.309508] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2809.310332] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 2809.311150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2809.311963] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
[ 2809.325073] FAULT_INJECTION: forcing a failure.
[ 2809.325073] name failslab, interval 1, probability 0, space 0, times 0
[ 2809.327850] CPU: 1 PID: 12163 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 2809.329407] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2809.331294] Call Trace:
[ 2809.331889]  dump_stack+0x107/0x167
[ 2809.332714]  should_fail.cold+0x5/0xa
[ 2809.333573]  ? create_object.isra.0+0x3a/0xa30
[ 2809.334600]  should_failslab+0x5/0x20
[ 2809.335457]  kmem_cache_alloc+0x5b/0x310
[ 2809.336366]  ? percpu_ref_put_many.constprop.0+0x4e/0x110
[ 2809.337603]  create_object.isra.0+0x3a/0xa30
[ 2809.338605]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2809.339759]  kmem_cache_alloc+0x159/0x310
[ 2809.340697]  security_file_alloc+0x34/0x170
[ 2809.341666]  __alloc_file+0xb7/0x320
[ 2809.342509]  alloc_empty_file+0x6d/0x170
[ 2809.343418]  path_openat+0xe6/0x2770
[ 2809.344250]  ? __lock_acquire+0x1657/0x5b00
[ 2809.345232]  ? path_lookupat+0x860/0x860
[ 2809.346155]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2809.347325]  ? entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2809.348540]  do_filp_open+0x190/0x3e0
[ 2809.349397]  ? may_open_dev+0xf0/0xf0
[ 2809.350268]  ? alloc_fd+0x2e7/0x670
[ 2809.351090]  ? lock_downgrade+0x6d0/0x6d0
[ 2809.352015]  ? do_raw_spin_lock+0x121/0x260
[ 2809.352981]  ? rwlock_bug.part.0+0x90/0x90
[ 2809.353940]  ? lock_chain_count+0x20/0x20
[ 2809.354875]  ? stack_trace_save+0x8c/0xc0
[ 2809.355809]  ? _raw_spin_unlock+0x1a/0x30
[ 2809.356735]  ? alloc_fd+0x2e7/0x670
[ 2809.357569]  io_openat2+0x24d/0xb80
[ 2809.358410]  ? io_send+0x780/0x780
[ 2809.359213]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2809.360398]  io_issue_sqe+0x2cd/0x77d0
[ 2809.361278]  ? lock_acquire+0x197/0x470
[ 2809.362187]  ? find_held_lock+0x2c/0x110
[ 2809.363100]  ? __virt_addr_valid+0x346/0x5d0
[ 2809.364090]  ? io_connect+0x610/0x610
[ 2809.364946]  ? __might_fault+0xd3/0x180
[ 2809.365855]  ? lock_downgrade+0x6d0/0x6d0
[ 2809.366794]  ? __virt_addr_valid+0x170/0x5d0
[ 2809.367785]  ? __check_object_size+0x319/0x440
[ 2809.368820]  __io_queue_sqe+0x90/0x9d0
[ 2809.369701]  ? io_issue_sqe+0x77d0/0x77d0
[ 2809.370651]  ? getname+0x96/0xd0
[ 2809.371419]  io_submit_sqes+0x44a8/0x8610
[ 2809.372379]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 2809.373502]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 2809.374587]  ? find_held_lock+0x2c/0x110
[ 2809.375502]  ? io_submit_sqes+0x8610/0x8610
[ 2809.376472]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2809.377574]  ? wait_for_completion_io+0x270/0x270
[ 2809.378670]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2809.379728]  ? vfs_write+0x354/0xb10
[ 2809.380565]  ? fput_many+0x2f/0x1a0
[ 2809.381374]  ? ksys_write+0x1a9/0x260
[ 2809.382233]  ? __ia32_sys_read+0xb0/0xb0
[ 2809.383163]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2809.384331]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2809.385502]  do_syscall_64+0x33/0x40
[ 2809.386349]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2809.387504] RIP: 0033:0x7f854f415b19
[ 2809.388342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2809.392508] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2809.394241] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 2809.395853] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 2809.397472] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2809.399087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2809.400696] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
01:32:20 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x26d9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:32:20 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x8, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:32:20 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x27d9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:32:20 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 16)

[ 2809.542348] FAULT_INJECTION: forcing a failure.
[ 2809.542348] name failslab, interval 1, probability 0, space 0, times 0
[ 2809.543704] CPU: 0 PID: 12179 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 2809.544505] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2809.545456] Call Trace:
[ 2809.545767]  dump_stack+0x107/0x167
[ 2809.546197]  should_fail.cold+0x5/0xa
[ 2809.546636]  should_failslab+0x5/0x20
[ 2809.547077]  __kmalloc_track_caller+0x79/0x370
[ 2809.547601]  ? v9fs_session_init+0xa7/0x1680
[ 2809.548123]  ? kernel_text_address+0xf2/0x120
[ 2809.548642]  kstrdup+0x36/0x70
[ 2809.549016]  v9fs_session_init+0xa7/0x1680
[ 2809.549509]  ? lock_release+0x680/0x680
[ 2809.549967]  ? find_held_lock+0x2c/0x110
[ 2809.550439]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2809.550987]  ? v9fs_show_options+0x690/0x690
[ 2809.551493]  ? trace_hardirqs_on+0x5b/0x180
[ 2809.551993]  ? kasan_unpoison_shadow+0x33/0x50
[ 2809.552520]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2809.553104]  v9fs_mount+0x79/0x8f0
[ 2809.553513]  ? v9fs_write_inode+0x60/0x60
[ 2809.553994]  legacy_get_tree+0x105/0x220
[ 2809.554463]  vfs_get_tree+0x8e/0x300
[ 2809.554892]  path_mount+0x1490/0x21e0
[ 2809.555330]  ? strncpy_from_user+0x9e/0x470
[ 2809.555823]  ? finish_automount+0xa90/0xa90
[ 2809.556320]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2809.556854]  ? _copy_from_user+0xfb/0x1b0
[ 2809.557330]  __x64_sys_mount+0x282/0x300
[ 2809.557796]  ? copy_mnt_ns+0xa00/0xa00
[ 2809.558251]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2809.558854]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2809.559449]  do_syscall_64+0x33/0x40
[ 2809.559878]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2809.560467] RIP: 0033:0x7f8d12f8ab19
[ 2809.560891] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2809.562996] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2809.563867] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 2809.564687] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2809.565504] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 2809.566329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2809.567148] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
01:32:20 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

01:32:20 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x28d9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:32:20 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x18, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:32:34 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x600, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:32:34 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x29d9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

[ 2823.707883] FAULT_INJECTION: forcing a failure.
[ 2823.707883] name failslab, interval 1, probability 0, space 0, times 0
[ 2823.710382] CPU: 0 PID: 12205 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 2823.711876] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2823.713622] Call Trace:
[ 2823.714210]  dump_stack+0x107/0x167
[ 2823.714993]  should_fail.cold+0x5/0xa
[ 2823.715810]  ? create_object.isra.0+0x3a/0xa30
[ 2823.716779]  should_failslab+0x5/0x20
[ 2823.717580]  kmem_cache_alloc+0x5b/0x310
[ 2823.718493]  create_object.isra.0+0x3a/0xa30
[ 2823.719435]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2823.720532]  __kmalloc_track_caller+0x177/0x370
[ 2823.721530]  ? v9fs_session_init+0xa7/0x1680
[ 2823.722485]  ? kernel_text_address+0xf2/0x120
[ 2823.723443]  kstrdup+0x36/0x70
[ 2823.724134]  v9fs_session_init+0xa7/0x1680
[ 2823.725045]  ? lock_release+0x680/0x680
[ 2823.725895]  ? find_held_lock+0x2c/0x110
[ 2823.726779]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2823.727816]  ? v9fs_show_options+0x690/0x690
[ 2823.728769]  ? trace_hardirqs_on+0x5b/0x180
[ 2823.729675]  ? kasan_unpoison_shadow+0x33/0x50
[ 2823.730641]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2823.731705]  v9fs_mount+0x79/0x8f0
[ 2823.732456]  ? v9fs_write_inode+0x60/0x60
[ 2823.733343]  legacy_get_tree+0x105/0x220
[ 2823.734220]  vfs_get_tree+0x8e/0x300
[ 2823.734999]  path_mount+0x1490/0x21e0
[ 2823.735802]  ? strncpy_from_user+0x9e/0x470
[ 2823.736701]  ? finish_automount+0xa90/0xa90
[ 2823.737596]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2823.738590]  ? _copy_from_user+0xfb/0x1b0
[ 2823.739465]  __x64_sys_mount+0x282/0x300
[ 2823.740314]  ? copy_mnt_ns+0xa00/0xa00
[ 2823.741138]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2823.742239]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2823.743337]  do_syscall_64+0x33/0x40
[ 2823.744113]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2823.745197] RIP: 0033:0x7f8d12f8ab19
[ 2823.745982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2823.749868] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2823.751473] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 2823.752966] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2823.754469] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 2823.755955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2823.757452] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
01:32:34 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x2, 0x0, 0x0, 0x0)

01:32:34 executing program 5:
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x2, 0x0, 0x0, 0x0)

01:32:34 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, 0x0)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

01:32:34 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={0x0})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

01:32:34 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 18)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

01:32:34 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 17)

01:32:34 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x2ad9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

[ 2823.799238] FAULT_INJECTION: forcing a failure.
[ 2823.799238] name failslab, interval 1, probability 0, space 0, times 0
[ 2823.800583] CPU: 1 PID: 12214 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 2823.801388] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2823.802397] Call Trace:
[ 2823.802730]  dump_stack+0x107/0x167
[ 2823.803173]  should_fail.cold+0x5/0xa
[ 2823.803637]  ? create_object.isra.0+0x3a/0xa30
[ 2823.804204]  should_failslab+0x5/0x20
[ 2823.804670]  kmem_cache_alloc+0x5b/0x310
[ 2823.805160]  create_object.isra.0+0x3a/0xa30
[ 2823.805686]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2823.806322]  kmem_cache_alloc+0x159/0x310
[ 2823.806827]  __alloc_file+0x21/0x320
[ 2823.807276]  alloc_empty_file+0x6d/0x170
[ 2823.807752]  path_openat+0xe6/0x2770
[ 2823.808202]  ? __lock_acquire+0x1657/0x5b00
[ 2823.808729]  ? path_lookupat+0x860/0x860
[ 2823.809215]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2823.809842]  ? entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2823.810498]  do_filp_open+0x190/0x3e0
[ 2823.810952]  ? may_open_dev+0xf0/0xf0
[ 2823.811417]  ? alloc_fd+0x2e7/0x670
[ 2823.811852]  ? lock_downgrade+0x6d0/0x6d0
[ 2823.812355]  ? do_raw_spin_lock+0x121/0x260
[ 2823.812842]  ? rwlock_bug.part.0+0x90/0x90
[ 2823.813325]  ? lock_chain_count+0x20/0x20
[ 2823.813800]  ? stack_trace_save+0x8c/0xc0
[ 2823.814293]  ? _raw_spin_unlock+0x1a/0x30
[ 2823.814773]  ? alloc_fd+0x2e7/0x670
[ 2823.815217]  io_openat2+0x24d/0xb80
[ 2823.815655]  ? io_send+0x780/0x780
[ 2823.816085]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2823.816723]  io_issue_sqe+0x2cd/0x77d0
[ 2823.817187]  ? lock_acquire+0x197/0x470
[ 2823.817660]  ? find_held_lock+0x2c/0x110
[ 2823.818161]  ? __virt_addr_valid+0x346/0x5d0
[ 2823.818683]  ? io_connect+0x610/0x610
[ 2823.819129]  ? __might_fault+0xd3/0x180
[ 2823.819606]  ? lock_downgrade+0x6d0/0x6d0
[ 2823.820107]  ? __virt_addr_valid+0x170/0x5d0
[ 2823.820627]  ? __check_object_size+0x319/0x440
[ 2823.821177]  __io_queue_sqe+0x90/0x9d0
[ 2823.821639]  ? io_issue_sqe+0x77d0/0x77d0
[ 2823.822145]  ? getname+0x96/0xd0
[ 2823.822557]  io_submit_sqes+0x44a8/0x8610
[ 2823.823068]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 2823.823658]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 2823.824239]  ? find_held_lock+0x2c/0x110
[ 2823.824719]  ? io_submit_sqes+0x8610/0x8610
[ 2823.825225]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2823.825766]  ? wait_for_completion_io+0x270/0x270
[ 2823.826342]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2823.826870]  ? vfs_write+0x354/0xb10
[ 2823.827301]  ? fput_many+0x2f/0x1a0
[ 2823.827712]  ? ksys_write+0x1a9/0x260
[ 2823.828147]  ? __ia32_sys_read+0xb0/0xb0
[ 2823.828615]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2823.829237]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2823.829844]  do_syscall_64+0x33/0x40
[ 2823.830294]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2823.830873] RIP: 0033:0x7f854f415b19
[ 2823.831289] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2823.833398] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2823.834278] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 2823.835097] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 2823.835910] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2823.836742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2823.837566] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
01:32:34 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x1800, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:32:34 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x2bd9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:32:34 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x2000, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:32:34 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, 0x0)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

01:32:34 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x4000, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:32:34 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x80000, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:32:34 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, 0x0)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

01:32:34 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x2cd9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:32:50 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x400000, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:32:50 executing program 5:
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x4, 0x0, 0x0, 0x0)

01:32:50 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x4, 0x0, 0x0, 0x0)

01:32:50 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x2dd9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:32:50 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 18)

01:32:50 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 19)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

01:32:50 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

01:32:50 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={0x0})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

[ 2839.336332] FAULT_INJECTION: forcing a failure.
[ 2839.336332] name failslab, interval 1, probability 0, space 0, times 0
[ 2839.338825] CPU: 0 PID: 12264 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 2839.340341] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2839.342213] Call Trace:
[ 2839.342794]  dump_stack+0x107/0x167
[ 2839.343570]  should_fail.cold+0x5/0xa
[ 2839.344400]  should_failslab+0x5/0x20
[ 2839.345245]  __kmalloc_track_caller+0x79/0x370
[ 2839.346259]  ? v9fs_session_init+0xe9/0x1680
[ 2839.347217]  ? kernel_text_address+0xf2/0x120
[ 2839.348201]  kstrdup+0x36/0x70
[ 2839.348874]  v9fs_session_init+0xe9/0x1680
[ 2839.349744]  ? lock_release+0x680/0x680
[ 2839.350593]  ? find_held_lock+0x2c/0x110
[ 2839.351454]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2839.352552]  ? v9fs_show_options+0x690/0x690
[ 2839.353518]  ? trace_hardirqs_on+0x5b/0x180
[ 2839.354518]  ? kasan_unpoison_shadow+0x33/0x50
[ 2839.355535]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2839.356635]  v9fs_mount+0x79/0x8f0
[ 2839.357452]  ? v9fs_write_inode+0x60/0x60
[ 2839.358392]  legacy_get_tree+0x105/0x220
[ 2839.359286]  vfs_get_tree+0x8e/0x300
[ 2839.360050]  path_mount+0x1490/0x21e0
[ 2839.360877]  ? strncpy_from_user+0x9e/0x470
[ 2839.361848]  ? finish_automount+0xa90/0xa90
[ 2839.362844]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2839.363893]  ? _copy_from_user+0xfb/0x1b0
[ 2839.364807]  __x64_sys_mount+0x282/0x300
[ 2839.365730]  ? copy_mnt_ns+0xa00/0xa00
[ 2839.366635]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2839.367803]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2839.368938]  do_syscall_64+0x33/0x40
[ 2839.369739]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2839.370880] RIP: 0033:0x7f8d12f8ab19
[ 2839.371684] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2839.375522] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2839.377188] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 2839.378774] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2839.380313] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 2839.381897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
01:32:50 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x800000, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

[ 2839.383413] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
[ 2839.409447] FAULT_INJECTION: forcing a failure.
[ 2839.409447] name failslab, interval 1, probability 0, space 0, times 0
[ 2839.412169] CPU: 0 PID: 12263 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 2839.413718] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2839.415562] Call Trace:
[ 2839.416159]  dump_stack+0x107/0x167
[ 2839.416948]  should_fail.cold+0x5/0xa
[ 2839.417782]  ? getname_flags.part.0+0x50/0x4f0
[ 2839.418813]  should_failslab+0x5/0x20
[ 2839.419670]  kmem_cache_alloc+0x5b/0x310
[ 2839.420535]  getname_flags.part.0+0x50/0x4f0
[ 2839.421544]  getname+0x8e/0xd0
[ 2839.422285]  __io_openat_prep+0x228/0x4c0
[ 2839.423195]  io_submit_sqes+0x25eb/0x8610
[ 2839.424088]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 2839.425143]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 2839.426249]  ? find_held_lock+0x2c/0x110
[ 2839.427175]  ? io_submit_sqes+0x8610/0x8610
[ 2839.428108]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2839.429207]  ? wait_for_completion_io+0x270/0x270
[ 2839.430305]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2839.431338]  ? vfs_write+0x354/0xb10
[ 2839.432169]  ? fput_many+0x2f/0x1a0
[ 2839.432977]  ? ksys_write+0x1a9/0x260
[ 2839.433842]  ? __ia32_sys_read+0xb0/0xb0
[ 2839.434778]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2839.435903]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2839.436991]  do_syscall_64+0x33/0x40
[ 2839.437773]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2839.438944] RIP: 0033:0x7f854f415b19
[ 2839.439764] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2839.443839] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2839.445534] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 2839.447133] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 2839.448660] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2839.450162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2839.451725] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
01:32:50 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x2e00, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:32:50 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x8, 0x0, 0x0, 0x0)

01:32:50 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

01:32:50 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x2ed9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:32:50 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 19)

01:32:50 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x1000000, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:32:50 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 20)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

01:32:50 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x2fd9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

[ 2839.794316] FAULT_INJECTION: forcing a failure.
[ 2839.794316] name failslab, interval 1, probability 0, space 0, times 0
[ 2839.796798] CPU: 1 PID: 12293 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 2839.798258] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2839.799989] Call Trace:
[ 2839.800544]  dump_stack+0x107/0x167
[ 2839.801305]  should_fail.cold+0x5/0xa
[ 2839.802102]  ? create_object.isra.0+0x3a/0xa30
[ 2839.803052]  should_failslab+0x5/0x20
[ 2839.803845]  kmem_cache_alloc+0x5b/0x310
[ 2839.804698]  create_object.isra.0+0x3a/0xa30
[ 2839.805174] FAULT_INJECTION: forcing a failure.
[ 2839.805174] name failslab, interval 1, probability 0, space 0, times 0
[ 2839.805616]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2839.805642]  __kmalloc_track_caller+0x177/0x370
[ 2839.805659]  ? v9fs_session_init+0xe9/0x1680
[ 2839.805687]  ? kernel_text_address+0xf2/0x120
[ 2839.812056]  kstrdup+0x36/0x70
[ 2839.812725]  v9fs_session_init+0xe9/0x1680
[ 2839.813598]  ? lock_release+0x680/0x680
[ 2839.814431]  ? find_held_lock+0x2c/0x110
[ 2839.815289]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2839.816276]  ? v9fs_show_options+0x690/0x690
[ 2839.817190]  ? trace_hardirqs_on+0x5b/0x180
[ 2839.818080]  ? kasan_unpoison_shadow+0x33/0x50
[ 2839.819028]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2839.820073]  v9fs_mount+0x79/0x8f0
[ 2839.820816]  ? v9fs_write_inode+0x60/0x60
[ 2839.821672]  legacy_get_tree+0x105/0x220
[ 2839.822551]  vfs_get_tree+0x8e/0x300
[ 2839.823324]  path_mount+0x1490/0x21e0
[ 2839.824129]  ? strncpy_from_user+0x9e/0x470
[ 2839.825010]  ? finish_automount+0xa90/0xa90
[ 2839.825904]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2839.826887]  ? _copy_from_user+0xfb/0x1b0
[ 2839.827745]  __x64_sys_mount+0x282/0x300
[ 2839.828590]  ? copy_mnt_ns+0xa00/0xa00
[ 2839.829398]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2839.830525]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2839.831600]  do_syscall_64+0x33/0x40
[ 2839.832371]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2839.833440] RIP: 0033:0x7f8d12f8ab19
[ 2839.834222] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2839.838058] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2839.839648] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 2839.841265] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2839.842739] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 2839.844209] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2839.845663] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
[ 2839.847147] CPU: 0 PID: 12291 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 2839.848686] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2839.850496] Call Trace:
[ 2839.851118]  dump_stack+0x107/0x167
[ 2839.851912]  should_fail.cold+0x5/0xa
[ 2839.852787]  ? create_object.isra.0+0x3a/0xa30
[ 2839.853822]  should_failslab+0x5/0x20
[ 2839.854704]  kmem_cache_alloc+0x5b/0x310
[ 2839.855601]  create_object.isra.0+0x3a/0xa30
[ 2839.856571]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2839.857692]  kmem_cache_alloc+0x159/0x310
[ 2839.858651]  getname_flags.part.0+0x50/0x4f0
[ 2839.859618]  getname+0x8e/0xd0
[ 2839.860355]  __io_openat_prep+0x228/0x4c0
[ 2839.861278]  io_submit_sqes+0x25eb/0x8610
[ 2839.862217]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 2839.863361]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 2839.864412]  ? find_held_lock+0x2c/0x110
[ 2839.865312]  ? io_submit_sqes+0x8610/0x8610
[ 2839.866262]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2839.867357]  ? wait_for_completion_io+0x270/0x270
[ 2839.868413]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2839.869439]  ? vfs_write+0x354/0xb10
[ 2839.870245]  ? fput_many+0x2f/0x1a0
[ 2839.871013]  ? ksys_write+0x1a9/0x260
[ 2839.871799]  ? __ia32_sys_read+0xb0/0xb0
[ 2839.872652]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2839.873747]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2839.874856]  do_syscall_64+0x33/0x40
[ 2839.875636]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2839.876705] RIP: 0033:0x7f854f415b19
[ 2839.877485] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2839.881309] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2839.882888] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 2839.884379] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 2839.885896] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2839.887388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2839.888922] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
01:33:05 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 20)

01:33:05 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

01:33:05 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x18, 0x0, 0x0, 0x0)

01:33:05 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x2000000, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:33:05 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

01:33:05 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x30d9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:33:05 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 21)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

01:33:05 executing program 5:
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x5, 0x0, 0x0, 0x0)

[ 2854.312997] FAULT_INJECTION: forcing a failure.
[ 2854.312997] name failslab, interval 1, probability 0, space 0, times 0
[ 2854.315769] CPU: 1 PID: 12323 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 2854.317401] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2854.319364] Call Trace:
[ 2854.319989]  dump_stack+0x107/0x167
[ 2854.320853] FAULT_INJECTION: forcing a failure.
[ 2854.320853] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2854.320872]  should_fail.cold+0x5/0xa
[ 2854.320898]  ? p9_client_create+0xaf/0x1230
[ 2854.325274]  should_failslab+0x5/0x20
[ 2854.326174]  kmem_cache_alloc_trace+0x55/0x320
[ 2854.327264]  ? find_held_lock+0x2c/0x110
[ 2854.328226]  p9_client_create+0xaf/0x1230
[ 2854.329207]  ? lock_downgrade+0x6d0/0x6d0
[ 2854.330188]  ? p9_client_flush+0x430/0x430
[ 2854.331202]  ? trace_hardirqs_on+0x5b/0x180
[ 2854.332223]  ? lockdep_init_map_type+0x2c7/0x780
[ 2854.333346]  ? __raw_spin_lock_init+0x36/0x110
[ 2854.334444]  v9fs_session_init+0x1dd/0x1680
[ 2854.335454]  ? lock_release+0x680/0x680
[ 2854.336391]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2854.337515]  ? v9fs_show_options+0x690/0x690
[ 2854.338560]  ? trace_hardirqs_on+0x5b/0x180
[ 2854.339568]  ? kasan_unpoison_shadow+0x33/0x50
[ 2854.340632]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2854.341819]  v9fs_mount+0x79/0x8f0
[ 2854.342657]  ? v9fs_write_inode+0x60/0x60
[ 2854.343623]  legacy_get_tree+0x105/0x220
[ 2854.344572]  vfs_get_tree+0x8e/0x300
[ 2854.345440]  path_mount+0x1490/0x21e0
[ 2854.346335]  ? strncpy_from_user+0x9e/0x470
[ 2854.347354]  ? finish_automount+0xa90/0xa90
[ 2854.348361]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2854.349447]  ? _copy_from_user+0xfb/0x1b0
[ 2854.350485]  __x64_sys_mount+0x282/0x300
[ 2854.351430]  ? copy_mnt_ns+0xa00/0xa00
[ 2854.352342]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2854.353567]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2854.354772]  do_syscall_64+0x33/0x40
[ 2854.355631]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2854.356811] RIP: 0033:0x7f8d12f8ab19
[ 2854.357666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2854.361916] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2854.363688] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 2854.365338] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2854.366991] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 2854.368635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2854.370279] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
[ 2854.371971] CPU: 0 PID: 12315 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 2854.373485] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2854.375287] Call Trace:
[ 2854.375862]  dump_stack+0x107/0x167
[ 2854.376644]  should_fail.cold+0x5/0xa
[ 2854.377471]  strncpy_from_user+0x34/0x470
[ 2854.378366]  getname_flags.part.0+0x95/0x4f0
[ 2854.379318]  getname+0x8e/0xd0
[ 2854.380005]  __io_openat_prep+0x228/0x4c0
[ 2854.380896]  io_submit_sqes+0x25eb/0x8610
[ 2854.381809]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 2854.382880]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 2854.383916]  ? find_held_lock+0x2c/0x110
[ 2854.384788]  ? io_submit_sqes+0x8610/0x8610
[ 2854.385716]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2854.386755]  ? wait_for_completion_io+0x270/0x270
[ 2854.387787]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2854.388781]  ? vfs_write+0x354/0xb10
[ 2854.389574]  ? fput_many+0x2f/0x1a0
[ 2854.390347]  ? ksys_write+0x1a9/0x260
[ 2854.391171]  ? __ia32_sys_read+0xb0/0xb0
[ 2854.392043]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2854.393164]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2854.394267]  do_syscall_64+0x33/0x40
[ 2854.395071]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2854.396166] RIP: 0033:0x7f854f415b19
[ 2854.396962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2854.400906] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2854.402541] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 2854.404063] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 2854.405586] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2854.407115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2854.408636] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
01:33:05 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

01:33:05 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x31d9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:33:05 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x4000000, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:33:05 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

01:33:05 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 21)

01:33:05 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x32d9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:33:05 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2854.683227] FAULT_INJECTION: forcing a failure.
[ 2854.683227] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2854.685868] CPU: 0 PID: 12341 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 2854.687335] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2854.689080] Call Trace:
[ 2854.689640]  dump_stack+0x107/0x167
[ 2854.690422]  should_fail.cold+0x5/0xa
[ 2854.691225]  __alloc_pages_nodemask+0x182/0x600
[ 2854.692208]  ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310
[ 2854.693481]  ? kmem_cache_alloc_trace+0x305/0x320
[ 2854.694503]  alloc_pages_current+0x187/0x280
[ 2854.695435]  allocate_slab+0x26f/0x380
[ 2854.696252]  ___slab_alloc+0x470/0x700
[ 2854.697071]  ? p9_client_create+0xaf/0x1230
[ 2854.697969]  ? kernel_text_address+0xf2/0x120
[ 2854.698932]  ? p9_client_create+0xaf/0x1230
[ 2854.699838]  ? kmem_cache_alloc_trace+0x305/0x320
[ 2854.700851]  kmem_cache_alloc_trace+0x305/0x320
[ 2854.701846]  p9_client_create+0xaf/0x1230
[ 2854.702729]  ? lock_downgrade+0x6d0/0x6d0
[ 2854.703600]  ? p9_client_flush+0x430/0x430
[ 2854.704490]  ? trace_hardirqs_on+0x5b/0x180
[ 2854.705395]  ? lockdep_init_map_type+0x2c7/0x780
[ 2854.706390]  ? __raw_spin_lock_init+0x36/0x110
[ 2854.707362]  v9fs_session_init+0x1dd/0x1680
[ 2854.708267]  ? lock_release+0x680/0x680
[ 2854.709145]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2854.710167]  ? v9fs_show_options+0x690/0x690
[ 2854.711111]  ? trace_hardirqs_on+0x5b/0x180
[ 2854.712017]  ? kasan_unpoison_shadow+0x33/0x50
[ 2854.712969]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2854.714026]  v9fs_mount+0x79/0x8f0
[ 2854.714778]  ? v9fs_write_inode+0x60/0x60
[ 2854.715649]  legacy_get_tree+0x105/0x220
[ 2854.716504]  vfs_get_tree+0x8e/0x300
[ 2854.717290]  path_mount+0x1490/0x21e0
[ 2854.718094]  ? strncpy_from_user+0x9e/0x470
[ 2854.719015]  ? finish_automount+0xa90/0xa90
[ 2854.719920]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2854.720891]  ? _copy_from_user+0xfb/0x1b0
[ 2854.721764]  __x64_sys_mount+0x282/0x300
[ 2854.722656]  ? copy_mnt_ns+0xa00/0xa00
[ 2854.723517]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2854.724636]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2854.725729]  do_syscall_64+0x33/0x40
[ 2854.726530]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2854.727608] RIP: 0033:0x7f8d12f8ab19
[ 2854.728388] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2854.732330] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2854.733943] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 2854.735461] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2854.736955] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 2854.738461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2854.739956] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
01:33:05 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x6000000, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:33:05 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x10, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

01:33:05 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x33d9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:33:19 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 22)

01:33:19 executing program 5:
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x8, 0x0, 0x0, 0x0)

01:33:19 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

01:33:19 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x34d9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

[ 2868.615690] FAULT_INJECTION: forcing a failure.
[ 2868.615690] name failslab, interval 1, probability 0, space 0, times 0
[ 2868.619136] CPU: 0 PID: 12365 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 2868.620948] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2868.623054] Call Trace:
[ 2868.623716]  dump_stack+0x107/0x167
[ 2868.624633]  should_fail.cold+0x5/0xa
[ 2868.625602]  should_failslab+0x5/0x20
[ 2868.626566]  __kmalloc_track_caller+0x79/0x370
[ 2868.627730]  ? p9_client_create+0x41d/0x1230
[ 2868.628848]  kstrdup+0x36/0x70
[ 2868.629671]  p9_client_create+0x41d/0x1230
[ 2868.630768]  ? lock_downgrade+0x6d0/0x6d0
[ 2868.631766]  ? p9_client_flush+0x430/0x430
[ 2868.632703]  ? trace_hardirqs_on+0x5b/0x180
[ 2868.633658]  ? lockdep_init_map_type+0x2c7/0x780
[ 2868.634723]  ? __raw_spin_lock_init+0x36/0x110
[ 2868.635751]  v9fs_session_init+0x1dd/0x1680
[ 2868.636726]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2868.637801]  ? v9fs_show_options+0x690/0x690
[ 2868.638797]  ? trace_hardirqs_on+0x5b/0x180
[ 2868.639759]  ? kasan_unpoison_shadow+0x33/0x50
[ 2868.640773]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2868.641919]  v9fs_mount+0x79/0x8f0
[ 2868.642728]  ? v9fs_write_inode+0x60/0x60
[ 2868.643652]  legacy_get_tree+0x105/0x220
[ 2868.644564]  vfs_get_tree+0x8e/0x300
[ 2868.645403]  path_mount+0x1490/0x21e0
[ 2868.646271]  ? strncpy_from_user+0x9e/0x470
[ 2868.647256]  ? finish_automount+0xa90/0xa90
[ 2868.648227]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2868.649287]  ? _copy_from_user+0xfb/0x1b0
[ 2868.650238]  __x64_sys_mount+0x282/0x300
[ 2868.651165]  ? copy_mnt_ns+0xa00/0xa00
[ 2868.652052]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2868.653247]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2868.654416]  do_syscall_64+0x33/0x40
[ 2868.655269]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2868.656430] RIP: 0033:0x7f8d12f8ab19
[ 2868.657284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2868.661515] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2868.663275] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 2868.664916] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2868.666559] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 2868.668231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2868.669882] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
01:33:19 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 22)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

01:33:19 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x18000000, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:33:19 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x10, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

01:33:19 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x1800, 0x0, 0x0, 0x0)

[ 2868.742525] FAULT_INJECTION: forcing a failure.
[ 2868.742525] name failslab, interval 1, probability 0, space 0, times 0
[ 2868.745344] CPU: 0 PID: 12375 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 2868.746902] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2868.748757] Call Trace:
[ 2868.749353]  dump_stack+0x107/0x167
[ 2868.750167]  should_fail.cold+0x5/0xa
[ 2868.751026]  ? __alloc_file+0x21/0x320
[ 2868.751892]  should_failslab+0x5/0x20
[ 2868.752741]  kmem_cache_alloc+0x5b/0x310
[ 2868.753659]  __alloc_file+0x21/0x320
[ 2868.754493]  alloc_empty_file+0x6d/0x170
[ 2868.755413]  path_openat+0xe6/0x2770
[ 2868.756254]  ? __lock_acquire+0x1657/0x5b00
01:33:19 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 23)

[ 2868.757243]  ? path_lookupat+0x860/0x860
[ 2868.758270]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2868.759466]  ? entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2868.760684]  do_filp_open+0x190/0x3e0
[ 2868.761548]  ? may_open_dev+0xf0/0xf0
[ 2868.762412]  ? alloc_fd+0x2e7/0x670
[ 2868.763242]  ? lock_downgrade+0x6d0/0x6d0
[ 2868.764178]  ? do_raw_spin_lock+0x121/0x260
[ 2868.765157]  ? rwlock_bug.part.0+0x90/0x90
[ 2868.766112]  ? lock_chain_count+0x20/0x20
[ 2868.767066]  ? stack_trace_save+0x8c/0xc0
[ 2868.768009]  ? _raw_spin_unlock+0x1a/0x30
[ 2868.768950]  ? alloc_fd+0x2e7/0x670
[ 2868.769784]  io_openat2+0x24d/0xb80
[ 2868.770621]  ? io_send+0x780/0x780
[ 2868.771431]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2868.772630]  io_issue_sqe+0x2cd/0x77d0
[ 2868.773510]  ? lock_acquire+0x197/0x470
[ 2868.774407]  ? find_held_lock+0x2c/0x110
[ 2868.775349]  ? __virt_addr_valid+0x346/0x5d0
[ 2868.776344]  ? io_connect+0x610/0x610
[ 2868.776790] FAULT_INJECTION: forcing a failure.
[ 2868.776790] name failslab, interval 1, probability 0, space 0, times 0
[ 2868.777206]  ? __might_fault+0xd3/0x180
[ 2868.777233]  ? lock_downgrade+0x6d0/0x6d0
[ 2868.781361]  ? __virt_addr_valid+0x170/0x5d0
[ 2868.782359]  ? __check_object_size+0x319/0x440
[ 2868.783406]  __io_queue_sqe+0x90/0x9d0
[ 2868.784289]  ? io_issue_sqe+0x77d0/0x77d0
[ 2868.785237]  ? getname+0x96/0xd0
[ 2868.786020]  io_submit_sqes+0x44a8/0x8610
[ 2868.787005]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 2868.788134]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 2868.789239]  ? find_held_lock+0x2c/0x110
[ 2868.790170]  ? io_submit_sqes+0x8610/0x8610
[ 2868.791172]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2868.792270]  ? wait_for_completion_io+0x270/0x270
[ 2868.793370]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2868.794430]  ? vfs_write+0x354/0xb10
[ 2868.795286]  ? fput_many+0x2f/0x1a0
[ 2868.796111]  ? ksys_write+0x1a9/0x260
[ 2868.796980]  ? __ia32_sys_read+0xb0/0xb0
[ 2868.797910]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2868.799110]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2868.800283]  do_syscall_64+0x33/0x40
[ 2868.801138]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2868.802303] RIP: 0033:0x7f854f415b19
[ 2868.803160] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2868.807364] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2868.809106] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 2868.810761] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 2868.812388] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2868.814016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2868.815655] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
[ 2868.817308] CPU: 1 PID: 12381 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 2868.818871] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2868.820633] Call Trace:
[ 2868.821200]  dump_stack+0x107/0x167
[ 2868.821972]  should_fail.cold+0x5/0xa
[ 2868.822792]  should_failslab+0x5/0x20
[ 2868.823596]  __kmalloc_track_caller+0x79/0x370
[ 2868.824553]  ? p9_client_create+0x41d/0x1230
[ 2868.825481]  kstrdup+0x36/0x70
[ 2868.826158]  p9_client_create+0x41d/0x1230
[ 2868.827060]  ? lock_downgrade+0x6d0/0x6d0
[ 2868.827936]  ? p9_client_flush+0x430/0x430
[ 2868.828834]  ? trace_hardirqs_on+0x5b/0x180
[ 2868.829747]  ? lockdep_init_map_type+0x2c7/0x780
[ 2868.830757]  ? __raw_spin_lock_init+0x36/0x110
[ 2868.831729]  v9fs_session_init+0x1dd/0x1680
[ 2868.832639]  ? lock_release+0x680/0x680
[ 2868.833489]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2868.834514]  ? v9fs_show_options+0x690/0x690
[ 2868.835481]  ? trace_hardirqs_on+0x5b/0x180
[ 2868.836388]  ? kasan_unpoison_shadow+0x33/0x50
[ 2868.837354]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2868.838433]  v9fs_mount+0x79/0x8f0
[ 2868.839188]  ? v9fs_write_inode+0x60/0x60
[ 2868.840057]  legacy_get_tree+0x105/0x220
[ 2868.840916]  vfs_get_tree+0x8e/0x300
[ 2868.841698]  path_mount+0x1490/0x21e0
[ 2868.842510]  ? strncpy_from_user+0x9e/0x470
[ 2868.843429]  ? finish_automount+0xa90/0xa90
[ 2868.844342]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2868.845323]  ? _copy_from_user+0xfb/0x1b0
[ 2868.846203]  __x64_sys_mount+0x282/0x300
[ 2868.847073]  ? copy_mnt_ns+0xa00/0xa00
[ 2868.847895]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2868.848998]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2868.850082]  do_syscall_64+0x33/0x40
[ 2868.850876]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2868.851954] RIP: 0033:0x7f8d12f8ab19
[ 2868.852737] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2868.856628] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2868.858240] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 2868.859755] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2868.861252] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 2868.862760] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2868.864265] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
01:33:19 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x10, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

01:33:19 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x35d9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:33:19 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 23)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

01:33:19 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x20000000, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:33:19 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 2869.114015] FAULT_INJECTION: forcing a failure.
[ 2869.114015] name failslab, interval 1, probability 0, space 0, times 0
[ 2869.116884] CPU: 1 PID: 12394 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 2869.118336] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2869.120081] Call Trace:
[ 2869.120643]  dump_stack+0x107/0x167
[ 2869.121407]  should_fail.cold+0x5/0xa
[ 2869.122214]  ? getname_flags.part.0+0x50/0x4f0
[ 2869.123179]  should_failslab+0x5/0x20
[ 2869.123977]  kmem_cache_alloc+0x5b/0x310
[ 2869.124839]  getname_flags.part.0+0x50/0x4f0
[ 2869.125769]  getname+0x8e/0xd0
[ 2869.126446]  __io_openat_prep+0x228/0x4c0
[ 2869.127332]  io_submit_sqes+0x25eb/0x8610
[ 2869.128233]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 2869.129282]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 2869.130305]  ? find_held_lock+0x2c/0x110
[ 2869.131180]  ? io_submit_sqes+0x8610/0x8610
[ 2869.132098]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2869.133125]  ? wait_for_completion_io+0x270/0x270
[ 2869.134144]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2869.135145]  ? vfs_write+0x354/0xb10
[ 2869.135936]  ? fput_many+0x2f/0x1a0
[ 2869.136706]  ? ksys_write+0x1a9/0x260
[ 2869.137506]  ? __ia32_sys_read+0xb0/0xb0
[ 2869.138368]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2869.139489]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2869.140585]  do_syscall_64+0x33/0x40
[ 2869.141373]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2869.142467] RIP: 0033:0x7f854f415b19
[ 2869.143259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2869.147179] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2869.148782] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 2869.150276] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 2869.151796] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2869.153297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2869.154807] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
01:33:19 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 24)

[ 2869.218442] FAULT_INJECTION: forcing a failure.
[ 2869.218442] name failslab, interval 1, probability 0, space 0, times 0
[ 2869.220874] CPU: 1 PID: 12402 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 2869.222326] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2869.224081] Call Trace:
[ 2869.224638]  dump_stack+0x107/0x167
[ 2869.225408]  should_fail.cold+0x5/0xa
[ 2869.226215]  should_failslab+0x5/0x20
[ 2869.227037]  __kmalloc_track_caller+0x79/0x370
[ 2869.228002]  ? p9_client_create+0x51e/0x1230
[ 2869.228937]  kmemdup_nul+0x2d/0xa0
[ 2869.229689]  p9_client_create+0x51e/0x1230
[ 2869.230601]  ? p9_client_flush+0x430/0x430
[ 2869.231500]  ? trace_hardirqs_on+0x5b/0x180
[ 2869.232416]  ? lockdep_init_map_type+0x2c7/0x780
[ 2869.233417]  ? __raw_spin_lock_init+0x36/0x110
[ 2869.234390]  v9fs_session_init+0x1dd/0x1680
[ 2869.235314]  ? lock_release+0x680/0x680
[ 2869.236167]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2869.237185]  ? v9fs_show_options+0x690/0x690
[ 2869.238128]  ? trace_hardirqs_on+0x5b/0x180
[ 2869.239054]  ? kasan_unpoison_shadow+0x33/0x50
[ 2869.240024]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2869.241105]  v9fs_mount+0x79/0x8f0
[ 2869.241861]  ? v9fs_write_inode+0x60/0x60
[ 2869.242749]  legacy_get_tree+0x105/0x220
[ 2869.243615]  vfs_get_tree+0x8e/0x300
[ 2869.244403]  path_mount+0x1490/0x21e0
[ 2869.245217]  ? strncpy_from_user+0x9e/0x470
[ 2869.246136]  ? finish_automount+0xa90/0xa90
[ 2869.247061]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2869.248047]  ? _copy_from_user+0xfb/0x1b0
[ 2869.248926]  __x64_sys_mount+0x282/0x300
[ 2869.249779]  ? copy_mnt_ns+0xa00/0xa00
[ 2869.250616]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2869.251724]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2869.252813]  do_syscall_64+0x33/0x40
[ 2869.253604]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2869.254690] RIP: 0033:0x7f8d12f8ab19
[ 2869.255475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2869.259360] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2869.260979] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 2869.262488] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2869.264002] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 2869.265510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2869.267026] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
01:33:32 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x2000, 0x0, 0x0, 0x0)

01:33:32 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x36d9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:33:32 executing program 5:
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x18, 0x0, 0x0, 0x0)

01:33:32 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0xf6ffffff, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:33:32 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

01:33:32 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', 0x0, 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

01:33:32 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 24)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

01:33:32 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 25)

01:33:32 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

[ 2881.716567] FAULT_INJECTION: forcing a failure.
[ 2881.716567] name failslab, interval 1, probability 0, space 0, times 0
[ 2881.719610] CPU: 1 PID: 12415 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 2881.721231] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2881.723195] Call Trace:
[ 2881.723819]  dump_stack+0x107/0x167
[ 2881.724677]  should_fail.cold+0x5/0xa
[ 2881.725573]  ? security_file_alloc+0x34/0x170
[ 2881.726633]  should_failslab+0x5/0x20
[ 2881.727537]  kmem_cache_alloc+0x5b/0x310
[ 2881.728503]  security_file_alloc+0x34/0x170
[ 2881.729508]  __alloc_file+0xb7/0x320
[ 2881.730390]  alloc_empty_file+0x6d/0x170
01:33:32 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0xfffffff6, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

[ 2881.731349]  path_openat+0xe6/0x2770
[ 2881.732396]  ? __lock_acquire+0x1657/0x5b00
[ 2881.733413]  ? path_lookupat+0x860/0x860
[ 2881.734361]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2881.735598]  ? entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2881.736846]  do_filp_open+0x190/0x3e0
[ 2881.737721]  ? may_open_dev+0xf0/0xf0
[ 2881.738611]  ? alloc_fd+0x2e7/0x670
[ 2881.739463]  ? lock_downgrade+0x6d0/0x6d0
[ 2881.740417]  ? do_raw_spin_lock+0x121/0x260
[ 2881.741411]  ? rwlock_bug.part.0+0x90/0x90
[ 2881.741848] FAULT_INJECTION: forcing a failure.
[ 2881.741848] name failslab, interval 1, probability 0, space 0, times 0
[ 2881.742389]  ? lock_chain_count+0x20/0x20
[ 2881.744683]  ? stack_trace_save+0x8c/0xc0
[ 2881.745644]  ? _raw_spin_unlock+0x1a/0x30
[ 2881.746599]  ? alloc_fd+0x2e7/0x670
[ 2881.747479]  io_openat2+0x24d/0xb80
[ 2881.748318]  ? io_send+0x780/0x780
[ 2881.749167]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2881.750417]  io_issue_sqe+0x2cd/0x77d0
[ 2881.751350]  ? lock_acquire+0x197/0x470
[ 2881.752282]  ? find_held_lock+0x2c/0x110
[ 2881.753231]  ? __virt_addr_valid+0x346/0x5d0
[ 2881.754251]  ? io_connect+0x610/0x610
[ 2881.755150]  ? __might_fault+0xd3/0x180
[ 2881.756059]  ? lock_downgrade+0x6d0/0x6d0
[ 2881.757023]  ? __virt_addr_valid+0x170/0x5d0
[ 2881.758049]  ? __check_object_size+0x319/0x440
[ 2881.759115]  __io_queue_sqe+0x90/0x9d0
[ 2881.760024]  ? io_issue_sqe+0x77d0/0x77d0
[ 2881.760991]  ? getname+0x96/0xd0
[ 2881.761777]  io_submit_sqes+0x44a8/0x8610
[ 2881.762772]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 2881.763922]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 2881.765055]  ? find_held_lock+0x2c/0x110
[ 2881.766001]  ? io_submit_sqes+0x8610/0x8610
[ 2881.767021]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2881.768154]  ? wait_for_completion_io+0x270/0x270
[ 2881.769262]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2881.770242]  ? vfs_write+0x354/0xb10
[ 2881.771101]  ? fput_many+0x2f/0x1a0
[ 2881.771961]  ? ksys_write+0x1a9/0x260
[ 2881.772841]  ? __ia32_sys_read+0xb0/0xb0
[ 2881.773800]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2881.774948]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2881.776142]  do_syscall_64+0x33/0x40
[ 2881.777018]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2881.778118] RIP: 0033:0x7f854f415b19
[ 2881.778999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2881.783253] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2881.785056] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 2881.786639] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 2881.788357] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2881.789953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2881.791463] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
[ 2881.792980] CPU: 0 PID: 12423 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 2881.794471] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2881.796203] Call Trace:
[ 2881.796759]  dump_stack+0x107/0x167
[ 2881.797530]  should_fail.cold+0x5/0xa
[ 2881.798326]  should_failslab+0x5/0x20
[ 2881.799131]  __kmalloc_track_caller+0x79/0x370
[ 2881.800078]  ? p9_client_create+0x51e/0x1230
[ 2881.801009]  kmemdup_nul+0x2d/0xa0
[ 2881.801740]  p9_client_create+0x51e/0x1230
[ 2881.802626]  ? p9_client_flush+0x430/0x430
[ 2881.803524]  ? trace_hardirqs_on+0x5b/0x180
[ 2881.804428]  ? lockdep_init_map_type+0x2c7/0x780
[ 2881.805424]  ? __raw_spin_lock_init+0x36/0x110
[ 2881.806377]  v9fs_session_init+0x1dd/0x1680
[ 2881.807291]  ? lock_release+0x680/0x680
[ 2881.808148]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2881.809152]  ? v9fs_show_options+0x690/0x690
[ 2881.810078]  ? trace_hardirqs_on+0x5b/0x180
[ 2881.810978]  ? kasan_unpoison_shadow+0x33/0x50
[ 2881.811944]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2881.813008]  v9fs_mount+0x79/0x8f0
[ 2881.813766]  ? v9fs_write_inode+0x60/0x60
[ 2881.814628]  legacy_get_tree+0x105/0x220
[ 2881.815496]  vfs_get_tree+0x8e/0x300
[ 2881.816294]  path_mount+0x1490/0x21e0
[ 2881.817104]  ? strncpy_from_user+0x9e/0x470
[ 2881.818016]  ? finish_automount+0xa90/0xa90
[ 2881.818930]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2881.819922]  ? _copy_from_user+0xfb/0x1b0
[ 2881.820801]  __x64_sys_mount+0x282/0x300
[ 2881.821657]  ? copy_mnt_ns+0xa00/0xa00
[ 2881.822466]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2881.823577]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2881.824672]  do_syscall_64+0x33/0x40
[ 2881.825443]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2881.826511] RIP: 0033:0x7f8d12f8ab19
[ 2881.827308] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2881.831195] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2881.832813] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 2881.834338] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2881.835853] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 2881.837368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2881.838890] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
01:33:32 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x37d9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:33:32 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

01:33:32 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', 0x0, 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

01:33:49 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x1000000000000, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:33:49 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

01:33:49 executing program 5:
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x500, 0x0, 0x0, 0x0)

01:33:49 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x4000, 0x0, 0x0, 0x0)

01:33:49 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', 0x0, 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

01:33:49 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 25)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

01:33:49 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 26)

01:33:49 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x38d9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

[ 2898.512492] FAULT_INJECTION: forcing a failure.
[ 2898.512492] name failslab, interval 1, probability 0, space 0, times 0
[ 2898.515026] CPU: 0 PID: 12462 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 2898.516498] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2898.518253] Call Trace:
[ 2898.518814]  dump_stack+0x107/0x167
[ 2898.519596]  should_fail.cold+0x5/0xa
[ 2898.520413]  should_failslab+0x5/0x20
[ 2898.521217]  __kmalloc_track_caller+0x79/0x370
[ 2898.522179]  ? parse_opts.part.0+0x8e/0x340
[ 2898.523105]  kstrdup+0x36/0x70
[ 2898.523788]  parse_opts.part.0+0x8e/0x340
[ 2898.524668]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2898.525635]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2898.526731]  ? quarantine_put+0x8b/0x1a0
[ 2898.527599]  ? trace_hardirqs_on+0x5b/0x180
[ 2898.528517]  ? kfree+0xd7/0x340
[ 2898.529226]  p9_fd_create+0x98/0x4a0
[ 2898.530020]  ? p9_conn_create+0x510/0x510
[ 2898.530894]  ? p9_client_create+0x798/0x1230
[ 2898.531850]  ? kfree+0xd7/0x340
[ 2898.532545]  ? do_raw_spin_unlock+0x4f/0x220
[ 2898.533492]  p9_client_create+0x7ff/0x1230
[ 2898.534388]  ? p9_client_flush+0x430/0x430
[ 2898.535299]  ? trace_hardirqs_on+0x5b/0x180
[ 2898.536228]  ? lockdep_init_map_type+0x2c7/0x780
[ 2898.537238]  ? __raw_spin_lock_init+0x36/0x110
[ 2898.538218]  v9fs_session_init+0x1dd/0x1680
[ 2898.539151]  ? lock_release+0x680/0x680
[ 2898.540000]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2898.541030]  ? v9fs_show_options+0x690/0x690
[ 2898.541981]  ? trace_hardirqs_on+0x5b/0x180
[ 2898.542898]  ? kasan_unpoison_shadow+0x33/0x50
[ 2898.543875]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2898.544956]  v9fs_mount+0x79/0x8f0
[ 2898.545694]  ? v9fs_write_inode+0x60/0x60
[ 2898.546571]  legacy_get_tree+0x105/0x220
[ 2898.547443]  vfs_get_tree+0x8e/0x300
[ 2898.548222]  path_mount+0x1490/0x21e0
[ 2898.549035]  ? strncpy_from_user+0x9e/0x470
[ 2898.549945]  ? finish_automount+0xa90/0xa90
[ 2898.550863]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2898.551863]  ? _copy_from_user+0xfb/0x1b0
[ 2898.552751]  __x64_sys_mount+0x282/0x300
[ 2898.553614]  ? copy_mnt_ns+0xa00/0xa00
[ 2898.554444]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2898.555568]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2898.556675]  do_syscall_64+0x33/0x40
[ 2898.557473]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2898.558560] RIP: 0033:0x7f8d12f8ab19
[ 2898.559357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2898.563261] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2898.564894] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 2898.566432] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2898.567970] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 2898.569491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2898.571017] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
[ 2898.573130] 9pnet: Insufficient options for proto=fd
01:33:49 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x39d9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

[ 2898.595976] FAULT_INJECTION: forcing a failure.
[ 2898.595976] name failslab, interval 1, probability 0, space 0, times 0
[ 2898.599004] CPU: 0 PID: 12454 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 2898.600481] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2898.602221] Call Trace:
[ 2898.602779]  dump_stack+0x107/0x167
[ 2898.603569]  should_fail.cold+0x5/0xa
[ 2898.604375]  ? create_object.isra.0+0x3a/0xa30
[ 2898.605341]  should_failslab+0x5/0x20
[ 2898.606151]  kmem_cache_alloc+0x5b/0x310
[ 2898.607030]  ? percpu_ref_put_many.constprop.0+0x4e/0x110
[ 2898.608203]  create_object.isra.0+0x3a/0xa30
[ 2898.609143]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2898.610222]  kmem_cache_alloc+0x159/0x310
[ 2898.611122]  security_file_alloc+0x34/0x170
[ 2898.612040]  __alloc_file+0xb7/0x320
[ 2898.612835]  alloc_empty_file+0x6d/0x170
[ 2898.613700]  path_openat+0xe6/0x2770
[ 2898.614489]  ? __lock_acquire+0x1657/0x5b00
[ 2898.615429]  ? path_lookupat+0x860/0x860
[ 2898.616307]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2898.617422]  ? entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2898.618567]  do_filp_open+0x190/0x3e0
[ 2898.619381]  ? may_open_dev+0xf0/0xf0
[ 2898.620208]  ? alloc_fd+0x2e7/0x670
[ 2898.620984]  ? lock_downgrade+0x6d0/0x6d0
[ 2898.621871]  ? do_raw_spin_lock+0x121/0x260
[ 2898.622798]  ? rwlock_bug.part.0+0x90/0x90
[ 2898.623698]  ? lock_chain_count+0x20/0x20
[ 2898.624571]  ? stack_trace_save+0x8c/0xc0
[ 2898.625457]  ? _raw_spin_unlock+0x1a/0x30
[ 2898.626329]  ? alloc_fd+0x2e7/0x670
[ 2898.627122]  io_openat2+0x24d/0xb80
[ 2898.627908]  ? io_send+0x780/0x780
[ 2898.628666]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2898.629786]  io_issue_sqe+0x2cd/0x77d0
[ 2898.630606]  ? lock_acquire+0x197/0x470
[ 2898.631460]  ? find_held_lock+0x2c/0x110
[ 2898.632321]  ? __virt_addr_valid+0x346/0x5d0
[ 2898.633239]  ? io_connect+0x610/0x610
[ 2898.634072]  ? __might_fault+0xd3/0x180
[ 2898.634908]  ? lock_downgrade+0x6d0/0x6d0
[ 2898.635807]  ? __virt_addr_valid+0x170/0x5d0
[ 2898.636732]  ? __check_object_size+0x319/0x440
[ 2898.637697]  __io_queue_sqe+0x90/0x9d0
[ 2898.638525]  ? io_issue_sqe+0x77d0/0x77d0
[ 2898.639412]  ? getname+0x96/0xd0
[ 2898.640139]  io_submit_sqes+0x44a8/0x8610
[ 2898.641044]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 2898.642097]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 2898.643130]  ? find_held_lock+0x2c/0x110
[ 2898.644002]  ? io_submit_sqes+0x8610/0x8610
[ 2898.644918]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2898.645936]  ? wait_for_completion_io+0x270/0x270
[ 2898.646970]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2898.647963]  ? vfs_write+0x354/0xb10
[ 2898.648750]  ? fput_many+0x2f/0x1a0
[ 2898.649523]  ? ksys_write+0x1a9/0x260
[ 2898.650332]  ? __ia32_sys_read+0xb0/0xb0
[ 2898.651204]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2898.652332]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2898.653456]  do_syscall_64+0x33/0x40
[ 2898.654263]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2898.655382] RIP: 0033:0x7f854f415b19
[ 2898.656193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2898.660144] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2898.661821] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 2898.663362] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 2898.664904] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2898.666462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2898.668041] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
01:33:49 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0))
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
r4 = dup2(r3, r3)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r4, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r4, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, 0x0)

01:33:49 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

01:33:49 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x8000000000000, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:33:49 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x3ad9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:33:49 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

01:33:49 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0))
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
r4 = dup2(r3, r3)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r4, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r4, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, 0x0)

01:33:49 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 27)

[ 2898.920735] FAULT_INJECTION: forcing a failure.
[ 2898.920735] name failslab, interval 1, probability 0, space 0, times 0
[ 2898.923203] CPU: 0 PID: 12487 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 2898.924677] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2898.926454] Call Trace:
[ 2898.927031]  dump_stack+0x107/0x167
[ 2898.927806]  should_fail.cold+0x5/0xa
[ 2898.928625]  should_failslab+0x5/0x20
[ 2898.929444]  __kmalloc_track_caller+0x79/0x370
[ 2898.930419]  ? parse_opts.part.0+0x8e/0x340
[ 2898.931345]  kstrdup+0x36/0x70
[ 2898.932038]  parse_opts.part.0+0x8e/0x340
[ 2898.932923]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2898.933885]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2898.935006]  ? quarantine_put+0x8b/0x1a0
[ 2898.935872]  ? trace_hardirqs_on+0x5b/0x180
[ 2898.936785]  ? kfree+0xd7/0x340
[ 2898.937494]  p9_fd_create+0x98/0x4a0
[ 2898.938285]  ? p9_conn_create+0x510/0x510
[ 2898.939172]  ? p9_client_create+0x798/0x1230
[ 2898.940099]  ? kfree+0xd7/0x340
[ 2898.940801]  ? do_raw_spin_unlock+0x4f/0x220
[ 2898.941738]  p9_client_create+0x7ff/0x1230
[ 2898.942640]  ? p9_client_flush+0x430/0x430
[ 2898.943558]  ? trace_hardirqs_on+0x5b/0x180
[ 2898.944474]  ? lockdep_init_map_type+0x2c7/0x780
[ 2898.945488]  ? __raw_spin_lock_init+0x36/0x110
[ 2898.946462]  v9fs_session_init+0x1dd/0x1680
[ 2898.947389]  ? lock_release+0x680/0x680
[ 2898.948243]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2898.949262]  ? v9fs_show_options+0x690/0x690
[ 2898.950199]  ? trace_hardirqs_on+0x5b/0x180
[ 2898.951124]  ? kasan_unpoison_shadow+0x33/0x50
[ 2898.952091]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2898.953161]  v9fs_mount+0x79/0x8f0
[ 2898.953903]  ? v9fs_write_inode+0x60/0x60
[ 2898.954776]  legacy_get_tree+0x105/0x220
[ 2898.955648]  vfs_get_tree+0x8e/0x300
[ 2898.956437]  path_mount+0x1490/0x21e0
[ 2898.957220]  ? strncpy_from_user+0x9e/0x470
[ 2898.958130]  ? finish_automount+0xa90/0xa90
[ 2898.959055]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2898.960042]  ? _copy_from_user+0xfb/0x1b0
[ 2898.960932]  __x64_sys_mount+0x282/0x300
[ 2898.961791]  ? copy_mnt_ns+0xa00/0xa00
[ 2898.962618]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2898.963742]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2898.964859]  do_syscall_64+0x33/0x40
[ 2898.965653]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2898.966737] RIP: 0033:0x7f8d12f8ab19
[ 2898.967533] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2898.971428] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2898.973053] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 2898.974583] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2898.976113] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 2898.977638] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2898.979157] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
[ 2898.981349] 9pnet: Insufficient options for proto=fd
01:33:49 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x3bd9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:33:49 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 26)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

[ 2899.055308] FAULT_INJECTION: forcing a failure.
[ 2899.055308] name failslab, interval 1, probability 0, space 0, times 0
[ 2899.060447] CPU: 1 PID: 12491 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 2899.061952] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2899.063708] Call Trace:
[ 2899.064263]  dump_stack+0x107/0x167
[ 2899.065026]  should_fail.cold+0x5/0xa
[ 2899.065823]  ? __alloc_file+0x21/0x320
[ 2899.066638]  should_failslab+0x5/0x20
[ 2899.067453]  kmem_cache_alloc+0x5b/0x310
[ 2899.068312]  __alloc_file+0x21/0x320
[ 2899.069093]  alloc_empty_file+0x6d/0x170
[ 2899.069955]  path_openat+0xe6/0x2770
[ 2899.070742]  ? __lock_acquire+0x1657/0x5b00
[ 2899.071680]  ? path_lookupat+0x860/0x860
[ 2899.072540]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2899.073651]  ? entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2899.074791]  do_filp_open+0x190/0x3e0
[ 2899.075602]  ? may_open_dev+0xf0/0xf0
[ 2899.076410]  ? alloc_fd+0x2e7/0x670
[ 2899.077181]  ? lock_downgrade+0x6d0/0x6d0
[ 2899.078055]  ? do_raw_spin_lock+0x121/0x260
[ 2899.078976]  ? rwlock_bug.part.0+0x90/0x90
[ 2899.079875]  ? lock_chain_count+0x20/0x20
[ 2899.080756]  ? stack_trace_save+0x8c/0xc0
[ 2899.081631]  ? _raw_spin_unlock+0x1a/0x30
[ 2899.082503]  ? alloc_fd+0x2e7/0x670
[ 2899.083288]  io_openat2+0x24d/0xb80
[ 2899.084075]  ? io_send+0x780/0x780
[ 2899.084833]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2899.085931]  io_issue_sqe+0x2cd/0x77d0
[ 2899.086760]  ? lock_acquire+0x197/0x470
[ 2899.087623]  ? find_held_lock+0x2c/0x110
[ 2899.088482]  ? __virt_addr_valid+0x346/0x5d0
[ 2899.089418]  ? io_connect+0x610/0x610
[ 2899.090232]  ? __might_fault+0xd3/0x180
[ 2899.091080]  ? lock_downgrade+0x6d0/0x6d0
[ 2899.091970]  ? __virt_addr_valid+0x170/0x5d0
[ 2899.092915]  ? __check_object_size+0x319/0x440
[ 2899.093887]  __io_queue_sqe+0x90/0x9d0
[ 2899.094718]  ? io_issue_sqe+0x77d0/0x77d0
[ 2899.095617]  ? getname+0x96/0xd0
[ 2899.096337]  io_submit_sqes+0x44a8/0x8610
[ 2899.097213]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 2899.098277]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 2899.099303]  ? find_held_lock+0x2c/0x110
[ 2899.100165]  ? io_submit_sqes+0x8610/0x8610
[ 2899.101083]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2899.102099]  ? wait_for_completion_io+0x270/0x270
[ 2899.103132]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2899.104113]  ? vfs_write+0x354/0xb10
[ 2899.104908]  ? fput_many+0x2f/0x1a0
[ 2899.105669]  ? ksys_write+0x1a9/0x260
[ 2899.106466]  ? __ia32_sys_read+0xb0/0xb0
[ 2899.107342]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2899.108457]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2899.109557]  do_syscall_64+0x33/0x40
[ 2899.110341]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2899.111430] RIP: 0033:0x7f854f415b19
[ 2899.112212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2899.116143] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2899.117754] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 2899.119283] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 2899.120807] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2899.122265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2899.123793] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
01:34:04 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x80000, 0x0, 0x0, 0x0)

01:34:04 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0))
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
r4 = dup2(r3, r3)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r4, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r4, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, 0x0)

01:34:04 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x40000000000000, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:34:04 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

01:34:04 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 28)

01:34:04 executing program 5:
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x1800, 0x0, 0x0, 0x0)

01:34:04 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x3cd9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:34:04 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 27)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

[ 2913.402974] FAULT_INJECTION: forcing a failure.
[ 2913.402974] name failslab, interval 1, probability 0, space 0, times 0
[ 2913.406024] CPU: 0 PID: 12510 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 2913.407641] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2913.409500] Call Trace:
[ 2913.410097]  dump_stack+0x107/0x167
[ 2913.410881]  should_fail.cold+0x5/0xa
[ 2913.411710]  ? create_object.isra.0+0x3a/0xa30
[ 2913.412737]  should_failslab+0x5/0x20
[ 2913.413514]  kmem_cache_alloc+0x5b/0x310
[ 2913.414374]  create_object.isra.0+0x3a/0xa30
[ 2913.415318]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2913.416404]  __kmalloc_track_caller+0x177/0x370
[ 2913.417387]  ? p9_client_create+0x51e/0x1230
[ 2913.418320]  kmemdup_nul+0x2d/0xa0
[ 2913.419065]  p9_client_create+0x51e/0x1230
[ 2913.419971]  ? p9_client_flush+0x430/0x430
[ 2913.420867]  ? _raw_spin_unlock_irqrestore+0x25/0x40
[ 2913.421944]  ? lockdep_init_map_type+0x2c7/0x780
[ 2913.422923]  ? __raw_spin_lock_init+0x36/0x110
[ 2913.423913]  v9fs_session_init+0x1dd/0x1680
[ 2913.424802]  ? lock_release+0x680/0x680
[ 2913.425654]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2913.426661]  ? v9fs_show_options+0x690/0x690
[ 2913.427602]  ? trace_hardirqs_on+0x5b/0x180
[ 2913.428515]  ? kasan_unpoison_shadow+0x33/0x50
[ 2913.429460]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2913.430534]  v9fs_mount+0x79/0x8f0
[ 2913.431289]  ? v9fs_write_inode+0x60/0x60
[ 2913.432150]  legacy_get_tree+0x105/0x220
[ 2913.433018]  vfs_get_tree+0x8e/0x300
[ 2913.433798]  path_mount+0x1490/0x21e0
[ 2913.434574]  ? strncpy_from_user+0x9e/0x470
[ 2913.435454]  ? finish_automount+0xa90/0xa90
[ 2913.436330]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2913.437311]  ? _copy_from_user+0xfb/0x1b0
[ 2913.438159]  __x64_sys_mount+0x282/0x300
[ 2913.439023]  ? copy_mnt_ns+0xa00/0xa00
[ 2913.439886]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2913.440967]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2913.442022]  do_syscall_64+0x33/0x40
[ 2913.442791]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2913.443853] RIP: 0033:0x7f8d12f8ab19
[ 2913.444607] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
01:34:04 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
r5 = dup2(r4, r4)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r5, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r3}})

[ 2913.448335] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2913.450141] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 2913.451656] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2913.453174] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 2913.454667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2913.456192] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
01:34:04 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x80000000000000, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

[ 2913.544418] FAULT_INJECTION: forcing a failure.
[ 2913.544418] name failslab, interval 1, probability 0, space 0, times 0
[ 2913.547109] CPU: 1 PID: 12515 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 2913.548615] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2913.550399] Call Trace:
[ 2913.550972]  dump_stack+0x107/0x167
[ 2913.551771]  should_fail.cold+0x5/0xa
[ 2913.552592]  ? getname_flags.part.0+0x50/0x4f0
[ 2913.553556]  should_failslab+0x5/0x20
[ 2913.554361]  kmem_cache_alloc+0x5b/0x310
[ 2913.555244]  getname_flags.part.0+0x50/0x4f0
[ 2913.556175]  getname+0x8e/0xd0
[ 2913.556832]  __io_openat_prep+0x228/0x4c0
[ 2913.557744]  io_submit_sqes+0x25eb/0x8610
[ 2913.558750]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 2913.559920]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 2913.561012]  ? find_held_lock+0x2c/0x110
[ 2913.561926]  ? io_submit_sqes+0x8610/0x8610
[ 2913.562929]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2913.563944]  ? wait_for_completion_io+0x270/0x270
[ 2913.564980]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2913.566030]  ? vfs_write+0x354/0xb10
[ 2913.566878]  ? fput_many+0x2f/0x1a0
[ 2913.567704]  ? ksys_write+0x1a9/0x260
[ 2913.568557]  ? __ia32_sys_read+0xb0/0xb0
[ 2913.569468]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2913.570682]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2913.571912]  do_syscall_64+0x33/0x40
[ 2913.572777]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2913.573855] RIP: 0033:0x7f854f415b19
[ 2913.574631] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2913.578313] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2913.579899] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 2913.581373] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 2913.582853] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2913.584376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2913.585859] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
01:34:04 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x3dd9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:34:04 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

[ 2913.639021] 9pnet: Insufficient options for proto=fd
01:34:04 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
r5 = dup2(r4, r4)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r5, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r3}})

01:34:04 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x3ed9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:34:04 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x100000000000000, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:34:04 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

[ 2913.863436] 9pnet: Insufficient options for proto=fd
01:34:19 executing program 5:
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x2000, 0x0, 0x0, 0x0)

01:34:19 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x400000, 0x0, 0x0, 0x0)

01:34:19 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
r5 = dup2(r4, r4)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r5, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r3}})

01:34:19 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 29)

01:34:19 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x3f00, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:34:19 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 28)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

01:34:19 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x200000000000000, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:34:19 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, 0x0, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

[ 2929.081516] 9pnet: Insufficient options for proto=fd
[ 2929.105347] FAULT_INJECTION: forcing a failure.
[ 2929.105347] name failslab, interval 1, probability 0, space 0, times 0
[ 2929.106823] CPU: 1 PID: 12561 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 2929.107746] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2929.108802] Call Trace:
[ 2929.109154]  dump_stack+0x107/0x167
[ 2929.109631]  should_fail.cold+0x5/0xa
[ 2929.110141]  ? create_object.isra.0+0x3a/0xa30
[ 2929.110752]  should_failslab+0x5/0x20
[ 2929.111259]  kmem_cache_alloc+0x5b/0x310
[ 2929.111780]  create_object.isra.0+0x3a/0xa30
[ 2929.112326]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2929.112993]  __kmalloc_track_caller+0x177/0x370
[ 2929.113603]  ? match_number+0xaf/0x1d0
[ 2929.114121]  kmemdup_nul+0x2d/0xa0
[ 2929.114597]  match_number+0xaf/0x1d0
[ 2929.115087]  ? match_u64+0x190/0x190
[ 2929.115578]  ? __kmalloc_track_caller+0x2c6/0x370
[ 2929.116179]  ? memcpy+0x39/0x60
[ 2929.116597]  parse_opts.part.0+0x1f3/0x340
[ 2929.117126]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2929.117688]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2929.118360]  ? trace_hardirqs_on+0x5b/0x180
[ 2929.118915]  ? kfree+0xd7/0x340
[ 2929.119360]  p9_fd_create+0x98/0x4a0
[ 2929.119852]  ? p9_conn_create+0x510/0x510
[ 2929.120396]  ? p9_client_create+0x798/0x1230
[ 2929.120968]  ? kfree+0xd7/0x340
[ 2929.121398]  ? do_raw_spin_unlock+0x4f/0x220
[ 2929.121973]  p9_client_create+0x7ff/0x1230
[ 2929.122546]  ? p9_client_flush+0x430/0x430
[ 2929.123100]  ? trace_hardirqs_on+0x5b/0x180
[ 2929.123686]  ? lockdep_init_map_type+0x2c7/0x780
[ 2929.124316]  ? __raw_spin_lock_init+0x36/0x110
[ 2929.124921]  v9fs_session_init+0x1dd/0x1680
[ 2929.125466]  ? lock_release+0x680/0x680
[ 2929.125996]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2929.126617]  ? v9fs_show_options+0x690/0x690
[ 2929.127197]  ? trace_hardirqs_on+0x5b/0x180
[ 2929.127740]  ? kasan_unpoison_shadow+0x33/0x50
[ 2929.128334]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2929.128995]  v9fs_mount+0x79/0x8f0
[ 2929.129469]  ? v9fs_write_inode+0x60/0x60
[ 2929.130006]  legacy_get_tree+0x105/0x220
[ 2929.130550]  vfs_get_tree+0x8e/0x300
[ 2929.131034]  path_mount+0x1490/0x21e0
[ 2929.131545]  ? strncpy_from_user+0x9e/0x470
[ 2929.131792] FAULT_INJECTION: forcing a failure.
[ 2929.131792] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2929.132107]  ? finish_automount+0xa90/0xa90
[ 2929.132130]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2929.135759]  ? _copy_from_user+0xfb/0x1b0
[ 2929.136279]  __x64_sys_mount+0x282/0x300
[ 2929.136778]  ? copy_mnt_ns+0xa00/0xa00
[ 2929.137262]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2929.137911]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2929.138572]  do_syscall_64+0x33/0x40
[ 2929.139056]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2929.139719] RIP: 0033:0x7f8d12f8ab19
[ 2929.140175] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2929.142432] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2929.143399] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 2929.144288] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2929.145166] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 2929.146071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2929.146970] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
[ 2929.147904] CPU: 0 PID: 12565 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 2929.149390] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2929.151141] Call Trace:
[ 2929.151721]  dump_stack+0x107/0x167
[ 2929.152498]  should_fail.cold+0x5/0xa
[ 2929.153312]  __alloc_pages_nodemask+0x182/0x600
[ 2929.154309]  ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310
[ 2929.155701]  alloc_pages_current+0x187/0x280
[ 2929.156674]  allocate_slab+0x26f/0x380
[ 2929.157505]  ___slab_alloc+0x470/0x700
[ 2929.158347]  ? getname_flags.part.0+0x50/0x4f0
[ 2929.159315]  ? lock_acquire+0x197/0x470
[ 2929.160186]  ? getname_flags.part.0+0x50/0x4f0
[ 2929.161186]  ? kmem_cache_alloc+0x301/0x310
[ 2929.162094]  ? getname_flags.part.0+0x50/0x4f0
[ 2929.163059]  kmem_cache_alloc+0x301/0x310
[ 2929.163957]  getname_flags.part.0+0x50/0x4f0
01:34:19 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
r5 = dup2(r4, r4)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r5, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}})

[ 2929.164905]  getname+0x8e/0xd0
[ 2929.165941]  __io_openat_prep+0x228/0x4c0
[ 2929.167049]  io_submit_sqes+0x25eb/0x8610
[ 2929.168210]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 2929.169518]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 2929.170785]  ? find_held_lock+0x2c/0x110
[ 2929.171871]  ? io_submit_sqes+0x8610/0x8610
[ 2929.173013]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2929.174277]  ? wait_for_completion_io+0x270/0x270
[ 2929.175576]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2929.176831]  ? vfs_write+0x354/0xb10
[ 2929.177838]  ? fput_many+0x2f/0x1a0
[ 2929.178800]  ? ksys_write+0x1a9/0x260
[ 2929.179815]  ? __ia32_sys_read+0xb0/0xb0
[ 2929.180896]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2929.182283]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2929.183664]  do_syscall_64+0x33/0x40
[ 2929.184661]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2929.186033] RIP: 0033:0x7f854f415b19
[ 2929.187015] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2929.191816] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2929.193405] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 2929.194918] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 2929.196430] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2929.197928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2929.199429] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
[ 2929.247921] 9pnet: Insufficient options for proto=fd
01:34:20 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x3fd9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:34:20 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, 0x0, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

01:34:20 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x400000000000000, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:34:20 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
r5 = dup2(r4, r4)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r5, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}})

01:34:20 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 30)

01:34:20 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x4000, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:34:20 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, 0x0, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

[ 2929.421398] 9pnet: Insufficient options for proto=fd
[ 2929.457244] FAULT_INJECTION: forcing a failure.
[ 2929.457244] name failslab, interval 1, probability 0, space 0, times 0
[ 2929.459727] CPU: 0 PID: 12590 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 2929.461189] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2929.462937] Call Trace:
[ 2929.463510]  dump_stack+0x107/0x167
[ 2929.464271]  should_fail.cold+0x5/0xa
[ 2929.465071]  should_failslab+0x5/0x20
[ 2929.465867]  __kmalloc_track_caller+0x79/0x370
[ 2929.466831]  ? match_number+0xaf/0x1d0
[ 2929.467653]  ? kfree+0xd7/0x340
[ 2929.468355]  kmemdup_nul+0x2d/0xa0
[ 2929.469101]  match_number+0xaf/0x1d0
[ 2929.469882]  ? match_u64+0x190/0x190
[ 2929.470663]  ? __kmalloc_track_caller+0x2c6/0x370
[ 2929.471683]  ? memcpy+0x39/0x60
[ 2929.472374]  parse_opts.part.0+0x1f3/0x340
[ 2929.473261]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2929.474204]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2929.475302]  ? trace_hardirqs_on+0x5b/0x180
[ 2929.476220]  ? kfree+0xd7/0x340
[ 2929.476932]  p9_fd_create+0x98/0x4a0
[ 2929.477718]  ? p9_conn_create+0x510/0x510
[ 2929.478583]  ? p9_client_create+0x798/0x1230
[ 2929.479509]  ? kfree+0xd7/0x340
[ 2929.480200]  ? do_raw_spin_unlock+0x4f/0x220
[ 2929.481134]  p9_client_create+0x7ff/0x1230
[ 2929.482021]  ? p9_client_flush+0x430/0x430
[ 2929.482905]  ? trace_hardirqs_on+0x5b/0x180
[ 2929.483812]  ? lockdep_init_map_type+0x2c7/0x780
[ 2929.484802]  ? __raw_spin_lock_init+0x36/0x110
[ 2929.485763]  v9fs_session_init+0x1dd/0x1680
[ 2929.486664]  ? lock_release+0x680/0x680
[ 2929.487506]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2929.488507]  ? v9fs_show_options+0x690/0x690
[ 2929.489432]  ? trace_hardirqs_on+0x5b/0x180
[ 2929.490336]  ? kasan_unpoison_shadow+0x33/0x50
[ 2929.491289]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2929.492359]  v9fs_mount+0x79/0x8f0
[ 2929.493101]  ? v9fs_write_inode+0x60/0x60
[ 2929.493970]  legacy_get_tree+0x105/0x220
[ 2929.494828]  vfs_get_tree+0x8e/0x300
[ 2929.495593]  path_mount+0x1490/0x21e0
[ 2929.496405]  ? strncpy_from_user+0x9e/0x470
[ 2929.497298]  ? finish_automount+0xa90/0xa90
[ 2929.498202]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2929.499177]  ? _copy_from_user+0xfb/0x1b0
[ 2929.500060]  __x64_sys_mount+0x282/0x300
[ 2929.500914]  ? copy_mnt_ns+0xa00/0xa00
[ 2929.501731]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2929.502824]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2929.503907]  do_syscall_64+0x33/0x40
[ 2929.504703]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2929.505782] RIP: 0033:0x7f8d12f8ab19
[ 2929.506560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2929.510426] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2929.512040] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 2929.513548] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2929.515044] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 2929.516544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2929.518046] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
[ 2929.520301] 9pnet: Insufficient options for proto=fd
01:34:34 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x800000, 0x0, 0x0, 0x0)

01:34:34 executing program 5:
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x4000, 0x0, 0x0, 0x0)

01:34:34 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x600000000000000, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:34:34 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x4084, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:34:34 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

01:34:34 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
r5 = dup2(r4, r4)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r5, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}})

01:34:34 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 29)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

01:34:34 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 31)

[ 2943.287034] FAULT_INJECTION: forcing a failure.
[ 2943.287034] name failslab, interval 1, probability 0, space 0, times 0
[ 2943.289519] CPU: 0 PID: 12610 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 2943.290980] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2943.292735] Call Trace:
[ 2943.293302]  dump_stack+0x107/0x167
[ 2943.294074]  should_fail.cold+0x5/0xa
[ 2943.294881]  should_failslab+0x5/0x20
[ 2943.295694]  __kmalloc_track_caller+0x79/0x370
[ 2943.296653]  ? match_number+0xaf/0x1d0
[ 2943.297478]  ? kfree+0xd7/0x340
[ 2943.298184]  kmemdup_nul+0x2d/0xa0
[ 2943.298937]  match_number+0xaf/0x1d0
[ 2943.299740]  ? match_u64+0x190/0x190
[ 2943.300527]  ? __kmalloc_track_caller+0x2c6/0x370
[ 2943.301544]  ? memcpy+0x39/0x60
[ 2943.302237]  parse_opts.part.0+0x1f3/0x340
[ 2943.303126]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2943.304087]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2943.305187]  ? trace_hardirqs_on+0x5b/0x180
[ 2943.306100]  ? kfree+0xd7/0x340
[ 2943.306795]  p9_fd_create+0x98/0x4a0
[ 2943.307587]  ? p9_conn_create+0x510/0x510
[ 2943.308457]  ? p9_client_create+0x798/0x1230
[ 2943.309383]  ? kfree+0xd7/0x340
[ 2943.310072]  ? do_raw_spin_unlock+0x4f/0x220
[ 2943.311009]  p9_client_create+0x7ff/0x1230
[ 2943.311924]  ? p9_client_flush+0x430/0x430
[ 2943.312813]  ? trace_hardirqs_on+0x5b/0x180
[ 2943.313726]  ? lockdep_init_map_type+0x2c7/0x780
[ 2943.314727]  ? __raw_spin_lock_init+0x36/0x110
[ 2943.315699]  v9fs_session_init+0x1dd/0x1680
[ 2943.316606]  ? lock_release+0x680/0x680
[ 2943.317452]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2943.318471]  ? v9fs_show_options+0x690/0x690
[ 2943.319402]  ? trace_hardirqs_on+0x5b/0x180
[ 2943.320321]  ? kasan_unpoison_shadow+0x33/0x50
[ 2943.321293]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2943.322359]  v9fs_mount+0x79/0x8f0
[ 2943.323109]  ? v9fs_write_inode+0x60/0x60
[ 2943.323984]  legacy_get_tree+0x105/0x220
[ 2943.324838]  vfs_get_tree+0x8e/0x300
[ 2943.325623]  path_mount+0x1490/0x21e0
[ 2943.326428]  ? strncpy_from_user+0x9e/0x470
[ 2943.327348]  ? finish_automount+0xa90/0xa90
[ 2943.328266]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2943.329245]  ? _copy_from_user+0xfb/0x1b0
[ 2943.330121]  __x64_sys_mount+0x282/0x300
[ 2943.330974]  ? copy_mnt_ns+0xa00/0xa00
[ 2943.331803]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2943.332910]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2943.333997]  do_syscall_64+0x33/0x40
[ 2943.334784]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2943.335867] RIP: 0033:0x7f8d12f8ab19
[ 2943.336654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2943.340538] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2943.342156] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 2943.343674] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2943.345176] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 2943.346681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2943.348185] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
[ 2943.350313] 9pnet: Insufficient options for proto=fd
[ 2943.363201] 9pnet: Insufficient options for proto=fd
[ 2943.378194] FAULT_INJECTION: forcing a failure.
[ 2943.378194] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2943.380064] CPU: 1 PID: 12608 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 2943.381070] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2943.382248] Call Trace:
[ 2943.382630]  dump_stack+0x107/0x167
[ 2943.383162]  should_fail.cold+0x5/0xa
[ 2943.383750]  strncpy_from_user+0x34/0x470
[ 2943.384333]  getname_flags.part.0+0x95/0x4f0
[ 2943.384946]  getname+0x8e/0xd0
[ 2943.385396]  __io_openat_prep+0x228/0x4c0
[ 2943.385969]  io_submit_sqes+0x25eb/0x8610
[ 2943.386560]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 2943.387256]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 2943.387940]  ? find_held_lock+0x2c/0x110
[ 2943.388519]  ? io_submit_sqes+0x8610/0x8610
[ 2943.389140]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2943.389831]  ? wait_for_completion_io+0x270/0x270
[ 2943.390526]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2943.391188]  ? vfs_write+0x354/0xb10
[ 2943.391729]  ? fput_many+0x2f/0x1a0
[ 2943.392242]  ? ksys_write+0x1a9/0x260
[ 2943.392793]  ? __ia32_sys_read+0xb0/0xb0
[ 2943.393390]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2943.394143]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2943.394882]  do_syscall_64+0x33/0x40
[ 2943.395414]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2943.396780] RIP: 0033:0x7f854f415b19
[ 2943.397730] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2943.402186] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2943.403909] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 2943.405514] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 2943.407114] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2943.408725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2943.410328] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
01:34:34 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x1800000000000000, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:34:34 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

01:34:34 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x40d9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:34:34 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 32)

[ 2943.579918] FAULT_INJECTION: forcing a failure.
[ 2943.579918] name failslab, interval 1, probability 0, space 0, times 0
[ 2943.582546] CPU: 1 PID: 12627 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 2943.584080] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2943.585917] Call Trace:
[ 2943.586524]  dump_stack+0x107/0x167
[ 2943.587352]  should_fail.cold+0x5/0xa
[ 2943.588226]  ? p9_fd_create+0x161/0x4a0
[ 2943.589130]  should_failslab+0x5/0x20
[ 2943.590008]  kmem_cache_alloc_trace+0x55/0x320
[ 2943.591063]  p9_fd_create+0x161/0x4a0
[ 2943.591943]  ? p9_conn_create+0x510/0x510
[ 2943.592893]  ? p9_client_create+0x798/0x1230
[ 2943.593905]  ? kfree+0xd7/0x340
[ 2943.594655]  ? do_raw_spin_unlock+0x4f/0x220
[ 2943.595661]  p9_client_create+0x7ff/0x1230
[ 2943.596622]  ? p9_client_flush+0x430/0x430
[ 2943.597580]  ? trace_hardirqs_on+0x5b/0x180
[ 2943.598558]  ? lockdep_init_map_type+0x2c7/0x780
[ 2943.599645]  ? __raw_spin_lock_init+0x36/0x110
[ 2943.600685]  v9fs_session_init+0x1dd/0x1680
[ 2943.601662]  ? lock_release+0x680/0x680
[ 2943.602552]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2943.603621]  ? v9fs_show_options+0x690/0x690
[ 2943.604604]  ? trace_hardirqs_on+0x5b/0x180
[ 2943.605571]  ? kasan_unpoison_shadow+0x33/0x50
[ 2943.606596]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2943.607779]  v9fs_mount+0x79/0x8f0
[ 2943.608598]  ? v9fs_write_inode+0x60/0x60
[ 2943.609527]  legacy_get_tree+0x105/0x220
[ 2943.610424]  vfs_get_tree+0x8e/0x300
[ 2943.611248]  path_mount+0x1490/0x21e0
[ 2943.612112]  ? strncpy_from_user+0x9e/0x470
[ 2943.613069]  ? finish_automount+0xa90/0xa90
[ 2943.614025]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2943.615043]  ? _copy_from_user+0xfb/0x1b0
[ 2943.615975]  __x64_sys_mount+0x282/0x300
[ 2943.616864]  ? copy_mnt_ns+0xa00/0xa00
[ 2943.617728]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2943.618892]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2943.620046]  do_syscall_64+0x33/0x40
[ 2943.620894]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2943.622033] RIP: 0033:0x7f8d12f8ab19
[ 2943.622856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2943.626955] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2943.628671] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 2943.630266] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2943.631859] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 2943.633445] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2943.635037] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
01:34:34 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x2000000000000000, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:34:34 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

01:34:34 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x41d9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:34:34 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x4800, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:34:50 executing program 5:
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x80000, 0x0, 0x0, 0x0)

01:34:50 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0xf6ffffff00000000, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:34:50 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x1000000, 0x0, 0x0, 0x0)

01:34:50 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 33)

01:34:50 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x4c00, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:34:50 executing program 7:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

01:34:50 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 30)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

01:34:50 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

[ 2959.548236] FAULT_INJECTION: forcing a failure.
[ 2959.548236] name failslab, interval 1, probability 0, space 0, times 0
[ 2959.549700] CPU: 1 PID: 12654 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 2959.550563] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2959.551591] Call Trace:
[ 2959.551941]  dump_stack+0x107/0x167
[ 2959.552406]  should_fail.cold+0x5/0xa
[ 2959.552877]  ? p9_fd_create+0x161/0x4a0
[ 2959.553358]  should_failslab+0x5/0x20
[ 2959.553830]  kmem_cache_alloc_trace+0x55/0x320
[ 2959.554368]  p9_fd_create+0x161/0x4a0
[ 2959.554830]  ? p9_conn_create+0x510/0x510
[ 2959.555322]  ? p9_client_create+0x798/0x1230
[ 2959.555865]  ? kfree+0xd7/0x340
[ 2959.556268]  ? do_raw_spin_unlock+0x4f/0x220
[ 2959.556803]  p9_client_create+0x7ff/0x1230
[ 2959.557314]  ? p9_client_flush+0x430/0x430
[ 2959.557840]  ? trace_hardirqs_on+0x5b/0x180
[ 2959.558385]  ? lockdep_init_map_type+0x2c7/0x780
[ 2959.558971]  ? __raw_spin_lock_init+0x36/0x110
[ 2959.559532]  v9fs_session_init+0x1dd/0x1680
[ 2959.560062]  ? lock_release+0x680/0x680
[ 2959.560546]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2959.561126]  ? v9fs_show_options+0x690/0x690
[ 2959.561663]  ? trace_hardirqs_on+0x5b/0x180
[ 2959.562199]  ? kasan_unpoison_shadow+0x33/0x50
[ 2959.562755]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2959.563364]  v9fs_mount+0x79/0x8f0
[ 2959.563805]  ? v9fs_write_inode+0x60/0x60
[ 2959.564305]  legacy_get_tree+0x105/0x220
[ 2959.564796]  vfs_get_tree+0x8e/0x300
[ 2959.565246]  path_mount+0x1490/0x21e0
[ 2959.565706]  ? strncpy_from_user+0x9e/0x470
[ 2959.566227]  ? finish_automount+0xa90/0xa90
[ 2959.566739]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2959.567289]  ? _copy_from_user+0xfb/0x1b0
[ 2959.567812]  __x64_sys_mount+0x282/0x300
[ 2959.568284]  ? copy_mnt_ns+0xa00/0xa00
[ 2959.568741]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2959.569352]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2959.569977]  do_syscall_64+0x33/0x40
[ 2959.570417]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2959.571027] RIP: 0033:0x7f8d12f8ab19
[ 2959.571460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2959.573646] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2959.574540] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 2959.575386] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2959.576232] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 2959.577078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2959.577929] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
01:34:50 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

[ 2959.603115] FAULT_INJECTION: forcing a failure.
[ 2959.603115] name failslab, interval 1, probability 0, space 0, times 0
[ 2959.605787] CPU: 0 PID: 12656 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 2959.607241] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2959.608965] Call Trace:
[ 2959.609528]  dump_stack+0x107/0x167
[ 2959.610297]  should_fail.cold+0x5/0xa
[ 2959.611103]  ? __alloc_file+0x21/0x320
[ 2959.611938]  should_failslab+0x5/0x20
[ 2959.612738]  kmem_cache_alloc+0x5b/0x310
[ 2959.613581]  __alloc_file+0x21/0x320
[ 2959.614351]  alloc_empty_file+0x6d/0x170
[ 2959.615199]  path_openat+0xe6/0x2770
[ 2959.615994]  ? __lock_acquire+0x1657/0x5b00
[ 2959.616902]  ? path_lookupat+0x860/0x860
[ 2959.617743]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2959.618852]  ? entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2959.619985]  do_filp_open+0x190/0x3e0
[ 2959.620781]  ? may_open_dev+0xf0/0xf0
[ 2959.621586]  ? alloc_fd+0x2e7/0x670
[ 2959.622352]  ? lock_downgrade+0x6d0/0x6d0
[ 2959.623204]  ? do_raw_spin_lock+0x121/0x260
[ 2959.624117]  ? rwlock_bug.part.0+0x90/0x90
[ 2959.625004]  ? lock_chain_count+0x20/0x20
[ 2959.625871]  ? stack_trace_save+0x8c/0xc0
[ 2959.626742]  ? _raw_spin_unlock+0x1a/0x30
[ 2959.627590]  ? alloc_fd+0x2e7/0x670
[ 2959.628361]  io_openat2+0x24d/0xb80
[ 2959.629126]  ? io_send+0x780/0x780
[ 2959.629863]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2959.630970]  io_issue_sqe+0x2cd/0x77d0
[ 2959.631818]  ? lock_acquire+0x197/0x470
[ 2959.632646]  ? find_held_lock+0x2c/0x110
[ 2959.633501]  ? __virt_addr_valid+0x346/0x5d0
[ 2959.634417]  ? io_connect+0x610/0x610
[ 2959.635213]  ? __might_fault+0xd3/0x180
[ 2959.636044]  ? lock_downgrade+0x6d0/0x6d0
[ 2959.636908]  ? __virt_addr_valid+0x170/0x5d0
[ 2959.637847]  ? __check_object_size+0x319/0x440
[ 2959.638836]  __io_queue_sqe+0x90/0x9d0
[ 2959.639681]  ? io_issue_sqe+0x77d0/0x77d0
[ 2959.640588]  ? getname+0x96/0xd0
[ 2959.641327]  io_submit_sqes+0x44a8/0x8610
[ 2959.642247]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 2959.643323]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 2959.644376]  ? find_held_lock+0x2c/0x110
[ 2959.645258]  ? io_submit_sqes+0x8610/0x8610
[ 2959.646192]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2959.647215]  ? vfs_write+0x719/0xb10
[ 2959.648020]  ? wait_for_completion_io+0x270/0x270
[ 2959.649016]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2959.649985]  ? vfs_write+0x354/0xb10
[ 2959.650755]  ? copy_kernel_to_fpregs+0x9e/0xe0
[ 2959.651723]  ? trace_event_raw_event_x86_fpu+0x390/0x390
[ 2959.652862]  ? ksys_write+0x1a9/0x260
[ 2959.653644]  ? __ia32_sys_read+0xb0/0xb0
[ 2959.654492]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2959.655584]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2959.656658]  do_syscall_64+0x33/0x40
[ 2959.657438]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2959.658517] RIP: 0033:0x7f854f415b19
[ 2959.659309] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2959.663148] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2959.664741] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 2959.666234] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 2959.667756] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2959.669234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2959.670707] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
01:34:50 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

01:34:50 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
r5 = dup2(r4, r4)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r5, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r5, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r3}})

01:34:50 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x6800, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

[ 2959.745065] 9pnet: Insufficient options for proto=fd
01:34:50 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x2)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:34:50 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 34)

01:34:50 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140))
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

01:34:50 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

[ 2959.843931] FAULT_INJECTION: forcing a failure.
[ 2959.843931] name failslab, interval 1, probability 0, space 0, times 0
[ 2959.846485] CPU: 0 PID: 12684 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 2959.847960] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2959.849734] Call Trace:
[ 2959.850305]  dump_stack+0x107/0x167
[ 2959.851088]  should_fail.cold+0x5/0xa
[ 2959.851926]  ? create_object.isra.0+0x3a/0xa30
[ 2959.852915]  should_failslab+0x5/0x20
[ 2959.853740]  kmem_cache_alloc+0x5b/0x310
[ 2959.854605]  ? p9_fd_show_options+0x1c0/0x1c0
[ 2959.855571]  create_object.isra.0+0x3a/0xa30
[ 2959.856526]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2959.857661]  kmem_cache_alloc_trace+0x151/0x320
[ 2959.858691]  p9_fd_create+0x161/0x4a0
[ 2959.859549]  ? p9_conn_create+0x510/0x510
[ 2959.860418]  ? p9_client_create+0x798/0x1230
[ 2959.861334]  ? kfree+0xd7/0x340
[ 2959.862022]  ? do_raw_spin_unlock+0x4f/0x220
[ 2959.863033]  p9_client_create+0x7ff/0x1230
[ 2959.864063]  ? p9_client_flush+0x430/0x430
[ 2959.865135]  ? trace_hardirqs_on+0x5b/0x180
[ 2959.866056]  ? lockdep_init_map_type+0x2c7/0x780
[ 2959.867128]  ? __raw_spin_lock_init+0x36/0x110
[ 2959.868271]  v9fs_session_init+0x1dd/0x1680
[ 2959.869209]  ? lock_release+0x680/0x680
[ 2959.870057]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2959.871071]  ? v9fs_show_options+0x690/0x690
[ 2959.872034]  ? trace_hardirqs_on+0x5b/0x180
[ 2959.872951]  ? kasan_unpoison_shadow+0x33/0x50
[ 2959.873910]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2959.874970]  v9fs_mount+0x79/0x8f0
[ 2959.875745]  ? v9fs_write_inode+0x60/0x60
[ 2959.876602]  legacy_get_tree+0x105/0x220
[ 2959.877453]  vfs_get_tree+0x8e/0x300
[ 2959.878229]  path_mount+0x1490/0x21e0
[ 2959.879029]  ? strncpy_from_user+0x9e/0x470
[ 2959.879968]  ? finish_automount+0xa90/0xa90
[ 2959.880877]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2959.881851]  ? _copy_from_user+0xfb/0x1b0
[ 2959.882734]  __x64_sys_mount+0x282/0x300
[ 2959.883584]  ? copy_mnt_ns+0xa00/0xa00
[ 2959.884413]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2959.885506]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2959.886593]  do_syscall_64+0x33/0x40
[ 2959.887376]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2959.888462] RIP: 0033:0x7f8d12f8ab19
[ 2959.889240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2959.893097] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2959.894687] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 2959.896182] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2959.897670] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 2959.899167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2959.900662] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
01:35:06 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x4)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:35:06 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

01:35:06 executing program 5:
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x400000, 0x0, 0x0, 0x0)

01:35:06 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 31)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

01:35:06 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x6c00, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:35:06 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, 0x0)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

01:35:06 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 35)

01:35:06 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x2000000, 0x0, 0x0, 0x0)

[ 2975.438079] FAULT_INJECTION: forcing a failure.
[ 2975.438079] name failslab, interval 1, probability 0, space 0, times 0
[ 2975.440186] CPU: 1 PID: 12700 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 2975.441384] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2975.442824] Call Trace:
[ 2975.443284]  dump_stack+0x107/0x167
[ 2975.443929]  should_fail.cold+0x5/0xa
[ 2975.444591]  ? create_object.isra.0+0x3a/0xa30
[ 2975.445389]  should_failslab+0x5/0x20
[ 2975.446052]  kmem_cache_alloc+0x5b/0x310
[ 2975.446757]  create_object.isra.0+0x3a/0xa30
[ 2975.447511]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2975.448402]  kmem_cache_alloc+0x159/0x310
[ 2975.449114]  p9_client_prepare_req.part.0+0x3a/0xac0
[ 2975.450000]  p9_client_rpc+0x220/0x1370
[ 2975.450697]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2975.451609]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2975.452534]  ? pipe_poll+0x21b/0x800
[ 2975.453174]  ? p9_fd_close+0x4a0/0x4a0
[ 2975.453853]  ? wait_for_partner+0x3c0/0x3c0
[ 2975.454602]  ? p9_fd_poll+0x1e0/0x2c0
[ 2975.455259]  ? p9_fd_create+0x357/0x4a0
[ 2975.455965]  ? p9_conn_create+0x510/0x510
[ 2975.456674]  ? p9_client_create+0x798/0x1230
[ 2975.457438]  ? kfree+0xd7/0x340
[ 2975.457996]  ? do_raw_spin_unlock+0x4f/0x220
[ 2975.458768]  p9_client_create+0xa76/0x1230
[ 2975.459491]  ? p9_client_flush+0x430/0x430
[ 2975.460234]  ? trace_hardirqs_on+0x5b/0x180
[ 2975.460974]  ? lockdep_init_map_type+0x2c7/0x780
[ 2975.461793]  ? __raw_spin_lock_init+0x36/0x110
[ 2975.462582]  v9fs_session_init+0x1dd/0x1680
[ 2975.463323]  ? lock_release+0x680/0x680
[ 2975.464020]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2975.464841]  ? v9fs_show_options+0x690/0x690
[ 2975.465607]  ? trace_hardirqs_on+0x5b/0x180
[ 2975.466341]  ? kasan_unpoison_shadow+0x33/0x50
[ 2975.467133]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2975.468012]  v9fs_mount+0x79/0x8f0
[ 2975.468621]  ? v9fs_write_inode+0x60/0x60
[ 2975.469330]  legacy_get_tree+0x105/0x220
[ 2975.470023]  vfs_get_tree+0x8e/0x300
[ 2975.470663]  path_mount+0x1490/0x21e0
[ 2975.471317]  ? strncpy_from_user+0x9e/0x470
[ 2975.472068]  ? finish_automount+0xa90/0xa90
[ 2975.472800]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2975.473603]  ? _copy_from_user+0xfb/0x1b0
[ 2975.474321]  __x64_sys_mount+0x282/0x300
[ 2975.475023]  ? copy_mnt_ns+0xa00/0xa00
[ 2975.475695]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2975.476601]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2975.477484]  do_syscall_64+0x33/0x40
[ 2975.478129]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2975.479012] RIP: 0033:0x7f8d12f8ab19
[ 2975.479645] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2975.482811] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2975.484139] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 2975.485358] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2975.486568] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 2975.487790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2975.489022] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
[ 2975.522391] FAULT_INJECTION: forcing a failure.
[ 2975.522391] name failslab, interval 1, probability 0, space 0, times 0
[ 2975.524867] CPU: 1 PID: 12710 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 2975.526009] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2975.527386] Call Trace:
[ 2975.527839]  dump_stack+0x107/0x167
[ 2975.528447]  should_fail.cold+0x5/0xa
[ 2975.529069]  ? create_object.isra.0+0x3a/0xa30
[ 2975.529817]  should_failslab+0x5/0x20
[ 2975.530438]  kmem_cache_alloc+0x5b/0x310
[ 2975.531112]  create_object.isra.0+0x3a/0xa30
[ 2975.531826]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2975.532675]  kmem_cache_alloc+0x159/0x310
[ 2975.533371]  __alloc_file+0x21/0x320
[ 2975.533977]  alloc_empty_file+0x6d/0x170
[ 2975.534644]  path_openat+0xe6/0x2770
[ 2975.535260]  ? __lock_acquire+0x1657/0x5b00
[ 2975.535976]  ? path_lookupat+0x860/0x860
[ 2975.536644]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2975.537518]  ? entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2975.538396]  do_filp_open+0x190/0x3e0
[ 2975.539021]  ? may_open_dev+0xf0/0xf0
[ 2975.539647]  ? alloc_fd+0x2e7/0x670
[ 2975.540260]  ? lock_downgrade+0x6d0/0x6d0
[ 2975.540950]  ? do_raw_spin_lock+0x121/0x260
[ 2975.541650]  ? rwlock_bug.part.0+0x90/0x90
[ 2975.542341]  ? lock_chain_count+0x20/0x20
[ 2975.543011]  ? stack_trace_save+0x8c/0xc0
[ 2975.543690]  ? _raw_spin_unlock+0x1a/0x30
[ 2975.544374]  ? alloc_fd+0x2e7/0x670
[ 2975.544979]  io_openat2+0x24d/0xb80
[ 2975.545564]  ? io_send+0x780/0x780
[ 2975.546144]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2975.547006]  io_issue_sqe+0x2cd/0x77d0
[ 2975.547646]  ? lock_acquire+0x197/0x470
[ 2975.548304]  ? find_held_lock+0x2c/0x110
[ 2975.548973]  ? __virt_addr_valid+0x346/0x5d0
[ 2975.549692]  ? io_connect+0x610/0x610
[ 2975.550316]  ? __might_fault+0xd3/0x180
[ 2975.550969]  ? lock_downgrade+0x6d0/0x6d0
[ 2975.551650]  ? __virt_addr_valid+0x170/0x5d0
[ 2975.552377]  ? __check_object_size+0x319/0x440
[ 2975.553123]  __io_queue_sqe+0x90/0x9d0
[ 2975.553769]  ? io_issue_sqe+0x77d0/0x77d0
[ 2975.554442]  ? getname+0x96/0xd0
[ 2975.555004]  io_submit_sqes+0x44a8/0x8610
[ 2975.555690]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 2975.556508]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 2975.557289]  ? find_held_lock+0x2c/0x110
[ 2975.557943]  ? io_submit_sqes+0x8610/0x8610
[ 2975.558641]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2975.559414]  ? wait_for_completion_io+0x270/0x270
[ 2975.560195]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2975.560941]  ? vfs_write+0x354/0xb10
[ 2975.561555]  ? fput_many+0x2f/0x1a0
[ 2975.562135]  ? ksys_write+0x1a9/0x260
[ 2975.562744]  ? __ia32_sys_read+0xb0/0xb0
[ 2975.563403]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2975.564274]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2975.565100]  do_syscall_64+0x33/0x40
[ 2975.565695]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2975.566508] RIP: 0033:0x7f854f415b19
[ 2975.567102] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2975.570060] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2975.571300] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 2975.572461] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 2975.573615] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2975.574755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2975.575922] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
01:35:06 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, 0x0)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

01:35:06 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x71d9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:35:06 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x6)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:35:06 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 36)

01:35:06 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

01:35:06 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 32)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

[ 2975.851564] FAULT_INJECTION: forcing a failure.
[ 2975.851564] name failslab, interval 1, probability 0, space 0, times 0
[ 2975.854802] CPU: 0 PID: 12728 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 2975.856651] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2975.858991] Call Trace:
[ 2975.859740]  dump_stack+0x107/0x167
[ 2975.860790]  should_fail.cold+0x5/0xa
[ 2975.861861]  ? p9_fcall_init+0x97/0x290
[ 2975.862976]  should_failslab+0x5/0x20
[ 2975.864061]  __kmalloc+0x72/0x390
[ 2975.865069]  p9_fcall_init+0x97/0x290
[ 2975.866153]  p9_client_prepare_req.part.0+0x8c/0xac0
[ 2975.867585]  p9_client_rpc+0x220/0x1370
[ 2975.868550]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2975.869559]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2975.870584]  ? pipe_poll+0x21b/0x800
[ 2975.871296]  ? p9_fd_close+0x4a0/0x4a0
[ 2975.872063]  ? wait_for_partner+0x3c0/0x3c0
[ 2975.872895]  ? p9_fd_poll+0x1e0/0x2c0
[ 2975.873643]  ? p9_fd_create+0x357/0x4a0
[ 2975.874404]  ? p9_conn_create+0x510/0x510
[ 2975.875203]  ? p9_client_create+0x798/0x1230
[ 2975.876065]  ? kfree+0xd7/0x340
[ 2975.876695]  ? do_raw_spin_unlock+0x4f/0x220
[ 2975.877546]  p9_client_create+0xa76/0x1230
[ 2975.878368]  ? p9_client_flush+0x430/0x430
[ 2975.879186]  ? trace_hardirqs_on+0x5b/0x180
[ 2975.880030]  ? lockdep_init_map_type+0x2c7/0x780
[ 2975.880950]  ? __raw_spin_lock_init+0x36/0x110
[ 2975.881832]  v9fs_session_init+0x1dd/0x1680
[ 2975.882660]  ? lock_release+0x680/0x680
[ 2975.883431]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2975.884360]  ? v9fs_show_options+0x690/0x690
[ 2975.885218]  ? trace_hardirqs_on+0x5b/0x180
[ 2975.886047]  ? kasan_unpoison_shadow+0x33/0x50
[ 2975.886918]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2975.887904]  v9fs_mount+0x79/0x8f0
[ 2975.888595]  ? v9fs_write_inode+0x60/0x60
[ 2975.889395]  legacy_get_tree+0x105/0x220
[ 2975.890178]  vfs_get_tree+0x8e/0x300
[ 2975.890894]  path_mount+0x1490/0x21e0
[ 2975.891646]  ? strncpy_from_user+0x9e/0x470
[ 2975.892480]  ? finish_automount+0xa90/0xa90
[ 2975.893318]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2975.894219]  ? _copy_from_user+0xfb/0x1b0
[ 2975.895036]  __x64_sys_mount+0x282/0x300
[ 2975.895824]  ? copy_mnt_ns+0xa00/0xa00
[ 2975.896591]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2975.897612]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2975.898619]  do_syscall_64+0x33/0x40
[ 2975.899355]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2975.900357] RIP: 0033:0x7f8d12f8ab19
[ 2975.901086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2975.904651] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2975.906143] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 2975.907540] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2975.908946] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 2975.910342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2975.911740] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
01:35:06 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x72d9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

[ 2975.988472] FAULT_INJECTION: forcing a failure.
[ 2975.988472] name failslab, interval 1, probability 0, space 0, times 0
[ 2975.990071] CPU: 1 PID: 12733 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 2975.990884] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2975.991875] Call Trace:
[ 2975.992205]  dump_stack+0x107/0x167
[ 2975.992633]  should_fail.cold+0x5/0xa
[ 2975.993082]  ? create_object.isra.0+0x3a/0xa30
[ 2975.993621]  should_failslab+0x5/0x20
[ 2975.994067]  kmem_cache_alloc+0x5b/0x310
[ 2975.994551]  create_object.isra.0+0x3a/0xa30
[ 2975.995083]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2975.995687]  kmem_cache_alloc+0x159/0x310
[ 2975.996195]  __alloc_file+0x21/0x320
[ 2975.996634]  alloc_empty_file+0x6d/0x170
[ 2975.997112]  path_openat+0xe6/0x2770
[ 2975.997550]  ? __lock_acquire+0x1657/0x5b00
[ 2975.998061]  ? path_lookupat+0x860/0x860
[ 2975.998547]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2975.999169]  ? entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2975.999806]  do_filp_open+0x190/0x3e0
[ 2976.000259]  ? may_open_dev+0xf0/0xf0
[ 2976.000709]  ? alloc_fd+0x2e7/0x670
[ 2976.001137]  ? lock_downgrade+0x6d0/0x6d0
[ 2976.001621]  ? do_raw_spin_lock+0x121/0x260
[ 2976.002123]  ? rwlock_bug.part.0+0x90/0x90
[ 2976.002615]  ? lock_chain_count+0x20/0x20
[ 2976.003100]  ? stack_trace_save+0x8c/0xc0
[ 2976.003599]  ? _raw_spin_unlock+0x1a/0x30
[ 2976.004088]  ? alloc_fd+0x2e7/0x670
[ 2976.004523]  io_openat2+0x24d/0xb80
[ 2976.004949]  ? io_send+0x780/0x780
[ 2976.005368]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2976.005983]  io_issue_sqe+0x2cd/0x77d0
[ 2976.006439]  ? lock_acquire+0x197/0x470
[ 2976.006904]  ? find_held_lock+0x2c/0x110
[ 2976.007382]  ? __virt_addr_valid+0x346/0x5d0
[ 2976.007905]  ? io_connect+0x610/0x610
[ 2976.008352]  ? __might_fault+0xd3/0x180
[ 2976.008839]  ? lock_downgrade+0x6d0/0x6d0
[ 2976.009329]  ? __virt_addr_valid+0x170/0x5d0
[ 2976.009845]  ? __check_object_size+0x319/0x440
[ 2976.010382]  __io_queue_sqe+0x90/0x9d0
[ 2976.010839]  ? io_issue_sqe+0x77d0/0x77d0
[ 2976.011320]  ? getname+0x96/0xd0
[ 2976.011718]  io_submit_sqes+0x44a8/0x8610
[ 2976.012220]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 2976.012798]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 2976.013364]  ? find_held_lock+0x2c/0x110
[ 2976.013839]  ? io_submit_sqes+0x8610/0x8610
[ 2976.014344]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2976.014904]  ? wait_for_completion_io+0x270/0x270
[ 2976.015469]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2976.016015]  ? vfs_write+0x354/0xb10
[ 2976.016450]  ? fput_many+0x2f/0x1a0
[ 2976.016872]  ? ksys_write+0x1a9/0x260
[ 2976.017315]  ? __ia32_sys_read+0xb0/0xb0
[ 2976.017788]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2976.018397]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2976.018998]  do_syscall_64+0x33/0x40
[ 2976.019433]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2976.020035] RIP: 0033:0x7f854f415b19
[ 2976.020470] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2976.022604] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2976.023485] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 2976.024318] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 2976.025137] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2976.025959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2976.026778] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
01:35:19 executing program 5:
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x800000, 0x0, 0x0, 0x0)

01:35:19 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

01:35:19 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x4000000, 0x0, 0x0, 0x0)

01:35:19 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x73d9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:35:19 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

01:35:19 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x8)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

[ 2988.691164] FAULT_INJECTION: forcing a failure.
[ 2988.691164] name failslab, interval 1, probability 0, space 0, times 0
01:35:19 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 37)

01:35:19 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 33)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

[ 2988.693029] CPU: 0 PID: 12759 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 2988.694204] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2988.695441] Call Trace:
[ 2988.695840]  dump_stack+0x107/0x167
[ 2988.696396]  should_fail.cold+0x5/0xa
[ 2988.696993]  ? create_object.isra.0+0x3a/0xa30
[ 2988.697710] FAULT_INJECTION: forcing a failure.
[ 2988.697710] name failslab, interval 1, probability 0, space 0, times 0
[ 2988.697749]  should_failslab+0x5/0x20
[ 2988.697771]  kmem_cache_alloc+0x5b/0x310
[ 2988.700282]  create_object.isra.0+0x3a/0xa30
[ 2988.700979]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2988.701791]  __kmalloc+0x16e/0x390
[ 2988.702363]  p9_fcall_init+0x97/0x290
[ 2988.702986]  p9_client_prepare_req.part.0+0x8c/0xac0
[ 2988.703784]  p9_client_rpc+0x220/0x1370
[ 2988.704440]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2988.705298]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2988.706161]  ? pipe_poll+0x21b/0x800
[ 2988.706766]  ? p9_fd_close+0x4a0/0x4a0
[ 2988.707392]  ? wait_for_partner+0x3c0/0x3c0
[ 2988.708100]  ? p9_fd_poll+0x1e0/0x2c0
[ 2988.708725]  ? p9_fd_create+0x357/0x4a0
[ 2988.709358]  ? p9_conn_create+0x510/0x510
[ 2988.710021]  ? p9_client_create+0x798/0x1230
[ 2988.710732]  ? kfree+0xd7/0x340
[ 2988.711261]  ? do_raw_spin_unlock+0x4f/0x220
[ 2988.711981]  p9_client_create+0xa76/0x1230
[ 2988.712663]  ? p9_client_flush+0x430/0x430
[ 2988.713344]  ? trace_hardirqs_on+0x5b/0x180
[ 2988.714029]  ? lockdep_init_map_type+0x2c7/0x780
[ 2988.714783]  ? __raw_spin_lock_init+0x36/0x110
[ 2988.715516]  v9fs_session_init+0x1dd/0x1680
[ 2988.716215]  ? lock_release+0x680/0x680
[ 2988.716867]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2988.717641]  ? v9fs_show_options+0x690/0x690
[ 2988.718346]  ? trace_hardirqs_on+0x5b/0x180
[ 2988.719031]  ? kasan_unpoison_shadow+0x33/0x50
[ 2988.719765]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2988.720595]  v9fs_mount+0x79/0x8f0
[ 2988.721165]  ? v9fs_write_inode+0x60/0x60
[ 2988.721829]  legacy_get_tree+0x105/0x220
[ 2988.722481]  vfs_get_tree+0x8e/0x300
[ 2988.723088]  path_mount+0x1490/0x21e0
[ 2988.723706]  ? strncpy_from_user+0x9e/0x470
[ 2988.724420]  ? finish_automount+0xa90/0xa90
[ 2988.725115]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2988.725864]  ? _copy_from_user+0xfb/0x1b0
[ 2988.726541]  __x64_sys_mount+0x282/0x300
[ 2988.727188]  ? copy_mnt_ns+0xa00/0xa00
[ 2988.727802]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2988.728647]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2988.729478]  do_syscall_64+0x33/0x40
[ 2988.730082]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2988.730909] RIP: 0033:0x7f8d12f8ab19
[ 2988.731498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2988.734459] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2988.735659] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 2988.736817] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2988.737880] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 2988.738943] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2988.740023] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
[ 2988.741132] CPU: 1 PID: 12761 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 2988.742024] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2988.742961] Call Trace:
[ 2988.743272]  dump_stack+0x107/0x167
[ 2988.743687]  should_fail.cold+0x5/0xa
[ 2988.744129]  ? create_object.isra.0+0x3a/0xa30
[ 2988.744646]  should_failslab+0x5/0x20
[ 2988.745077]  kmem_cache_alloc+0x5b/0x310
[ 2988.745535]  ? percpu_ref_put_many.constprop.0+0x4e/0x110
[ 2988.746153]  create_object.isra.0+0x3a/0xa30
[ 2988.746647]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2988.747225]  kmem_cache_alloc+0x159/0x310
[ 2988.747702]  security_file_alloc+0x34/0x170
[ 2988.748206]  __alloc_file+0xb7/0x320
[ 2988.748634]  alloc_empty_file+0x6d/0x170
[ 2988.749104]  path_openat+0xe6/0x2770
[ 2988.749529]  ? __lock_acquire+0x1657/0x5b00
[ 2988.750021]  ? path_lookupat+0x860/0x860
[ 2988.750483]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2988.751075]  ? entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2988.751680]  do_filp_open+0x190/0x3e0
[ 2988.752115]  ? may_open_dev+0xf0/0xf0
[ 2988.752550]  ? alloc_fd+0x2e7/0x670
[ 2988.752959]  ? lock_downgrade+0x6d0/0x6d0
[ 2988.753426]  ? do_raw_spin_lock+0x121/0x260
[ 2988.753910]  ? rwlock_bug.part.0+0x90/0x90
[ 2988.754382]  ? lock_chain_count+0x20/0x20
[ 2988.754853]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 2988.755464]  ? _raw_spin_unlock+0x1a/0x30
[ 2988.755931]  ? alloc_fd+0x2e7/0x670
[ 2988.756356]  io_openat2+0x24d/0xb80
[ 2988.756771]  ? io_send+0x780/0x780
[ 2988.757178]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 2988.757772]  io_issue_sqe+0x2cd/0x77d0
[ 2988.758212]  ? lock_acquire+0x197/0x470
[ 2988.758661]  ? find_held_lock+0x2c/0x110
[ 2988.759124]  ? __virt_addr_valid+0x346/0x5d0
[ 2988.759623]  ? io_connect+0x610/0x610
[ 2988.760064]  ? __might_fault+0xd3/0x180
[ 2988.760511]  ? lock_downgrade+0x6d0/0x6d0
[ 2988.760978]  ? __virt_addr_valid+0x170/0x5d0
[ 2988.761474]  ? __check_object_size+0x319/0x440
[ 2988.761990]  __io_queue_sqe+0x90/0x9d0
[ 2988.762430]  ? io_issue_sqe+0x77d0/0x77d0
[ 2988.762897]  ? getname+0x96/0xd0
[ 2988.763282]  io_submit_sqes+0x44a8/0x8610
[ 2988.763765]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 2988.764333]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 2988.764876]  ? find_held_lock+0x2c/0x110
[ 2988.765337]  ? io_submit_sqes+0x8610/0x8610
[ 2988.765834]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 2988.766377]  ? wait_for_completion_io+0x270/0x270
[ 2988.766923]  ? rcu_read_lock_any_held+0x75/0xa0
[ 2988.767443]  ? vfs_write+0x354/0xb10
[ 2988.767861]  ? fput_many+0x2f/0x1a0
[ 2988.768277]  ? ksys_write+0x1a9/0x260
[ 2988.768709]  ? __ia32_sys_read+0xb0/0xb0
[ 2988.769170]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2988.769763]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2988.770341]  do_syscall_64+0x33/0x40
[ 2988.770762]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2988.771341] RIP: 0033:0x7f854f415b19
[ 2988.771763] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2988.773837] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 2988.774692] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 2988.775491] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 2988.776295] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 2988.777094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2988.777896] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
01:35:19 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x7400, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:35:19 executing program 5:
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x1000000, 0x0, 0x0, 0x0)

01:35:19 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x18)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:35:19 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x74d9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:35:19 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

01:35:19 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x600)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:35:19 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x75d9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:35:19 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 38)

[ 2989.118091] FAULT_INJECTION: forcing a failure.
[ 2989.118091] name failslab, interval 1, probability 0, space 0, times 0
[ 2989.119500] CPU: 1 PID: 12793 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 2989.120327] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2989.121284] Call Trace:
[ 2989.121607]  dump_stack+0x107/0x167
[ 2989.122031]  should_fail.cold+0x5/0xa
[ 2989.122464]  ? p9_fcall_init+0x97/0x290
[ 2989.122921]  should_failslab+0x5/0x20
[ 2989.123354]  __kmalloc+0x72/0x390
[ 2989.123757]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2989.124337]  p9_fcall_init+0x97/0x290
[ 2989.124773]  p9_client_prepare_req.part.0+0xf4/0xac0
[ 2989.125341]  p9_client_rpc+0x220/0x1370
[ 2989.125801]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2989.126394]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 2989.127000]  ? pipe_poll+0x21b/0x800
[ 2989.127416]  ? p9_fd_close+0x4a0/0x4a0
[ 2989.127858]  ? wait_for_partner+0x3c0/0x3c0
[ 2989.128351]  ? p9_fd_poll+0x1e0/0x2c0
[ 2989.128791]  ? p9_fd_create+0x357/0x4a0
[ 2989.129238]  ? p9_conn_create+0x510/0x510
[ 2989.129707]  ? p9_client_create+0x798/0x1230
[ 2989.130211]  ? kfree+0xd7/0x340
[ 2989.130590]  ? do_raw_spin_unlock+0x4f/0x220
[ 2989.131092]  p9_client_create+0xa76/0x1230
[ 2989.131569]  ? p9_client_flush+0x430/0x430
[ 2989.132051]  ? trace_hardirqs_on+0x5b/0x180
[ 2989.132539]  ? lockdep_init_map_type+0x2c7/0x780
[ 2989.133078]  ? __raw_spin_lock_init+0x36/0x110
[ 2989.133598]  v9fs_session_init+0x1dd/0x1680
[ 2989.134086]  ? lock_release+0x680/0x680
[ 2989.134537]  ? kmem_cache_alloc_trace+0x151/0x320
[ 2989.135081]  ? v9fs_show_options+0x690/0x690
[ 2989.135589]  ? trace_hardirqs_on+0x5b/0x180
[ 2989.136087]  ? kasan_unpoison_shadow+0x33/0x50
[ 2989.136603]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 2989.137177]  v9fs_mount+0x79/0x8f0
[ 2989.137584]  ? v9fs_write_inode+0x60/0x60
[ 2989.138047]  legacy_get_tree+0x105/0x220
[ 2989.138508]  vfs_get_tree+0x8e/0x300
[ 2989.138932]  path_mount+0x1490/0x21e0
[ 2989.139366]  ? strncpy_from_user+0x9e/0x470
[ 2989.139855]  ? finish_automount+0xa90/0xa90
[ 2989.140350]  ? getname_flags.part.0+0x1dd/0x4f0
[ 2989.140876]  ? _copy_from_user+0xfb/0x1b0
[ 2989.141351]  __x64_sys_mount+0x282/0x300
[ 2989.141812]  ? copy_mnt_ns+0xa00/0xa00
[ 2989.142254]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 2989.142851]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 2989.143442]  do_syscall_64+0x33/0x40
[ 2989.143864]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 2989.144455] RIP: 0033:0x7f8d12f8ab19
[ 2989.144879] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2989.146971] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2989.147830] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 2989.148646] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 2989.149454] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 2989.150263] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2989.151072] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
01:35:34 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x18000000, 0x0, 0x0, 0x0)

01:35:34 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x1800)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:35:34 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

01:35:34 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x76d9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:35:34 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) (fail_nth: 1)

01:35:34 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 34)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

01:35:34 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 39)

01:35:34 executing program 5:
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x2000000, 0x0, 0x0, 0x0)

[ 3003.627447] FAULT_INJECTION: forcing a failure.
[ 3003.627447] name failslab, interval 1, probability 0, space 0, times 0
[ 3003.629863] CPU: 0 PID: 12813 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 3003.631338] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3003.632212] FAULT_INJECTION: forcing a failure.
[ 3003.632212] name failslab, interval 1, probability 0, space 0, times 0
[ 3003.633104] Call Trace:
[ 3003.633133]  dump_stack+0x107/0x167
[ 3003.633155]  should_fail.cold+0x5/0xa
[ 3003.633178]  ? create_object.isra.0+0x3a/0xa30
[ 3003.633196]  should_failslab+0x5/0x20
[ 3003.633217]  kmem_cache_alloc+0x5b/0x310
[ 3003.633241]  create_object.isra.0+0x3a/0xa30
[ 3003.633258]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3003.633280]  __kmalloc+0x16e/0x390
[ 3003.633308]  p9_fcall_init+0x97/0x290
[ 3003.643712]  p9_client_prepare_req.part.0+0xf4/0xac0
[ 3003.644796]  p9_client_rpc+0x220/0x1370
[ 3003.645640]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3003.646755]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 3003.647865]  ? pipe_poll+0x21b/0x800
[ 3003.648656]  ? p9_fd_close+0x4a0/0x4a0
[ 3003.649477]  ? wait_for_partner+0x3c0/0x3c0
[ 3003.650372]  ? p9_fd_poll+0x1e0/0x2c0
[ 3003.651182]  ? p9_fd_create+0x357/0x4a0
[ 3003.652021]  ? p9_conn_create+0x510/0x510
[ 3003.652892]  ? p9_client_create+0x798/0x1230
[ 3003.653798]  ? kfree+0xd7/0x340
[ 3003.654488]  ? do_raw_spin_unlock+0x4f/0x220
[ 3003.655409]  p9_client_create+0xa76/0x1230
[ 3003.656303]  ? p9_client_flush+0x430/0x430
[ 3003.657205]  ? trace_hardirqs_on+0x5b/0x180
[ 3003.658123]  ? lockdep_init_map_type+0x2c7/0x780
[ 3003.659127]  ? __raw_spin_lock_init+0x36/0x110
[ 3003.660109]  v9fs_session_init+0x1dd/0x1680
[ 3003.661022]  ? lock_release+0x680/0x680
[ 3003.661869]  ? kmem_cache_alloc_trace+0x151/0x320
[ 3003.662888]  ? v9fs_show_options+0x690/0x690
[ 3003.663820]  ? trace_hardirqs_on+0x5b/0x180
[ 3003.664738]  ? kasan_unpoison_shadow+0x33/0x50
[ 3003.665703]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3003.666750]  v9fs_mount+0x79/0x8f0
[ 3003.667506]  ? v9fs_write_inode+0x60/0x60
[ 3003.668380]  legacy_get_tree+0x105/0x220
[ 3003.669236]  vfs_get_tree+0x8e/0x300
[ 3003.670036]  path_mount+0x1490/0x21e0
[ 3003.670840]  ? strncpy_from_user+0x9e/0x470
[ 3003.671740]  ? finish_automount+0xa90/0xa90
[ 3003.672638]  ? getname_flags.part.0+0x1dd/0x4f0
[ 3003.673613]  ? _copy_from_user+0xfb/0x1b0
[ 3003.674494]  __x64_sys_mount+0x282/0x300
[ 3003.675349]  ? copy_mnt_ns+0xa00/0xa00
[ 3003.676168]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3003.677286]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3003.678375]  do_syscall_64+0x33/0x40
[ 3003.679165]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3003.680271] RIP: 0033:0x7f8d12f8ab19
[ 3003.681056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3003.684922] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3003.686518] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 3003.688009] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3003.689506] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 3003.690995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3003.692506] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
[ 3003.694023] CPU: 1 PID: 12804 Comm: syz-executor.7 Not tainted 5.10.246 #1
[ 3003.695504] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3003.697316] Call Trace:
[ 3003.697867]  dump_stack+0x107/0x167
[ 3003.698632]  should_fail.cold+0x5/0xa
[ 3003.699428]  should_failslab+0x5/0x20
[ 3003.700232]  __kmalloc_track_caller+0x79/0x370
[ 3003.701180]  ? strndup_user+0x74/0xe0
[ 3003.701981]  memdup_user+0x22/0xd0
[ 3003.702731]  strndup_user+0x74/0xe0
[ 3003.703493]  __x64_sys_mount+0x133/0x300
[ 3003.704362]  ? copy_mnt_ns+0xa00/0xa00
[ 3003.705177]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3003.706267]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3003.707343]  do_syscall_64+0x33/0x40
[ 3003.708120]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3003.709199] RIP: 0033:0x7f5247e02b19
[ 3003.709970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3003.713847] RSP: 002b:00007f5245378188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3003.715437] RAX: ffffffffffffffda RBX: 00007f5247f15f60 RCX: 00007f5247e02b19
[ 3003.716950] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3003.718427] RBP: 00007f52453781d0 R08: 0000000020000280 R09: 0000000000000000
[ 3003.719907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3003.721401] R13: 00007fffca86840f R14: 00007f5245378300 R15: 0000000000022000
[ 3003.764867] FAULT_INJECTION: forcing a failure.
[ 3003.764867] name failslab, interval 1, probability 0, space 0, times 0
[ 3003.767812] CPU: 0 PID: 12812 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 3003.769262] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3003.770989] Call Trace:
[ 3003.771549]  dump_stack+0x107/0x167
[ 3003.772329]  should_fail.cold+0x5/0xa
[ 3003.773127]  ? create_object.isra.0+0x3a/0xa30
[ 3003.774080]  should_failslab+0x5/0x20
[ 3003.774877]  kmem_cache_alloc+0x5b/0x310
[ 3003.775744]  ? mark_held_locks+0x9e/0xe0
[ 3003.776602]  create_object.isra.0+0x3a/0xa30
[ 3003.777526]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3003.778600]  kmem_cache_alloc_bulk+0x168/0x320
[ 3003.779565]  io_submit_sqes+0x6fe4/0x8610
[ 3003.780469]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 3003.781512]  __do_sys_io_uring_enter+0x6b2/0x1890
01:35:34 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

[ 3003.782540]  ? find_held_lock+0x2c/0x110
[ 3003.783571]  ? io_submit_sqes+0x8610/0x8610
[ 3003.784488]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3003.785497]  ? wait_for_completion_io+0x270/0x270
[ 3003.786509]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3003.787481]  ? vfs_write+0x354/0xb10
[ 3003.788267]  ? fput_many+0x2f/0x1a0
[ 3003.789024]  ? ksys_write+0x1a9/0x260
[ 3003.789820]  ? __ia32_sys_read+0xb0/0xb0
[ 3003.790675]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3003.791781]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3003.792879]  do_syscall_64+0x33/0x40
[ 3003.793657]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3003.794738] RIP: 0033:0x7f854f415b19
[ 3003.795511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3003.799359] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3003.800961] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 3003.802450] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 3003.803941] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3003.805436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3003.806931] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
01:35:34 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x2000)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:35:34 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x77d9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:35:34 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

01:35:34 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 40)

01:35:34 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x4000)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:35:34 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x78d9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

[ 3004.030663] FAULT_INJECTION: forcing a failure.
[ 3004.030663] name failslab, interval 1, probability 0, space 0, times 0
[ 3004.033283] CPU: 1 PID: 12833 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 3004.034747] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3004.036500] Call Trace:
[ 3004.037063]  dump_stack+0x107/0x167
[ 3004.037839]  should_fail.cold+0x5/0xa
[ 3004.038651]  ? radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 3004.039883]  should_failslab+0x5/0x20
[ 3004.040708]  kmem_cache_alloc+0x5b/0x310
[ 3004.041572]  radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 3004.042751]  idr_get_free+0x4b5/0x8f0
[ 3004.043577]  idr_alloc_u32+0x170/0x2d0
[ 3004.044416]  ? __fprop_inc_percpu_max+0x130/0x130
[ 3004.045436]  ? p9_client_prepare_req.part.0+0x20a/0xac0
[ 3004.046566]  ? lock_release+0x680/0x680
[ 3004.047414]  idr_alloc+0xc2/0x130
[ 3004.048144]  ? idr_alloc_u32+0x2d0/0x2d0
[ 3004.049005]  ? rwlock_bug.part.0+0x90/0x90
[ 3004.049907]  p9_client_prepare_req.part.0+0x612/0xac0
[ 3004.050999]  p9_client_rpc+0x220/0x1370
[ 3004.051843]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3004.052965]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 3004.054092]  ? pipe_poll+0x21b/0x800
[ 3004.054878]  ? p9_fd_close+0x4a0/0x4a0
[ 3004.055701]  ? wait_for_partner+0x3c0/0x3c0
[ 3004.056637]  ? p9_fd_poll+0x1e0/0x2c0
[ 3004.057453]  ? p9_fd_create+0x357/0x4a0
[ 3004.058287]  ? p9_conn_create+0x510/0x510
[ 3004.059155]  ? p9_client_create+0x798/0x1230
[ 3004.060080]  ? kfree+0xd7/0x340
[ 3004.060779]  ? do_raw_spin_unlock+0x4f/0x220
[ 3004.061711]  p9_client_create+0xa76/0x1230
[ 3004.062611]  ? p9_client_flush+0x430/0x430
[ 3004.063508]  ? trace_hardirqs_on+0x5b/0x180
[ 3004.064428]  ? lockdep_init_map_type+0x2c7/0x780
[ 3004.065432]  ? __raw_spin_lock_init+0x36/0x110
[ 3004.066401]  v9fs_session_init+0x1dd/0x1680
[ 3004.067309]  ? lock_release+0x680/0x680
[ 3004.068156]  ? kmem_cache_alloc_trace+0x151/0x320
[ 3004.069184]  ? v9fs_show_options+0x690/0x690
[ 3004.070123]  ? trace_hardirqs_on+0x5b/0x180
[ 3004.071036]  ? kasan_unpoison_shadow+0x33/0x50
[ 3004.072007]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3004.073095]  v9fs_mount+0x79/0x8f0
[ 3004.073864]  ? v9fs_write_inode+0x60/0x60
[ 3004.074751]  legacy_get_tree+0x105/0x220
[ 3004.075617]  vfs_get_tree+0x8e/0x300
[ 3004.076415]  path_mount+0x1490/0x21e0
[ 3004.077224]  ? strncpy_from_user+0x9e/0x470
[ 3004.078133]  ? finish_automount+0xa90/0xa90
[ 3004.079042]  ? getname_flags.part.0+0x1dd/0x4f0
[ 3004.080023]  ? _copy_from_user+0xfb/0x1b0
[ 3004.080925]  __x64_sys_mount+0x282/0x300
[ 3004.081784]  ? copy_mnt_ns+0xa00/0xa00
[ 3004.082608]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3004.083716]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3004.084825]  do_syscall_64+0x33/0x40
[ 3004.085609]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3004.086693] RIP: 0033:0x7f8d12f8ab19
[ 3004.087477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3004.091410] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3004.093037] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 3004.094554] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3004.096063] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 3004.097589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3004.099102] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
01:35:49 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x20000000, 0x0, 0x0, 0x0)

01:35:49 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x80000)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:35:49 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) (fail_nth: 2)

01:35:49 executing program 5:
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x4000000, 0x0, 0x0, 0x0)

01:35:49 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x0, 0xe03e, 0x0, 0x0, 0x0)

01:35:49 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 35)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

01:35:49 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x79d9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:35:49 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 41)

[ 3018.381239] FAULT_INJECTION: forcing a failure.
[ 3018.381239] name failslab, interval 1, probability 0, space 0, times 0
[ 3018.384075] CPU: 1 PID: 12856 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 3018.385862] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3018.387073] FAULT_INJECTION: forcing a failure.
[ 3018.387073] name failslab, interval 1, probability 0, space 0, times 0
[ 3018.387961] Call Trace:
[ 3018.390044]  dump_stack+0x107/0x167
[ 3018.390946]  should_fail.cold+0x5/0xa
[ 3018.391914]  ? radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 3018.393345]  should_failslab+0x5/0x20
[ 3018.394284]  kmem_cache_alloc+0x5b/0x310
[ 3018.395297]  radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 3018.396721]  idr_get_free+0x4b5/0x8f0
[ 3018.397706]  idr_alloc_u32+0x170/0x2d0
[ 3018.398690]  ? __fprop_inc_percpu_max+0x130/0x130
[ 3018.399910]  ? p9_client_prepare_req.part.0+0x20a/0xac0
[ 3018.401273]  ? lock_release+0x680/0x680
[ 3018.402279]  idr_alloc+0xc2/0x130
[ 3018.403158]  ? idr_alloc_u32+0x2d0/0x2d0
[ 3018.404173]  ? rwlock_bug.part.0+0x90/0x90
[ 3018.405173]  p9_client_prepare_req.part.0+0x612/0xac0
[ 3018.406267]  p9_client_rpc+0x220/0x1370
[ 3018.407100]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3018.408212]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 3018.409339]  ? pipe_poll+0x21b/0x800
[ 3018.410117]  ? p9_fd_close+0x4a0/0x4a0
[ 3018.410936]  ? wait_for_partner+0x3c0/0x3c0
[ 3018.411837]  ? p9_fd_poll+0x1e0/0x2c0
[ 3018.412649]  ? p9_fd_create+0x357/0x4a0
[ 3018.413476]  ? p9_conn_create+0x510/0x510
[ 3018.414336]  ? p9_client_create+0x798/0x1230
[ 3018.415255]  ? kfree+0xd7/0x340
[ 3018.415941]  ? do_raw_spin_unlock+0x4f/0x220
[ 3018.416858]  p9_client_create+0xa76/0x1230
[ 3018.417746]  ? p9_client_flush+0x430/0x430
[ 3018.418626]  ? trace_hardirqs_on+0x5b/0x180
[ 3018.419518]  ? lockdep_init_map_type+0x2c7/0x780
[ 3018.420522]  ? __raw_spin_lock_init+0x36/0x110
[ 3018.421492]  v9fs_session_init+0x1dd/0x1680
[ 3018.422414]  ? lock_release+0x680/0x680
[ 3018.423260]  ? kmem_cache_alloc_trace+0x151/0x320
[ 3018.424260]  ? v9fs_show_options+0x690/0x690
[ 3018.425183]  ? trace_hardirqs_on+0x5b/0x180
[ 3018.426111]  ? kasan_unpoison_shadow+0x33/0x50
[ 3018.427060]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3018.428108]  v9fs_mount+0x79/0x8f0
[ 3018.428850]  ? v9fs_write_inode+0x60/0x60
[ 3018.429718]  legacy_get_tree+0x105/0x220
[ 3018.430565]  vfs_get_tree+0x8e/0x300
[ 3018.431334]  path_mount+0x1490/0x21e0
[ 3018.432141]  ? strncpy_from_user+0x9e/0x470
[ 3018.433054]  ? finish_automount+0xa90/0xa90
[ 3018.433947]  ? getname_flags.part.0+0x1dd/0x4f0
[ 3018.434916]  ? _copy_from_user+0xfb/0x1b0
[ 3018.435793]  __x64_sys_mount+0x282/0x300
[ 3018.436650]  ? copy_mnt_ns+0xa00/0xa00
[ 3018.437476]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3018.438584]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3018.439665]  do_syscall_64+0x33/0x40
[ 3018.440454]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3018.441528] RIP: 0033:0x7f8d12f8ab19
[ 3018.442304] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3018.446159] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3018.447749] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 3018.449250] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3018.450766] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 3018.452257] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3018.453779] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
[ 3018.455321] CPU: 0 PID: 12863 Comm: syz-executor.7 Not tainted 5.10.246 #1
[ 3018.456181] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3018.457148] Call Trace:
[ 3018.457459]  dump_stack+0x107/0x167
[ 3018.457880]  should_fail.cold+0x5/0xa
[ 3018.458319]  ? create_object.isra.0+0x3a/0xa30
[ 3018.458844]  should_failslab+0x5/0x20
[ 3018.459289]  kmem_cache_alloc+0x5b/0x310
[ 3018.459764]  create_object.isra.0+0x3a/0xa30
[ 3018.460272]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3018.460873]  __kmalloc_track_caller+0x177/0x370
[ 3018.461403]  ? strndup_user+0x74/0xe0
[ 3018.461842]  memdup_user+0x22/0xd0
[ 3018.462248]  strndup_user+0x74/0xe0
[ 3018.462682]  __x64_sys_mount+0x133/0x300
[ 3018.463162]  ? copy_mnt_ns+0xa00/0xa00
[ 3018.463613]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3018.464213]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3018.464832]  do_syscall_64+0x33/0x40
[ 3018.465257]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3018.465840] RIP: 0033:0x7f5247e02b19
[ 3018.466272] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3018.468396] RSP: 002b:00007f5245378188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3018.469267] RAX: ffffffffffffffda RBX: 00007f5247f15f60 RCX: 00007f5247e02b19
[ 3018.470088] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3018.470912] RBP: 00007f52453781d0 R08: 0000000020000280 R09: 0000000000000000
[ 3018.471727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3018.472551] R13: 00007fffca86840f R14: 00007f5245378300 R15: 0000000000022000
01:35:49 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x7a00, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

[ 3018.517100] FAULT_INJECTION: forcing a failure.
[ 3018.517100] name failslab, interval 1, probability 0, space 0, times 0
[ 3018.518681] CPU: 0 PID: 12864 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 3018.519522] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3018.520514] Call Trace:
[ 3018.520842]  dump_stack+0x107/0x167
[ 3018.521297]  should_fail.cold+0x5/0xa
[ 3018.521763]  ? security_file_alloc+0x34/0x170
[ 3018.522288]  should_failslab+0x5/0x20
[ 3018.522733]  kmem_cache_alloc+0x5b/0x310
[ 3018.523214]  security_file_alloc+0x34/0x170
[ 3018.523721]  __alloc_file+0xb7/0x320
[ 3018.524153]  alloc_empty_file+0x6d/0x170
[ 3018.524642]  path_openat+0xe6/0x2770
[ 3018.525078]  ? __lock_acquire+0x1657/0x5b00
[ 3018.525587]  ? path_lookupat+0x860/0x860
[ 3018.526066]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3018.526668]  ? entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3018.527292]  do_filp_open+0x190/0x3e0
[ 3018.527735]  ? may_open_dev+0xf0/0xf0
[ 3018.528184]  ? alloc_fd+0x2e7/0x670
[ 3018.528612]  ? lock_downgrade+0x6d0/0x6d0
[ 3018.529094]  ? do_raw_spin_lock+0x121/0x260
[ 3018.529599]  ? rwlock_bug.part.0+0x90/0x90
[ 3018.530102]  ? lock_chain_count+0x20/0x20
[ 3018.530582]  ? stack_trace_save+0x8c/0xc0
[ 3018.531065]  ? _raw_spin_unlock+0x1a/0x30
[ 3018.531540]  ? alloc_fd+0x2e7/0x670
[ 3018.531963]  io_openat2+0x24d/0xb80
[ 3018.532399]  ? io_send+0x780/0x780
[ 3018.532825]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3018.533442]  io_issue_sqe+0x2cd/0x77d0
[ 3018.533901]  ? lock_acquire+0x197/0x470
[ 3018.534365]  ? find_held_lock+0x2c/0x110
[ 3018.534850]  ? __virt_addr_valid+0x346/0x5d0
[ 3018.535371]  ? io_connect+0x610/0x610
[ 3018.535815]  ? __might_fault+0xd3/0x180
[ 3018.536285]  ? lock_downgrade+0x6d0/0x6d0
[ 3018.536777]  ? __virt_addr_valid+0x170/0x5d0
[ 3018.537290]  ? __check_object_size+0x319/0x440
[ 3018.537822]  __io_queue_sqe+0x90/0x9d0
[ 3018.538281]  ? io_issue_sqe+0x77d0/0x77d0
[ 3018.538764]  ? getname+0x96/0xd0
[ 3018.539160]  io_submit_sqes+0x44a8/0x8610
[ 3018.539655]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 3018.540243]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 3018.540810]  ? find_held_lock+0x2c/0x110
[ 3018.541289]  ? io_submit_sqes+0x8610/0x8610
[ 3018.541793]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3018.542349]  ? wait_for_completion_io+0x270/0x270
[ 3018.542908]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3018.543439]  ? vfs_write+0x354/0xb10
[ 3018.543877]  ? fput_many+0x2f/0x1a0
[ 3018.544296]  ? ksys_write+0x1a9/0x260
[ 3018.544742]  ? __ia32_sys_read+0xb0/0xb0
[ 3018.545219]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3018.545836]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3018.546432]  do_syscall_64+0x33/0x40
[ 3018.546865]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3018.547466] RIP: 0033:0x7f854f415b19
[ 3018.547900] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3018.550050] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3018.550934] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 3018.551761] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 3018.552601] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3018.553433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3018.554269] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
01:35:49 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x400000)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:35:49 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x0, 0xe03e, 0x0, 0x0, 0x0)

01:35:49 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 42)

01:35:49 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x7ad9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

[ 3018.635989] FAULT_INJECTION: forcing a failure.
[ 3018.635989] name failslab, interval 1, probability 0, space 0, times 0
[ 3018.637252] CPU: 0 PID: 12871 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 3018.638021] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3018.638955] Call Trace:
[ 3018.639255]  dump_stack+0x107/0x167
[ 3018.639666]  should_fail.cold+0x5/0xa
[ 3018.640101]  ? radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 3018.640751]  should_failslab+0x5/0x20
[ 3018.641177]  kmem_cache_alloc+0x5b/0x310
[ 3018.641640]  radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 3018.642278]  idr_get_free+0x4b5/0x8f0
[ 3018.642714]  idr_alloc_u32+0x170/0x2d0
[ 3018.643154]  ? __fprop_inc_percpu_max+0x130/0x130
[ 3018.643699]  ? p9_client_prepare_req.part.0+0x20a/0xac0
[ 3018.644309]  ? lock_release+0x680/0x680
[ 3018.644763]  idr_alloc+0xc2/0x130
[ 3018.645152]  ? idr_alloc_u32+0x2d0/0x2d0
[ 3018.645604]  ? rwlock_bug.part.0+0x90/0x90
[ 3018.646077]  p9_client_prepare_req.part.0+0x612/0xac0
[ 3018.646656]  p9_client_rpc+0x220/0x1370
[ 3018.647100]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3018.647695]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 3018.648302]  ? pipe_poll+0x21b/0x800
[ 3018.648732]  ? p9_fd_close+0x4a0/0x4a0
[ 3018.649172]  ? wait_for_partner+0x3c0/0x3c0
[ 3018.649659]  ? p9_fd_poll+0x1e0/0x2c0
[ 3018.650086]  ? p9_fd_create+0x357/0x4a0
[ 3018.650534]  ? p9_conn_create+0x510/0x510
[ 3018.650995]  ? p9_client_create+0x798/0x1230
[ 3018.651496]  ? kfree+0xd7/0x340
[ 3018.651861]  ? do_raw_spin_unlock+0x4f/0x220
[ 3018.652351]  p9_client_create+0xa76/0x1230
[ 3018.652843]  ? p9_client_flush+0x430/0x430
[ 3018.653315]  ? trace_hardirqs_on+0x5b/0x180
[ 3018.653799]  ? lockdep_init_map_type+0x2c7/0x780
[ 3018.654332]  ? __raw_spin_lock_init+0x36/0x110
[ 3018.654850]  v9fs_session_init+0x1dd/0x1680
[ 3018.655334]  ? lock_release+0x680/0x680
[ 3018.655785]  ? kmem_cache_alloc_trace+0x151/0x320
[ 3018.656329]  ? v9fs_show_options+0x690/0x690
[ 3018.656837]  ? trace_hardirqs_on+0x5b/0x180
[ 3018.657325]  ? kasan_unpoison_shadow+0x33/0x50
[ 3018.657831]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3018.658400]  v9fs_mount+0x79/0x8f0
[ 3018.658807]  ? v9fs_write_inode+0x60/0x60
[ 3018.659271]  legacy_get_tree+0x105/0x220
[ 3018.659726]  vfs_get_tree+0x8e/0x300
[ 3018.660142]  path_mount+0x1490/0x21e0
[ 3018.660576]  ? strncpy_from_user+0x9e/0x470
[ 3018.661057]  ? finish_automount+0xa90/0xa90
[ 3018.661539]  ? getname_flags.part.0+0x1dd/0x4f0
[ 3018.662060]  ? _copy_from_user+0xfb/0x1b0
[ 3018.662532]  __x64_sys_mount+0x282/0x300
[ 3018.662985]  ? copy_mnt_ns+0xa00/0xa00
[ 3018.663421]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3018.664015]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3018.664604]  do_syscall_64+0x33/0x40
[ 3018.665021]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3018.665610] RIP: 0033:0x7f8d12f8ab19
[ 3018.666031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3018.668092] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3018.668952] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 3018.669761] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3018.670573] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 3018.671381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3018.672180] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
01:35:49 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 36)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

01:35:49 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) (fail_nth: 3)

01:35:49 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x800000)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

[ 3018.720200] FAULT_INJECTION: forcing a failure.
[ 3018.720200] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 3018.721731] CPU: 0 PID: 12881 Comm: syz-executor.7 Not tainted 5.10.246 #1
[ 3018.722550] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3018.723519] Call Trace:
[ 3018.723831]  dump_stack+0x107/0x167
[ 3018.724258]  should_fail.cold+0x5/0xa
[ 3018.724720]  _copy_from_user+0x2e/0x1b0
[ 3018.725186]  memdup_user+0x65/0xd0
[ 3018.725594]  strndup_user+0x74/0xe0
[ 3018.726017]  __x64_sys_mount+0x133/0x300
[ 3018.726506]  ? copy_mnt_ns+0xa00/0xa00
[ 3018.726962]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3018.727569]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3018.728170]  do_syscall_64+0x33/0x40
[ 3018.728607]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3018.729201] RIP: 0033:0x7f5247e02b19
[ 3018.729632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3018.731777] RSP: 002b:00007f5245378188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3018.732672] RAX: ffffffffffffffda RBX: 00007f5247f15f60 RCX: 00007f5247e02b19
[ 3018.733503] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3018.734336] RBP: 00007f52453781d0 R08: 0000000020000280 R09: 0000000000000000
[ 3018.735172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3018.735995] R13: 00007fffca86840f R14: 00007f5245378300 R15: 0000000000022000
[ 3018.803208] FAULT_INJECTION: forcing a failure.
[ 3018.803208] name failslab, interval 1, probability 0, space 0, times 0
[ 3018.805882] CPU: 1 PID: 12888 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 3018.807330] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3018.809063] Call Trace:
[ 3018.809610]  dump_stack+0x107/0x167
[ 3018.810365]  should_fail.cold+0x5/0xa
[ 3018.811145]  ? create_object.isra.0+0x3a/0xa30
[ 3018.812081]  should_failslab+0x5/0x20
[ 3018.812876]  kmem_cache_alloc+0x5b/0x310
[ 3018.813719]  create_object.isra.0+0x3a/0xa30
[ 3018.814621]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3018.815667]  kmem_cache_alloc+0x159/0x310
[ 3018.816524]  getname_flags.part.0+0x50/0x4f0
[ 3018.817420]  getname+0x8e/0xd0
[ 3018.818084]  __io_openat_prep+0x228/0x4c0
[ 3018.818938]  io_submit_sqes+0x25eb/0x8610
[ 3018.819816]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 3018.820855]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 3018.821848]  ? find_held_lock+0x2c/0x110
[ 3018.822688]  ? io_submit_sqes+0x8610/0x8610
[ 3018.823578]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3018.824575]  ? wait_for_completion_io+0x270/0x270
[ 3018.825580]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3018.826535]  ? vfs_write+0x354/0xb10
[ 3018.827291]  ? fput_many+0x2f/0x1a0
[ 3018.828034]  ? ksys_write+0x1a9/0x260
[ 3018.828830]  ? __ia32_sys_read+0xb0/0xb0
[ 3018.829665]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3018.830735]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3018.831834]  do_syscall_64+0x33/0x40
[ 3018.832627]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3018.833709] RIP: 0033:0x7f854f415b19
[ 3018.834495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3018.838391] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3018.839978] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 3018.841478] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 3018.842968] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3018.844462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3018.845941] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
01:36:01 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xf6ffffff, 0x0, 0x0, 0x0)

01:36:01 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) (fail_nth: 4)

01:36:01 executing program 5:
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x5000000, 0x0, 0x0, 0x0)

01:36:01 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x0, 0xe03e, 0x0, 0x0, 0x0)

01:36:01 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x1000000)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:36:01 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x7bd9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:36:01 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 43)

01:36:01 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 37)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

[ 3031.112762] FAULT_INJECTION: forcing a failure.
[ 3031.112762] name failslab, interval 1, probability 0, space 0, times 0
[ 3031.115247] CPU: 1 PID: 12912 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 3031.116806] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3031.118668] Call Trace:
[ 3031.119269]  dump_stack+0x107/0x167
[ 3031.120121]  should_fail.cold+0x5/0xa
[ 3031.120999]  ? radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 3031.122271]  should_failslab+0x5/0x20
[ 3031.123153]  kmem_cache_alloc+0x5b/0x310
[ 3031.124075]  radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 3031.125359]  idr_get_free+0x4b5/0x8f0
[ 3031.126191] FAULT_INJECTION: forcing a failure.
[ 3031.126191] name failslab, interval 1, probability 0, space 0, times 0
[ 3031.126234]  idr_alloc_u32+0x170/0x2d0
[ 3031.129435]  ? __fprop_inc_percpu_max+0x130/0x130
[ 3031.130520]  ? p9_client_prepare_req.part.0+0x20a/0xac0
[ 3031.131730]  ? lock_release+0x680/0x680
[ 3031.132633]  idr_alloc+0xc2/0x130
[ 3031.133409]  ? idr_alloc_u32+0x2d0/0x2d0
[ 3031.134323]  ? rwlock_bug.part.0+0x90/0x90
[ 3031.135286]  p9_client_prepare_req.part.0+0x612/0xac0
[ 3031.136482]  p9_client_rpc+0x220/0x1370
[ 3031.137399]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3031.138617]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 3031.139807]  ? pipe_poll+0x21b/0x800
[ 3031.140646]  ? p9_fd_close+0x4a0/0x4a0
[ 3031.141525]  ? wait_for_partner+0x3c0/0x3c0
[ 3031.142486]  ? p9_fd_poll+0x1e0/0x2c0
[ 3031.143367]  ? p9_fd_create+0x357/0x4a0
[ 3031.144270]  ? p9_conn_create+0x510/0x510
[ 3031.145210]  ? p9_client_create+0x798/0x1230
[ 3031.146200]  ? kfree+0xd7/0x340
[ 3031.146940]  ? do_raw_spin_unlock+0x4f/0x220
[ 3031.147936]  p9_client_create+0xa76/0x1230
[ 3031.148894]  ? p9_client_flush+0x430/0x430
[ 3031.149832]  ? trace_hardirqs_on+0x5b/0x180
[ 3031.150793]  ? lockdep_init_map_type+0x2c7/0x780
[ 3031.151857]  ? __raw_spin_lock_init+0x36/0x110
[ 3031.152921]  v9fs_session_init+0x1dd/0x1680
[ 3031.153902]  ? lock_release+0x680/0x680
[ 3031.154802]  ? kmem_cache_alloc_trace+0x151/0x320
[ 3031.155878]  ? v9fs_show_options+0x690/0x690
[ 3031.156878]  ? trace_hardirqs_on+0x5b/0x180
[ 3031.157852]  ? kasan_unpoison_shadow+0x33/0x50
[ 3031.158880]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3031.160001]  v9fs_mount+0x79/0x8f0
[ 3031.160805]  ? v9fs_write_inode+0x60/0x60
[ 3031.161749]  legacy_get_tree+0x105/0x220
[ 3031.162648]  vfs_get_tree+0x8e/0x300
[ 3031.163482]  path_mount+0x1490/0x21e0
[ 3031.164350]  ? strncpy_from_user+0x9e/0x470
[ 3031.165312]  ? finish_automount+0xa90/0xa90
[ 3031.166291]  ? getname_flags.part.0+0x1dd/0x4f0
[ 3031.167323]  ? _copy_from_user+0xfb/0x1b0
[ 3031.168249]  __x64_sys_mount+0x282/0x300
[ 3031.169156]  ? copy_mnt_ns+0xa00/0xa00
[ 3031.170043]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3031.171188]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3031.172372]  do_syscall_64+0x33/0x40
[ 3031.173217]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3031.174351] RIP: 0033:0x7f8d12f8ab19
[ 3031.175181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3031.179240] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3031.180976] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 3031.182593] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3031.184222] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 3031.185836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3031.187455] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
[ 3031.189133] CPU: 0 PID: 12900 Comm: syz-executor.7 Not tainted 5.10.246 #1
[ 3031.190622] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3031.192371] Call Trace:
[ 3031.192974]  dump_stack+0x107/0x167
[ 3031.193751]  should_fail.cold+0x5/0xa
[ 3031.194581]  ? copy_mount_options+0x55/0x180
[ 3031.195503]  should_failslab+0x5/0x20
[ 3031.196312]  kmem_cache_alloc_trace+0x55/0x320
[ 3031.197284]  ? _copy_from_user+0xfb/0x1b0
[ 3031.198187]  copy_mount_options+0x55/0x180
[ 3031.199070]  __x64_sys_mount+0x1a8/0x300
[ 3031.199944]  ? copy_mnt_ns+0xa00/0xa00
[ 3031.200800]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3031.201919]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3031.203013]  do_syscall_64+0x33/0x40
[ 3031.203826]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3031.204906] RIP: 0033:0x7f5247e02b19
[ 3031.205715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3031.210242] RSP: 002b:00007f5245378188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3031.212180] RAX: ffffffffffffffda RBX: 00007f5247f15f60 RCX: 00007f5247e02b19
[ 3031.213816] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3031.215336] RBP: 00007f52453781d0 R08: 0000000020000280 R09: 0000000000000000
[ 3031.216831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3031.218370] R13: 00007fffca86840f R14: 00007f5245378300 R15: 0000000000022000
[ 3031.226004] FAULT_INJECTION: forcing a failure.
[ 3031.226004] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 3031.228844] CPU: 0 PID: 12905 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 3031.230346] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3031.232127] Call Trace:
[ 3031.232713]  dump_stack+0x107/0x167
[ 3031.233517]  should_fail.cold+0x5/0xa
[ 3031.234337]  strncpy_from_user+0x34/0x470
[ 3031.235241]  getname_flags.part.0+0x95/0x4f0
[ 3031.236192]  getname+0x8e/0xd0
[ 3031.236905]  __io_openat_prep+0x228/0x4c0
[ 3031.237814]  io_submit_sqes+0x25eb/0x8610
[ 3031.238737]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 3031.239806]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 3031.240856]  ? find_held_lock+0x2c/0x110
[ 3031.241726]  ? io_submit_sqes+0x8610/0x8610
[ 3031.242661]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3031.243699]  ? wait_for_completion_io+0x270/0x270
[ 3031.244861]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3031.245857]  ? vfs_write+0x354/0xb10
[ 3031.246704]  ? fput_many+0x2f/0x1a0
[ 3031.247500]  ? ksys_write+0x1a9/0x260
[ 3031.248293]  ? __ia32_sys_read+0xb0/0xb0
[ 3031.249169]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3031.250284]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3031.251373]  do_syscall_64+0x33/0x40
[ 3031.252166]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3031.253259] RIP: 0033:0x7f854f415b19
[ 3031.254066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3031.258025] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3031.259631] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 3031.261146] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 3031.262652] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3031.264140] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3031.265668] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
01:36:02 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x7cd9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:36:02 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x2000000)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:36:02 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

01:36:02 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x4000000)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:36:02 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 38)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

01:36:02 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x7dd9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

[ 3031.576349] FAULT_INJECTION: forcing a failure.
[ 3031.576349] name failslab, interval 1, probability 0, space 0, times 0
[ 3031.579304] CPU: 1 PID: 12934 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 3031.580891] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3031.582769] Call Trace:
[ 3031.583372]  dump_stack+0x107/0x167
[ 3031.584381]  should_fail.cold+0x5/0xa
[ 3031.585265]  ? create_object.isra.0+0x3a/0xa30
[ 3031.586305]  should_failslab+0x5/0x20
[ 3031.587179]  kmem_cache_alloc+0x5b/0x310
[ 3031.588109]  create_object.isra.0+0x3a/0xa30
[ 3031.589122]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3031.590293]  kmem_cache_alloc+0x159/0x310
[ 3031.591248]  getname_flags.part.0+0x50/0x4f0
[ 3031.592250]  getname+0x8e/0xd0
[ 3031.592989]  __io_openat_prep+0x228/0x4c0
[ 3031.593933]  io_submit_sqes+0x25eb/0x8610
01:36:02 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) (fail_nth: 5)

[ 3031.594904]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 3031.596295]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 3031.597421]  ? find_held_lock+0x2c/0x110
01:36:02 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x6000000)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

[ 3031.598342]  ? io_submit_sqes+0x8610/0x8610
[ 3031.599461]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3031.600597]  ? wait_for_completion_io+0x270/0x270
[ 3031.601691]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3031.602738]  ? vfs_write+0x354/0xb10
[ 3031.603576]  ? fput_many+0x2f/0x1a0
[ 3031.604400]  ? ksys_write+0x1a9/0x260
[ 3031.605270]  ? __ia32_sys_read+0xb0/0xb0
[ 3031.606202]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3031.607393]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3031.608582]  do_syscall_64+0x33/0x40
[ 3031.609435]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3031.610609] RIP: 0033:0x7f854f415b19
[ 3031.611471] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3031.615677] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3031.617438] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 3031.619069] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 3031.620711] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3031.622330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3031.623951] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
[ 3031.736297] FAULT_INJECTION: forcing a failure.
[ 3031.736297] name failslab, interval 1, probability 0, space 0, times 0
[ 3031.739039] CPU: 0 PID: 12940 Comm: syz-executor.7 Not tainted 5.10.246 #1
[ 3031.740573] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3031.742359] Call Trace:
[ 3031.742944]  dump_stack+0x107/0x167
[ 3031.743737]  should_fail.cold+0x5/0xa
[ 3031.744581]  ? create_object.isra.0+0x3a/0xa30
[ 3031.745576]  should_failslab+0x5/0x20
[ 3031.746389]  kmem_cache_alloc+0x5b/0x310
[ 3031.747277]  create_object.isra.0+0x3a/0xa30
[ 3031.748222]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3031.749332]  kmem_cache_alloc_trace+0x151/0x320
[ 3031.750348]  ? _copy_from_user+0xfb/0x1b0
[ 3031.751259]  copy_mount_options+0x55/0x180
[ 3031.752170]  __x64_sys_mount+0x1a8/0x300
[ 3031.753059]  ? copy_mnt_ns+0xa00/0xa00
[ 3031.753919]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3031.755055]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3031.756166]  do_syscall_64+0x33/0x40
[ 3031.756991]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3031.758105] RIP: 0033:0x7f5247e02b19
[ 3031.758912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3031.762884] RSP: 002b:00007f5245378188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3031.764529] RAX: ffffffffffffffda RBX: 00007f5247f15f60 RCX: 00007f5247e02b19
[ 3031.766071] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3031.767625] RBP: 00007f52453781d0 R08: 0000000020000280 R09: 0000000000000000
[ 3031.769163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3031.770706] R13: 00007fffca86840f R14: 00007f5245378300 R15: 0000000000022000
01:36:02 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xfffffff6, 0x0, 0x0, 0x0)

01:36:02 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0x7ed9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:36:15 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) (fail_nth: 6)

01:36:15 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x18000000)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:36:15 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 44)

01:36:15 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 39)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

01:36:15 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x2, 0x0, 0x0)

01:36:15 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

01:36:15 executing program 5:
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x18000000, 0x0, 0x0, 0x0)

01:36:15 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0xd921, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

[ 3044.614360] FAULT_INJECTION: forcing a failure.
[ 3044.614360] name failslab, interval 1, probability 0, space 0, times 0
[ 3044.615601] CPU: 0 PID: 12961 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 3044.616357] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3044.617279] Call Trace:
[ 3044.617591]  dump_stack+0x107/0x167
[ 3044.618004]  should_fail.cold+0x5/0xa
[ 3044.618417]  ? radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 3044.619032]  should_failslab+0x5/0x20
[ 3044.619448]  kmem_cache_alloc+0x5b/0x310
[ 3044.619891]  radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 3044.620501]  idr_get_free+0x4b5/0x8f0
[ 3044.620933]  idr_alloc_u32+0x170/0x2d0
[ 3044.621358]  ? __fprop_inc_percpu_max+0x130/0x130
[ 3044.621879]  ? p9_client_prepare_req.part.0+0x20a/0xac0
[ 3044.622458]  ? lock_release+0x680/0x680
[ 3044.622890]  idr_alloc+0xc2/0x130
[ 3044.623264]  ? idr_alloc_u32+0x2d0/0x2d0
[ 3044.623709]  ? rwlock_bug.part.0+0x90/0x90
[ 3044.624174]  p9_client_prepare_req.part.0+0x612/0xac0
[ 3044.624743]  p9_client_rpc+0x220/0x1370
[ 3044.625169]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3044.625735]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 3044.626308]  ? pipe_poll+0x21b/0x800
[ 3044.626709]  ? p9_fd_close+0x4a0/0x4a0
[ 3044.627126]  ? wait_for_partner+0x3c0/0x3c0
[ 3044.627587]  ? p9_fd_poll+0x1e0/0x2c0
[ 3044.628002]  ? p9_fd_create+0x357/0x4a0
[ 3044.628427]  ? p9_conn_create+0x510/0x510
[ 3044.628878]  ? p9_client_create+0x798/0x1230
[ 3044.629352]  ? kfree+0xd7/0x340
[ 3044.629704]  ? do_raw_spin_unlock+0x4f/0x220
[ 3044.630186]  p9_client_create+0xa76/0x1230
[ 3044.630656]  ? p9_client_flush+0x430/0x430
[ 3044.631121]  ? trace_hardirqs_on+0x5b/0x180
[ 3044.631590]  ? lockdep_init_map_type+0x2c7/0x780
[ 3044.632111]  ? __raw_spin_lock_init+0x36/0x110
[ 3044.632616]  v9fs_session_init+0x1dd/0x1680
[ 3044.633094]  ? lock_release+0x680/0x680
[ 3044.633537]  ? kmem_cache_alloc_trace+0x151/0x320
[ 3044.634066]  ? v9fs_show_options+0x690/0x690
[ 3044.634549]  ? trace_hardirqs_on+0x5b/0x180
[ 3044.635019]  ? kasan_unpoison_shadow+0x33/0x50
[ 3044.635515]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3044.636064]  v9fs_mount+0x79/0x8f0
[ 3044.636454]  ? v9fs_write_inode+0x60/0x60
[ 3044.636912]  legacy_get_tree+0x105/0x220
[ 3044.637350]  vfs_get_tree+0x8e/0x300
[ 3044.637760]  path_mount+0x1490/0x21e0
[ 3044.638185]  ? strncpy_from_user+0x9e/0x470
[ 3044.638654]  ? finish_automount+0xa90/0xa90
[ 3044.639123]  ? getname_flags.part.0+0x1dd/0x4f0
[ 3044.639623]  ? _copy_from_user+0xfb/0x1b0
[ 3044.639939] FAULT_INJECTION: forcing a failure.
[ 3044.639939] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 3044.640084]  __x64_sys_mount+0x282/0x300
[ 3044.643149]  ? copy_mnt_ns+0xa00/0xa00
[ 3044.643695]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3044.644424]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3044.645145]  do_syscall_64+0x33/0x40
[ 3044.645661]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3044.646363] RIP: 0033:0x7f8d12f8ab19
[ 3044.646875] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3044.649436] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3044.650481] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 3044.651457] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3044.652433] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 3044.653281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3044.654050] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
[ 3044.654850] CPU: 1 PID: 12971 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 3044.656319] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3044.658072] Call Trace:
[ 3044.658635]  dump_stack+0x107/0x167
[ 3044.659405]  should_fail.cold+0x5/0xa
[ 3044.660213]  __alloc_pages_nodemask+0x182/0x600
[ 3044.661211]  ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310
[ 3044.662497]  alloc_pages_current+0x187/0x280
[ 3044.663428]  allocate_slab+0x26f/0x380
[ 3044.664252]  ___slab_alloc+0x470/0x700
[ 3044.665080]  ? getname_flags.part.0+0x50/0x4f0
[ 3044.666043]  ? lock_acquire+0x197/0x470
01:36:15 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0xd922, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

[ 3044.666881]  ? getname_flags.part.0+0x50/0x4f0
[ 3044.668033]  ? kmem_cache_alloc+0x301/0x310
[ 3044.668955]  ? getname_flags.part.0+0x50/0x4f0
[ 3044.669913]  kmem_cache_alloc+0x301/0x310
[ 3044.670788]  getname_flags.part.0+0x50/0x4f0
[ 3044.671712]  getname+0x8e/0xd0
[ 3044.672383]  __io_openat_prep+0x228/0x4c0
[ 3044.673266]  io_submit_sqes+0x25eb/0x8610
[ 3044.674167]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 3044.675212]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 3044.676224]  ? find_held_lock+0x2c/0x110
[ 3044.677089]  ? io_submit_sqes+0x8610/0x8610
[ 3044.677999]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3044.679006]  ? wait_for_completion_io+0x270/0x270
[ 3044.680020]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3044.681002]  ? vfs_write+0x354/0xb10
[ 3044.681781]  ? fput_many+0x2f/0x1a0
[ 3044.682543]  ? ksys_write+0x1a9/0x260
[ 3044.683341]  ? __ia32_sys_read+0xb0/0xb0
[ 3044.684197]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3044.685318]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3044.686403]  do_syscall_64+0x33/0x40
[ 3044.687188]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3044.688268] RIP: 0033:0x7f854f415b19
[ 3044.689058] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3044.692930] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3044.694534] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 3044.696037] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 3044.697550] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3044.699038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3044.700530] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
[ 3044.718541] FAULT_INJECTION: forcing a failure.
[ 3044.718541] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 3044.720063] CPU: 0 PID: 12966 Comm: syz-executor.7 Not tainted 5.10.246 #1
[ 3044.720813] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3044.721718] Call Trace:
[ 3044.722027]  dump_stack+0x107/0x167
[ 3044.722444]  should_fail.cold+0x5/0xa
[ 3044.722885]  _copy_from_user+0x2e/0x1b0
[ 3044.723332]  copy_mount_options+0x76/0x180
[ 3044.723790]  __x64_sys_mount+0x1a8/0x300
[ 3044.724227]  ? copy_mnt_ns+0xa00/0xa00
[ 3044.724654]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3044.725231]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3044.725788]  do_syscall_64+0x33/0x40
[ 3044.726191]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3044.726741] RIP: 0033:0x7f5247e02b19
[ 3044.727144] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3044.729143] RSP: 002b:00007f5245378188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3044.729964] RAX: ffffffffffffffda RBX: 00007f5247f15f60 RCX: 00007f5247e02b19
[ 3044.730738] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3044.731506] RBP: 00007f52453781d0 R08: 0000000020000280 R09: 0000000000000000
[ 3044.732273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3044.733050] R13: 00007fffca86840f R14: 00007f5245378300 R15: 0000000000022000
01:36:15 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0xd923, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:36:15 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0xd924, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:36:15 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x20000000)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:36:15 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0xd925, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:36:15 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) (fail_nth: 7)

01:36:15 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0xf6ffffff)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

[ 3044.963023] FAULT_INJECTION: forcing a failure.
[ 3044.963023] name failslab, interval 1, probability 0, space 0, times 0
[ 3044.964531] CPU: 0 PID: 12996 Comm: syz-executor.7 Not tainted 5.10.246 #1
[ 3044.965350] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3044.966326] Call Trace:
[ 3044.966640]  dump_stack+0x107/0x167
[ 3044.967070]  should_fail.cold+0x5/0xa
[ 3044.967505]  ? getname_flags.part.0+0x50/0x4f0
[ 3044.968041]  should_failslab+0x5/0x20
[ 3044.968492]  kmem_cache_alloc+0x5b/0x310
[ 3044.968992]  getname_flags.part.0+0x50/0x4f0
[ 3044.969505]  ? _copy_from_user+0xfb/0x1b0
[ 3044.969996]  user_path_at_empty+0xa1/0x100
[ 3044.970495]  __x64_sys_mount+0x1e9/0x300
[ 3044.970984]  ? copy_mnt_ns+0xa00/0xa00
[ 3044.971440]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3044.972040]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3044.972632]  do_syscall_64+0x33/0x40
[ 3044.973063]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3044.973651] RIP: 0033:0x7f5247e02b19
[ 3044.974091] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3044.976242] RSP: 002b:00007f5245378188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3044.977137] RAX: ffffffffffffffda RBX: 00007f5247f15f60 RCX: 00007f5247e02b19
[ 3044.977963] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3044.978783] RBP: 00007f52453781d0 R08: 0000000020000280 R09: 0000000000000000
[ 3044.979613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3044.980433] R13: 00007fffca86840f R14: 00007f5245378300 R15: 0000000000022000
01:36:15 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x4, 0x0, 0x0)

01:36:29 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) (fail_nth: 8)

01:36:29 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x8, 0x0, 0x0)

01:36:29 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

01:36:29 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 40)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

01:36:29 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 45)

01:36:29 executing program 5:
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x20000000, 0x0, 0x0, 0x0)

01:36:29 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0xd926, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:36:29 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0xfffffff6)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

[ 3058.653473] FAULT_INJECTION: forcing a failure.
[ 3058.653473] name failslab, interval 1, probability 0, space 0, times 0
[ 3058.654017] FAULT_INJECTION: forcing a failure.
[ 3058.654017] name failslab, interval 1, probability 0, space 0, times 0
[ 3058.655911] CPU: 0 PID: 13017 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 3058.655926] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3058.655933] Call Trace:
[ 3058.655964]  dump_stack+0x107/0x167
[ 3058.655992]  should_fail.cold+0x5/0xa
[ 3058.656018]  ? ___slab_alloc+0x155/0x700
[ 3058.656050]  ? create_object.isra.0+0x3a/0xa30
[ 3058.665041]  should_failslab+0x5/0x20
[ 3058.665875]  kmem_cache_alloc+0x5b/0x310
[ 3058.666765]  create_object.isra.0+0x3a/0xa30
[ 3058.667720]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3058.668825]  kmem_cache_alloc+0x159/0x310
[ 3058.669813]  radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 3058.671030]  idr_get_free+0x4b5/0x8f0
[ 3058.671870]  idr_alloc_u32+0x170/0x2d0
[ 3058.672719]  ? __fprop_inc_percpu_max+0x130/0x130
[ 3058.673774]  ? p9_client_prepare_req.part.0+0x20a/0xac0
[ 3058.674931]  ? lock_release+0x680/0x680
[ 3058.675795]  idr_alloc+0xc2/0x130
[ 3058.676543]  ? idr_alloc_u32+0x2d0/0x2d0
[ 3058.677426]  ? rwlock_bug.part.0+0x90/0x90
[ 3058.678455]  p9_client_prepare_req.part.0+0x612/0xac0
[ 3058.679549]  p9_client_rpc+0x220/0x1370
[ 3058.680389]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3058.681512]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 3058.682644]  ? pipe_poll+0x21b/0x800
[ 3058.683430]  ? p9_fd_close+0x4a0/0x4a0
[ 3058.684254]  ? wait_for_partner+0x3c0/0x3c0
[ 3058.685166]  ? p9_fd_poll+0x1e0/0x2c0
[ 3058.685964]  ? p9_fd_create+0x357/0x4a0
[ 3058.686802]  ? p9_conn_create+0x510/0x510
[ 3058.687658]  ? p9_client_create+0x798/0x1230
[ 3058.688589]  ? kfree+0xd7/0x340
[ 3058.689279]  ? do_raw_spin_unlock+0x4f/0x220
[ 3058.690210]  p9_client_create+0xa76/0x1230
[ 3058.691103]  ? p9_client_flush+0x430/0x430
[ 3058.691989]  ? trace_hardirqs_on+0x5b/0x180
[ 3058.692906]  ? lockdep_init_map_type+0x2c7/0x780
[ 3058.693898]  ? __raw_spin_lock_init+0x36/0x110
[ 3058.694865]  v9fs_session_init+0x1dd/0x1680
[ 3058.695772]  ? lock_release+0x680/0x680
[ 3058.696622]  ? kmem_cache_alloc_trace+0x151/0x320
[ 3058.697638]  ? v9fs_show_options+0x690/0x690
[ 3058.698551]  ? trace_hardirqs_on+0x5b/0x180
[ 3058.699463]  ? kasan_unpoison_shadow+0x33/0x50
[ 3058.700427]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3058.701503]  v9fs_mount+0x79/0x8f0
[ 3058.702260]  ? v9fs_write_inode+0x60/0x60
[ 3058.703130]  legacy_get_tree+0x105/0x220
[ 3058.703986]  vfs_get_tree+0x8e/0x300
[ 3058.704773]  path_mount+0x1490/0x21e0
[ 3058.705583]  ? strncpy_from_user+0x9e/0x470
[ 3058.706467]  ? finish_automount+0xa90/0xa90
[ 3058.707390]  ? getname_flags.part.0+0x1dd/0x4f0
[ 3058.708369]  ? _copy_from_user+0xfb/0x1b0
[ 3058.709251]  __x64_sys_mount+0x282/0x300
[ 3058.710100]  ? copy_mnt_ns+0xa00/0xa00
[ 3058.710915]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3058.712019]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3058.713119]  do_syscall_64+0x33/0x40
[ 3058.713898]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3058.714968] RIP: 0033:0x7f8d12f8ab19
[ 3058.715742] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3058.719631] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3058.721237] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 3058.722749] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3058.724238] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 3058.725753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3058.727236] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
[ 3058.728768] CPU: 1 PID: 13018 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 3058.729816] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3058.731051] Call Trace:
[ 3058.731446]  dump_stack+0x107/0x167
[ 3058.731995]  should_fail.cold+0x5/0xa
[ 3058.732564]  ? security_file_alloc+0x34/0x170
[ 3058.733252]  should_failslab+0x5/0x20
[ 3058.733816]  kmem_cache_alloc+0x5b/0x310
[ 3058.734428]  security_file_alloc+0x34/0x170
[ 3058.735072]  __alloc_file+0xb7/0x320
[ 3058.735625]  alloc_empty_file+0x6d/0x170
[ 3058.736230]  path_openat+0xe6/0x2770
[ 3058.736790]  ? __lock_acquire+0x1657/0x5b00
[ 3058.737452]  ? path_lookupat+0x860/0x860
[ 3058.738062]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3058.738842]  ? lock_chain_count+0x20/0x20
[ 3058.739464]  do_filp_open+0x190/0x3e0
[ 3058.740043]  ? may_open_dev+0xf0/0xf0
[ 3058.740636]  ? alloc_fd+0x2e7/0x670
[ 3058.741181]  ? lock_downgrade+0x6d0/0x6d0
[ 3058.741782]  ? do_raw_spin_lock+0x121/0x260
[ 3058.742412]  ? rwlock_bug.part.0+0x90/0x90
[ 3058.743025]  ? lock_chain_count+0x20/0x20
[ 3058.743643]  ? _raw_spin_unlock+0x1a/0x30
[ 3058.744243]  ? alloc_fd+0x2e7/0x670
[ 3058.744784]  io_openat2+0x24d/0xb80
[ 3058.745330]  ? io_send+0x780/0x780
[ 3058.745845]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3058.746621]  io_issue_sqe+0x2cd/0x77d0
[ 3058.747190]  ? lock_acquire+0x197/0x470
[ 3058.747767]  ? find_held_lock+0x2c/0x110
[ 3058.748354]  ? mark_held_locks+0x9e/0xe0
[ 3058.748966]  ? io_connect+0x610/0x610
[ 3058.749543]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3058.750313]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 3058.751106]  ? trace_hardirqs_on+0x5b/0x180
[ 3058.751733]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 3058.752535]  __io_queue_sqe+0x90/0x9d0
[ 3058.753126]  ? io_issue_sqe+0x77d0/0x77d0
[ 3058.753729]  ? getname+0x96/0xd0
[ 3058.754224]  io_submit_sqes+0x44a8/0x8610
[ 3058.754851]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 3058.755583]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 3058.756294]  ? find_held_lock+0x2c/0x110
[ 3058.756894]  ? io_submit_sqes+0x8610/0x8610
[ 3058.757524]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3058.758237]  ? wait_for_completion_io+0x270/0x270
[ 3058.758936]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3058.759611]  ? vfs_write+0x354/0xb10
[ 3058.760151]  ? fput_many+0x2f/0x1a0
[ 3058.760678]  ? ksys_write+0x1a9/0x260
[ 3058.761233]  ? __ia32_sys_read+0xb0/0xb0
[ 3058.761816]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3058.762576]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3058.763330]  do_syscall_64+0x33/0x40
[ 3058.763868]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3058.764624] RIP: 0033:0x7f854f415b19
[ 3058.765172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3058.767876] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3058.768999] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 3058.770013] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 3058.771011] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3058.772025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3058.773028] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
[ 3058.825161] FAULT_INJECTION: forcing a failure.
[ 3058.825161] name failslab, interval 1, probability 0, space 0, times 0
[ 3058.827909] CPU: 0 PID: 13020 Comm: syz-executor.7 Not tainted 5.10.246 #1
[ 3058.829411] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3058.831199] Call Trace:
[ 3058.831775]  dump_stack+0x107/0x167
[ 3058.832661]  should_fail.cold+0x5/0xa
[ 3058.833478]  ? create_object.isra.0+0x3a/0xa30
[ 3058.834441]  should_failslab+0x5/0x20
[ 3058.835240]  kmem_cache_alloc+0x5b/0x310
[ 3058.836111]  create_object.isra.0+0x3a/0xa30
[ 3058.837054]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3058.838131]  kmem_cache_alloc+0x159/0x310
[ 3058.839016]  getname_flags.part.0+0x50/0x4f0
[ 3058.839954]  ? _copy_from_user+0xfb/0x1b0
[ 3058.840814]  user_path_at_empty+0xa1/0x100
[ 3058.841727]  __x64_sys_mount+0x1e9/0x300
01:36:29 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 41)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

[ 3058.842575]  ? copy_mnt_ns+0xa00/0xa00
[ 3058.843566]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3058.844636]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3058.845742]  do_syscall_64+0x33/0x40
[ 3058.846531]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3058.847603] RIP: 0033:0x7f5247e02b19
[ 3058.848390] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3058.852249] RSP: 002b:00007f5245378188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3058.853862] RAX: ffffffffffffffda RBX: 00007f5247f15f60 RCX: 00007f5247e02b19
[ 3058.855366] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3058.856889] RBP: 00007f52453781d0 R08: 0000000020000280 R09: 0000000000000000
[ 3058.858388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3058.859886] R13: 00007fffca86840f R14: 00007f5245378300 R15: 0000000000022000
01:36:29 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x1000000000000)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:36:29 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0xd927, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:36:29 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 46)

[ 3058.897131] FAULT_INJECTION: forcing a failure.
[ 3058.897131] name failslab, interval 1, probability 0, space 0, times 0
[ 3058.898866] CPU: 1 PID: 13030 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 3058.899795] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3058.900903] Call Trace:
[ 3058.901254]  dump_stack+0x107/0x167
[ 3058.901740]  should_fail.cold+0x5/0xa
[ 3058.902253]  ? create_object.isra.0+0x3a/0xa30
[ 3058.902862]  should_failslab+0x5/0x20
[ 3058.903372]  kmem_cache_alloc+0x5b/0x310
[ 3058.903913]  ? percpu_ref_put_many.constprop.0+0x4e/0x110
[ 3058.904649]  create_object.isra.0+0x3a/0xa30
[ 3058.905235]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3058.905909]  kmem_cache_alloc+0x159/0x310
[ 3058.906482]  security_file_alloc+0x34/0x170
[ 3058.907086]  __alloc_file+0xb7/0x320
[ 3058.907602]  alloc_empty_file+0x6d/0x170
[ 3058.908166]  path_openat+0xe6/0x2770
[ 3058.908682]  ? __lock_acquire+0x1657/0x5b00
[ 3058.909293]  ? path_lookupat+0x860/0x860
[ 3058.909860]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3058.910587]  ? entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3058.911327]  do_filp_open+0x190/0x3e0
[ 3058.911853]  ? may_open_dev+0xf0/0xf0
[ 3058.912384]  ? alloc_fd+0x2e7/0x670
[ 3058.912896]  ? lock_downgrade+0x6d0/0x6d0
[ 3058.913465]  ? do_raw_spin_lock+0x121/0x260
[ 3058.914057]  ? rwlock_bug.part.0+0x90/0x90
[ 3058.914639]  ? lock_chain_count+0x20/0x20
[ 3058.915216]  ? stack_trace_save+0x8c/0xc0
[ 3058.915791]  ? _raw_spin_unlock+0x1a/0x30
[ 3058.916359]  ? alloc_fd+0x2e7/0x670
[ 3058.916881]  io_openat2+0x24d/0xb80
[ 3058.917398]  ? io_send+0x780/0x780
[ 3058.917894]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3058.918622]  io_issue_sqe+0x2cd/0x77d0
[ 3058.919152]  ? lock_acquire+0x197/0x470
[ 3058.919698]  ? find_held_lock+0x2c/0x110
[ 3058.920259]  ? __virt_addr_valid+0x346/0x5d0
[ 3058.920860]  ? io_connect+0x610/0x610
[ 3058.921410]  ? __might_fault+0xd3/0x180
[ 3058.921952]  ? lock_downgrade+0x6d0/0x6d0
[ 3058.922522]  ? __virt_addr_valid+0x170/0x5d0
[ 3058.923125]  ? __check_object_size+0x319/0x440
[ 3058.923755]  __io_queue_sqe+0x90/0x9d0
[ 3058.924301]  ? io_issue_sqe+0x77d0/0x77d0
[ 3058.924880]  ? getname+0x96/0xd0
[ 3058.925353]  io_submit_sqes+0x44a8/0x8610
[ 3058.925939]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 3058.926641]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 3058.927305]  ? find_held_lock+0x2c/0x110
[ 3058.927874]  ? io_submit_sqes+0x8610/0x8610
[ 3058.928472]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3058.929139]  ? wait_for_completion_io+0x270/0x270
[ 3058.929802]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3058.930438]  ? vfs_write+0x354/0xb10
[ 3058.930945]  ? fput_many+0x2f/0x1a0
[ 3058.931438]  ? ksys_write+0x1a9/0x260
[ 3058.931952]  ? __ia32_sys_read+0xb0/0xb0
[ 3058.932649]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3058.933383]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3058.934104]  do_syscall_64+0x33/0x40
[ 3058.934627]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3058.935355] RIP: 0033:0x7f854f415b19
[ 3058.935878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3058.938464] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3058.939525] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 3058.940517] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 3058.941526] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3058.942513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3058.943505] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
01:36:29 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x8000000000000)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

[ 3058.988230] FAULT_INJECTION: forcing a failure.
[ 3058.988230] name failslab, interval 1, probability 0, space 0, times 0
[ 3058.989727] CPU: 1 PID: 13039 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 3058.990628] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3058.991682] Call Trace:
[ 3058.992023]  dump_stack+0x107/0x167
[ 3058.992502]  should_fail.cold+0x5/0xa
[ 3058.993002]  ? create_object.isra.0+0x3a/0xa30
[ 3058.993609]  should_failslab+0x5/0x20
[ 3058.994095]  kmem_cache_alloc+0x5b/0x310
[ 3058.994625]  create_object.isra.0+0x3a/0xa30
[ 3058.995183]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3058.995831]  kmem_cache_alloc+0x159/0x310
[ 3058.996380]  radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 3058.997128]  idr_get_free+0x4b5/0x8f0
[ 3058.997634]  idr_alloc_u32+0x170/0x2d0
[ 3058.998135]  ? __fprop_inc_percpu_max+0x130/0x130
[ 3058.998761]  ? p9_client_prepare_req.part.0+0x20a/0xac0
[ 3058.999458]  ? lock_release+0x680/0x680
[ 3058.999961]  idr_alloc+0xc2/0x130
[ 3059.000405]  ? idr_alloc_u32+0x2d0/0x2d0
[ 3059.000942]  ? rwlock_bug.part.0+0x90/0x90
[ 3059.001490]  p9_client_prepare_req.part.0+0x612/0xac0
[ 3059.002146]  p9_client_rpc+0x220/0x1370
[ 3059.002651]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3059.003317]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 3059.004002]  ? pipe_poll+0x21b/0x800
[ 3059.004479]  ? p9_fd_close+0x4a0/0x4a0
[ 3059.004984]  ? wait_for_partner+0x3c0/0x3c0
[ 3059.005534]  ? p9_fd_poll+0x1e0/0x2c0
[ 3059.006020]  ? p9_fd_create+0x357/0x4a0
[ 3059.006532]  ? p9_conn_create+0x510/0x510
[ 3059.007058]  ? p9_client_create+0x798/0x1230
[ 3059.007614]  ? kfree+0xd7/0x340
[ 3059.008032]  ? do_raw_spin_unlock+0x4f/0x220
[ 3059.008607]  p9_client_create+0xa76/0x1230
[ 3059.009169]  ? p9_client_flush+0x430/0x430
[ 3059.009716]  ? trace_hardirqs_on+0x5b/0x180
[ 3059.010267]  ? lockdep_init_map_type+0x2c7/0x780
[ 3059.010867]  ? __raw_spin_lock_init+0x36/0x110
[ 3059.011445]  v9fs_session_init+0x1dd/0x1680
[ 3059.011998]  ? lock_release+0x680/0x680
[ 3059.012505]  ? kmem_cache_alloc_trace+0x151/0x320
[ 3059.013122]  ? v9fs_show_options+0x690/0x690
[ 3059.013683]  ? trace_hardirqs_on+0x5b/0x180
[ 3059.014235]  ? kasan_unpoison_shadow+0x33/0x50
[ 3059.014812]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3059.015460]  v9fs_mount+0x79/0x8f0
[ 3059.015919]  ? v9fs_write_inode+0x60/0x60
[ 3059.016453]  legacy_get_tree+0x105/0x220
[ 3059.016985]  vfs_get_tree+0x8e/0x300
[ 3059.017459]  path_mount+0x1490/0x21e0
[ 3059.017959]  ? strncpy_from_user+0x9e/0x470
[ 3059.018507]  ? finish_automount+0xa90/0xa90
[ 3059.019048]  ? getname_flags.part.0+0x1dd/0x4f0
[ 3059.019640]  ? _copy_from_user+0xfb/0x1b0
[ 3059.020170]  __x64_sys_mount+0x282/0x300
[ 3059.020677]  ? copy_mnt_ns+0xa00/0xa00
[ 3059.021176]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3059.021853]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3059.022498]  do_syscall_64+0x33/0x40
[ 3059.022967]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3059.023612] RIP: 0033:0x7f8d12f8ab19
[ 3059.024081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3059.026389] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3059.027355] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 3059.028264] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3059.029194] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 3059.030083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3059.030985] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
01:36:29 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0xd928, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:36:29 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 42)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

[ 3059.207243] FAULT_INJECTION: forcing a failure.
[ 3059.207243] name failslab, interval 1, probability 0, space 0, times 0
[ 3059.210151] CPU: 1 PID: 13049 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 3059.211627] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3059.213401] Call Trace:
[ 3059.213966]  dump_stack+0x107/0x167
[ 3059.214740]  should_fail.cold+0x5/0xa
[ 3059.215550]  ? __alloc_file+0x21/0x320
[ 3059.216380]  should_failslab+0x5/0x20
[ 3059.217198]  kmem_cache_alloc+0x5b/0x310
[ 3059.218069]  __alloc_file+0x21/0x320
[ 3059.218862]  alloc_empty_file+0x6d/0x170
[ 3059.219731]  path_openat+0xe6/0x2770
[ 3059.220530]  ? __lock_acquire+0x1657/0x5b00
[ 3059.221457]  ? path_lookupat+0x860/0x860
[ 3059.222326]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3059.223437]  ? lock_chain_count+0x20/0x20
[ 3059.224327]  do_filp_open+0x190/0x3e0
[ 3059.225136]  ? may_open_dev+0xf0/0xf0
[ 3059.225950]  ? alloc_fd+0x2e7/0x670
[ 3059.226722]  ? lock_downgrade+0x6d0/0x6d0
[ 3059.227606]  ? do_raw_spin_lock+0x121/0x260
[ 3059.228517]  ? rwlock_bug.part.0+0x90/0x90
[ 3059.229422]  ? lock_chain_count+0x20/0x20
[ 3059.230305]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3059.231425]  ? _raw_spin_unlock+0x1a/0x30
[ 3059.232305]  ? alloc_fd+0x2e7/0x670
[ 3059.233093]  io_openat2+0x24d/0xb80
[ 3059.233872]  ? io_send+0x780/0x780
[ 3059.234635]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3059.235754]  io_issue_sqe+0x2cd/0x77d0
[ 3059.236582]  ? lock_acquire+0x197/0x470
[ 3059.237433]  ? find_held_lock+0x2c/0x110
[ 3059.238300]  ? __virt_addr_valid+0x346/0x5d0
[ 3059.239236]  ? io_connect+0x610/0x610
[ 3059.240048]  ? __might_fault+0xd3/0x180
[ 3059.240901]  ? lock_downgrade+0x6d0/0x6d0
[ 3059.241772]  ? __virt_addr_valid+0x170/0x5d0
[ 3059.242708]  ? __check_object_size+0x319/0x440
[ 3059.243677]  __io_queue_sqe+0x90/0x9d0
[ 3059.244510]  ? io_issue_sqe+0x77d0/0x77d0
[ 3059.245397]  ? getname+0x96/0xd0
[ 3059.246123]  io_submit_sqes+0x44a8/0x8610
[ 3059.247028]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 3059.248086]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 3059.249115]  ? find_held_lock+0x2c/0x110
[ 3059.249985]  ? io_submit_sqes+0x8610/0x8610
[ 3059.250909]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3059.251936]  ? wait_for_completion_io+0x270/0x270
[ 3059.252970]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3059.253955]  ? vfs_write+0x354/0xb10
[ 3059.254742]  ? fput_many+0x2f/0x1a0
[ 3059.255511]  ? ksys_write+0x1a9/0x260
[ 3059.256316]  ? __ia32_sys_read+0xb0/0xb0
[ 3059.257190]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3059.258301]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3059.259401]  do_syscall_64+0x33/0x40
[ 3059.260198]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3059.261299] RIP: 0033:0x7f854f415b19
[ 3059.262086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3059.266015] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3059.267639] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 3059.269170] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 3059.270683] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3059.272189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3059.273700] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
01:36:43 executing program 5:
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xf6ffffff, 0x0, 0x0, 0x0)

01:36:43 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x40000000000000)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:36:43 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

01:36:43 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 43)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

01:36:43 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0xd929, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:36:43 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) (fail_nth: 9)

01:36:43 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x18, 0x0, 0x0)

01:36:43 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 47)

[ 3072.280096] FAULT_INJECTION: forcing a failure.
[ 3072.280096] name failslab, interval 1, probability 0, space 0, times 0
[ 3072.282477] CPU: 1 PID: 13072 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 3072.283926] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3072.285688] Call Trace:
[ 3072.286247]  dump_stack+0x107/0x167
[ 3072.287013]  should_fail.cold+0x5/0xa
[ 3072.287820]  ? create_object.isra.0+0x3a/0xa30
[ 3072.288788]  should_failslab+0x5/0x20
[ 3072.289608]  kmem_cache_alloc+0x5b/0x310
[ 3072.290468]  create_object.isra.0+0x3a/0xa30
[ 3072.291395]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3072.292482]  kmem_cache_alloc+0x159/0x310
[ 3072.293394]  radix_tree_node_alloc.constprop.0+0x1e3/0x300
[ 3072.294737]  idr_get_free+0x4b5/0x8f0
[ 3072.295663]  idr_alloc_u32+0x170/0x2d0
[ 3072.296598]  ? __fprop_inc_percpu_max+0x130/0x130
[ 3072.297750]  ? p9_client_prepare_req.part.0+0x20a/0xac0
01:36:43 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x1800, 0x0, 0x0)

[ 3072.299025]  ? lock_release+0x680/0x680
[ 3072.300105]  idr_alloc+0xc2/0x130
[ 3072.300924]  ? idr_alloc_u32+0x2d0/0x2d0
[ 3072.301899]  ? rwlock_bug.part.0+0x90/0x90
[ 3072.302918]  p9_client_prepare_req.part.0+0x612/0xac0
[ 3072.304128]  p9_client_rpc+0x220/0x1370
[ 3072.305078]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3072.306314]  ? p9_client_prepare_req.part.0+0xac0/0xac0
[ 3072.307577]  ? pipe_poll+0x21b/0x800
01:36:43 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0xd92a, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

[ 3072.308449]  ? p9_fd_close+0x4a0/0x4a0
[ 3072.309490]  ? wait_for_partner+0x3c0/0x3c0
[ 3072.310512]  ? p9_fd_poll+0x1e0/0x2c0
[ 3072.311418]  ? p9_fd_create+0x357/0x4a0
[ 3072.312360]  ? p9_conn_create+0x510/0x510
[ 3072.313333]  ? p9_client_create+0x798/0x1230
[ 3072.314366]  ? kfree+0xd7/0x340
[ 3072.315133]  ? do_raw_spin_unlock+0x4f/0x220
[ 3072.316182]  p9_client_create+0xa76/0x1230
[ 3072.317194]  ? p9_client_flush+0x430/0x430
[ 3072.318198]  ? trace_hardirqs_on+0x5b/0x180
[ 3072.319223]  ? lockdep_init_map_type+0x2c7/0x780
[ 3072.320344]  ? __raw_spin_lock_init+0x36/0x110
[ 3072.321443]  v9fs_session_init+0x1dd/0x1680
[ 3072.322464]  ? lock_release+0x680/0x680
[ 3072.323419]  ? kmem_cache_alloc_trace+0x151/0x320
[ 3072.324551]  ? v9fs_show_options+0x690/0x690
[ 3072.325599]  ? trace_hardirqs_on+0x5b/0x180
[ 3072.326608]  ? kasan_unpoison_shadow+0x33/0x50
[ 3072.327675]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3072.328869]  v9fs_mount+0x79/0x8f0
[ 3072.329705]  ? v9fs_write_inode+0x60/0x60
[ 3072.330668]  legacy_get_tree+0x105/0x220
[ 3072.331610]  vfs_get_tree+0x8e/0x300
[ 3072.332476]  path_mount+0x1490/0x21e0
[ 3072.333235] FAULT_INJECTION: forcing a failure.
[ 3072.333235] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 3072.333374]  ? strncpy_from_user+0x9e/0x470
[ 3072.335698]  ? finish_automount+0xa90/0xa90
[ 3072.336699]  ? getname_flags.part.0+0x1dd/0x4f0
[ 3072.337790]  ? _copy_from_user+0xfb/0x1b0
[ 3072.338776]  __x64_sys_mount+0x282/0x300
[ 3072.339721]  ? copy_mnt_ns+0xa00/0xa00
[ 3072.340648]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3072.341893]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3072.343104]  do_syscall_64+0x33/0x40
[ 3072.343968]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3072.345174] RIP: 0033:0x7f8d12f8ab19
[ 3072.346046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3072.350361] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3072.352131] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 3072.353794] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3072.355441] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 3072.357110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3072.358774] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
[ 3072.360451] CPU: 0 PID: 13063 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 3072.361271] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3072.362235] Call Trace:
[ 3072.362543]  dump_stack+0x107/0x167
[ 3072.362968]  should_fail.cold+0x5/0xa
[ 3072.363413]  _copy_from_user+0x2e/0x1b0
[ 3072.363878]  io_submit_sqes+0x25c5/0x8610
[ 3072.364374]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 3072.364951]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 3072.365530]  ? find_held_lock+0x2c/0x110
[ 3072.366008]  ? io_submit_sqes+0x8610/0x8610
[ 3072.366517]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3072.367076]  ? wait_for_completion_io+0x270/0x270
[ 3072.367637]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3072.368173]  ? vfs_write+0x354/0xb10
[ 3072.368602]  ? fput_many+0x2f/0x1a0
[ 3072.369027]  ? ksys_write+0x1a9/0x260
[ 3072.369465]  ? __ia32_sys_read+0xb0/0xb0
[ 3072.369945]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3072.370550]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3072.371148]  do_syscall_64+0x33/0x40
[ 3072.371578]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3072.372170] RIP: 0033:0x7f854f415b19
[ 3072.372599] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3072.374724] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3072.375603] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 3072.376426] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 3072.377251] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3072.378073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3072.378897] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
[ 3072.430799] FAULT_INJECTION: forcing a failure.
01:36:43 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0xd92b, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

[ 3072.430799] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 3072.434082] CPU: 1 PID: 13070 Comm: syz-executor.7 Not tainted 5.10.246 #1
[ 3072.435641] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3072.437504] Call Trace:
[ 3072.438099]  dump_stack+0x107/0x167
[ 3072.438927]  should_fail.cold+0x5/0xa
[ 3072.439787]  strncpy_from_user+0x34/0x470
[ 3072.440720]  getname_flags.part.0+0x95/0x4f0
[ 3072.441717]  ? _copy_from_user+0xfb/0x1b0
[ 3072.442647]  user_path_at_empty+0xa1/0x100
[ 3072.443598]  __x64_sys_mount+0x1e9/0x300
[ 3072.444507]  ? copy_mnt_ns+0xa00/0xa00
[ 3072.445389]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3072.446565]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3072.447735]  do_syscall_64+0x33/0x40
[ 3072.448572]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3072.449734] RIP: 0033:0x7f5247e02b19
[ 3072.450569] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3072.454711] RSP: 002b:00007f5245378188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3072.456429] RAX: ffffffffffffffda RBX: 00007f5247f15f60 RCX: 00007f5247e02b19
[ 3072.458047] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3072.459669] RBP: 00007f52453781d0 R08: 0000000020000280 R09: 0000000000000000
[ 3072.461279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3072.462896] R13: 00007fffca86840f R14: 00007f5245378300 R15: 0000000000022000
01:36:43 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0xd92c, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:36:43 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x80000000000000)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:36:43 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x2000, 0x0, 0x0)

01:36:43 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) (fail_nth: 10)

[ 3072.629171] FAULT_INJECTION: forcing a failure.
[ 3072.629171] name failslab, interval 1, probability 0, space 0, times 0
[ 3072.630712] CPU: 0 PID: 13100 Comm: syz-executor.7 Not tainted 5.10.246 #1
[ 3072.631504] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3072.632452] Call Trace:
[ 3072.632760]  dump_stack+0x107/0x167
[ 3072.633185]  should_fail.cold+0x5/0xa
[ 3072.633619]  ? alloc_fs_context+0x57/0x840
[ 3072.634104]  should_failslab+0x5/0x20
[ 3072.634541]  kmem_cache_alloc_trace+0x55/0x320
[ 3072.635067]  alloc_fs_context+0x57/0x840
[ 3072.635534]  path_mount+0xab1/0x21e0
[ 3072.635964]  ? strncpy_from_user+0x9e/0x470
[ 3072.636457]  ? finish_automount+0xa90/0xa90
[ 3072.636956]  ? getname_flags.part.0+0x1dd/0x4f0
[ 3072.637498]  ? _copy_from_user+0xfb/0x1b0
[ 3072.637975]  __x64_sys_mount+0x282/0x300
[ 3072.638438]  ? copy_mnt_ns+0xa00/0xa00
[ 3072.638890]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3072.639492]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3072.640081]  do_syscall_64+0x33/0x40
[ 3072.640505]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3072.641096] RIP: 0033:0x7f5247e02b19
[ 3072.641519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3072.643627] RSP: 002b:00007f5245378188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3072.644503] RAX: ffffffffffffffda RBX: 00007f5247f15f60 RCX: 00007f5247e02b19
[ 3072.645328] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3072.646147] RBP: 00007f52453781d0 R08: 0000000020000280 R09: 0000000000000000
[ 3072.646968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3072.647782] R13: 00007fffca86840f R14: 00007f5245378300 R15: 0000000000022000
01:36:57 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x4000, 0x0, 0x0)

01:36:57 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0)

01:36:57 executing program 5:
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xfffffff6, 0x0, 0x0, 0x0)

01:36:57 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 44)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

01:36:57 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0xd92d, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:36:57 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x100000000000000)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:36:57 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) (fail_nth: 11)

01:36:57 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 48)

[ 3087.061655] FAULT_INJECTION: forcing a failure.
[ 3087.061655] name failslab, interval 1, probability 0, space 0, times 0
[ 3087.064894] CPU: 1 PID: 13113 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 3087.065916] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3087.067123] Call Trace:
[ 3087.067514]  dump_stack+0x107/0x167
[ 3087.068050]  should_fail.cold+0x5/0xa
[ 3087.068615]  should_failslab+0x5/0x20
[ 3087.069176]  __kmalloc_track_caller+0x79/0x370
[ 3087.069854]  ? kasprintf+0xbb/0xf0
[ 3087.070372]  ? __delete_object+0xb3/0x100
[ 3087.070985]  kvasprintf+0xb5/0x150
[ 3087.071514]  ? bust_spinlocks+0xe0/0xe0
[ 3087.072118]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3087.072890]  kasprintf+0xbb/0xf0
[ 3087.073395]  ? kvasprintf_const+0x1a0/0x1a0
[ 3087.074031]  ? kmem_cache_free+0x249/0x2d0
[ 3087.074657]  ? p9_client_create+0xbfa/0x1230
[ 3087.075303]  p9_client_create+0xc1b/0x1230
[ 3087.075929]  ? p9_client_flush+0x430/0x430
[ 3087.076552]  ? trace_hardirqs_on+0x5b/0x180
[ 3087.077209]  ? lockdep_init_map_type+0x2c7/0x780
[ 3087.077904]  ? __raw_spin_lock_init+0x36/0x110
[ 3087.078577]  v9fs_session_init+0x1dd/0x1680
[ 3087.079218]  ? lock_release+0x680/0x680
[ 3087.079815]  ? kmem_cache_alloc_trace+0x151/0x320
[ 3087.080522]  ? v9fs_show_options+0x690/0x690
[ 3087.081175]  ? trace_hardirqs_on+0x5b/0x180
[ 3087.081833]  ? kasan_unpoison_shadow+0x33/0x50
[ 3087.082510]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3087.083263]  v9fs_mount+0x79/0x8f0
[ 3087.083798]  ? v9fs_write_inode+0x60/0x60
[ 3087.084407]  legacy_get_tree+0x105/0x220
[ 3087.085009]  vfs_get_tree+0x8e/0x300
[ 3087.085570]  path_mount+0x1490/0x21e0
[ 3087.086144]  ? strncpy_from_user+0x9e/0x470
[ 3087.086779]  ? finish_automount+0xa90/0xa90
[ 3087.087415]  ? getname_flags.part.0+0x1dd/0x4f0
[ 3087.088106]  ? _copy_from_user+0xfb/0x1b0
[ 3087.088713]  __x64_sys_mount+0x282/0x300
[ 3087.089322]  ? copy_mnt_ns+0xa00/0xa00
[ 3087.089910]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3087.090689]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3087.091448]  do_syscall_64+0x33/0x40
[ 3087.091997]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3087.092762] RIP: 0033:0x7f8d12f8ab19
[ 3087.093319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3087.096026] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3087.097153] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 3087.098197] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3087.098449] FAULT_INJECTION: forcing a failure.
[ 3087.098449] name failslab, interval 1, probability 0, space 0, times 0
[ 3087.099245] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 3087.099254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3087.099262] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
[ 3087.106730] CPU: 0 PID: 13117 Comm: syz-executor.7 Not tainted 5.10.246 #1
[ 3087.108192] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3087.109952] Call Trace:
[ 3087.110519]  dump_stack+0x107/0x167
[ 3087.111295]  should_fail.cold+0x5/0xa
[ 3087.112109]  ? create_object.isra.0+0x3a/0xa30
[ 3087.113075]  should_failslab+0x5/0x20
[ 3087.113894]  kmem_cache_alloc+0x5b/0x310
[ 3087.114759]  create_object.isra.0+0x3a/0xa30
[ 3087.115689]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3087.116765]  kmem_cache_alloc_trace+0x151/0x320
[ 3087.117746]  alloc_fs_context+0x57/0x840
[ 3087.118577]  path_mount+0xab1/0x21e0
[ 3087.119349]  ? strncpy_from_user+0x9e/0x470
[ 3087.120224]  ? finish_automount+0xa90/0xa90
[ 3087.121102]  ? getname_flags.part.0+0x1dd/0x4f0
[ 3087.122081]  ? _copy_from_user+0xfb/0x1b0
[ 3087.122953]  __x64_sys_mount+0x282/0x300
[ 3087.123775]  ? copy_mnt_ns+0xa00/0xa00
[ 3087.124608]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3087.125724]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3087.126817]  do_syscall_64+0x33/0x40
[ 3087.127609]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3087.128699] RIP: 0033:0x7f5247e02b19
[ 3087.129495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3087.133403] RSP: 002b:00007f5245378188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3087.135020] RAX: ffffffffffffffda RBX: 00007f5247f15f60 RCX: 00007f5247e02b19
[ 3087.136526] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3087.138046] RBP: 00007f52453781d0 R08: 0000000020000280 R09: 0000000000000000
[ 3087.139560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3087.141075] R13: 00007fffca86840f R14: 00007f5245378300 R15: 0000000000022000
[ 3087.146253] FAULT_INJECTION: forcing a failure.
[ 3087.146253] name failslab, interval 1, probability 0, space 0, times 0
01:36:57 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 49)

[ 3087.148924] CPU: 0 PID: 13105 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 3087.150583] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3087.152347] Call Trace:
[ 3087.152905]  dump_stack+0x107/0x167
[ 3087.153795]  should_fail.cold+0x5/0xa
[ 3087.154600]  ? getname_flags.part.0+0x50/0x4f0
[ 3087.155557]  should_failslab+0x5/0x20
[ 3087.156357]  kmem_cache_alloc+0x5b/0x310
[ 3087.157228]  getname_flags.part.0+0x50/0x4f0
[ 3087.158157]  getname+0x8e/0xd0
[ 3087.158838]  __io_openat_prep+0x228/0x4c0
[ 3087.159718]  io_submit_sqes+0x25eb/0x8610
[ 3087.160618]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 3087.161688]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 3087.162704]  ? find_held_lock+0x2c/0x110
[ 3087.163562]  ? io_submit_sqes+0x8610/0x8610
[ 3087.164478]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3087.165500]  ? wait_for_completion_io+0x270/0x270
[ 3087.166518]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3087.167490]  ? vfs_write+0x354/0xb10
[ 3087.168272]  ? fput_many+0x2f/0x1a0
[ 3087.169039]  ? ksys_write+0x1a9/0x260
[ 3087.169865]  ? __ia32_sys_read+0xb0/0xb0
[ 3087.170726]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3087.171831]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3087.172921]  do_syscall_64+0x33/0x40
[ 3087.173712]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3087.174801] RIP: 0033:0x7f854f415b19
[ 3087.175584] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3087.179462] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3087.181070] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 3087.182580] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 3087.184094] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3087.185617] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3087.187118] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
[ 3087.225859] FAULT_INJECTION: forcing a failure.
[ 3087.225859] name failslab, interval 1, probability 0, space 0, times 0
[ 3087.227624] CPU: 1 PID: 13126 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 3087.228609] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3087.229803] Call Trace:
[ 3087.230183]  dump_stack+0x107/0x167
[ 3087.230706]  should_fail.cold+0x5/0xa
[ 3087.231263]  should_failslab+0x5/0x20
[ 3087.231814]  __kmalloc_track_caller+0x79/0x370
[ 3087.232466]  ? kasprintf+0xbb/0xf0
[ 3087.232974]  ? __delete_object+0xb3/0x100
[ 3087.233576]  kvasprintf+0xb5/0x150
[ 3087.234077]  ? bust_spinlocks+0xe0/0xe0
[ 3087.234642]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3087.235399]  kasprintf+0xbb/0xf0
[ 3087.235875]  ? kvasprintf_const+0x1a0/0x1a0
[ 3087.236485]  ? kmem_cache_free+0x249/0x2d0
[ 3087.237093]  ? p9_client_create+0xbfa/0x1230
[ 3087.237737]  p9_client_create+0xc1b/0x1230
[ 3087.238344]  ? p9_client_flush+0x430/0x430
[ 3087.238944]  ? trace_hardirqs_on+0x5b/0x180
[ 3087.239560]  ? lockdep_init_map_type+0x2c7/0x780
[ 3087.240253]  ? __raw_spin_lock_init+0x36/0x110
[ 3087.240905]  v9fs_session_init+0x1dd/0x1680
[ 3087.241529]  ? lock_release+0x680/0x680
[ 3087.242093]  ? kmem_cache_alloc_trace+0x151/0x320
[ 3087.242767]  ? v9fs_show_options+0x690/0x690
[ 3087.243386]  ? trace_hardirqs_on+0x5b/0x180
[ 3087.243994]  ? kasan_unpoison_shadow+0x33/0x50
[ 3087.244632]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3087.245348]  v9fs_mount+0x79/0x8f0
[ 3087.245854]  ? v9fs_write_inode+0x60/0x60
[ 3087.246434]  legacy_get_tree+0x105/0x220
[ 3087.247010]  vfs_get_tree+0x8e/0x300
[ 3087.247541]  path_mount+0x1490/0x21e0
[ 3087.248088]  ? strncpy_from_user+0x9e/0x470
[ 3087.248706]  ? finish_automount+0xa90/0xa90
[ 3087.249329]  ? getname_flags.part.0+0x1dd/0x4f0
[ 3087.249994]  ? _copy_from_user+0xfb/0x1b0
[ 3087.250579]  __x64_sys_mount+0x282/0x300
[ 3087.251145]  ? copy_mnt_ns+0xa00/0xa00
[ 3087.251693]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3087.252431]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3087.253153]  do_syscall_64+0x33/0x40
[ 3087.253684]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3087.254401] RIP: 0033:0x7f8d12f8ab19
[ 3087.254926] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3087.257520] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3087.258586] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 3087.259593] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3087.260600] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 3087.261610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3087.262609] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
01:36:58 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0xd92e, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:36:58 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x80000, 0x0, 0x0)

01:36:58 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x200000000000000)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:36:58 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 45)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

01:36:58 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 50)

[ 3087.345393] FAULT_INJECTION: forcing a failure.
[ 3087.345393] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 3087.347118] CPU: 1 PID: 13132 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 3087.348063] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3087.349204] Call Trace:
[ 3087.349573]  dump_stack+0x107/0x167
[ 3087.350071]  should_fail.cold+0x5/0xa
[ 3087.350602]  _copy_from_user+0x2e/0x1b0
[ 3087.351150]  io_submit_sqes+0x25c5/0x8610
[ 3087.351746]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 3087.352434]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 3087.353099]  ? find_held_lock+0x2c/0x110
[ 3087.353669]  ? io_submit_sqes+0x8610/0x8610
[ 3087.354259]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3087.354920]  ? wait_for_completion_io+0x270/0x270
[ 3087.355577]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3087.356213]  ? vfs_write+0x354/0xb10
[ 3087.356727]  ? copy_kernel_to_fpregs+0x9e/0xe0
[ 3087.357359]  ? trace_event_raw_event_x86_fpu+0x390/0x390
[ 3087.358097]  ? ksys_write+0x1a9/0x260
[ 3087.358615]  ? __ia32_sys_read+0xb0/0xb0
[ 3087.359171]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3087.359890]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3087.360609]  do_syscall_64+0x33/0x40
[ 3087.361118]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3087.361823] RIP: 0033:0x7f854f415b19
[ 3087.362330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3087.364828] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3087.365861] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 3087.366828] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 3087.367810] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3087.368798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3087.369772] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
01:36:58 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x400000, 0x0, 0x0)

[ 3087.403425] FAULT_INJECTION: forcing a failure.
[ 3087.403425] name failslab, interval 1, probability 0, space 0, times 0
[ 3087.405020] CPU: 1 PID: 13138 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 3087.405950] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3087.407059] Call Trace:
[ 3087.407416]  dump_stack+0x107/0x167
[ 3087.407903]  should_fail.cold+0x5/0xa
[ 3087.408413]  should_failslab+0x5/0x20
[ 3087.408923]  __kmalloc_track_caller+0x79/0x370
[ 3087.409534]  ? kasprintf+0xbb/0xf0
[ 3087.410011]  ? __delete_object+0xb3/0x100
[ 3087.410561]  kvasprintf+0xb5/0x150
[ 3087.411032]  ? bust_spinlocks+0xe0/0xe0
[ 3087.411568]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3087.412272]  kasprintf+0xbb/0xf0
[ 3087.412729]  ? kvasprintf_const+0x1a0/0x1a0
[ 3087.413331]  ? kmem_cache_free+0x249/0x2d0
[ 3087.413893]  ? p9_client_create+0xbfa/0x1230
[ 3087.414479]  p9_client_create+0xc1b/0x1230
[ 3087.415043]  ? p9_client_flush+0x430/0x430
[ 3087.415609]  ? trace_hardirqs_on+0x5b/0x180
[ 3087.416186]  ? lockdep_init_map_type+0x2c7/0x780
[ 3087.416819]  ? __raw_spin_lock_init+0x36/0x110
[ 3087.417445]  v9fs_session_init+0x1dd/0x1680
[ 3087.418017]  ? lock_release+0x680/0x680
[ 3087.418553]  ? kmem_cache_alloc_trace+0x151/0x320
[ 3087.419205]  ? v9fs_show_options+0x690/0x690
[ 3087.419800]  ? trace_hardirqs_on+0x5b/0x180
[ 3087.420375]  ? kasan_unpoison_shadow+0x33/0x50
[ 3087.420979]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3087.421662]  v9fs_mount+0x79/0x8f0
[ 3087.422137]  ? v9fs_write_inode+0x60/0x60
[ 3087.422688]  legacy_get_tree+0x105/0x220
[ 3087.423226]  vfs_get_tree+0x8e/0x300
[ 3087.423726]  path_mount+0x1490/0x21e0
[ 3087.424236]  ? strncpy_from_user+0x9e/0x470
[ 3087.424805]  ? finish_automount+0xa90/0xa90
[ 3087.425381]  ? getname_flags.part.0+0x1dd/0x4f0
[ 3087.426000]  ? _copy_from_user+0xfb/0x1b0
[ 3087.426550]  __x64_sys_mount+0x282/0x300
[ 3087.427089]  ? copy_mnt_ns+0xa00/0xa00
[ 3087.427617]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3087.428321]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3087.429007]  do_syscall_64+0x33/0x40
[ 3087.429509]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3087.430191] RIP: 0033:0x7f8d12f8ab19
[ 3087.430687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3087.433132] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3087.434158] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 3087.435095] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3087.436043] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 3087.437005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3087.437954] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
01:36:58 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0xd92f, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:36:58 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) (fail_nth: 12)

[ 3087.571453] FAULT_INJECTION: forcing a failure.
[ 3087.571453] name failslab, interval 1, probability 0, space 0, times 0
[ 3087.574261] CPU: 0 PID: 13149 Comm: syz-executor.7 Not tainted 5.10.246 #1
[ 3087.575722] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3087.577478] Call Trace:
[ 3087.578047]  dump_stack+0x107/0x167
[ 3087.578825]  should_fail.cold+0x5/0xa
[ 3087.579630]  ? create_object.isra.0+0x3a/0xa30
[ 3087.580591]  should_failslab+0x5/0x20
[ 3087.581416]  kmem_cache_alloc+0x5b/0x310
[ 3087.582286]  create_object.isra.0+0x3a/0xa30
[ 3087.583214]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3087.584291]  kmem_cache_alloc_trace+0x151/0x320
[ 3087.585297]  alloc_fs_context+0x57/0x840
[ 3087.586162]  path_mount+0xab1/0x21e0
[ 3087.586959]  ? strncpy_from_user+0x9e/0x470
[ 3087.587877]  ? finish_automount+0xa90/0xa90
[ 3087.588795]  ? getname_flags.part.0+0x1dd/0x4f0
[ 3087.589802]  ? _copy_from_user+0xfb/0x1b0
[ 3087.590691]  __x64_sys_mount+0x282/0x300
[ 3087.591553]  ? copy_mnt_ns+0xa00/0xa00
[ 3087.592379]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3087.593497]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3087.594590]  do_syscall_64+0x33/0x40
[ 3087.595380]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3087.596460] RIP: 0033:0x7f5247e02b19
[ 3087.597265] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3087.601159] RSP: 002b:00007f5245378188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3087.602776] RAX: ffffffffffffffda RBX: 00007f5247f15f60 RCX: 00007f5247e02b19
[ 3087.604297] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3087.605818] RBP: 00007f52453781d0 R08: 0000000020000280 R09: 0000000000000000
[ 3087.607330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3087.608840] R13: 00007fffca86840f R14: 00007f5245378300 R15: 0000000000022000
01:37:13 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 1)

01:37:13 executing program 5:
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x2, 0x0, 0x0)

01:37:13 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x800000, 0x0, 0x0)

01:37:13 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 46)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

01:37:13 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x400000000000000)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:37:13 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0xd930, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:37:13 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 51)

01:37:13 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) (fail_nth: 13)

[ 3103.100521] FAULT_INJECTION: forcing a failure.
[ 3103.100521] name failslab, interval 1, probability 0, space 0, times 0
[ 3103.103242] CPU: 1 PID: 13163 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 3103.104702] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3103.106444] Call Trace:
[ 3103.106997]  dump_stack+0x107/0x167
[ 3103.107764]  should_fail.cold+0x5/0xa
[ 3103.108572]  ? create_object.isra.0+0x3a/0xa30
[ 3103.109533]  should_failslab+0x5/0x20
[ 3103.110322]  kmem_cache_alloc+0x5b/0x310
[ 3103.111162]  ? lock_acquire+0x197/0x470
[ 3103.111997]  create_object.isra.0+0x3a/0xa30
[ 3103.112907]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3103.113991]  __kmalloc_track_caller+0x177/0x370
[ 3103.114965]  ? kstrdup_const+0x53/0x80
[ 3103.115764]  ? kasprintf+0xbb/0xf0
[ 3103.116505]  kstrdup+0x36/0x70
[ 3103.117172]  kstrdup_const+0x53/0x80
[ 3103.117959]  kmem_cache_create_usercopy+0x12f/0x2f0
[ 3103.119009]  p9_client_create+0xc6a/0x1230
[ 3103.119896]  ? p9_client_flush+0x430/0x430
[ 3103.120789]  ? trace_hardirqs_on+0x5b/0x180
[ 3103.121702]  ? lockdep_init_map_type+0x2c7/0x780
[ 3103.122685]  ? __raw_spin_lock_init+0x36/0x110
[ 3103.123651]  v9fs_session_init+0x1dd/0x1680
[ 3103.124549]  ? lock_release+0x680/0x680
[ 3103.125403]  ? kmem_cache_alloc_trace+0x151/0x320
[ 3103.126416]  ? v9fs_show_options+0x690/0x690
[ 3103.127342]  ? trace_hardirqs_on+0x5b/0x180
[ 3103.128249]  ? kasan_unpoison_shadow+0x33/0x50
[ 3103.129198]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3103.130266]  v9fs_mount+0x79/0x8f0
[ 3103.131011]  ? v9fs_write_inode+0x60/0x60
[ 3103.131872]  legacy_get_tree+0x105/0x220
[ 3103.132719]  vfs_get_tree+0x8e/0x300
[ 3103.133045] FAULT_INJECTION: forcing a failure.
[ 3103.133045] name failslab, interval 1, probability 0, space 0, times 0
[ 3103.133545]  path_mount+0x1490/0x21e0
[ 3103.136665]  ? strncpy_from_user+0x9e/0x470
[ 3103.137580]  ? finish_automount+0xa90/0xa90
[ 3103.138478]  ? getname_flags.part.0+0x1dd/0x4f0
[ 3103.139460]  ? _copy_from_user+0xfb/0x1b0
[ 3103.140333]  __x64_sys_mount+0x282/0x300
[ 3103.141176]  ? copy_mnt_ns+0xa00/0xa00
[ 3103.142008]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3103.143112]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3103.144186]  do_syscall_64+0x33/0x40
[ 3103.144955]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3103.146029] RIP: 0033:0x7f8d12f8ab19
[ 3103.146800] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3103.150654] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3103.152261] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 3103.153767] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3103.155245] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 3103.156761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3103.158258] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
[ 3103.159793] CPU: 0 PID: 13165 Comm: syz-executor.1 Not tainted 5.10.246 #1
[ 3103.161277] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3103.163051] Call Trace:
[ 3103.163634]  dump_stack+0x107/0x167
[ 3103.164406]  should_fail.cold+0x5/0xa
[ 3103.165224]  should_failslab+0x5/0x20
[ 3103.166066]  kmem_cache_alloc_bulk+0x4b/0x320
[ 3103.167042]  io_submit_sqes+0x6fe4/0x8610
[ 3103.167955]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 3103.169015]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 3103.170071]  ? find_held_lock+0x2c/0x110
[ 3103.170963]  ? io_submit_sqes+0x8610/0x8610
[ 3103.171900]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3103.172941]  ? wait_for_completion_io+0x270/0x270
[ 3103.173997]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3103.175001]  ? vfs_write+0x354/0xb10
[ 3103.175871]  ? fput_many+0x2f/0x1a0
[ 3103.176639]  ? ksys_write+0x1a9/0x260
[ 3103.177488]  ? __ia32_sys_read+0xb0/0xb0
[ 3103.178344]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3103.179485]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3103.180592]  do_syscall_64+0x33/0x40
[ 3103.181375]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3103.182499] RIP: 0033:0x7f5e7e2bab19
[ 3103.183279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3103.186694] FAULT_INJECTION: forcing a failure.
[ 3103.186694] name failslab, interval 1, probability 0, space 0, times 0
[ 3103.187191] RSP: 002b:00007f5e7b830188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3103.187212] RAX: ffffffffffffffda RBX: 00007f5e7e3cdf60 RCX: 00007f5e7e2bab19
[ 3103.187223] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 3103.187233] RBP: 00007f5e7b8301d0 R08: 0000000000000000 R09: 0000000000000000
[ 3103.187244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3103.187255] R13: 00007fff373dcbff R14: 00007f5e7b830300 R15: 0000000000022000
[ 3103.199363] CPU: 1 PID: 13162 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 3103.200824] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3103.202590] Call Trace:
[ 3103.203148]  dump_stack+0x107/0x167
[ 3103.203917]  should_fail.cold+0x5/0xa
[ 3103.204713]  ? __alloc_file+0x21/0x320
[ 3103.205526]  should_failslab+0x5/0x20
[ 3103.206313]  kmem_cache_alloc+0x5b/0x310
[ 3103.207158]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 3103.208284]  ? trace_hardirqs_on+0x5b/0x180
[ 3103.209193]  __alloc_file+0x21/0x320
[ 3103.209994]  alloc_empty_file+0x6d/0x170
[ 3103.210869]  path_openat+0xe6/0x2770
[ 3103.211670]  ? __lock_acquire+0x1657/0x5b00
[ 3103.212585]  ? path_lookupat+0x860/0x860
[ 3103.213435]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3103.214532]  ? __is_insn_slot_addr+0x139/0x290
[ 3103.215500]  do_filp_open+0x190/0x3e0
[ 3103.216308]  ? may_open_dev+0xf0/0xf0
[ 3103.217110]  ? alloc_fd+0x2e7/0x670
[ 3103.217879]  ? lock_downgrade+0x6d0/0x6d0
[ 3103.218743]  ? do_raw_spin_lock+0x121/0x260
[ 3103.219648]  ? rwlock_bug.part.0+0x90/0x90
[ 3103.220599]  ? lock_chain_count+0x20/0x20
[ 3103.221480]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 3103.222610]  ? _raw_spin_unlock+0x1a/0x30
[ 3103.223474]  ? alloc_fd+0x2e7/0x670
[ 3103.224295]  io_openat2+0x24d/0xb80
[ 3103.225070]  ? io_send+0x780/0x780
[ 3103.226104]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3103.227442]  io_issue_sqe+0x2cd/0x77d0
[ 3103.228425]  ? lock_acquire+0x197/0x470
[ 3103.229441]  ? find_held_lock+0x2c/0x110
[ 3103.230321]  ? __virt_addr_valid+0x346/0x5d0
[ 3103.231232]  ? io_connect+0x610/0x610
[ 3103.232036]  ? __might_fault+0xd3/0x180
[ 3103.232864]  ? lock_downgrade+0x6d0/0x6d0
[ 3103.233734]  ? __virt_addr_valid+0x170/0x5d0
[ 3103.234647]  ? __check_object_size+0x319/0x440
[ 3103.235615]  __io_queue_sqe+0x90/0x9d0
[ 3103.236423]  ? io_issue_sqe+0x77d0/0x77d0
[ 3103.237295]  ? getname+0x96/0xd0
[ 3103.238016]  io_submit_sqes+0x44a8/0x8610
[ 3103.238898]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 3103.239925]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 3103.240921]  ? find_held_lock+0x2c/0x110
[ 3103.241773]  ? io_submit_sqes+0x8610/0x8610
[ 3103.242676]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3103.243673]  ? wait_for_completion_io+0x270/0x270
[ 3103.244680]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3103.245655]  ? vfs_write+0x354/0xb10
[ 3103.246441]  ? fput_many+0x2f/0x1a0
[ 3103.247188]  ? ksys_write+0x1a9/0x260
[ 3103.247977]  ? __ia32_sys_read+0xb0/0xb0
[ 3103.248819]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3103.249918]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3103.251003]  do_syscall_64+0x33/0x40
[ 3103.251802]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3103.252861] RIP: 0033:0x7f854f415b19
[ 3103.253650] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3103.257464] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3103.259037] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 3103.260546] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 3103.262046] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3103.263521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3103.265002] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
01:37:14 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x1000000, 0x0, 0x0)

01:37:14 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x600000000000000)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

[ 3103.295452] FAULT_INJECTION: forcing a failure.
[ 3103.295452] name failslab, interval 1, probability 0, space 0, times 0
[ 3103.298039] CPU: 0 PID: 13171 Comm: syz-executor.7 Not tainted 5.10.246 #1
[ 3103.299491] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3103.301257] Call Trace:
[ 3103.301827]  dump_stack+0x107/0x167
[ 3103.302605]  should_fail.cold+0x5/0xa
[ 3103.303424]  ? create_object.isra.0+0x3a/0xa30
[ 3103.304387]  should_failslab+0x5/0x20
[ 3103.305189]  kmem_cache_alloc+0x5b/0x310
[ 3103.306048]  ? create_object.isra.0+0x3ad/0xa30
[ 3103.307034]  create_object.isra.0+0x3a/0xa30
[ 3103.307957]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3103.309028]  __kmalloc_node+0x1ae/0x420
[ 3103.309892]  memcg_alloc_page_obj_cgroups+0x73/0x100
[ 3103.310975]  memcg_slab_post_alloc_hook+0x1f0/0x430
[ 3103.312027]  ? trace_hardirqs_on+0x5b/0x180
[ 3103.312950]  kmem_cache_alloc_trace+0x169/0x320
[ 3103.313940]  alloc_fs_context+0x57/0x840
[ 3103.314806]  path_mount+0xab1/0x21e0
[ 3103.315603]  ? strncpy_from_user+0x9e/0x470
[ 3103.316529]  ? finish_automount+0xa90/0xa90
[ 3103.317458]  ? getname_flags.part.0+0x1dd/0x4f0
[ 3103.318445]  ? _copy_from_user+0xfb/0x1b0
[ 3103.319328]  __x64_sys_mount+0x282/0x300
[ 3103.320186]  ? copy_mnt_ns+0xa00/0xa00
[ 3103.321036]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3103.322155]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3103.323259]  do_syscall_64+0x33/0x40
[ 3103.324049]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3103.325144] RIP: 0033:0x7f5247e02b19
[ 3103.325945] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3103.329855] RSP: 002b:00007f5245378188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3103.331463] RAX: ffffffffffffffda RBX: 00007f5247f15f60 RCX: 00007f5247e02b19
[ 3103.332975] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3103.334501] RBP: 00007f52453781d0 R08: 0000000020000280 R09: 0000000000000000
[ 3103.336008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3103.337508] R13: 00007fffca86840f R14: 00007f5245378300 R15: 0000000000022000
01:37:14 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0xd931, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:37:14 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x2000000, 0x0, 0x0)

01:37:14 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 47)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

01:37:14 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 52)

01:37:14 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x1800000000000000)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:37:14 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0xd932, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

[ 3103.559263] FAULT_INJECTION: forcing a failure.
[ 3103.559263] name failslab, interval 1, probability 0, space 0, times 0
[ 3103.561725] CPU: 0 PID: 13195 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 3103.563198] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3103.564933] Call Trace:
[ 3103.565510]  dump_stack+0x107/0x167
[ 3103.566281]  should_fail.cold+0x5/0xa
[ 3103.567088]  ? create_object.isra.0+0x3a/0xa30
[ 3103.568064]  should_failslab+0x5/0x20
[ 3103.568865]  kmem_cache_alloc+0x5b/0x310
[ 3103.569729]  create_object.isra.0+0x3a/0xa30
[ 3103.570656]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3103.571737]  kmem_cache_alloc+0x159/0x310
[ 3103.572621]  kmem_cache_create_usercopy+0x190/0x2f0
[ 3103.573698]  p9_client_create+0xc6a/0x1230
[ 3103.574598]  ? p9_client_flush+0x430/0x430
[ 3103.575486]  ? trace_hardirqs_on+0x5b/0x180
[ 3103.576405]  ? lockdep_init_map_type+0x2c7/0x780
[ 3103.577419]  ? __raw_spin_lock_init+0x36/0x110
[ 3103.578395]  v9fs_session_init+0x1dd/0x1680
[ 3103.579310]  ? lock_release+0x680/0x680
[ 3103.580166]  ? kmem_cache_alloc_trace+0x151/0x320
[ 3103.581196]  ? v9fs_show_options+0x690/0x690
[ 3103.582149]  ? trace_hardirqs_on+0x5b/0x180
[ 3103.582429] FAULT_INJECTION: forcing a failure.
[ 3103.582429] name failslab, interval 1, probability 0, space 0, times 0
[ 3103.583056]  ? kasan_unpoison_shadow+0x33/0x50
[ 3103.583075]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3103.583102]  v9fs_mount+0x79/0x8f0
[ 3103.588150]  ? v9fs_write_inode+0x60/0x60
[ 3103.589021]  legacy_get_tree+0x105/0x220
[ 3103.589888]  vfs_get_tree+0x8e/0x300
[ 3103.590665]  path_mount+0x1490/0x21e0
[ 3103.591474]  ? strncpy_from_user+0x9e/0x470
[ 3103.592380]  ? finish_automount+0xa90/0xa90
[ 3103.593283]  ? getname_flags.part.0+0x1dd/0x4f0
[ 3103.594277]  ? _copy_from_user+0xfb/0x1b0
[ 3103.595154]  __x64_sys_mount+0x282/0x300
[ 3103.596011]  ? copy_mnt_ns+0xa00/0xa00
[ 3103.596830]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3103.597943]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3103.599039]  do_syscall_64+0x33/0x40
[ 3103.599821]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3103.600909] RIP: 0033:0x7f8d12f8ab19
[ 3103.601697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3103.605586] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3103.607200] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 3103.608724] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3103.610232] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 3103.611748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3103.613254] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
[ 3103.614805] CPU: 1 PID: 13196 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 3103.616272] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3103.618017] Call Trace:
[ 3103.618575]  dump_stack+0x107/0x167
[ 3103.619340]  should_fail.cold+0x5/0xa
[ 3103.620141]  ? create_object.isra.0+0x3a/0xa30
[ 3103.621098]  should_failslab+0x5/0x20
[ 3103.621907]  kmem_cache_alloc+0x5b/0x310
[ 3103.622759]  create_object.isra.0+0x3a/0xa30
[ 3103.623677]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3103.624742]  kmem_cache_alloc+0x159/0x310
[ 3103.625622]  __alloc_file+0x21/0x320
[ 3103.626399]  alloc_empty_file+0x6d/0x170
[ 3103.627250]  path_openat+0xe6/0x2770
[ 3103.628042]  ? __lock_acquire+0x1657/0x5b00
[ 3103.628957]  ? path_lookupat+0x860/0x860
[ 3103.629817]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3103.630909]  ? entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3103.632030]  do_filp_open+0x190/0x3e0
[ 3103.632819]  ? may_open_dev+0xf0/0xf0
[ 3103.633624]  ? alloc_fd+0x2e7/0x670
[ 3103.634385]  ? lock_downgrade+0x6d0/0x6d0
[ 3103.635248]  ? do_raw_spin_lock+0x121/0x260
[ 3103.636146]  ? rwlock_bug.part.0+0x90/0x90
[ 3103.637047]  ? lock_chain_count+0x20/0x20
[ 3103.637931]  ? stack_trace_save+0x8c/0xc0
[ 3103.638804]  ? _raw_spin_unlock+0x1a/0x30
[ 3103.639681]  ? alloc_fd+0x2e7/0x670
[ 3103.640457]  io_openat2+0x24d/0xb80
[ 3103.641237]  ? io_send+0x780/0x780
[ 3103.641998]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3103.643106]  io_issue_sqe+0x2cd/0x77d0
[ 3103.643931]  ? lock_acquire+0x197/0x470
[ 3103.644773]  ? find_held_lock+0x2c/0x110
[ 3103.645638]  ? __virt_addr_valid+0x346/0x5d0
[ 3103.646563]  ? io_connect+0x610/0x610
[ 3103.647371]  ? __might_fault+0xd3/0x180
[ 3103.648215]  ? lock_downgrade+0x6d0/0x6d0
[ 3103.649093]  ? __virt_addr_valid+0x170/0x5d0
[ 3103.650024]  ? __check_object_size+0x319/0x440
[ 3103.650987]  __io_queue_sqe+0x90/0x9d0
[ 3103.651812]  ? io_issue_sqe+0x77d0/0x77d0
[ 3103.652690]  ? getname+0x96/0xd0
[ 3103.653418]  io_submit_sqes+0x44a8/0x8610
[ 3103.654319]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 3103.655370]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 3103.656406]  ? find_held_lock+0x2c/0x110
[ 3103.657262]  ? io_submit_sqes+0x8610/0x8610
[ 3103.658185]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3103.659207]  ? wait_for_completion_io+0x270/0x270
[ 3103.660224]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3103.661203]  ? vfs_write+0x354/0xb10
[ 3103.662016]  ? fput_many+0x2f/0x1a0
[ 3103.662784]  ? ksys_write+0x1a9/0x260
[ 3103.663583]  ? __ia32_sys_read+0xb0/0xb0
[ 3103.664440]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3103.665561]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3103.666646]  do_syscall_64+0x33/0x40
[ 3103.667436]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3103.668519] RIP: 0033:0x7f854f415b19
[ 3103.669306] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3103.673200] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3103.674799] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 3103.676296] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 3103.677803] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3103.679293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3103.680785] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
01:37:28 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 53)

01:37:28 executing program 5:
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x4, 0x0, 0x0)

01:37:28 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0xd933, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:37:28 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)

01:37:28 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x2000000000000000)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:37:28 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 48)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

01:37:28 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) (fail_nth: 14)

01:37:28 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x4000000, 0x0, 0x0)

[ 3117.884448] FAULT_INJECTION: forcing a failure.
[ 3117.884448] name failslab, interval 1, probability 0, space 0, times 0
[ 3117.887656] CPU: 0 PID: 13221 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 3117.889247] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3117.891149] Call Trace:
[ 3117.891758]  dump_stack+0x107/0x167
[ 3117.892586]  should_fail.cold+0x5/0xa
[ 3117.893452]  ? __kmem_cache_create+0x10e/0x520
[ 3117.894499]  should_failslab+0x5/0x20
[ 3117.895366]  kmem_cache_alloc_node+0x55/0x330
[ 3117.896398]  __kmem_cache_create+0x10e/0x520
[ 3117.897406]  kmem_cache_create_usercopy+0x1db/0x2f0
[ 3117.898550]  p9_client_create+0xc6a/0x1230
[ 3117.899510]  ? p9_client_flush+0x430/0x430
[ 3117.900470]  ? trace_hardirqs_on+0x5b/0x180
[ 3117.901445]  ? lockdep_init_map_type+0x2c7/0x780
[ 3117.902529]  ? __raw_spin_lock_init+0x36/0x110
[ 3117.903570]  v9fs_session_init+0x1dd/0x1680
[ 3117.904547]  ? lock_release+0x680/0x680
[ 3117.905457]  ? kmem_cache_alloc_trace+0x151/0x320
[ 3117.906585]  ? v9fs_show_options+0x690/0x690
[ 3117.907596]  ? trace_hardirqs_on+0x5b/0x180
[ 3117.908579]  ? kasan_unpoison_shadow+0x33/0x50
[ 3117.909617]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3117.910772]  v9fs_mount+0x79/0x8f0
[ 3117.911587]  ? v9fs_write_inode+0x60/0x60
[ 3117.912526]  legacy_get_tree+0x105/0x220
[ 3117.913458]  vfs_get_tree+0x8e/0x300
[ 3117.914321]  path_mount+0x1490/0x21e0
[ 3117.915196]  ? strncpy_from_user+0x9e/0x470
[ 3117.916178]  ? finish_automount+0xa90/0xa90
[ 3117.917167]  ? getname_flags.part.0+0x1dd/0x4f0
[ 3117.918235]  ? _copy_from_user+0xfb/0x1b0
[ 3117.919181]  __x64_sys_mount+0x282/0x300
[ 3117.920107]  ? copy_mnt_ns+0xa00/0xa00
[ 3117.921001]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3117.922208]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3117.923383]  do_syscall_64+0x33/0x40
[ 3117.924235]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3117.925403] RIP: 0033:0x7f8d12f8ab19
[ 3117.926265] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3117.930458] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3117.932199] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 3117.933825] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3117.935440] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 3117.937051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3117.938674] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
[ 3117.940723] kmem_cache_create(9p-fcall-cache-730) failed with error -22
[ 3117.942287] CPU: 0 PID: 13221 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 3117.943845] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3117.945742] Call Trace:
[ 3117.946344]  dump_stack+0x107/0x167
[ 3117.947179]  kmem_cache_create_usercopy.cold+0x17/0x65
[ 3117.948365]  p9_client_create+0xc6a/0x1230
[ 3117.949328]  ? p9_client_flush+0x430/0x430
[ 3117.950292]  ? trace_hardirqs_on+0x5b/0x180
[ 3117.951274]  ? lockdep_init_map_type+0x2c7/0x780
[ 3117.952347]  ? __raw_spin_lock_init+0x36/0x110
[ 3117.953386]  v9fs_session_init+0x1dd/0x1680
[ 3117.954377]  ? lock_release+0x680/0x680
[ 3117.955289]  ? kmem_cache_alloc_trace+0x151/0x320
[ 3117.956373]  ? v9fs_show_options+0x690/0x690
[ 3117.957379]  ? trace_hardirqs_on+0x5b/0x180
[ 3117.958365]  ? kasan_unpoison_shadow+0x33/0x50
[ 3117.959394]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3117.960543]  v9fs_mount+0x79/0x8f0
[ 3117.961351]  ? v9fs_write_inode+0x60/0x60
[ 3117.962301]  legacy_get_tree+0x105/0x220
[ 3117.963226]  vfs_get_tree+0x8e/0x300
[ 3117.964066]  path_mount+0x1490/0x21e0
[ 3117.964939]  ? strncpy_from_user+0x9e/0x470
[ 3117.965917]  ? finish_automount+0xa90/0xa90
[ 3117.966889]  ? getname_flags.part.0+0x1dd/0x4f0
[ 3117.967950]  ? _copy_from_user+0xfb/0x1b0
[ 3117.968893]  __x64_sys_mount+0x282/0x300
[ 3117.969811]  ? copy_mnt_ns+0xa00/0xa00
[ 3117.970693]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3117.971878]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3117.973041]  do_syscall_64+0x33/0x40
[ 3117.973896]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3117.975049] RIP: 0033:0x7f8d12f8ab19
[ 3117.975887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3117.980041] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3117.981788] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 3117.983387] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3117.985003] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 3117.986633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3117.988249] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
[ 3118.018331] FAULT_INJECTION: forcing a failure.
[ 3118.018331] name failslab, interval 1, probability 0, space 0, times 0
[ 3118.021155] CPU: 1 PID: 13225 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 3118.022749] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3118.024636] Call Trace:
[ 3118.025239]  dump_stack+0x107/0x167
[ 3118.026081]  should_fail.cold+0x5/0xa
[ 3118.026949]  ? security_file_alloc+0x34/0x170
[ 3118.027973]  should_failslab+0x5/0x20
[ 3118.028842]  kmem_cache_alloc+0x5b/0x310
[ 3118.029783]  security_file_alloc+0x34/0x170
[ 3118.030765]  __alloc_file+0xb7/0x320
[ 3118.031617]  alloc_empty_file+0x6d/0x170
[ 3118.032542]  path_openat+0xe6/0x2770
[ 3118.033386]  ? __lock_acquire+0x1657/0x5b00
[ 3118.034382]  ? path_lookupat+0x860/0x860
[ 3118.035309]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3118.036488]  ? entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3118.037717]  do_filp_open+0x190/0x3e0
[ 3118.038572]  ? may_open_dev+0xf0/0xf0
[ 3118.039441]  ? alloc_fd+0x2e7/0x670
[ 3118.040259]  ? lock_downgrade+0x6d0/0x6d0
[ 3118.041196]  ? do_raw_spin_lock+0x121/0x260
[ 3118.042183]  ? rwlock_bug.part.0+0x90/0x90
[ 3118.043137]  ? lock_chain_count+0x20/0x20
[ 3118.044071]  ? stack_trace_save+0x8c/0xc0
[ 3118.045014]  ? _raw_spin_unlock+0x1a/0x30
[ 3118.045950]  ? alloc_fd+0x2e7/0x670
[ 3118.046788]  io_openat2+0x24d/0xb80
[ 3118.047614]  ? io_send+0x780/0x780
[ 3118.048421]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3118.049602]  io_issue_sqe+0x2cd/0x77d0
[ 3118.050479]  ? lock_acquire+0x197/0x470
[ 3118.051377]  ? find_held_lock+0x2c/0x110
[ 3118.052295]  ? __virt_addr_valid+0x346/0x5d0
[ 3118.053280]  ? io_connect+0x610/0x610
[ 3118.054152]  ? __might_fault+0xd3/0x180
[ 3118.055030]  ? lock_downgrade+0x6d0/0x6d0
[ 3118.055969]  ? __virt_addr_valid+0x170/0x5d0
[ 3118.056961]  ? __check_object_size+0x319/0x440
[ 3118.058003]  __io_queue_sqe+0x90/0x9d0
[ 3118.058880]  ? io_issue_sqe+0x77d0/0x77d0
[ 3118.059817]  ? getname+0x96/0xd0
[ 3118.060581]  io_submit_sqes+0x44a8/0x8610
[ 3118.061540]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 3118.062675]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 3118.063760]  ? find_held_lock+0x2c/0x110
[ 3118.064673]  ? io_submit_sqes+0x8610/0x8610
[ 3118.065650]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3118.066726]  ? wait_for_completion_io+0x270/0x270
[ 3118.067803]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3118.068839]  ? vfs_write+0x354/0xb10
[ 3118.069679]  ? fput_many+0x2f/0x1a0
[ 3118.070487]  ? ksys_write+0x1a9/0x260
[ 3118.071336]  ? __ia32_sys_read+0xb0/0xb0
[ 3118.072246]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3118.073415]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3118.074588]  do_syscall_64+0x33/0x40
[ 3118.075420]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3118.076569] RIP: 0033:0x7f854f415b19
[ 3118.077402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3118.081498] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3118.083201] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 3118.084782] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 3118.086374] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3118.087954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3118.089536] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
01:37:28 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

01:37:28 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 54)

01:37:28 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0xd934, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:37:28 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0xf6ffffff00000000)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:37:28 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x18000000, 0x0, 0x0)

[ 3118.305433] FAULT_INJECTION: forcing a failure.
[ 3118.305433] name failslab, interval 1, probability 0, space 0, times 0
[ 3118.307364] CPU: 1 PID: 13244 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 3118.308503] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3118.309879] Call Trace:
[ 3118.310325]  dump_stack+0x107/0x167
[ 3118.310929]  should_fail.cold+0x5/0xa
[ 3118.311554]  ? __kmem_cache_create+0x10e/0x520
[ 3118.312310]  should_failslab+0x5/0x20
[ 3118.312938]  kmem_cache_alloc_node+0x55/0x330
[ 3118.313694]  __kmem_cache_create+0x10e/0x520
[ 3118.314421]  kmem_cache_create_usercopy+0x1db/0x2f0
[ 3118.315242]  p9_client_create+0xc6a/0x1230
[ 3118.315951]  ? p9_client_flush+0x430/0x430
[ 3118.316655]  ? trace_hardirqs_on+0x5b/0x180
[ 3118.317368]  ? lockdep_init_map_type+0x2c7/0x780
[ 3118.318161]  ? __raw_spin_lock_init+0x36/0x110
[ 3118.318927]  v9fs_session_init+0x1dd/0x1680
[ 3118.319642]  ? lock_release+0x680/0x680
[ 3118.320300]  ? kmem_cache_alloc_trace+0x151/0x320
[ 3118.321087]  ? v9fs_show_options+0x690/0x690
[ 3118.321824]  ? trace_hardirqs_on+0x5b/0x180
[ 3118.322546]  ? kasan_unpoison_shadow+0x33/0x50
[ 3118.323292]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3118.324125]  v9fs_mount+0x79/0x8f0
[ 3118.324708]  ? v9fs_write_inode+0x60/0x60
[ 3118.325395]  legacy_get_tree+0x105/0x220
[ 3118.326072]  vfs_get_tree+0x8e/0x300
[ 3118.326683]  path_mount+0x1490/0x21e0
[ 3118.327323]  ? strncpy_from_user+0x9e/0x470
[ 3118.328037]  ? finish_automount+0xa90/0xa90
[ 3118.328750]  ? getname_flags.part.0+0x1dd/0x4f0
[ 3118.329526]  ? _copy_from_user+0xfb/0x1b0
[ 3118.330226]  __x64_sys_mount+0x282/0x300
[ 3118.330897]  ? copy_mnt_ns+0xa00/0xa00
[ 3118.331541]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3118.332427]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3118.333298]  do_syscall_64+0x33/0x40
[ 3118.333941]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3118.334821] RIP: 0033:0x7f8d12f8ab19
[ 3118.335458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3118.338614] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3118.339926] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 3118.341159] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3118.342387] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 3118.343606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3118.344825] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
[ 3118.346180] kmem_cache_create(9p-fcall-cache-732) failed with error -22
[ 3118.347358] CPU: 1 PID: 13244 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 3118.348534] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3118.349957] Call Trace:
[ 3118.350405]  dump_stack+0x107/0x167
[ 3118.351030]  kmem_cache_create_usercopy.cold+0x17/0x65
[ 3118.351930]  p9_client_create+0xc6a/0x1230
[ 3118.352656]  ? p9_client_flush+0x430/0x430
[ 3118.353378]  ? trace_hardirqs_on+0x5b/0x180
[ 3118.354124]  ? lockdep_init_map_type+0x2c7/0x780
[ 3118.354934]  ? __raw_spin_lock_init+0x36/0x110
[ 3118.355714]  v9fs_session_init+0x1dd/0x1680
[ 3118.356447]  ? lock_release+0x680/0x680
[ 3118.357131]  ? kmem_cache_alloc_trace+0x151/0x320
[ 3118.357956]  ? v9fs_show_options+0x690/0x690
[ 3118.358711]  ? trace_hardirqs_on+0x5b/0x180
[ 3118.359445]  ? kasan_unpoison_shadow+0x33/0x50
[ 3118.360222]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3118.361087]  v9fs_mount+0x79/0x8f0
[ 3118.361700]  ? v9fs_write_inode+0x60/0x60
[ 3118.362404]  legacy_get_tree+0x105/0x220
[ 3118.363096]  vfs_get_tree+0x8e/0x300
[ 3118.363728]  path_mount+0x1490/0x21e0
[ 3118.364380]  ? strncpy_from_user+0x9e/0x470
[ 3118.365112]  ? finish_automount+0xa90/0xa90
[ 3118.365852]  ? getname_flags.part.0+0x1dd/0x4f0
[ 3118.366648]  ? _copy_from_user+0xfb/0x1b0
[ 3118.367359]  __x64_sys_mount+0x282/0x300
[ 3118.368049]  ? copy_mnt_ns+0xa00/0xa00
[ 3118.368717]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3118.369615]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3118.370500]  do_syscall_64+0x33/0x40
[ 3118.371134]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3118.372007] RIP: 0033:0x7f8d12f8ab19
[ 3118.372641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3118.375788] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3118.377093] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 3118.378315] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3118.379529] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 3118.380743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3118.381966] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
01:37:29 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x20000000, 0x0, 0x0)

01:37:29 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0xd935, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:37:29 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 49)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

01:37:29 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x103a71, &(0x7f0000000300)={0x0, 0xe8f0, 0x0, 0x0, 0xfffffffc}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_MADVISE={0x19, 0x1, 0x0, 0x0, 0x0, &(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x13}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

[ 3118.529505] FAULT_INJECTION: forcing a failure.
[ 3118.529505] name failslab, interval 1, probability 0, space 0, times 0
[ 3118.532207] CPU: 0 PID: 13256 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 3118.533799] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3118.535694] Call Trace:
[ 3118.536300]  dump_stack+0x107/0x167
[ 3118.537137]  should_fail.cold+0x5/0xa
[ 3118.538013]  ? security_file_alloc+0x34/0x170
[ 3118.539037]  should_failslab+0x5/0x20
[ 3118.539905]  kmem_cache_alloc+0x5b/0x310
[ 3118.540834]  security_file_alloc+0x34/0x170
[ 3118.541823]  __alloc_file+0xb7/0x320
[ 3118.542675]  alloc_empty_file+0x6d/0x170
[ 3118.543603]  path_openat+0xe6/0x2770
[ 3118.544451]  ? __lock_acquire+0x1657/0x5b00
[ 3118.545444]  ? path_lookupat+0x860/0x860
[ 3118.546383]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3118.547578]  ? entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3118.548808]  do_filp_open+0x190/0x3e0
[ 3118.549687]  ? may_open_dev+0xf0/0xf0
[ 3118.550571]  ? alloc_fd+0x2e7/0x670
[ 3118.551402]  ? lock_downgrade+0x6d0/0x6d0
[ 3118.552347]  ? do_raw_spin_lock+0x121/0x260
[ 3118.553333]  ? rwlock_bug.part.0+0x90/0x90
[ 3118.554317]  ? lock_chain_count+0x20/0x20
[ 3118.555262]  ? stack_trace_save+0x8c/0xc0
[ 3118.556213]  ? _raw_spin_unlock+0x1a/0x30
[ 3118.557165]  ? alloc_fd+0x2e7/0x670
[ 3118.558030]  io_openat2+0x24d/0xb80
[ 3118.558874]  ? io_send+0x780/0x780
[ 3118.559695]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3118.560905]  io_issue_sqe+0x2cd/0x77d0
[ 3118.561806]  ? lock_acquire+0x197/0x470
[ 3118.562720]  ? find_held_lock+0x2c/0x110
[ 3118.563651]  ? __virt_addr_valid+0x346/0x5d0
[ 3118.564654]  ? io_connect+0x610/0x610
[ 3118.565525]  ? __might_fault+0xd3/0x180
[ 3118.566422]  ? lock_downgrade+0x6d0/0x6d0
[ 3118.567366]  ? __virt_addr_valid+0x170/0x5d0
[ 3118.568371]  ? __check_object_size+0x319/0x440
[ 3118.569414]  __io_queue_sqe+0x90/0x9d0
[ 3118.570316]  ? io_issue_sqe+0x77d0/0x77d0
[ 3118.571263]  ? getname+0x96/0xd0
[ 3118.572040]  io_submit_sqes+0x44a8/0x8610
[ 3118.573021]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 3118.574165]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 3118.575268]  ? find_held_lock+0x2c/0x110
[ 3118.576202]  ? io_submit_sqes+0x8610/0x8610
[ 3118.577190]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3118.578300]  ? wait_for_completion_io+0x270/0x270
[ 3118.579408]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3118.580466]  ? vfs_write+0x354/0xb10
[ 3118.581316]  ? fput_many+0x2f/0x1a0
[ 3118.582153]  ? ksys_write+0x1a9/0x260
[ 3118.583022]  ? __ia32_sys_read+0xb0/0xb0
[ 3118.583954]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3118.585151]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3118.586334]  do_syscall_64+0x33/0x40
[ 3118.587181]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3118.588345] RIP: 0033:0x7f854f415b19
[ 3118.589195] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3118.593384] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3118.595123] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 3118.596746] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 3118.598374] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3118.599995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3118.601629] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
01:37:43 executing program 5:
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x5, 0x0, 0x0)

01:37:43 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0xf6ffffff, 0x0, 0x0)

01:37:43 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe0e7, 0x0, 0x0, 0x0)

01:37:43 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x2, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

[ 3132.700167] loop2: detected capacity change from 0 to 41948160
01:37:43 executing program 2:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}, {0x0, 0x0, 0x1001000a00}], 0x2800018, &(0x7f0000000440)=ANY=[])
chdir(&(0x7f0000000040)='./file0\x00')
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x105142, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000380)=ANY=[@ANYBLOB="00fb4e01055a03c2f99708d3b20b9998ae21c5a1c8ddc1fe0310f28f4ac145dcd51a342e7cdb520c43426478504a4f7daca25797743e01577892c30200000000000000c054861d96a274355a328435a6006d4cff054be70ce066bcbc7dfa9cd96bb54e4502da71300c393e"], 0x4e, 0x1)
r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xd21, 0x4}, 0x50310, 0x5, 0x0, 0x5, 0x0, 0x800}, 0x0, 0xd, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000180)='numa_maps\x00')
readv(r2, &(0x7f0000000280)=[{&(0x7f00000004c0)=""/4089, 0xff9}], 0x1)
pidfd_getfd(r2, r1, 0x0)
openat(r2, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0x100000001)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r5 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r5, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)

01:37:43 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0xd936, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:37:43 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 55)

01:37:43 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 50)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

[ 3132.722482] FAULT_INJECTION: forcing a failure.
[ 3132.722482] name failslab, interval 1, probability 0, space 0, times 0
[ 3132.726097] CPU: 0 PID: 13281 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 3132.728223] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3132.730765] Call Trace:
[ 3132.731576]  dump_stack+0x107/0x167
[ 3132.732685]  should_fail.cold+0x5/0xa
[ 3132.733863]  ? create_object.isra.0+0x3a/0xa30
[ 3132.735251]  should_failslab+0x5/0x20
[ 3132.736402]  kmem_cache_alloc+0x5b/0x310
[ 3132.737624]  create_object.isra.0+0x3a/0xa30
[ 3132.738957]  kmemleak_alloc_percpu+0xa0/0x100
[ 3132.740317]  pcpu_alloc+0x4e2/0x1240
[ 3132.741450]  __kmem_cache_create+0x35a/0x520
[ 3132.742648]  kmem_cache_create_usercopy+0x1db/0x2f0
[ 3132.743912]  p9_client_create+0xc6a/0x1230
[ 3132.745015]  ? p9_client_flush+0x430/0x430
[ 3132.746056]  ? trace_hardirqs_on+0x5b/0x180
[ 3132.747155]  ? lockdep_init_map_type+0x2c7/0x780
[ 3132.748373]  ? __raw_spin_lock_init+0x36/0x110
[ 3132.749555]  v9fs_session_init+0x1dd/0x1680
[ 3132.750607]  ? lock_release+0x680/0x680
[ 3132.751636]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 3132.752957]  ? trace_hardirqs_on+0x5b/0x180
[ 3132.754066]  ? v9fs_show_options+0x690/0x690
[ 3132.755123]  ? _raw_spin_unlock_irqrestore+0x25/0x40
[ 3132.756425]  ? kasan_unpoison_shadow+0x33/0x50
[ 3132.757516]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3132.758826]  v9fs_mount+0x79/0x8f0
[ 3132.759756]  ? v9fs_write_inode+0x60/0x60
[ 3132.760687] FAULT_INJECTION: forcing a failure.
[ 3132.760687] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 3132.760821]  legacy_get_tree+0x105/0x220
[ 3132.760848]  vfs_get_tree+0x8e/0x300
[ 3132.760875]  path_mount+0x1490/0x21e0
[ 3132.765621]  ? strncpy_from_user+0x9e/0x470
[ 3132.766701]  ? finish_automount+0xa90/0xa90
[ 3132.767742]  ? getname_flags.part.0+0x1dd/0x4f0
[ 3132.768891]  ? _copy_from_user+0xfb/0x1b0
[ 3132.769911]  __x64_sys_mount+0x282/0x300
[ 3132.770905]  ? copy_mnt_ns+0xa00/0xa00
[ 3132.771853]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3132.773140]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3132.774404]  do_syscall_64+0x33/0x40
[ 3132.775320]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3132.776579] RIP: 0033:0x7f8d12f8ab19
[ 3132.777495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3132.782042] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3132.783937] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 3132.785712] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3132.787492] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 3132.789130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3132.790761] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
[ 3132.792568] CPU: 1 PID: 13284 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 3132.793711] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3132.795066] Call Trace:
[ 3132.795507]  dump_stack+0x107/0x167
[ 3132.796108]  should_fail.cold+0x5/0xa
[ 3132.796734]  _copy_from_user+0x2e/0x1b0
[ 3132.797373]  io_submit_sqes+0x25c5/0x8610
[ 3132.798063]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 3132.798869]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 3132.799651]  ? find_held_lock+0x2c/0x110
[ 3132.800328]  ? io_submit_sqes+0x8610/0x8610
[ 3132.801024]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3132.801801]  ? wait_for_completion_io+0x270/0x270
[ 3132.802576]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3132.803325]  ? vfs_write+0x354/0xb10
[ 3132.803921]  ? fput_many+0x2f/0x1a0
[ 3132.804499]  ? ksys_write+0x1a9/0x260
[ 3132.805109]  ? __ia32_sys_read+0xb0/0xb0
[ 3132.805770]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3132.806609]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3132.807473]  do_syscall_64+0x33/0x40
[ 3132.808074]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3132.808898] RIP: 0033:0x7f854f415b19
[ 3132.809499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3132.812434] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3132.813633] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 3132.814768] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 3132.815896] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3132.817031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3132.818183] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
01:37:43 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x3, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

01:37:43 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 56)

01:37:43 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0xfffffff6, 0x0, 0x0)

01:37:43 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0xd937, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

[ 3132.945633] FAULT_INJECTION: forcing a failure.
[ 3132.945633] name failslab, interval 1, probability 0, space 0, times 0
[ 3132.948171] CPU: 0 PID: 13297 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 3132.949666] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3132.951491] Call Trace:
[ 3132.952067]  dump_stack+0x107/0x167
[ 3132.952844]  should_fail.cold+0x5/0xa
[ 3132.953660]  ? create_object.isra.0+0x3a/0xa30
[ 3132.954648]  should_failslab+0x5/0x20
[ 3132.955463]  kmem_cache_alloc+0x5b/0x310
[ 3132.956332]  ? mark_held_locks+0x9e/0xe0
[ 3132.957202]  create_object.isra.0+0x3a/0xa30
[ 3132.958161]  kmemleak_alloc_percpu+0xa0/0x100
[ 3132.959120]  pcpu_alloc+0x4e2/0x1240
[ 3132.959924]  __kmem_cache_create+0x35a/0x520
[ 3132.960866]  kmem_cache_create_usercopy+0x1db/0x2f0
[ 3132.961934]  p9_client_create+0xc6a/0x1230
[ 3132.962839]  ? p9_client_flush+0x430/0x430
[ 3132.963738]  ? trace_hardirqs_on+0x5b/0x180
[ 3132.964650]  ? lockdep_init_map_type+0x2c7/0x780
[ 3132.965660]  ? __raw_spin_lock_init+0x36/0x110
[ 3132.966647]  v9fs_session_init+0x1dd/0x1680
[ 3132.967559]  ? lock_release+0x680/0x680
[ 3132.968413]  ? kmem_cache_alloc_trace+0x151/0x320
[ 3132.969435]  ? v9fs_show_options+0x690/0x690
[ 3132.970389]  ? trace_hardirqs_on+0x5b/0x180
[ 3132.971307]  ? kasan_unpoison_shadow+0x33/0x50
[ 3132.972275]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3132.973357]  v9fs_mount+0x79/0x8f0
[ 3132.974122]  ? v9fs_write_inode+0x60/0x60
[ 3132.974996]  legacy_get_tree+0x105/0x220
[ 3132.975860]  vfs_get_tree+0x8e/0x300
[ 3132.976651]  path_mount+0x1490/0x21e0
[ 3132.977467]  ? strncpy_from_user+0x9e/0x470
[ 3132.978383]  ? finish_automount+0xa90/0xa90
[ 3132.979300]  ? getname_flags.part.0+0x1dd/0x4f0
[ 3132.980289]  ? _copy_from_user+0xfb/0x1b0
[ 3132.981205]  __x64_sys_mount+0x282/0x300
[ 3132.982090]  ? copy_mnt_ns+0xa00/0xa00
[ 3132.982915]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3132.984029]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3132.985119]  do_syscall_64+0x33/0x40
[ 3132.985919]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3132.987003] RIP: 0033:0x7f8d12f8ab19
[ 3132.987801] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3132.991712] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3132.993319] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 3132.994841] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3132.996350] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 3132.997871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3132.999385] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
01:37:43 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x4, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

01:37:43 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x1000000000000, 0x0, 0x0)

01:37:43 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0xd938, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:37:43 executing program 2:
ioctl$FS_IOC_GETVERSION(0xffffffffffffffff, 0x80087601, &(0x7f0000000080))
r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r4 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
dup(r0)
openat(r4, 0x0, 0x0, 0x0)
r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r5, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r1, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r5, 0x8000000)

01:37:57 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x2, 0x0, 0x0)

01:37:57 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x5, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

01:37:57 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x8000000000000, 0x0, 0x0)

01:37:57 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 57)

01:37:57 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 51)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

01:37:57 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r5 = openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000000280), 0x4000, 0x0)
ioctl$TIOCGPGRP(r5, 0x540f, &(0x7f0000000500)=<r7=>0x0)
fcntl$lock(r6, 0x26, &(0x7f0000000540)={0x1, 0x0, 0x80000000, 0x4, r7})
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)
r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/i915', 0x200, 0x0)
sendmsg$802154_raw(r8, &(0x7f0000000200)={&(0x7f00000000c0)={0x24, @long={0x3, 0x1, {0xaaaaaaaaaaaa0002}}}, 0x14, &(0x7f00000001c0)={&(0x7f0000000380)="9ff25db52e6a2c879c76159f0c49a991c40e70e359d2d65c1cb0d6fb75e3730c3a2ed4f4ad56228832b26f692b385827f8c001264828c3b21b13f596f3ce8b98293c362e39d48601fb5f7bfc71067b9f43818ee60efbd0ba79bcf4ef3b21c2fe53b369461156307743f46bcd46af76ccf2b82328403125fc8928c2a6a4942e45db7b8210b46b5bad01636c2761d1327074670523a673063ff14b0d5a0418a0e602b7fdaf79e9c75fdcd56a38502c7cea8dd78b31ad1b7452d3554a271fb1eaaa3b408fb766f34ce92221fa9349fe67c3be7f633cc24c", 0xd6}, 0x1, 0x0, 0x0, 0x804}, 0x40804)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:37:57 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0xd939, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:37:57 executing program 5:
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x8, 0x0, 0x0)

[ 3146.809772] FAULT_INJECTION: forcing a failure.
[ 3146.809772] name failslab, interval 1, probability 0, space 0, times 0
[ 3146.812198] CPU: 1 PID: 13329 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 3146.813658] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3146.815416] Call Trace:
[ 3146.815971]  dump_stack+0x107/0x167
[ 3146.816735]  should_fail.cold+0x5/0xa
[ 3146.817529]  should_failslab+0x5/0x20
[ 3146.818320]  __kmalloc_track_caller+0x79/0x370
[ 3146.819248]  ? kstrdup_const+0x53/0x80
[ 3146.820057]  kstrdup+0x36/0x70
[ 3146.820725]  kstrdup_const+0x53/0x80
[ 3146.821498]  kvasprintf_const+0x10c/0x1a0
[ 3146.822356]  kobject_set_name_vargs+0x56/0x150
[ 3146.823313]  kobject_init_and_add+0xc9/0x160
[ 3146.824208]  ? kobject_create_and_add+0xb0/0xb0
[ 3146.825160]  ? wait_for_completion_io+0x270/0x270
[ 3146.826151]  ? kernfs_name_hash+0xe7/0x110
[ 3146.827020]  ? kernfs_find_ns+0x256/0x380
[ 3146.827875]  sysfs_slab_add+0x172/0x200
[ 3146.828690]  __kmem_cache_create+0x3db/0x520
[ 3146.829600]  kmem_cache_create_usercopy+0x1db/0x2f0
[ 3146.830635]  p9_client_create+0xc6a/0x1230
[ 3146.831511]  ? p9_client_flush+0x430/0x430
[ 3146.832380]  ? trace_hardirqs_on+0x5b/0x180
[ 3146.833286]  ? lockdep_init_map_type+0x2c7/0x780
[ 3146.834274]  ? __raw_spin_lock_init+0x36/0x110
[ 3146.835222]  v9fs_session_init+0x1dd/0x1680
[ 3146.836109]  ? lock_release+0x680/0x680
[ 3146.836935]  ? kmem_cache_alloc_trace+0x151/0x320
[ 3146.837936]  ? v9fs_show_options+0x690/0x690
[ 3146.838847]  ? trace_hardirqs_on+0x5b/0x180
[ 3146.839724]  ? kasan_unpoison_shadow+0x33/0x50
[ 3146.840654]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3146.841683]  v9fs_mount+0x79/0x8f0
[ 3146.842418]  ? v9fs_write_inode+0x60/0x60
[ 3146.843254]  legacy_get_tree+0x105/0x220
[ 3146.844095]  vfs_get_tree+0x8e/0x300
[ 3146.844854]  path_mount+0x1490/0x21e0
[ 3146.845638]  ? strncpy_from_user+0x9e/0x470
[ 3146.846534]  ? finish_automount+0xa90/0xa90
[ 3146.847425]  ? getname_flags.part.0+0x1dd/0x4f0
[ 3146.848376]  ? _copy_from_user+0xfb/0x1b0
[ 3146.849232]  __x64_sys_mount+0x282/0x300
[ 3146.850075]  ? copy_mnt_ns+0xa00/0xa00
[ 3146.850886]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3146.851958]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3146.853009]  do_syscall_64+0x33/0x40
[ 3146.853775]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3146.854843] RIP: 0033:0x7f8d12f8ab19
[ 3146.855604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3146.859439] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3146.860981] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 3146.862441] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3146.863890] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 3146.865348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3146.866798] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
[ 3146.870393] kobject: can not set name properly!
[ 3146.871719] kmem_cache_create(9p-fcall-cache-735) failed with error -12
[ 3146.873147] CPU: 1 PID: 13329 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 3146.874564] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3146.876234] Call Trace:
[ 3146.876782]  dump_stack+0x107/0x167
[ 3146.877537]  kmem_cache_create_usercopy.cold+0x17/0x65
[ 3146.878624]  p9_client_create+0xc6a/0x1230
[ 3146.879502]  ? p9_client_flush+0x430/0x430
[ 3146.880352]  ? trace_hardirqs_on+0x5b/0x180
[ 3146.881252]  ? lockdep_init_map_type+0x2c7/0x780
[ 3146.882230]  ? __raw_spin_lock_init+0x36/0x110
[ 3146.883159]  v9fs_session_init+0x1dd/0x1680
[ 3146.884041]  ? lock_release+0x680/0x680
[ 3146.884877]  ? kmem_cache_alloc_trace+0x151/0x320
[ 3146.885854]  ? v9fs_show_options+0x690/0x690
[ 3146.886780]  ? trace_hardirqs_on+0x5b/0x180
[ 3146.886813] FAULT_INJECTION: forcing a failure.
[ 3146.886813] name failslab, interval 1, probability 0, space 0, times 0
[ 3146.887661]  ? kasan_unpoison_shadow+0x33/0x50
[ 3146.887690]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3146.892099]  v9fs_mount+0x79/0x8f0
[ 3146.892817]  ? v9fs_write_inode+0x60/0x60
[ 3146.893667]  legacy_get_tree+0x105/0x220
[ 3146.894519]  vfs_get_tree+0x8e/0x300
[ 3146.895300]  path_mount+0x1490/0x21e0
[ 3146.896078]  ? strncpy_from_user+0x9e/0x470
[ 3146.896950]  ? finish_automount+0xa90/0xa90
[ 3146.897827]  ? getname_flags.part.0+0x1dd/0x4f0
[ 3146.898770]  ? _copy_from_user+0xfb/0x1b0
[ 3146.899619]  __x64_sys_mount+0x282/0x300
[ 3146.900463]  ? copy_mnt_ns+0xa00/0xa00
[ 3146.901257]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3146.902328]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3146.903379]  do_syscall_64+0x33/0x40
[ 3146.904150]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3146.905190] RIP: 0033:0x7f8d12f8ab19
[ 3146.905954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3146.909690] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3146.911237] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 3146.912678] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3146.914148] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 3146.915714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3146.917225] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
[ 3146.918720] CPU: 0 PID: 13342 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 3146.920314] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3146.922297] Call Trace:
[ 3146.922902]  dump_stack+0x107/0x167
[ 3146.923733]  should_fail.cold+0x5/0xa
[ 3146.924599]  ? getname_flags.part.0+0x50/0x4f0
[ 3146.925644]  should_failslab+0x5/0x20
[ 3146.926527]  kmem_cache_alloc+0x5b/0x310
[ 3146.927461]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 3146.928693]  getname_flags.part.0+0x50/0x4f0
[ 3146.929703]  getname+0x8e/0xd0
[ 3146.930444]  __io_openat_prep+0x228/0x4c0
[ 3146.931384]  io_submit_sqes+0x25eb/0x8610
[ 3146.932355]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 3146.933486]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 3146.934597]  ? find_held_lock+0x2c/0x110
[ 3146.935518]  ? io_submit_sqes+0x8610/0x8610
[ 3146.936496]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3146.937595]  ? wait_for_completion_io+0x270/0x270
[ 3146.938697]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3146.939753]  ? vfs_write+0x354/0xb10
[ 3146.940600]  ? fput_many+0x2f/0x1a0
[ 3146.941422]  ? ksys_write+0x1a9/0x260
[ 3146.942297]  ? __ia32_sys_read+0xb0/0xb0
[ 3146.943217]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3146.944399]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3146.945564]  do_syscall_64+0x33/0x40
[ 3146.946414]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3146.947567] RIP: 0033:0x7f854f415b19
[ 3146.948406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3146.952556] RSP: 002b:00007f854c96a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3146.954272] RAX: ffffffffffffffda RBX: 00007f854f529020 RCX: 00007f854f415b19
[ 3146.955880] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000003
[ 3146.957488] RBP: 00007f854c96a1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3146.959092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3146.960699] R13: 00007ffed60cd66f R14: 00007f854c96a300 R15: 0000000000022000
01:37:57 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x6, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

01:37:57 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 58)

01:37:57 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0xd93a, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:37:57 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0x40, 0x2, 0x8, 0xc0, 0x0, 0x4, 0x4, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_config_ext={0x5, 0x800}, 0x10008, 0x81, 0xe74e, 0x1, 0x0, 0x3, 0x0, 0x0, 0xc7, 0x0, 0x5}, 0x0, 0xa, 0xffffffffffffffff, 0x1)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r5, 0x330f, 0x8)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/zoneinfo\x00', 0x0, 0x0)
perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x32, 0x3f, 0x8, 0x0, 0x9, 0x408, 0x4, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x3, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x200, 0x0, @perf_config_ext={0x101, 0x1}, 0x1, 0x0, 0x1, 0x1, 0x5, 0xfffffffa, 0x1, 0x0, 0x8}, 0x0, 0x0, r6, 0x2)

[ 3147.137202] FAULT_INJECTION: forcing a failure.
[ 3147.137202] name failslab, interval 1, probability 0, space 0, times 0
[ 3147.139642] CPU: 1 PID: 13356 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 3147.141064] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3147.142784] Call Trace:
[ 3147.143336]  dump_stack+0x107/0x167
[ 3147.144109]  should_fail.cold+0x5/0xa
[ 3147.144900]  ? create_object.isra.0+0x3a/0xa30
[ 3147.145839]  should_failslab+0x5/0x20
[ 3147.146657]  kmem_cache_alloc+0x5b/0x310
[ 3147.147485]  ? lock_release+0x680/0x680
[ 3147.148306]  create_object.isra.0+0x3a/0xa30
[ 3147.149213]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3147.150272]  __kmalloc_track_caller+0x177/0x370
[ 3147.151231]  ? kstrdup_const+0x53/0x80
[ 3147.152047]  kstrdup+0x36/0x70
[ 3147.152710]  kstrdup_const+0x53/0x80
[ 3147.153481]  kvasprintf_const+0x10c/0x1a0
[ 3147.154346]  kobject_set_name_vargs+0x56/0x150
[ 3147.155285]  kobject_init_and_add+0xc9/0x160
[ 3147.156189]  ? kobject_create_and_add+0xb0/0xb0
[ 3147.157147]  ? wait_for_completion_io+0x270/0x270
[ 3147.158144]  ? kernfs_name_hash+0xe7/0x110
[ 3147.159038]  ? kernfs_find_ns+0x256/0x380
[ 3147.159898]  sysfs_slab_add+0x172/0x200
[ 3147.160717]  __kmem_cache_create+0x3db/0x520
[ 3147.161643]  kmem_cache_create_usercopy+0x1db/0x2f0
[ 3147.162699]  p9_client_create+0xc6a/0x1230
[ 3147.163592]  ? p9_client_flush+0x430/0x430
[ 3147.164462]  ? trace_hardirqs_on+0x5b/0x180
[ 3147.165383]  ? lockdep_init_map_type+0x2c7/0x780
[ 3147.166362]  ? __raw_spin_lock_init+0x36/0x110
[ 3147.167344]  v9fs_session_init+0x1dd/0x1680
[ 3147.168263]  ? lock_release+0x680/0x680
[ 3147.169088]  ? kmem_cache_alloc_trace+0x151/0x320
[ 3147.170120]  ? v9fs_show_options+0x690/0x690
[ 3147.171040]  ? trace_hardirqs_on+0x5b/0x180
[ 3147.171930]  ? kasan_unpoison_shadow+0x33/0x50
[ 3147.172895]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3147.173979]  v9fs_mount+0x79/0x8f0
[ 3147.174714]  ? v9fs_write_inode+0x60/0x60
[ 3147.175561]  legacy_get_tree+0x105/0x220
[ 3147.176392]  vfs_get_tree+0x8e/0x300
[ 3147.177160]  path_mount+0x1490/0x21e0
[ 3147.177986]  ? strncpy_from_user+0x9e/0x470
[ 3147.178907]  ? finish_automount+0xa90/0xa90
[ 3147.179799]  ? getname_flags.part.0+0x1dd/0x4f0
[ 3147.180749]  ? _copy_from_user+0xfb/0x1b0
[ 3147.181613]  __x64_sys_mount+0x282/0x300
[ 3147.182451]  ? copy_mnt_ns+0xa00/0xa00
[ 3147.183247]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3147.184368]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3147.185475]  do_syscall_64+0x33/0x40
[ 3147.186256]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3147.187324] RIP: 0033:0x7f8d12f8ab19
[ 3147.188095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3147.191921] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3147.193499] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 3147.195020] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3147.196499] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 3147.198020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3147.199539] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
01:37:57 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0xd93b, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:37:58 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r5 = openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)
r6 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
splice(r6, &(0x7f00000000c0)=0xde77, r5, &(0x7f00000001c0)=0x10000, 0x3, 0x1)

01:37:58 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x7, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

01:38:10 executing program 5:
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x18, 0x0, 0x0)

01:38:10 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x344b, &(0x7f0000000300)={0x0, 0x335f}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r4 = openat(r3, 0x0, 0x0, 0x0)
r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r5, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140)=<r6=>0x0, &(0x7f0000000180)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0)
syz_io_uring_submit(r6, r2, &(0x7f00000001c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, r4, &(0x7f0000000080)={0x8080, 0x18, 0x11}, &(0x7f00000000c0)='./file0\x00', 0x18, 0x0, 0x23456}, 0x8001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r5, 0x8000000)

01:38:10 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x40000000000000, 0x0, 0x0)

01:38:10 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0xd93c, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:38:10 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x8, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

01:38:10 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 52)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

01:38:10 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9}, 0x8)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x299)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 59)

01:38:10 executing program 1:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x4, 0x0, 0x0)

[ 3159.710159] FAULT_INJECTION: forcing a failure.
[ 3159.710159] name failslab, interval 1, probability 0, space 0, times 0
[ 3159.712673] CPU: 1 PID: 13393 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 3159.714153] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3159.715904] Call Trace:
[ 3159.716476]  dump_stack+0x107/0x167
[ 3159.717255]  should_fail.cold+0x5/0xa
[ 3159.718074]  should_failslab+0x5/0x20
[ 3159.718887]  __kmalloc_track_caller+0x79/0x370
[ 3159.719220] FAULT_INJECTION: forcing a failure.
[ 3159.719220] name failslab, interval 1, probability 0, space 0, times 0
[ 3159.719847]  ? kstrdup_const+0x53/0x80
[ 3159.719870]  kstrdup+0x36/0x70
[ 3159.719904]  kstrdup_const+0x53/0x80
[ 3159.724662]  __kernfs_new_node+0x9d/0x860
[ 3159.725538]  ? kernfs_dop_revalidate+0x3a0/0x3a0
[ 3159.726564]  ? lock_acquire+0x197/0x470
[ 3159.727407]  ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0
[ 3159.728520]  ? lock_release+0x680/0x680
[ 3159.729361]  ? find_held_lock+0x2c/0x110
[ 3159.730239]  kernfs_new_node+0x18d/0x250
[ 3159.731106]  kernfs_create_dir_ns+0x49/0x160
[ 3159.732036]  sysfs_create_dir_ns+0x127/0x290
[ 3159.732965]  ? sysfs_create_mount_point+0xb0/0xb0
[ 3159.733986]  ? rwlock_bug.part.0+0x90/0x90
[ 3159.734899]  ? do_raw_spin_unlock+0x4f/0x220
[ 3159.735829]  kobject_add_internal+0x25e/0xa30
[ 3159.736781]  kobject_init_and_add+0x101/0x160
[ 3159.737730]  ? kobject_create_and_add+0xb0/0xb0
[ 3159.738736]  ? wait_for_completion_io+0x270/0x270
[ 3159.739753]  ? kernfs_name_hash+0xe7/0x110
[ 3159.740652]  ? kernfs_find_ns+0x256/0x380
[ 3159.741532]  sysfs_slab_add+0x172/0x200
[ 3159.742385]  __kmem_cache_create+0x3db/0x520
[ 3159.743318]  kmem_cache_create_usercopy+0x1db/0x2f0
[ 3159.744372]  p9_client_create+0xc6a/0x1230
[ 3159.745270]  ? p9_client_flush+0x430/0x430
[ 3159.746175]  ? trace_hardirqs_on+0x5b/0x180
[ 3159.747083]  ? lockdep_init_map_type+0x2c7/0x780
[ 3159.748081]  ? __raw_spin_lock_init+0x36/0x110
[ 3159.749060]  v9fs_session_init+0x1dd/0x1680
[ 3159.749969]  ? lock_release+0x680/0x680
[ 3159.750840]  ? kmem_cache_alloc_trace+0x151/0x320
[ 3159.751860]  ? v9fs_show_options+0x690/0x690
[ 3159.752803]  ? trace_hardirqs_on+0x5b/0x180
[ 3159.753720]  ? kasan_unpoison_shadow+0x33/0x50
[ 3159.754694]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3159.755765]  v9fs_mount+0x79/0x8f0
[ 3159.756513]  ? v9fs_write_inode+0x60/0x60
[ 3159.757395]  legacy_get_tree+0x105/0x220
[ 3159.758267]  vfs_get_tree+0x8e/0x300
[ 3159.759054]  path_mount+0x1490/0x21e0
[ 3159.759867]  ? strncpy_from_user+0x9e/0x470
[ 3159.760777]  ? finish_automount+0xa90/0xa90
[ 3159.761692]  ? getname_flags.part.0+0x1dd/0x4f0
[ 3159.762690]  ? _copy_from_user+0xfb/0x1b0
[ 3159.763575]  __x64_sys_mount+0x282/0x300
[ 3159.764430]  ? copy_mnt_ns+0xa00/0xa00
[ 3159.765262]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3159.766377]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3159.767467]  do_syscall_64+0x33/0x40
[ 3159.768254]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3159.769339] RIP: 0033:0x7f8d12f8ab19
[ 3159.770143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3159.774051] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3159.775678] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 3159.777195] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3159.778714] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 3159.780231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3159.781746] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
[ 3159.783292] CPU: 0 PID: 13388 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 3159.784682] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3159.785737] kobject_add_internal failed for 9p-fcall-cache-737 (error: -12 parent: slab)
[ 3159.786340] Call Trace:
[ 3159.786371]  dump_stack+0x107/0x167
[ 3159.788424] kmem_cache_create(9p-fcall-cache-737) failed with error -12
[ 3159.788582]  should_fail.cold+0x5/0xa
[ 3159.788604]  ? create_object.isra.0+0x3a/0xa30
[ 3159.788626]  should_failslab+0x5/0x20
[ 3159.793043]  kmem_cache_alloc+0x5b/0x310
[ 3159.793850]  create_object.isra.0+0x3a/0xa30
[ 3159.794724]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3159.795736]  kmem_cache_alloc+0x159/0x310
[ 3159.796557]  getname_flags.part.0+0x50/0x4f0
[ 3159.797444]  getname+0x8e/0xd0
[ 3159.798089]  __io_openat_prep+0x228/0x4c0
[ 3159.798908]  io_submit_sqes+0x25eb/0x8610
[ 3159.799749]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 3159.800735]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 3159.801703]  ? find_held_lock+0x2c/0x110
[ 3159.802531]  ? io_submit_sqes+0x8610/0x8610
[ 3159.803387]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3159.804336]  ? wait_for_completion_io+0x270/0x270
[ 3159.805294]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3159.806220]  ? vfs_write+0x354/0xb10
[ 3159.806953]  ? fput_many+0x2f/0x1a0
[ 3159.807670]  ? ksys_write+0x1a9/0x260
[ 3159.808420]  ? __ia32_sys_read+0xb0/0xb0
[ 3159.809228]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3159.810279]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3159.811297]  do_syscall_64+0x33/0x40
[ 3159.812034]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3159.813043] RIP: 0033:0x7f854f415b19
[ 3159.813778] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3159.817439] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3159.818947] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 3159.820352] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 3159.821750] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3159.823153] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3159.824570] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
[ 3159.826008] CPU: 1 PID: 13393 Comm: syz-executor.4 Not tainted 5.10.246 #1
[ 3159.827631] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3159.829486] Call Trace:
[ 3159.830097]  dump_stack+0x107/0x167
[ 3159.830926]  kmem_cache_create_usercopy.cold+0x17/0x65
[ 3159.832103]  p9_client_create+0xc6a/0x1230
[ 3159.833059]  ? p9_client_flush+0x430/0x430
[ 3159.834009]  ? trace_hardirqs_on+0x5b/0x180
[ 3159.834987]  ? lockdep_init_map_type+0x2c7/0x780
[ 3159.836052]  ? __raw_spin_lock_init+0x36/0x110
[ 3159.837081]  v9fs_session_init+0x1dd/0x1680
[ 3159.838061]  ? lock_release+0x680/0x680
[ 3159.838973]  ? kmem_cache_alloc_trace+0x151/0x320
[ 3159.840070]  ? v9fs_show_options+0x690/0x690
[ 3159.841075]  ? trace_hardirqs_on+0x5b/0x180
[ 3159.842054]  ? kasan_unpoison_shadow+0x33/0x50
[ 3159.843075]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3159.844227]  v9fs_mount+0x79/0x8f0
[ 3159.845026]  ? v9fs_write_inode+0x60/0x60
[ 3159.845958]  legacy_get_tree+0x105/0x220
[ 3159.846897]  vfs_get_tree+0x8e/0x300
[ 3159.847734]  path_mount+0x1490/0x21e0
[ 3159.848594]  ? strncpy_from_user+0x9e/0x470
[ 3159.849562]  ? finish_automount+0xa90/0xa90
[ 3159.850545]  ? getname_flags.part.0+0x1dd/0x4f0
[ 3159.851590]  ? _copy_from_user+0xfb/0x1b0
[ 3159.852527]  __x64_sys_mount+0x282/0x300
[ 3159.853438]  ? copy_mnt_ns+0xa00/0xa00
[ 3159.854325]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3159.855503]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3159.856660]  do_syscall_64+0x33/0x40
[ 3159.857497]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3159.858661] RIP: 0033:0x7f8d12f8ab19
[ 3159.859500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3159.863635] RSP: 002b:00007f8d10500188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 3159.865354] RAX: ffffffffffffffda RBX: 00007f8d1309df60 RCX: 00007f8d12f8ab19
[ 3159.866970] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000
[ 3159.868583] RBP: 00007f8d105001d0 R08: 0000000020000280 R09: 0000000000000000
[ 3159.870203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3159.871812] R13: 00007fff74b89c1f R14: 00007f8d10500300 R15: 0000000000022000
01:38:10 executing program 5:
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x500, 0x0, 0x0)

01:38:10 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0xd93d, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:38:10 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0x9, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

01:38:10 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000500), 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x4, 0x9, 0x6, 0x3e, 0x0, 0x80, 0x20b80, 0x3, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x5, 0x0, @perf_bp={&(0x7f0000000080), 0x8}, 0x805b, 0xb221, 0x2, 0x0, 0x5439, 0x2884a009, 0x6361, 0x0, 0x8000, 0x0, 0x2}, 0xffffffffffffffff, 0x10, r3, 0x4)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, 0xffffffffffffffff, 0x10000000)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r5, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r6}}, 0x4)
r7 = socket(0x21, 0x5, 0x80000000)
syz_io_uring_submit(r1, r5, &(0x7f0000000a80)=@IORING_OP_SENDMSG={0x9, 0x3, 0x0, r7, 0x0, &(0x7f0000000a40)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000540)="db0a52757120b15c0c", 0x9}, {&(0x7f0000000680)="7bb42eaeb11f99859096cd2be30461639e2c451f8e87d72fbc88fbcf68e7701b3f130c011ad9d8b3d3dc5e38308240ddf70ff731e227f9ce5f3ada08f79f35284bdf3c7e87083d11c778545757e43fd14ebc416cd9bfaba86f592e733a2fdc8dc0465201f3488d78f7584719561df8830781cada97e825f71fa05bdd08ea9449d9d81ae6414e389290d6916f59cc1e1b17e1d0716726debd8c7fbfcf5feb2fa89a40553edeba235a0cb29ca27015d15b", 0xb0}, {&(0x7f0000000740)="90bfdcb0db48c8090b58650a60c6ad891c5d1cbc16a343c0721856e6c0730cf669ada0ef8f2d6312edead9d9bd090b93288a4519fc7e96e96a84ca629dc37547d75ddd7fecf9e16fbcc00292995f2f967bd0e5ebf034ab7999c5c61b2363fda6442792f152a4e3a92d61b67bc955bbc459b49b32", 0x74}, {&(0x7f00000007c0)="d00c988aafe9d598a14b7a957cdc504d5c259bb9b5b36b414ea2f733dc8ba0d5d8bc3e9fe94f597d1d6b2002555f1a575c8772efca84ed71e5b2e2e354d0708d3b43a26d10032c9f02300ce474675e18e1584d0e65bf5d8efdaf198b68fb61d69431a495e1451afafcab43079a7619fd2790d05d31b3e23b031ed33fa02e2a11ce4cbdb1f8b6b0b89ec507dce1ba81f4c0b1dcdc52030d27d359510f31da37c9843ab1f4776df9c48745a23668267cfa3240c4e194ad2eaa13de9d59b716d133fe10e0b6397ca6e5e6660e0c", 0xcc}, {&(0x7f0000000580)}, {&(0x7f00000008c0)="02965478ca1338129a06e18f8ad731e4910f0717a929d9a483fee64e33c719", 0x1f}, {&(0x7f0000000900)="e128b1b4455fb6d0ac252413f744cab2b5b7fc509db841adfdc57e4c3fd39d12aede76809024747279c4a8b663a18b597e258e094a29ad49a84dac5232e595654f6504882bce8bba87e5f5e7833f8bd35268b13291733ab91310586c5da32b12884f1739a11c0ae5984843bc5011db8eeb5cce54c0dfd6125ac8363cdf8cd1dabe2d24567984b48019", 0x89}], 0x7}, 0x0, 0x20000800, 0x1}, 0x3)
fcntl$setlease(r0, 0x400, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000280)='./file0\x00', 0xa1, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000380)="114d35f30e3d0baad4d25cec6e72380827e7cd479548a9c5b8c7cffa93bfbabb18746f25e143c61984ea579346", 0x2d, 0x20}], 0x6810, &(0x7f0000000400)=ANY=[@ANYBLOB='shortname=mixed,shortname=mixed,shortname=winnt,shortname=lower,nnonumtail=1,uni_xlate=1,rodir,shortname=mixed,func=PCTH_CHECK,\x00'])
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x10, r4, 0x8000000)

01:38:10 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0xd93e, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:38:10 executing program 5:
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_uring_enter(r0, 0x58ab, 0x0, 0x1800, 0x0, 0x0)

01:38:10 executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000000))
mount$9p_fd(0xd93f, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})

01:38:10 executing program 7:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000)
r1 = mq_open(0x0, 0x0, 0x83, &(0x7f0000000200)={0x6, 0x4, 0xb0, 0x7})
mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), 0x18000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c776654dd646e6f3d", @ANYRESHEX, @ANYBLOB=',cache=mmap,dfltgid=', @ANYRESHEX, @ANYBLOB=',cache=none,appraise_type=imasig,seclabel,func=BPRM_CHECK,mask=^MAY_APPEND,fscontext=staff_u,obj_user=security.ima\x00,\x00'])
fchown(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
setsockopt$inet6_opts(r2, 0x29, 0x39, &(0x7f0000000100)=@fragment={0x3a, 0x0, 0x9, 0x1, 0x0, 0x18, 0x64}, 0x8)
write$binfmt_elf64(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460104000100000000000000c0030003008c01000009010000000000004000000000000000a70300000000000003800000040038000200070001010500000000700000000008000000000000000900000000000000010000000000000001000000000000003d00000000000000090000000000000051e57464010000000400000000000000000000000000000001000000000000000300000000000000ffffffffffffffffff000000000000004f96338ba86e5cdfe44ee0f43ab046f63282228a899c796de403b7cdc51e00bd5222da942c52349e338c9f38cf00864cec4c272653ef65cfc48b4a049be7f0e33406e7c056004c104e6bd0d9b03d1734627bcf5e67a9bbda831e1dd7d8ae93c8038162605cd2ad2e5d9e7bc449c8b941d8f05aa7544be2f4c333ce52065cc196dffa62f6265d5d8cda213114f428de04e2404de639d40ea3a405b71b4aaf5f52c8152fb492d4f94fd9027300d931185efd044aee2b9937b6cf911e1fd0a2b3f1761c2274e0899b33cde9a27706f7a33304ac5188604c684acdc763a8795c537bef3a5ee28d49bd280b000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c747a44c623c149c3305e5e9f384e0aca588adb7b91bb848b4e3e30be7eaff7dfe57d475e2d"], 0x299)
perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)=0xc0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = dup2(r5, r5)
creat(&(0x7f0000000240)='./file0/../file0\x00', 0x48)
ioctl$HIDIOCINITREPORT(r6, 0x550c, 0x20000000)
fcntl$F_SET_RW_HINT(r6, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c)
mount$9p_fd(0xa, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

01:38:11 executing program 2:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x40000, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, @perf_config_ext={0x0, 0xffffffffffffffff}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffeffff}, 0x0, 0xb, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
r5 = openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
syz_io_uring_submit(0x0, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x527400, 0x0)
accept4$bt_l2cap(r4, &(0x7f0000000080), &(0x7f00000000c0)=0xe, 0x80800)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0)
r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x5, 0x10, r4, 0x8000000)
syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140)=<r7=>0x0, &(0x7f0000000180)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0)
syz_io_uring_submit(r6, r8, &(0x7f0000000280)=@IORING_OP_OPENAT2={0x1c, 0x3, 0x0, r5, &(0x7f00000001c0)={0x80, 0x2}, &(0x7f0000000200)='./file0\x00', 0x18, 0x0, 0x23456}, 0x7)

01:38:11 executing program 6:
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0xe8ec}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0)
r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat(r3, 0x0, 0x0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000340)={&(0x7f00000005c0)=""/129, 0x81})
openat(0xffffffffffffffff, 0x0, 0x0, 0x21)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000)
syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001)
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0xfffffffffffffffd)
io_uring_enter(r0, 0x58ab, 0xe03e, 0x0, 0x0, 0x0) (fail_nth: 53)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x1010, r4, 0x8000000)
r8 = syz_io_uring_setup(0x1c28, &(0x7f00000002c0)={0x0, 0x0, 0x10}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000140), &(0x7f0000000180))
r9 = syz_io_uring_setup(0x1f8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1fe}, &(0x7f0000fee000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, 0x0, 0x0)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000ff3000/0x4000)=nil, 0x4000, 0x0, 0x8010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_READ_FIXED={0x4, 0x2, 0x0, @fd_index=0x8, 0x100000000, 0x0, 0xffff, 0x0, 0x0, {0x3, r11}}, 0x4)
syz_io_uring_submit(r7, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd_index=0x7, 0x0, 0x0, 0x2, 0xb, 0x0, {0x0, r11, r6}}, 0x10001)

[ 3160.348082] FAULT_INJECTION: forcing a failure.
[ 3160.348082] name failslab, interval 1, probability 0, space 0, times 0
[ 3160.350909] CPU: 1 PID: 13433 Comm: syz-executor.6 Not tainted 5.10.246 #1
[ 3160.352469] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 3160.354340] Call Trace:
[ 3160.354938]  dump_stack+0x107/0x167
[ 3160.355764]  should_fail.cold+0x5/0xa
[ 3160.356624]  ? create_object.isra.0+0x3a/0xa30
[ 3160.357658]  should_failslab+0x5/0x20
[ 3160.358521]  kmem_cache_alloc+0x5b/0x310
[ 3160.359444]  create_object.isra.0+0x3a/0xa30
[ 3160.360424]  ? __kasan_kmalloc.constprop.0+0xc9/0xd0
[ 3160.361579]  kmem_cache_alloc+0x159/0x310
[ 3160.362520]  getname_flags.part.0+0x50/0x4f0
[ 3160.363514]  getname+0x8e/0xd0
[ 3160.364242]  __io_openat_prep+0x228/0x4c0
[ 3160.365182]  io_submit_sqes+0x25eb/0x8610
[ 3160.366147]  ? __do_sys_io_uring_enter+0x6b2/0x1890
[ 3160.367265]  __do_sys_io_uring_enter+0x6b2/0x1890
[ 3160.368362]  ? find_held_lock+0x2c/0x110
[ 3160.369279]  ? io_submit_sqes+0x8610/0x8610
[ 3160.370265]  ? __mutex_unlock_slowpath+0xe1/0x600
[ 3160.371361]  ? wait_for_completion_io+0x270/0x270
[ 3160.372453]  ? rcu_read_lock_any_held+0x75/0xa0
[ 3160.373504]  ? vfs_write+0x354/0xb10
[ 3160.374346]  ? fput_many+0x2f/0x1a0
[ 3160.375158]  ? ksys_write+0x1a9/0x260
[ 3160.376016]  ? __ia32_sys_read+0xb0/0xb0
[ 3160.376939]  ? lockdep_hardirqs_on_prepare+0x277/0x3e0
[ 3160.378121]  ? syscall_enter_from_user_mode+0x1d/0x50
[ 3160.379277]  do_syscall_64+0x33/0x40
[ 3160.380108]  entry_SYSCALL_64_after_hwframe+0x67/0xd1
[ 3160.381255] RIP: 0033:0x7f854f415b19
[ 3160.382099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3160.386245] RSP: 002b:00007f854c98b188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 3160.387956] RAX: ffffffffffffffda RBX: 00007f854f528f60 RCX: 00007f854f415b19
[ 3160.389566] RDX: 000000000000e03e RSI: 00000000000058ab RDI: 0000000000000004
[ 3160.391173] RBP: 00007f854c98b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 3160.392783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3160.394383] R13: 00007ffed60cd66f R14: 00007f854c98b300 R15: 0000000000022000
[ 3172.559649] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
BUG: memory leak
unreferenced object 0xffff88800f72e040 (size 32):
  comm "syz-executor.4", pid 13393, jiffies 4297826644 (age 20.037s)
  hex dump (first 32 bytes):
    39 70 2d 66 63 61 6c 6c 2d 63 61 63 68 65 2d 37  9p-fcall-cache-7
    33 37 00 0f 80 88 ff ff 11 00 00 00 00 00 00 00  37..............
  backtrace:
    [<00000000daf9597a>] kstrdup+0x36/0x70
    [<000000000d6d165c>] kstrdup_const+0x53/0x80
    [<00000000a6b47e61>] kvasprintf_const+0x10c/0x1a0
    [<00000000ff1e152f>] kobject_set_name_vargs+0x56/0x150
    [<000000008caec3fe>] kobject_init_and_add+0xc9/0x160
    [<000000007c6951a6>] sysfs_slab_add+0x172/0x200
    [<000000007eaf4cec>] __kmem_cache_create+0x3db/0x520
    [<00000000f12b67c6>] kmem_cache_create_usercopy+0x1db/0x2f0
    [<000000003d32e3d5>] p9_client_create+0xc6a/0x1230
    [<000000001fd0c2fd>] v9fs_session_init+0x1dd/0x1680
    [<00000000d16edf8d>] v9fs_mount+0x79/0x8f0
    [<00000000ca318ba0>] legacy_get_tree+0x105/0x220
    [<000000000a02d961>] vfs_get_tree+0x8e/0x300
    [<00000000c8170e79>] path_mount+0x1490/0x21e0
    [<0000000007c47817>] __x64_sys_mount+0x282/0x300
    [<00000000cabbd998>] do_syscall_64+0x33/0x40

BUG: leak checking failed

VM DIAGNOSIS:
01:38:30  Registers:
info registers vcpu 0
RAX=ffffffff83e9ba40 RBX=0000000000000000 RCX=ffffffff83e836ac RDX=0000000000000000
RSI=0000000000000000 RDI=ffffffff83e9c208 RBP=0000000000000000 RSP=ffffffff84e07e38
R8 =0000000000000001 R9 =ffff88806ce3c12b R10=ffffed100d9c7825 R11=0000000000000001
R12=0000000000000000 R13=ffffffff8567acc8 R14=0000000000000000 R15=dffffc0000000000
RIP=ffffffff83e9ba4e RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806ce00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f8f9e7f5000 CR3=000000000eb80000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=656a626f206465636e6572656665726e
XMM02=3a29323320657a697328203034306532 XMM03=333120646970202c22342e726f747563
XMM04=6c6c6163662d70392020373320643220 XMM05=32206336206336203136203336203636
XMM06=73657479622032332074737269662820 XMM07=2e303220656761282034343636323837
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000080010001 RBX=0000000000010000 RCX=ffffffff8131134f RDX=ffff888008978000
RSI=ffffffff814c628e RDI=0000000000000005 RBP=0000000000037b10 RSP=ffff88806cf09d90
R8 =0000000000000000 R9 =ffffffff8567accf R10=0000000000000000 R11=0000000000000001
R12=0000000000000000 R13=ffff888008978000 R14=0000000000000001 R15=dffffc0000000000
RIP=ffffffff814c628e RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff88806cf00000 00000000 00000000
LDT=0000 fffffe0000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffecf487c48 CR3=0000000017ca2000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=0000000000000000413f67a000000000 XMM03=0000ff00000000000000000000000000
XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962
XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000